Máquina com erros devido virus

Vai um log do hijack, mas a maquina ta ruim com mensagem que o Windows Explorer parou de funcionar mas vírus certamente ele tem alem de outras pragas.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:02:11, on 29/04/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Iminent\Iminent.exe
C:\Program Files\Iminent\Iminent.Messengers.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Daniel\AppData\Local\Temp\tmp533E.tmp.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Speed Test 127\BackgroundHost.exe
C:\Program Files\SpeedAnalysis.com\PropertySync.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files\Speed Test 127\ScriptHost.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SpeedAnalysis.com - {45564571-A21B-48ED-B584-69752EEE9C3D} - C:\Program Files\SpeedAnalysis.com\ScriptHost.dll
O2 - BHO: TBSB01620 Class - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SpecialSavings - {938958E8-355C-49FF-92B0-53C1B87ACEA9} - C:\Program Files\SpecialSavings\ScriptHost.dll
O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files\Smiley Bar for Facebook\ScriptHost.dll
O2 - BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [177] C:\Program Files\167a\177.js
O4 - HKCU\..\Run: [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [1f6] C:\Users\Daniel\AppData\Roaming\097\1f6.js
O4 - HKCU\..\Run: [Windows Live Messenger.exe] C:\Users\Daniel\AppData\Local\Temp\tmp533E.tmp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: 4d2.js
O4 - Global Startup: 4d2.js
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
O23 - Service: Serviço do BonanzaDealsLive (bonanzadealslive) (bonanzadealslive) - BonanzaDeals - C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
O23 - Service: Serviço do BonanzaDealsLive (bonanzadealslivem) (bonanzadealslivem) - BonanzaDeals - C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\Windows\system32\dmwu.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Orolix Desenvolvimento de Software LTDA. - C:\Program Files\TIM Communicator\module\devicemon.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SProtection - Iminent - C:\Program Files\Common Files\Umbrella\Umbrella.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WINZIPSSDiskOptimizer - WinZip Computing, S.L. (WinZip Computing) - C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe

--
End of file - 13027 bytes

  Olá Luiz.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Prevenindo-me se não conseguir fazer rodar o Adwcleaner devido o Windows Explorer parar de funcionar será que no modo de segurança daria certo?

Sim, pode fazer no modo de segurança com rede. Aliás você já pode iniciar neste modo que falei, porque vai ser mais fácil acabar com os vírus. Porque esta máquina está muito infectada.

Segue como anexo log muito grande.

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 30/04/2014
Hora da Verificação: 02:12:28
Logfile: log.txt
Administrador: Sim

Versão: 2.00.1.1004
Malware Database: v2014.04.30.02
Rootkit Database: v2014.03.27.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Chameleon: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Daniel

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 482266
Tempo Decorrido: 3 hr, 5 min, 34 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processos: 1
Trojan.Agent.TMPH, E:\autorun.exe, 1116, Delete-on-Reboot, [0d6dd759265562d47dc16b8d867ba45c]

Módulos: 0
(No malicious items detected)

Chaves de Registro: 4
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\BONANZADEALS, Quarantined, [66141c143e3dfa3c77acbfe8d42fce32],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Quarantined, [f7830b256516e452749e2e78a55e7f81],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-840133867-106172080-2313266223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BONANZADEALS, Quarantined, [5e1c9d9394e7df577ba6a20512f16c94],
PUP.Optional.DealPly.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DealPly, Quarantined, [ec8e66ca57241323ad9989dccf339a66],

Valores de Registro: 5
Trojan.Agent.TMPH, HKU\S-1-5-21-840133867-106172080-2313266223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Windows Live Messenger.exe, C:\Users\Daniel\AppData\Local\Temp\tmp2621.tmp.exe, Quarantined, [96e4d75984f7e155f846fbfd738e02fe]
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\BONANZADEALS|ChromeCrxPath, C:\Program Files\BonanzaDeals\BonanzaDeals.crx, Quarantined, [66141c143e3dfa3c77acbfe8d42fce32]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, Quarantined, [f7830b256516e452749e2e78a55e7f81],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-840133867-106172080-2313266223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BONANZADEALS|ChromeCrxPath, C:\Program Files\BonanzaDeals\BonanzaDeals.crx, Quarantined, [5e1c9d9394e7df577ba6a20512f16c94]
Hijack.FolderOptions, HKU\S-1-5-21-840133867-106172080-2313266223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NofolderOptions, 1, Quarantined, [3d3dd759d8a384b290eb30c9bb47b14f]

Dados do Registro: 9
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[126878b818631b1b77039c93c83c54ac]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[91e9a48c116ad85e4c2dc867db29b34d]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[b9c1a68acbb0da5c5a21c8673dc7b24e]
PUM.Hijack.TaskManager, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[7703f9376d0e64d2c5a38ca581836c94]
PUM.Hijack.HomePageControl, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),Replaced,[fd7d62ce1a6157df03fcab849c6811ef]
Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[1763bd73b0cb2a0c43fa092925df7d83]
PUM.Hijack.TaskManager, HKU\S-1-5-21-840133867-106172080-2313266223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[493143eda6d560d65512ec459074847c]
PUM.Hijack.Regedit, HKU\S-1-5-21-840133867-106172080-2313266223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[3149062ade9d50e646bf38f860a4e11f]
PUM.Hijack.CMDPrompt, HKU\S-1-5-21-840133867-106172080-2313266223-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM|DisableCMD, 1, Good: (0), Bad: (1),Replaced,[691150e04437f145a3dc9f9049bb7e82]

Pastas: 12
Adware.InstallBrain, C:\ProgramData\IBUpdaterService, Quarantined, [1763a38df9829e9806ba1b5d73900ef2],
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly, Quarantined, [b5c5052b0d6e4fe7c481722cfb08b749],
PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent, Quarantined, [641640f0b7c404323364ecb2a360837d],
PUP.Optional.DealPly.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly, Quarantined, [ec8e66ca57241323ad9989dccf339a66],
PUP.Optional.DealPly.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc, Quarantined, [ec8e66ca57241323ad9989dccf339a66],
PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator, Quarantined, [1e5ce24e15662214cb7d9dc869990ff1],
PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas, Quarantined, [1e5ce24e15662214cb7d9dc869990ff1],
PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache, Quarantined, [1e5ce24e15662214cb7d9dc869990ff1],
PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com, Quarantined, [1e5ce24e15662214cb7d9dc869990ff1],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, Quarantined, [f684f43ccab1f1451262afb7877bf10f],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, Quarantined, [f684f43ccab1f1451262afb7877bf10f],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, Quarantined, [f684f43ccab1f1451262afb7877bf10f],

Arquivos: 226
Trojan.Agent.TMPH, E:\autorun.exe, Delete-on-Reboot, [0d6dd759265562d47dc16b8d867ba45c],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp2621.tmp.exe, Quarantined, [96e4d75984f7e155f846fbfd738e02fe],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDeals\BonanzaDealsIE.dll.vir, Quarantined, [2a50a48c6b102e08ff6c70af7c85c13f],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe.vir, Quarantined, [93e7e64a92e992a4d795ce51a45dff01],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe.vir, Quarantined, [99e13ff13546e0569fcd001fa65b60a0],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir, Quarantined, [69118fa10972dd5905676bb42ed34db3],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe.vir, Quarantined, [a7d388a8b2c960d65d0fca5511f0be42],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir, Quarantined, [2f4bcb65fd7efd39caa23fe09c658b75],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir, Quarantined, [52281f119fdcf6406dff19065ca58080],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir, Quarantined, [b5c5b080accfaf87a8c435eaea17b54b],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir, Quarantined, [7802da56f883aa8c6efedb440af7cd33],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir, Quarantined, [1b5f7cb45229d95d8ededd42a55cb44c],
PUP.Optional.Iminent, C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Umbrella\Umbrella.exe.vir, Quarantined, [9ddd919f4734fc3ada8bb054a55c1ee2],
PUP.DealPly, C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyIE.dll.vir, Quarantined, [f189e14fd2a95ed8c3d873e3768e0ff1],
PUP.Optional.Dealply, C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdate.exe.vir, Quarantined, [c0ba0030196244f225f207517292fe02],
PUP.Optional.Dealply, C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdateRun.exe.vir, Quarantined, [4a3061cf91ea38fe00173c1c0afa40c0],
PUP.Optional.Dealply, C:\AdwCleaner\Quarantine\C\Program Files\DealPly\uninst.exe.vir, Quarantined, [b2c84de3d0ab54e2b95e0d4ba55fb54b],
PUP.Optional.FileScout.A, C:\AdwCleaner\Quarantine\C\Program Files\file scout\filescout.exe.vir, Quarantined, [d7a3ff3128532115bcbd6e9614ed9f61],
PUP.Optional.Iminent.A, C:\AdwCleaner\Quarantine\C\Program Files\Iminent\inst\Bootstrapper\Bootstrapper.exe.vir, Quarantined, [e1992709b8c3b87e43fdcb5f9b665ca4],
PUP.Optional.BestToolBars, C:\AdwCleaner\Quarantine\C\Program Files\Smiley Bar for Facebook\AddonsFramework.dll.vir, Quarantined, [4b2f959b7a0176c017d7104e8e7642be],
PUP.Optional.BestToolBars, C:\AdwCleaner\Quarantine\C\Program Files\Smiley Bar for Facebook\PropertySync.exe.vir, Quarantined, [12687bb56c0f1a1c17d745199c6851af],
PUP.Optional.BestToolBars, C:\AdwCleaner\Quarantine\C\Program Files\SpecialSavings\AddonsFramework.dll.vir, Quarantined, [4a303bf56c0fe353fbf365f98084a858],
PUP.Optional.BestToolBars, C:\AdwCleaner\Quarantine\C\Program Files\SpecialSavings\PropertySyncPS.dll.vir, Quarantined, [9edc59d71c5f6dc98e60e47aac58fd03],
PUP.Optional.BesttoolBars, C:\AdwCleaner\Quarantine\C\Program Files\Speed Test 127\AddonsFramework.Typelib.dll.vir, Quarantined, [04760f21d9a2be783b1c39fbbe428e72],
PUP.Optional.BesttoolBars, C:\AdwCleaner\Quarantine\C\Program Files\Speed Test 127\AddonsFramework.Typelib64.dll.vir, Quarantined, [76049c940873ef471b3c4ce846ba28d8],
PUP.Optional.BestToolBars, C:\AdwCleaner\Quarantine\C\Program Files\SpeedAnalysis.com\AddonsFramework.dll.vir, Quarantined, [72087db3accf65d1eb03481608fcab55],
PUP.Optional.BestToolBars, C:\AdwCleaner\Quarantine\C\Program Files\SpeedAnalysis.com\PropertySyncPS.dll.vir, Quarantined, [d3a7f33d85f6f2444ba3233bea1ac23e],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgcommon.dll.vir, Quarantined, [c2b8919f443722140fc554033bc9d32d],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgcommunication.dll.vir, Quarantined, [a0daa8889eddc670439199bed1338779],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgsimcommon.dll.vir, Quarantined, [d3a7d55b512aa492bd17174040c40af6],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\mgxml_wrapper.dll.vir, Quarantined, [7ffbbc74e299c175389cabac46be33cd],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe.vir, Quarantined, [fc7e71bf07741d195a7a4512ad5712ee],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll.vir, Quarantined, [ef8bae826d0e8fa7a430094e26deac54],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mghooking.dll.vir, Quarantined, [fe7c39f7a3d8ae882ea6065111f39868],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir, Quarantined, [ed8d6dc3fa812a0c10c4bb9c05ffae52],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll.vir, Quarantined, [d1a9e84846355cdabc18ee693cc801ff],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgArchive.dll.vir, Quarantined, [1b5f250b99e24bebba1a421521e3b24e],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommon.dll.vir, Quarantined, [4b2f2c0497e4b284b22232258c78728e],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommunication.dll.vir, Quarantined, [83f7a38d2c4f4ee86371381fcd37ad53],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgconfig.dll.vir, Quarantined, [403a57d9f289aa8c6d672e29fb094bb5],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgFlashPlayer.dll.vir, Quarantined, [f189f13f4734b97d63717ddad62e758b],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQAuto.dll.vir, Quarantined, [c5b540f0a6d563d3a72d084f996b4db3],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir, Quarantined, [a8d251df86f539fda92b4413cd37639d],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mglogger.dll.vir, Quarantined, [a8d28ca487f47fb7e9eb70e75fa5ea16],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMediaPlayer.dll.vir, Quarantined, [a3d7c56bb2c941f50ec685d2e02446ba],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnAuto.dll.vir, Quarantined, [91e9fc34344775c10aca4116ec187c84],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir, Quarantined, [31491a164c2f6fc7577d8dca11f3a759],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgsimcommon.dll.vir, Quarantined, [b6c4240ca8d3ca6c7a5a1146e0249967],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgSweetIM.dll.vir, Quarantined, [f288b9776b1037ff23b1292e1ee634cc],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgUpdateSupport.dll.vir, Quarantined, [0d6d042cd7a47fb7ffd5f95e2bd9f907],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgxml_wrapper.dll.vir, Quarantined, [f387fd336a110e28795bcb8c64a0d927],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooAuto.dll.vir, Quarantined, [6416b47cb9c22f073c9833240ef6c23e],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir, Quarantined, [c6b47db3e794fb3b8c480156fd077e82],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\SweetIM.exe.vir, Quarantined, [bbbf8aa63d3ee452eee6381f42c2f907],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir, Quarantined, [c2b82010710a1224e3f1cd8ace36669a],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir, Quarantined, [146682ae3a415ed815bfb5a20bf9f40c],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir, Quarantined, [3d3da28e374488aef0e470e7bc481fe1],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir, Quarantined, [a4d67cb4314a76c022b23324bc487090],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir, Quarantined, [8feb8ba54a31ef4702d21542e91bc838],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir, Quarantined, [f28846ea99e2bf7720b4d3842ada748c],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir, Quarantined, [f9818da3681369cd3b999abd30d451af],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir, Quarantined, [29516ec24c2f8ea86272bf98b4500ef2],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir, Quarantined, [d4a659d7502bfe3816beabac798b718f],
PUP.Optional.SweetPacks, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir, Quarantined, [89f19c944b302f07ef8e2136f21207f9],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir, Quarantined, [f58541efe299290de3f17cdb9b6938c8],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir, Quarantined, [6218fa365823eb4b805484d38c78639d],
PUP.Optional.SweetIM, C:\AdwCleaner\Quarantine\C\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\mgHelperGCFB.dll.vir, Quarantined, [582256da780355e105cfe770fb099d63],
PUP.Optional.FileScout.A, C:\AdwCleaner\Quarantine\C\Users\Daniel\AppData\Roaming\file scout\filescout.exe.vir, Quarantined, [601ac16fbac1f244dd9cfb09cf321fe1],
PUP.Optional.PCPerformer.A, C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir, Quarantined, [92e87fb18eede155874650d0966a24dc],
Adware.InstallBrain, C:\ProgramData\IBUpdaterService\ibsvc.exe, Quarantined, [aecc4ae6700b3303f17be222c8394bb5],
PUP.Optional.SweetIM, C:\ProgramData\SweetIM\Messenger\update\sweetimsetup.exe, Quarantined, [5b1f57d92556bb7bc60ea8afbb49f20e],
PUP.Optional.PerformerSoft.A, C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1T8PKOX4\pack[1].7z, Quarantined, [81f978b8275489adbf851bf83cc59769],
PUP.Optional.Mediasoft, C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOJRHET9\pack[1].7z, Quarantined, [5822012fe39855e1f415fd2d877a8e72],
Rogue.InternetSecurityEssentials, C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOJRHET9\pack[2].7z, Quarantined, [770389a7641744f2e62ae576f20e23dd],
PUP.Optional.BProtector, C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3KOXWU7\pack[2].7z, Quarantined, [f7836cc4522964d268db79b6fd04f709],
PUP.Optional.SweetIM, C:\Users\Daniel\AppData\Local\Temp\SQLite.dll, Quarantined, [89f1e44c3447aa8c06ce1c3b4aba27d9],
PUP.Optional.Conduit.A, C:\Users\Daniel\AppData\Local\Temp\DB13.tmp, Quarantined, [c8b27fb10a7130060c816fae788924dc],
PUP.Optional.BestToolBars, C:\Users\Daniel\AppData\Local\Temp\temp.cab, Quarantined, [df9bcd637803280e5e905d01bf4511ef],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp15B9.tmp.exe, Quarantined, [9ae00b2580fb9e988cb216e29e630bf5],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp1687.tmp.exe, Quarantined, [5327c66a403b1f1773cba355877a31cf],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp1733.tmp.exe, Quarantined, [96e478b8512a2412ef4fb93f13ee32ce],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp1ADD.tmp.exe, Quarantined, [f585cc64bdbe082ef846bf394bb65ea2],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp21AA.tmp.exe, Quarantined, [fa803af6136895a1390568900df405fb],
PUP.Optional.PerformerSoft.A, C:\Users\Daniel\AppData\Local\Temp\15DB.tmp, Quarantined, [a4d61719e19a6dc9f84ccf443cc5649c],
Trojan.P2P.Worm, C:\Users\Daniel\AppData\Local\Temp\BIT1C2F.tmp, Quarantined, [017949e74b3074c2c5daf956f30ddf21],
Trojan.P2P.Worm, C:\Users\Daniel\AppData\Local\Temp\BIT214B.tmp, Quarantined, [27532907d5a6181e99069ab549b7b64a],
PUP.Optional.PerformerSoft.A, C:\Users\Daniel\AppData\Local\Temp\8D19.tmp, Quarantined, [6317c868106bc274ea5ab2611de41ee2],
PUP.Optional.AirInstaller, C:\Users\Daniel\AppData\Local\Temp\air11B7.exe, Quarantined, [ea9069c7b4c71a1cccda1aee37ca7f81],
Adware.InstallBrain, C:\Users\Daniel\AppData\Local\Temp\Сodec Performer803912.exe, Quarantined, [c4b60729314af73fbeae10f4ad5435cb],
PUP.Optional.SweetIM, C:\Users\Daniel\AppData\Local\Temp\Shortcut_WinRARSDM.exe, Quarantined, [4634161aff7cf04600d4e07718ec8b75],
PUP.Optional.PerformerSoft.A, C:\Users\Daniel\AppData\Local\Temp\3574.tmp, Quarantined, [5e1c0927eb90b0868db73bd82ad707f9],
PUP.Optional.SweetIM, C:\Users\Daniel\AppData\Local\Temp\mgsqlite3.7z, Quarantined, [a3d76ac60279a98dc1137ed962a29c64],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp3265.tmp.exe, Quarantined, [bac0f937ff7caf8766d88d6b808158a8],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp32BF.tmp.exe, Quarantined, [ceac36fa7efd4de9eb53f1079a67c23e],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp35F.tmp.exe, Quarantined, [2a5071bf2358e452211d6296b44ddf21],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp4E35.tmp.exe, Quarantined, [4238ee429cdf6fc74cf26593758c12ee],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp533E.tmp.exe, Quarantined, [b5c547e9c7b44beb91ad9266db267888],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp5850.tmp.exe, Quarantined, [3446102085f67eb8b9858c6c877aeb15],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp59EE.tmp.exe, Quarantined, [e79354dc6c0f270f84ba788048b93ac6],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp5B69.tmp.exe, Quarantined, [6e0ccd636219c37395a9c83000019769],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp8F2E.tmp.exe, Quarantined, [7208b17fdba03cfaa89634c4728f05fb],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp977A.tmp.exe, Quarantined, [6c0e161afb806bcbf846c731857c0cf4],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmpAF9C.tmp.exe, Quarantined, [c9b14ae6a5d6a78f66d8de1aa06106fa],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmpB162.tmp.exe, Quarantined, [c0ba2c0448331c1a221ce90fb8498977],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmpB3D.tmp.exe, Quarantined, [17633af6542757dfc579bf391fe21be5],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmpC041.tmp.exe, Quarantined, [04768da35625aa8cba8454a4629f9868],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmpCB94.tmp.exe, Quarantined, [abcf76bafe7ded499da17682ec155aa6],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmpCD75.tmp.exe, Quarantined, [86f436fadc9f68ce053947b1fe032ad6],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmpDA1F.tmp.exe, Quarantined, [96e42907f08b979fce70c03822dfd030],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmpE2F3.tmp.exe, Quarantined, [c4b632fe0f6c1f17003ef10745bc05fb],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmpEB04.tmp.exe, Quarantined, [ff7b77b93a413afccc7220d817eaaa56],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmpFA36.tmp.exe, Quarantined, [d3a753dd2b50de58e856ae4aa65bcc34],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp5CBA.tmp.exe, Quarantined, [c6b449e75922ab8b4ef08e6a6b966b95],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp6D8.tmp.exe, Quarantined, [80fa6bc569123501221cf602ad5448b8],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp6E96.tmp.exe, Quarantined, [3e3cba7649322214023cbc3cf80901ff],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp707C.tmp.exe, Quarantined, [02788da39eddce688cb234c48c75c23e],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp810B.tmp.exe, Quarantined, [a3d7240c84f7f2441c225c9c6c95af51],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp85B4.tmp.exe, Quarantined, [d0aa62cefe7d191dab938e6a79889e62],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp86DF.tmp.exe, Quarantined, [126856da6b10dd59ce7051a7669be21e],
Trojan.Agent.TMPH, C:\Users\Daniel\AppData\Local\Temp\tmp8D72.tmp.exe, Quarantined, [cfab0e22f78439fdc17de513867b9967],
PUP.Optional.BonanzaDeals.A, C:\Users\Daniel\AppData\Local\Temp\is701137889\287665410_stp\bd.exe, Quarantined, [3a40ac8492e993a391d99a85976aa060],
PUP.Optional.Babylon.A, C:\Users\Daniel\AppData\Local\Temp\DM\zipper_031\software\Babylon115935.exe, Quarantined, [de9c43ed1269da5cd3eae13d38c808f8],
PUP.Optional.SweetIM, C:\Users\Daniel\AppData\Local\Temp\2827278562\chromeupdaterfull.exe, Quarantined, [cab0e64a8cefbf77b81c93c44abaaa56],
PUP.Optional.Babylon.A, C:\Users\Daniel\AppData\Local\Temp\7F946534-BAB0-7891-8B54-24EC0C22880C\Setup.exe, Quarantined, [df9b9c946f0c69cdd3e436e8a0600ff1],
PUP.Optional.BabylonToolBar.A, C:\Users\Daniel\AppData\Local\Temp\7F946534-BAB0-7891-8B54-24EC0C22880C\Latest\MyBabylonTB.exe, Quarantined, [5624c769bac1c373d5537e969d64e020],
PUP.Optional.Babylon.A, C:\Users\Daniel\AppData\Local\Temp\F992E4AF-BAB0-7891-9FCE-20746F3D2D0D\Setup.exe, Quarantined, [e2987fb1403bde589cde4ad7d12fb14f],
PUP.Optional.BabylonToolBar.A, C:\Users\Daniel\AppData\Local\Temp\F992E4AF-BAB0-7891-9FCE-20746F3D2D0D\Latest\MyBabylonTB.exe, Quarantined, [01797db3394251e52206888cb948b54b],
PUP.Optional.BesttoolBars, C:\Users\Daniel\AppData\Local\Temp\ibtmpc810632\app_12716, Quarantined, [b6c482ae1f5cde58eb6c94a0966a9769],
PUP.Optional.PCPerformer.A, C:\Users\Daniel\AppData\Local\Temp\ibtmpc810632\app_4213.decrpt, Quarantined, [601aa0901a617eb840ada95d4bb6ee12],
PUP.Optional.ToolBarInstaller.A, C:\Users\Daniel\AppData\Local\Temp\ibtmpc810632\app_9084, Quarantined, [b1c9e54ba2d9d46291c625e636ce42be],
PUP.Optional.ToolBarInstaller.A, C:\Users\Daniel\AppData\Local\Temp\ibtmpc810632\BuenoSearchTB, Quarantined, [f2888ea2ee8d290d77e0de2dc0447a86],
PUP.Optional.PCPerformer.A, C:\Users\Daniel\AppData\Local\Temp\ibtmpc810632\PCPerformerSetup, Quarantined, [c6b4f23eb0cbb383e00d13f356ab40c0],
PUP.Optional.BesttoolBars, C:\Users\Daniel\AppData\Local\Temp\ibtmpc810632\SpeedanAlysisSetup, Quarantined, [bcbea090e59664d271e689abe9173fc1],
PUP.Optional.4Shared, C:\Users\Daniel\Documents\progamas\4shared_desktop_3.3.5.exe, Quarantined, [aad0bf71e19ad165afaab56920e0ae52],
Trojan.RepackSMS, C:\Users\Daniel\Documents\progamas\arquivo.exe, Quarantined, [275390a0700b4fe77fb62f5601ff8878],
Trojan.RepackSMS, C:\Users\Daniel\Documents\progamas\cd.exe, Quarantined, [d9a13df37209dd59d65f7f0655abd729],
Adware.Agent, C:\Users\Daniel\Documents\progamas\FlvPlayerSetup.exe, Quarantined, [b9c179b7176441f541004831cf3144bc],
PUP.Optional.InstallCore.A, C:\Users\Daniel\Downloads\skype-6732102-32-bits.exe, Quarantined, [e09a4de3daa183b334fd0018d829c43c],
PUP.Optional.InstallBrain, C:\Users\Daniel\Downloads\RocketPDFSetup.exe, Quarantined, [e39787a9ff7c8aac348c0f25f40cbf41],
PUP.Optional.SweetIM, C:\Windows\Installer\468868.msi, Quarantined, [b2c8aa86b4c7c47221b30255c242de22],
PUP.Optional.SweetIM, C:\Windows\Installer\468863.msi, Quarantined, [a6d40927b0cb0a2cc01477e009fb5ca4],
PUP.Optional.Iminent.A, C:\Windows\Installer\3fffd40.msi, Quarantined, [0773210ffc7f93a3152b8aa0bb46cc34],
PUP.Optional.SweetIM, C:\Windows\Installer\468859.msi, Quarantined, [13679f915d1edb5bf1e3f166bf456799],
PUP.Optional.SweetIM, C:\Windows\Installer\46885e.msi, Quarantined, [c8b2d35da9d22f07567ebf98dc28c43c],
PUP.Optional.Softonic.A, C:\Windows.old\$Recycle.Bin\S-1-5-21-4243413826-641567297-652289554-1000\$RM32ULF.exe, Quarantined, [8feb260a542771c5565bf923b150629e],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarApp.dll, Quarantined, [83f738f886f52a0cc36660b459a8e818],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarEng.dll, Quarantined, [6e0c75bb98e37cba9e8b0113ed14ad53],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarsrv.exe, Quarantined, [88f2e34d28539c9a3dec779d758c7f81],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll, Quarantined, [3c3e220e0b706bcbf1385bb9926f6e92],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\uninstall.exe, Quarantined, [403abb759dded462f533f51fe51c2dd3],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll, Quarantined, [3b3fe34d83f83006d5548c8853ae837d],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll, Quarantined, [f08a52de770468cefd2cf321ae53f60a],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe, Quarantined, [de9cd0603744330308218a8a649d08f8],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll, Quarantined, [87f340f06e0de353092050c4d52cc53b],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe, Quarantined, [c4b6f63ab4c7b482f53370a4818016ea],
Adware.Eorezo, C:\Windows.old\Program Files\Tuto4pc\tutoriaisslimba.exe, Quarantined, [55252d036912f442159831620ff10af6],
PUP.Optional.Tuto4PC, C:\Windows.old\Program Files\Tuto4pc\TutoriaisSlimbaBHO.dll, Quarantined, [7bff0d2332497cba773e62e7bc48a858],
PUP.Optional.Dealply, C:\Windows.old\Program Files\PC MEGA RAPIDO PRO 2.1\dealply.exe, Quarantined, [daa03000f18ae155fd1aef6943c1f10f],
PUP.DealPly, C:\Windows.old\Program Files\DealPly\DealPlyIE.dll, Quarantined, [c1b9260a86f5ca6c22795ef849bbb848],
PUP.Optional.Dealply, C:\Windows.old\Program Files\DealPly\DealPlyTune.dll, Quarantined, [9cde3df3205bfe38f720b4a41aeac23e],
PUP.Optional.Dealply, C:\Windows.old\Program Files\DealPly\DealPlyUpdate.exe, Quarantined, [4e2c0f21374448eef720d583cb391ae6],
PUP.Optional.Dealply, C:\Windows.old\Program Files\DealPly\DealPlyUpdateRun.exe, Quarantined, [84f608282a513afc8e89d088af55f40c],
PUP.Optional.Dealply, C:\Windows.old\Program Files\DealPly\uninst.exe, Quarantined, [13673cf458237eb842d51f39b64ea55b],
PUP.Optional.InstallCore, C:\Windows.old\Program Files\FLVPlayer\FLVPlayer.exe, Quarantined, [85f5de52b1ca91a55b772704e020946c],
Adware.Agent, C:\Windows.old\Program Files\FLVPlayer\Uninstall\Uninstall.exe, Quarantined, [ccae7bb5f685221445a047389070847c],
PUP.FunMoods, C:\Windows.old\Program Files\Funmoods\funmoods\1.5.12.2\funmoodsApp.dll, Quarantined, [aecc131d1a617db92a3aabd9f50b3ac6],
PUP.FunMoods, C:\Windows.old\Program Files\Funmoods\funmoods\1.5.12.2\funmoodsEng.dll, Quarantined, [8ded0e221c5f62d4f76dbcc8ce32ec14],
PUP.FunMoods, C:\Windows.old\Program Files\Funmoods\funmoods\1.5.12.2\funmoodssrv.exe, Quarantined, [accea888fc7f9d99fd67b0d4cd33bc44],
PUP.FunMoods, C:\Windows.old\Program Files\Funmoods\funmoods\1.5.12.2\funmoodsTlbr.dll, Quarantined, [423842ee37444de94024daaa1fe148b8],
PUP.FunMoods, C:\Windows.old\Program Files\Funmoods\funmoods\1.5.12.2\uninstall.exe, Quarantined, [4f2bbf71512a85b1d88c8bf99a6652ae],
PUP.Funmoods, C:\Windows.old\Program Files\Funmoods\funmoods\1.5.12.2\bh\funmoods.dll, Quarantined, [6d0d83ad1b6042f4fe73ee9a6799a15f],
Adware.InstallBrain, C:\Windows.old\ProgramData\IBUpdaterService\ibsvc.exe, Quarantined, [7406a987255694a2b0c8add729d7d22e],
Adware.Agent, C:\Windows.old\Users\idailton\AppData\Local\Temp\ICReinstall_FlvPlayerSetup.exe, Quarantined, [384288a8dd9e85b193aebfba1ee248b8],
Adware.Agent, C:\Windows.old\Users\idailton\AppData\Local\Temp\ICReinstall_ICReinstall_FlvPlayerSetup.exe, Quarantined, [e29810207902e4525ae7fc7db0508779],
Adware.Agent, C:\Windows.old\Users\idailton\AppData\Local\Temp\ICReinstall_ICReinstall_ICReinstall_FlvPlayerSetup.exe, Quarantined, [4a3090a0265515214af74435728e44bc],
PUP.Optional.Babylon.A, C:\Windows.old\Users\idailton\AppData\Local\Temp\is1373634743\MyBabylonTB.exe, Quarantined, [8befe14fde9d67cfebd2c35b22de6c94],
PUP.Optional.Babylon.A, C:\Windows.old\Users\idailton\AppData\Local\Temp\is1590112554\MyBabylonTB.exe, Quarantined, [304a9997601b8caa6f4e0816dd235da3],
PUP.Optional.Dealply, C:\Windows.old\Users\idailton\AppData\Local\Temp\is233770471\dealply.exe, Quarantined, [4337a789ed8ebe785eb912467a8a6c94],
PUP.FunMoods, C:\Windows.old\Users\idailton\AppData\Local\Temp\is233770471\FM_base.exe, Quarantined, [de9cfe323a41cd69f07490f43ac6936d],
PUP.Optional.Babylon.A, C:\Windows.old\Users\idailton\AppData\Local\Temp\is701137889\MyBabylonTB.exe, Quarantined, [e49638f85724b3831f9e2ef020e07f81],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Users\idailton\AppData\Local\Temp\C0D50FE8-BAB0-7891-A685-358481900474\MyBabylonTB.exe, Quarantined, [502a59d71a61b6800c1c8d874db47789],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Users\idailton\AppData\Local\Temp\4DD7C5F1-BAB0-7891-AE53-CE846236F8E4\MyBabylonTB.exe, Quarantined, [0e6ccc6490ebcd6947e136debf425ba5],
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Users\idailton\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe, Quarantined, [285270c0b5c6f2445bcdeb297091817f],
PUP.Tuto4PC, C:\Windows.old\Users\idailton\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateTutoriaisSlimba.exe, Quarantined, [bfbbf43c2e4dff378e08e58246ba7e82],
PUP.Optional.4Shared, C:\Windows.old\Users\idailton\Documents\progamas\4shared_desktop_3.3.5.exe, Quarantined, [5f1b0b25c7b46dc96fea1a04e719669a],
Trojan.RepackSMS, C:\Windows.old\Users\idailton\Documents\progamas\arquivo.exe, Quarantined, [56241a161c5f2115ac89691c09f73dc3],
Trojan.RepackSMS, C:\Windows.old\Users\idailton\Documents\progamas\cd.exe, Quarantined, [e9918ba5b2c9d66031044c3938c8b24e],
Trojan.RepackSMS, C:\Windows.old\Users\idailton\Documents\progamas\pcmegarapido.exe, Quarantined, [82f856da39426bcb72c3e69fe7194cb4],
PUP.FunMoods, C:\Windows.old\Users\idailton\Documents\progamas\setup.exe, Quarantined, [b9c1b17f7407ff37343099ebc937be42],
PUP.Optional.Softonic.A, C:\Windows.old\Users\idailton\Documents\progamas\SoftonicDownloader_para_nero-gratis.exe, Quarantined, [384264cca3d8aa8ce3cef22a857c9b65],
PUP.Optional.Softonic.A, C:\Windows.old\Users\idailton\Documents\progamas\SoftonicDownloader_para_nokia-pc-suite.exe, Quarantined, [691187a983f860d6c1f08c90ac55ec14],
PUP.Optional.Softonic.A, C:\Windows.old\Users\idailton\Documents\progamas\SoftonicDownloader_para_orbit-downloader.exe, Quarantined, [4436bb7543385cda6051e438669b7e82],
PUP.Optional.Softonic.A, C:\Windows.old\Users\idailton\Documents\progamas\SoftonicDownloader_para_realtek-hd-audio-drivers.exe, Quarantined, [52281e127407c670d6db9c8015ec01ff],
Adware.Agent, C:\Windows.old\Users\idailton\Documents\progamas\FlvPlayerSetup.exe, Quarantined, [0377b7791f5caa8c49f8f2875da30ef2],
PUP.Optional.Dealply, C:\Windows.old\Users\idailton\Documents\progamas\PC MEGA RAPIDO PRO 2.1\dealply.exe, Quarantined, [d6a42907c4b7d95d2ee998c0f212e020],
PUP.AdBundle, C:\Windows.old\Users\idailton\Downloads\dwg-viewer-70111-baixaki-32-bits-18102012191519.exe, Quarantined, [37430e2298e3b0865b01cedcc33dcd33],
PUP.Optional.4Shared, C:\Windows.old\Users\idailton\Downloads\4shared_desktop_3.3.5.exe, Quarantined, [0872a18fa7d4e254acad32eccd33738d],
Adware.InstallBrain, C:\Windows.old\Users\idailton\Downloads\DriverPerformer_RHDF.exe, Quarantined, [e5958fa12b501c1a492fa1e33ac6c63a],
PUP.Optional.Softonic.A, C:\Windows.old\Users\idailton\Downloads\SoftonicDownloader_para_drivermax.exe, Quarantined, [8eec4fe14734092d496869b357aa3ac6],
Adware.Agent, C:\Windows.old\Users\idailton\Downloads\MediaPlayerSetup.exe, Quarantined, [9bdf052b374457dfcd18d6a914ece11f],
Adware.Bundler, C:\Windows.old\Users\idailton\Downloads\Microsoft_Office_2010.exe, Quarantined, [abcf83adc6b5cc6ae1babccc53ad20e0],
PUP.Optional.Softonic.A, C:\Windows.old\Users\idailton\Downloads\SoftonicDownloader_para_google-earth.exe, Quarantined, [7307e749116a60d67e33e13bd62be719],
PUP.BProtector, C:\Windows.old\Windows\System32\protector.dll, Quarantined, [c1b9210f4b30a690169b9a3936cb9070],
RiskWare.Tool.CK, E:\EasyWare Multi-KeyFile Generator.exe, Quarantined, [39411b15760577bfa65a044b08fc916f],
PUP.Riskware.Patcher, E:\nero.14.platinum.v15.0.02200_patch.exe, Quarantined, [3a403ef2b6c53cfa616b3ace5fa20bf5],
Hacktool.ChewWGA, E:\ATIVADORES\Atvadores Windows 7\chave ativação windows 7.rar, Quarantined, [9ae0c56baecd0a2c701cb98e9967ee12],
Hacktool.ChewWGA, E:\ATIVADORES\Atvadores Windows 7\chave ativação windows 7\Ativador windows.rar, Quarantined, [f288d15f384345f11f6db394cf3148b8],
HackTool.Wpakill, E:\ATIVADORES\Atvadores Windows 7\chave ativação windows 7\Remove.rar, Quarantined, [28522d0312699e985240a5a26e92da26],
Hacktool.ChewWGA, E:\ATIVADORES\Atvadores Windows 7\chave ativação windows 7\Ativador CW By Lucas Maisteer\CW By Lucas Maisteer.eXe, Quarantined, [a7d3dc5495e6d0662f5da99edf2114ec],
HackTool.Wpakill, E:\ATIVADORES\Atvadores Windows 7\chave ativação windows 7\RemoveWat 2.2.5 By Lucas Maisteer\RemoveWat 2.2.5 By Lucas Maisteer.exe, Quarantined, [abcfe24e17641f179bf750f736ca1ae6],
HackTool.Activator, E:\ATIVADORES\Ativador Windows 8 Definitivo\Ativador Windows 8 Definitivo.rar, Quarantined, [4337aa863a41de587e8f4eb75ca612ee],
HackTool.Activator, E:\ATIVADORES\Ativador Windows 8 Definitivo\Ativador Windows 8 Definitivo\Ativador W8 Definitivo.exe, Quarantined, [0b6f8da3c6b5f541a766788d9270c937],
Rogue.Link, C:\Users\Public\Desktop\MP3 Downloader.lnk, Quarantined, [5f1bb080205b6accc0405f5f9171e719],
Adware.InstallBrain, C:\ProgramData\IBUpdaterService\repository.xml, Quarantined, [1763a38df9829e9806ba1b5d73900ef2],
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, Quarantined, [b5c5052b0d6e4fe7c481722cfb08b749],
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk, Quarantined, [b5c5052b0d6e4fe7c481722cfb08b749],
PUP.OPtional.Dealply.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk, Quarantined, [b5c5052b0d6e4fe7c481722cfb08b749],
PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\SearchTheWeb.lnk, Quarantined, [641640f0b7c404323364ecb2a360837d],
PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Blog.lnk, Quarantined, [641640f0b7c404323364ecb2a360837d],
PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\FAQ.lnk, Quarantined, [641640f0b7c404323364ecb2a360837d],
PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Help.lnk, Quarantined, [641640f0b7c404323364ecb2a360837d],
PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Iminent.lnk, Quarantined, [641640f0b7c404323364ecb2a360837d],
PUP.Optional.DealPly.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\config.dat, Quarantined, [ec8e66ca57241323ad9989dccf339a66],
PUP.Optional.DealPly.A, C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe, Quarantined, [ec8e66ca57241323ad9989dccf339a66],
PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1033.11575f00-7bdc-4181-ba0a-b298aeab228c.dat, Quarantined, [1e5ce24e15662214cb7d9dc869990ff1],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, Quarantined, [f684f43ccab1f1451262afb7877bf10f],

Physical Sectors: 0
(No malicious items detected)


(end)

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Daniel on 30/04/2014 at 11:22:14,09.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Daniel\Desktop\zoek.pif [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-04-30-135738.log 1223 bytes

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-840133867-106172080-2313266223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{15A92BC2-F4BE-497D-8EAA-95D45DA4024B} deleted successfully
HKEY_USERS\S-1-5-21-840133867-106172080-2313266223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{395CCBA6-00E6-49F6-A856-CE231A21E3D9} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

"C:\Windows\Installer\3fffd40.msi" not found
C:\Program Files\GUM7BF5.tmp deleted
C:\Program Files\Yahoo! deleted
C:\PROGRA~2\Ask deleted
C:\PROGRA~2\SweetIM deleted
C:\PROGRA~2\Iminent deleted
C:\PROGRA~2\Babylon deleted
C:\Users\Daniel\AppData\Local\avgchrome deleted
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\4d2.js deleted
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4d2.js deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted
C:\Windows\system32\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted
C:\user.js deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted
C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com deleted
C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com deleted
C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers deleted
C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [03/11/2012 16:12]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"speedtest4354@BestOffers"="C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers" []

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/03/2013 20:29]
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[03/11/2012 16:12]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02/10/2012 11:14]

YouTube - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Iminent Toolbar - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn
avast WebRep - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
RealPlayer HTML5Video Downloader Extension - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Skype Click to Call - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_portugues.babylon.com_0.localstorage deleted successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_portugues.babylon.com_0.localstorage-journal deleted successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage deleted successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Start Page Before"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Page Before"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page Before"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Start Page Before"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{searchTerms} Unknown  Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-840133867-106172080-2313266223-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-840133867-106172080-2313266223-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-840133867-106172080-2313266223-1000\Software\Mozilla\Firefox\Extensions\speedtest4354@BestOffers deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Daniel\Desktop\Google Chrome.lnk - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\Desktop\Kalline - Atalho.lnk - C:\Users\Daniel\Documents\Kalline aulas 2013
C:\Users\Daniel\Desktop\Kalline aulas 2014 - Atalho.lnk - C:\Users\Daniel\Documents\Kalline aulas 2014
C:\Users\Daniel\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Daniel\Desktop\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
C:\Users\Daniel\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Daniel\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Daniel\Desktop\Photoshop - Atalho.lnk - C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe
C:\Users\Daniel\Desktop\RocketPDF.lnk - C:\Program Files\RocketPDF\RocketPDF.exe
C:\Users\Daniel\Desktop\Serra da Capivara - Atalho.lnk - C:\Users\Daniel\Documents\Serra da Capivara
C:\Users\Daniel\Desktop\Video Performer.lnk - C:\Program Files\VideoPerformer\VideoPerformer.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk - C:\Program Files\AutoCAD 2010\acad.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -  
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\RealPlayer.lnk - C:\Program Files\Real\RealPlayer\realplay.exe /launch:desktop
C:\Users\Public\Desktop\TIM Communicator.lnk - C:\Program Files\TIM Communicator\orolixcommunicator.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe  /VIDEOSEARCH
C:\Users\Public\Desktop\WinZip Manutenção inteligente do PC.lnk -  
C:\Users\Public\Desktop\WinZip System Utilities Suite.lnk - C:\Program Files\WinZip System Utilities Suite\HighestAvailable.exe C:\Program Files\WinZip System Utilities Suite\WINZIPSS.exe
C:\Users\Public\Desktop\Zipper.lnk - C:\Windows\Installer\{40B325F7-2A46-41E0-BE2F-23C19F7F101E}\_A8733889CFE09697300527.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm

==== shortcuts in Quick Launch ======================

C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WinZip System Utilities Suite.lnk - C:\Program Files\WinZip System Utilities Suite\HighestAvailable.exe C:\Program Files\WinZip System Utilities Suite\WINZIPSS.exe
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\AutoCAD 2010 - English.lnk - C:\Program Files\AutoCAD 2010\acad.exe
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TIM Communicator.lnk - C:\Program Files\TIM Communicator\orolixcommunicator.exe
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype .lnk - C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== shortcuts After Repair ======================

C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436DABD223008E24A8404BFC5C60E20B deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\436DABD223008E24A8404BFC5C60E20B deleted successfully

==== Empty IE Cache ======================

C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJX5A08E will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=191 folders=61 13135867 bytes)

==== Empty Temp Folders ======================

C:\Users\Daniel\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Daniel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJX5A08E" not found

==== EOF on 30/04/2014 at 11:43:13,94 ======================

 Baixe o programa Shortcut Cleaner acessando este link abaixo e depois clicando no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
________________________________________________________________________________________

 Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt juntamente com o relatório do Shortcut Cleaner que terá o nome de sc-cleaner.txt

Ficamos na espera.

vai também o log do sc-cleaner não sei se era necessário mas vai anexo.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Daniel on 30/04/2014 at 13:48:18,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-840133867-106172080-2313266223-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ae46c09-2ab8-4ee5-88fb-08cd0ff7f2df}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{40b325f7-2a46-41e0-be2f-23c19f7f101e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/04/2014 at 13:51:05,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por Daniel (30/04/2014 14:17:33)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16721
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1483.0
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.11

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3055 MB (70% free)
System Restore: Désactivé (Disabled)
System drive C: has 304 GB (65%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DANIEL-PC
~ User Name: Daniel
~ All Users Names: Daniel, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Daniel\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Daniel\AppData\Roaming\
~ %Desktop% : C:\Users\Daniel\Desktop\
~ %Favorites% : C:\Users\Daniel\Favorites\
~ %LocalAppData% : C:\Users\Daniel\AppData\Local\
~ %StartMenu% : C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 304 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4FEB264B47360B7296AEA4E052F88D8] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/09/2013 - 20:28:06.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/176
~ Mes musiques (My Musics) : 1/229
~ Mes Videos (My Videos) : 1/26
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 5/4233
~ Mon Bureau (My Desktop) : 1/588
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 03s



---\\ Processos lançados
[MD5.A73731A0B0A165907799E9AFB461F856] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [296096] [PID.2304]
[MD5.B52D2F8284E84C50865B7CCF592FED37] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20474528] [PID.2472]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe [841032] [PID.4052]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.3804]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (...) -- C:\Program Files\Yahoo!\Common\npyaxmpb.dll (.not file.)
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Daniel]: Video Performer.lnk . (...) -- C:\Program Files\VideoPerformer\VideoPerformer.exe (.not file.) =>PUP.VideoPerformer
~ Global Startup: 1 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Run: [177] . (...) -- C:\Program Files\167a\177.js
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [1f6] . (...) -- C:\Users\Daniel\AppData\Roaming\097\1f6.js
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-840133867-106172080-2313266223-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-840133867-106172080-2313266223-1000\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-840133867-106172080-2313266223-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-840133867-106172080-2313266223-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-840133867-106172080-2313266223-1000\..\Run: [1f6] . (...) -- C:\Users\Daniel\AppData\Roaming\097\1f6.js
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - ((no name)) - (.not file.) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpNameServer = 192.168.137.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{87CEAEEB-A90C-4934-843A-ADC7B002D59B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{9667CC6D-F475-4674-ACEA-50765139E584}: DhcpNameServer = 192.168.135.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA454AB3-0392-4A52-932D-98E5C7A3476C}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpDomain = mshome.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpNameServer = 192.168.137.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{87CEAEEB-A90C-4934-843A-ADC7B002D59B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{9667CC6D-F475-4674-ACEA-50765139E584}: DhcpNameServer = 192.168.135.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CA454AB3-0392-4A52-932D-98E5C7A3476C}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpDomain = mshome.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpNameServer = 192.168.137.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{87CEAEEB-A90C-4934-843A-ADC7B002D59B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{9667CC6D-F475-4674-ACEA-50765139E584}: DhcpNameServer = 192.168.135.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CA454AB3-0392-4A52-932D-98E5C7A3476C}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpDomain = mshome.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files\TIM Communicator\module\devicemon.exe
~ Services: 5 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{708735A2-C512-4D3D-AFBB-03F0940EE1FB}] (...) -- C:\Users\Daniel\Desktop\zoek.pif -d C:\Users\Daniel\Desktop (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000Core [910]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000Core [1030]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA [1082]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 03s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: YInstStarterUpgrade Class - {0291E591-EA41-4c82-8106-3DC6CE7F7664} . (...) -- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: YInstStarter Class - {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} . (...) -- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: YSearchSetting2 Class - {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} . (...) -- C:\Program Files\Yahoo!\Common\yinsthelper.dll
~ Active Setup: 13 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - (...) [HKLM] -- Yahoo! Companion
O42 - Logiciel: TIM Communicator - (...) [HKLM] -- OrolixCommunicator
~ Logic: 15 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKLM\Software\Orolix]
~ Key Software: 165 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/11/2013 - 06:44:56 - [] -SH-D C:\Program Files\167a
O43 - CFD: 28/04/2013 - 19:15:33 - [] ----D C:\Program Files\TIM Communicator
O43 - CFD: 28/04/2013 - 19:15:32 - [] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 22/11/2013 - 06:44:56 - [] -SH-D C:\Users\Daniel\AppData\Roaming\097
~ Program Folder: 122 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 29/04/2014 - 22:37:25 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.F7A59A74DA8778FE100B497938562308] - 30/04/2014 - 02:13:20 ---A- . (...) -- C:\Windows\ntbtlog.txt [131134]
O44 - LFC:[MD5.296602155630573B095018EEBFBCF22E] - 30/04/2014 - 10:57:38 ---A- . (...) -- C:\zoek-results2014-04-30-135738.log [1223]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/04/2014 - 11:41:46 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.B15ECF6DDA8EC0F67D7FE47301F924BD] - 30/04/2014 - 11:43:13 ---A- . (...) -- C:\zoek-results.log [19356]
O44 - LFC:[MD5.3682000F5778223A9AA474BF9FD180A1] - 30/04/2014 - 13:44:28 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128938]
O44 - LFC:[MD5.F94D5FA2A70B5CF8B749A598516FF39A] - 30/04/2014 - 13:44:28 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [666708]
O44 - LFC:[MD5.05CB4731C8DB99A319FC450E218A32B3] - 30/04/2014 - 13:45:49 ---A- . (...) -- C:\sc-cleaner.txt [1794]
~ Files: 19 Legitimates Filtered in 00mn 23s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{039dd946-7cd3-11e2-a8e6-705ab6d95d75}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{56478a8d-b050-11e2-bc63-002308e9e238}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{f1d4bc0e-68b5-11e2-a5fc-705ab6d95d75}\AutoRun\command. (...) -- F:\iLinker.exe (.not file.)
~ Keys: Scanned in 00mn 07s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoControlPanel"=
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49248]
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [164736]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:10/06/2010 - 02:14:34 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\Olicard160Usb.sys [19968]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 75 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] B2ADDD84D18C4071AA0D3EB8D1E4153C - (SearchTheWeb) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.C1974F029A2E6A44E6BB5A75762235B8] [SPRF][30/04/2014] (.Bleeping Computer, LLC - Windows shortcut cleaner..) -- C:\Users\Daniel\Desktop\sc-cleaner.exe [441592]
[MD5.DCF741DF9F654F5A2C1BEC789F53AEB3] [SPRF][08/03/2014] (...) -- C:\Users\Daniel\Desktop\zoek.com [1414742]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "90C64EA18BA25EE488BF80DCF07F2FFD" . (.Bing Bar.) -- C:\Windows\Installer\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.B65A4BF0E455E19CCE1F0E85E48CC773] [WIS][18/12/2012] (.Babylon Ltd - Babylon Chrome Toolbar.) -- C:\Windows\Installer\1268f23.msi [1045504] =>PUP.Babylon
[MD5.0E4185F75C1394897DB73CCC3368CA4B] [WIS][11/06/2012] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\2595fe.msi [475136] =>Toolbar.Bing
[MD5.A25D73A4A45222261189F86AA392EAEB] [WIS][17/01/2013] (.IMinent - IMinent Toolbar.) -- C:\Windows\Installer\3fffd45.msi [1025536] =>Adware.IMBooster
~ WIS: 3 Legitimates Filtered in 00mn 02s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32 =>Hijacker.BabSolution
HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS =>Hijacker.BabSolution
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ_RASAPI32 =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ_RASMANCS =>Adware.DomaIQ
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_14657_1102-2d0b8890_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_14657_1102-2d0b8890_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup (1)_RASAPI32 =>PUP.VideoPerformer
HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup (1)_RASMANCS =>PUP.VideoPerformer
~ BTK: 206 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
~ BCK: 6301 Legitimates Filtered in 00mn 08s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 17/01/2013 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 11/06/2012 193616 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe =>Toolbar.Bing
SS - | Demand 03/11/2012 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 19/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Demand 11/06/2012 240208 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe =>Toolbar.Bing
SR - | Auto 05/10/2011 32672 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files\TIM Communicator\module\devicemon.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/07/2012 606648 | (WINZIPSSDiskOptimizer) . (.WinZip Computing, S.L. (WinZip Computing).) - C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4

[HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent
[HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent
[HKLM\Software\Classes\Installer\Features\436DABD223008E24A8404BFC5C60E20B] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
C:\Windows\Installer\1268f23.msi =>PUP.Babylon^
C:\Windows\Installer\2595fe.msi =>Toolbar.Bing^
C:\Windows\Installer\3fffd45.msi =>Adware.IMBooster^
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^
~ Additionnel Scan: 304969 Items scanned in 00mn 29s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.VideoPerformer
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.BabSolution
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.DomaIQ
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
~ MSI: 7 link(s) detected in 00mn 00s



~ 655 Legitimates filtered by white list
End of the scan (494 lines in 01mn 44s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Daniel at 30/04/2014 14:50:01
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ CLSID MPSK: {039dd946-7cd3-11e2-a8e6-705ab6d95d75}
ELIMINÉ CLSID MPSK: {56478a8d-b050-11e2-bc63-002308e9e238}
ELIMINÉ CLSID MPSK: {f1d4bc0e-68b5-11e2-a5fc-705ab6d95d75}
ELIMINÉ: SearchScopes :B2ADDD84D18C4071AA0D3EB8D1E4153C
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_14657_1102-2d0b8890_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_14657_1102-2d0b8890_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup (1)_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup (1)_RASMANCS
ELIMINÉ: HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
ELIMINÉ: HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
ELIMINÉ: HKLM\Software\Classes\Installer\Features\436DABD223008E24A8404BFC5C60E20B
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

========== Valores do Registo ==========
ELIMINÉ RunValue: 177
ELIMINÉ RunValue: msnmsgr
ELIMINÉ RunValue: 1f6

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\daniel\desktop\video performer.lnk
ELIMINÉ: c:\program files\167a\177.js
ELIMINÉ: c:\users\daniel\appdata\roaming\097\1f6.js
ELIMINÉ: C:\Windows\Installer\1268f23.msi
ELIMINÉ: C:\Windows\Installer\3fffd45.msi
ELIMINÉ Temporários windows (116) (1.778.181 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {708735A2-C512-4D3D-AFBB-03F0940EE1FB}

========== Restauração Sistema ==========
Nenhum ponto de restauro do sistema foi criado


========== Recapitulativo ==========
21 : Chaves do Registo
3 : Valores do Registo
1 : Pastas
7 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 07s

========== Caminho do ficheiro do relatório ==========
C:\Users\Daniel\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/04/2014 14:50:04 [2940]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por Daniel (30/04/2014 15:04:11)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16721
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1483.0
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.11

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3055 MB (69% free)
System Restore: Désactivé (Disabled)
System drive C: has 304 GB (65%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DANIEL-PC
~ User Name: Daniel
~ All Users Names: Daniel, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Daniel\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Daniel\AppData\Roaming\
~ %Desktop% : C:\Users\Daniel\Desktop\
~ %Favorites% : C:\Users\Daniel\Favorites\
~ %LocalAppData% : C:\Users\Daniel\AppData\Local\
~ %StartMenu% : C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 304 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4FEB264B47360B7296AEA4E052F88D8] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/09/2013 - 20:28:06.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/176
~ Mes musiques (My Musics) : 1/229
~ Mes Videos (My Videos) : 1/26
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 5/4233
~ Mon Bureau (My Desktop) : 1/588
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.A73731A0B0A165907799E9AFB461F856] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [296096] [PID.2304]
[MD5.B52D2F8284E84C50865B7CCF592FED37] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20474528] [PID.2472]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe [841032] [PID.676]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.2412]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (...) -- C:\Program Files\Yahoo!\Common\npyaxmpb.dll (.not file.)
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-840133867-106172080-2313266223-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-840133867-106172080-2313266223-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-840133867-106172080-2313266223-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - ((no name)) - (.not file.) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpNameServer = 192.168.137.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{87CEAEEB-A90C-4934-843A-ADC7B002D59B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{9667CC6D-F475-4674-ACEA-50765139E584}: DhcpNameServer = 192.168.135.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA454AB3-0392-4A52-932D-98E5C7A3476C}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpDomain = mshome.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpNameServer = 192.168.137.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{87CEAEEB-A90C-4934-843A-ADC7B002D59B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{9667CC6D-F475-4674-ACEA-50765139E584}: DhcpNameServer = 192.168.135.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CA454AB3-0392-4A52-932D-98E5C7A3476C}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpDomain = mshome.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpNameServer = 192.168.137.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{87CEAEEB-A90C-4934-843A-ADC7B002D59B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{9667CC6D-F475-4674-ACEA-50765139E584}: DhcpNameServer = 192.168.135.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CA454AB3-0392-4A52-932D-98E5C7A3476C}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{851865D1-9202-4C68-816F-C87B29B8FD55}: DhcpDomain = mshome.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files\TIM Communicator\module\devicemon.exe
~ Services: 5 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000Core [910]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA [932]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1052]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1056]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000Core [1030]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-840133867-106172080-2313266223-1000UA [1082]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 01s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: YInstStarterUpgrade Class - {0291E591-EA41-4c82-8106-3DC6CE7F7664} . (...) -- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: YInstStarter Class - {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} . (...) -- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O40 - ASIC: YSearchSetting2 Class - {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} . (...) -- C:\Program Files\Yahoo!\Common\yinsthelper.dll
~ Active Setup: 13 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - (...) [HKLM] -- Yahoo! Companion
O42 - Logiciel: TIM Communicator - (...) [HKLM] -- OrolixCommunicator
~ Logic: 15 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKLM\Software\Orolix]
~ Key Software: 165 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/04/2013 - 19:15:33 - [] ----D C:\Program Files\TIM Communicator
O43 - CFD: 28/04/2013 - 19:15:32 - [] ----D C:\ProgramData\OrolixCommunicator
~ Program Folder: 120 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 29/04/2014 - 22:37:25 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.F7A59A74DA8778FE100B497938562308] - 30/04/2014 - 02:13:20 ---A- . (...) -- C:\Windows\ntbtlog.txt [131134]
O44 - LFC:[MD5.296602155630573B095018EEBFBCF22E] - 30/04/2014 - 10:57:38 ---A- . (...) -- C:\zoek-results2014-04-30-135738.log [1223]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/04/2014 - 11:41:46 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.B15ECF6DDA8EC0F67D7FE47301F924BD] - 30/04/2014 - 11:43:13 ---A- . (...) -- C:\zoek-results.log [19356]
O44 - LFC:[MD5.3682000F5778223A9AA474BF9FD180A1] - 30/04/2014 - 13:44:28 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [128938]
O44 - LFC:[MD5.F94D5FA2A70B5CF8B749A598516FF39A] - 30/04/2014 - 13:44:28 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [666708]
O44 - LFC:[MD5.05CB4731C8DB99A319FC450E218A32B3] - 30/04/2014 - 13:45:49 ---A- . (...) -- C:\sc-cleaner.txt [1794]
~ Files: 19 Legitimates Filtered in 00mn 01s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoControlPanel"=
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49248]
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [164736]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:10/06/2010 - 02:14:34 ---A- . (.Windows (R) Codename Longhorn DDK provider - Alcatelusb Driver.) -- C:\Windows\System32\Drivers\Olicard160Usb.sys [19968]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.C1974F029A2E6A44E6BB5A75762235B8] [SPRF][30/04/2014] (.Bleeping Computer, LLC - Windows shortcut cleaner..) -- C:\Users\Daniel\Desktop\sc-cleaner.exe [441592]
[MD5.DCF741DF9F654F5A2C1BEC789F53AEB3] [SPRF][08/03/2014] (...) -- C:\Users\Daniel\Desktop\zoek.com [1414742]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0E4185F75C1394897DB73CCC3368CA4B] [WIS][11/06/2012] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\2595fe.msi [475136] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASMANCS =>Toolbar.AVGSearch
~ BTK: 196 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
~ BCK: 6301 Legitimates Filtered in 00mn 08s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 17/01/2013 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 11/06/2012 193616 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe =>Toolbar.Bing
SS - | Demand 03/11/2012 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 19/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Demand 11/06/2012 240208 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe =>Toolbar.Bing
SR - | Auto 05/10/2011 32672 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files\TIM Communicator\module\devicemon.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/07/2012 606648 | (WINZIPSSDiskOptimizer) . (.WinZip Computing, S.L. (WinZip Computing).) - C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
C:\Windows\Installer\2595fe.msi =>Toolbar.Bing^
[HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^
~ Additionnel Scan: 304804 Items scanned in 00mn 22s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 651 Legitimates filtered by white list
End of the scan (437 lines in 00mn 54s)(0)

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

Segue em anexo os logs.

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:30-04-2014 03
Ran by Daniel at 2014-04-30 16:25:46 Run:1
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-840133867-106172080-2313266223-1000\...\Policies\Explorer: [NoControlPanel] 1
HKU\S-1-5-21-840133867-106172080-2313266223-1000\...\Policies\Explorer: [NoWindowsUpdate] 1
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SpeedAnalysis.com (HKLM\...\SpeedAnalysis.com) (Version: 1.0.0.1 - SpeedAnalysis.com) <==== ATTENTION
VideoPerformer (HKLM\...\VideoPerformer) (Version: - PerformerSoft LLC) <==== ATTENTION
end
*****************

HKU\S-1-5-21-840133867-106172080-2313266223-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKU\S-1-5-21-840133867-106172080-2313266223-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====

Faça o download do Usbfix [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (ao acessar a página clique no botão representado nesta imagem (na parte inferior direita da página) para baixá-lo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Utilize o USBFix conforme é mostrado nesta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Poste o log (relatório) do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta.

############################## | UsbFix V 7.169 | [Supressão]

Usuário: Daniel (Administrador) # DANIEL-PC
Atualizado em 31/03/2014 por El Desaparecido - Team SosVirus
Começou em 16:35:55 | 30/04/2014

Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Changelog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Support : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

CPU: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
RAM -> [Total : 3055 Mo| Free : 2403 Mo]
Bios:
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 10.0.9200.16721

SC: Security Center [(!) Disabled]
WU: Windows Update [Enabled]
AV: avast! Internet Security [(!) Disabled | Updated]
AS: avast! Internet Security [(!) Disabled | Updated]
AS: Windows Defender [Enabled | (!) Outdated]
FW: avast! Internet Security [(!) Disabled]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Disco fixo # 466 Gb (304 Mb livre - 65%) [Windows] # NTFS
D:\ -> CD-ROM
E:\ -> Disco removível # 4 Gb (3 Mb livre - 94%) [LUIZ FCO] # FAT32

################## | Processos Ativos |

C:\Windows\system32\csrss.exe (ID: 332 |ParentID: 324)
C:\Windows\system32\wininit.exe (ID: 380 |ParentID: 324)
C:\Windows\system32\csrss.exe (ID: 396 |ParentID: 372)
C:\Windows\system32\winlogon.exe (ID: 440 |ParentID: 372)
C:\Windows\system32\services.exe (ID: 480 |ParentID: 380)
C:\Windows\system32\lsass.exe (ID: 492 |ParentID: 380)
C:\Windows\system32\lsm.exe (ID: 500 |ParentID: 380)
C:\Windows\system32\svchost.exe (ID: 600 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 688 |ParentID: 480)
C:\Windows\System32\svchost.exe (ID: 776 |ParentID: 480)
C:\Windows\System32\svchost.exe (ID: 808 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 848 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 880 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 1184 |ParentID: 480)
C:\Windows\System32\spoolsv.exe (ID: 1360 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 1388 |ParentID: 480)
C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe (ID: 1472 |ParentID: 480)
C:\Program Files\TIM Communicator\module\devicemon.exe (ID: 1512 |ParentID: 480)
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (ID: 1572 |ParentID: 480)
C:\Program Files\Skype\Updater\Updater.exe (ID: 1628 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 1680 |ParentID: 480)
C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe (ID: 1720 |ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 1968 |ParentID: 480)
C:\Windows\system32\WUDFHost.exe (ID: 2036 |ParentID: 808)
C:\Windows\system32\taskhost.exe (ID: 1284 |ParentID: 480)
C:\Windows\system32\Dwm.exe (ID: 1936 |ParentID: 808)
C:\Windows\system32\taskeng.exe (ID: 1304 |ParentID: 880)
C:\Windows\Explorer.EXE (ID: 556 |ParentID: 1704)
C:\Windows\system32\taskeng.exe (ID: 2128 |ParentID: 880)
C:\Windows\system32\runonce.exe (ID: 2140 |ParentID: 556)
C:\Windows\System32\rundll32.exe (ID: 2360 |ParentID: 600)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2696 |ParentID: 600)

################## | Procura genérica |

Supprimido ! E:\WinRar 4 .lnk
Supprimido ! E:\HijackThis.exe.lnk
Supprimido ! E:\EasyWare Multi-KeyFile Generator.exe.lnk
Supprimido ! E:\ccsetup411.exe.lnk
Supprimido ! E:\Firefox Setup 28.0.exe.lnk
Supprimido ! E:\nero.14.platinum.v15.0.02200_patch.exe.lnk
Supprimido ! E:\ATF-Cleaner.exe.lnk
Supprimido ! E:\PureRa.exe.lnk
Supprimido ! E:\kavremover9.exe.lnk
Supprimido ! E:\mbam-setup-2.0.0.1000.exe.lnk
Supprimido ! E:\AdwCleaner.exe.lnk
Supprimido ! E:\avast_free_antivirus_setup.exe.lnk
Supprimido ! E:\Samsung_USB_Driver_Installer.exe.lnk
Supprimido ! E:\hijackthis.log.lnk
Supprimido ! E:\System Volume Information .lnk
Supprimido ! E:\ATIVADORES .lnk
Supprimido ! E:\Advanced SystemCare 7 .lnk

(!) Ficheiros temporários suprimido.

################## | Registro |

Reparado ! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableSR -> 0

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [Facebook Update] "C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
04 - HKLM\..\Run : []
04 - HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
04 - HKLM\..\Run : [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\..\Run : [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-840133867-106172080-2313266223-1000\..\Run : [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-840133867-106172080-2313266223-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-840133867-106172080-2313266223-1000\..\Run : [Facebook Update] "C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Listing |

[30/04/2014 - 11:43:20 | SHD] - C:\$RECYCLE.BIN
[22/11/2013 - 06:45:09 | D] - C:\08d
[18/05/2013 - 22:23:34 | D] - C:\8d706e3f00d3db13a3e05c5d8e04
[29/04/2014 - 22:38:51 | D] - C:\AdwCleaner
[20/02/2012 - 14:41:23 | D] - C:\Arquivos de Programas
[14/09/2012 - 22:28:30 | D] - C:\Autodesk
[10/06/2009 - 18:42:20 | A | 0 Ko] - C:\autoexec.bat
[30/04/2014 - 10:43:33 | D] - C:\Config.Msi
[10/06/2009 - 18:42:20 | N | 0 Ko] - C:\config.sys
[23/02/2012 - 22:15:57 | D] - C:\DigitalVideoConverter
[14/07/2009 - 01:53:55 | SHD] - C:\Documents and Settings
[05/06/2013 - 22:23:03 | D] - C:\e1a97183e9877c3be4ee
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1028.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1031.txt
[07/11/2007 - 07:00:40 | N | 10 Ko | 99C22D4A31F4EAD4351B71D6F4E5F6A1] - C:\eula.1033.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1036.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1040.txt
[07/11/2007 - 07:00:40 | N | 0 Ko | 9B15A3A055CC6E67EA191A1B7885649A] - C:\eula.1041.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.1042.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.2052.txt
[07/11/2007 - 07:00:40 | N | 17 Ko | 9147A93F43D8E58218EBCB15FDA888C9] - C:\eula.3082.txt
[30/04/2014 - 16:25:46 | D] - C:\FRST
[07/11/2007 - 07:00:40 | N | 1 Ko] - C:\globdata.ini
[20/02/2012 - 14:33:04 | D] - C:\Goldentec
[30/04/2014 - 16:35:03 | ASH | 2346372 Ko] - C:\hiberfil.sys
[07/11/2007 - 07:03:18 | N | 550 Ko | 520A6D1CBCC9CF642C625FE814C93C58] - C:\install.exe
[07/11/2007 - 07:00:40 | N | 1 Ko] - C:\install.ini
[07/11/2007 - 07:03:18 | N | 75 Ko | 4151A4D07640863783F837E588235837] - C:\install.res.1028.dll
[07/11/2007 - 07:03:18 | N | 94 Ko | 3B8A82E04238655EAEF97E074FB29911] - C:\install.res.1031.dll
[07/11/2007 - 07:03:18 | N | 89 Ko | 9EDEB8B1C5C0A4CD3A3016B85108127D] - C:\install.res.1033.dll
[07/11/2007 - 07:03:18 | N | 95 Ko | 5B6FF470CFA7087690E61F87E81EF78A] - C:\install.res.1036.dll
[07/11/2007 - 07:03:18 | N | 93 Ko | 6310AB8FC9E3DBEE80592FC453A34FEE] - C:\install.res.1040.dll
[07/11/2007 - 07:03:18 | N | 80 Ko | 13ED4517152203DE4BC52ACC0255D952] - C:\install.res.1041.dll
[07/11/2007 - 07:03:18 | N | 78 Ko | 0D4FB4095EA49C1EC89B9E8DB0B936A3] - C:\install.res.1042.dll
[07/11/2007 - 07:03:18 | N | 74 Ko | D7366B34E8AFB605C39EF56E2201FE85] - C:\install.res.2052.dll
[07/11/2007 - 07:03:18 | N | 94 Ko | 41BB37A347121F3E5E88D85100638B79] - C:\install.res.3082.dll
[25/04/2012 - 14:10:55 | RHD] - C:\MSOCache
[30/04/2014 - 16:35:05 | ASH | 3128496 Ko] - C:\pagefile.sys
[13/07/2009 - 23:37:05 | D] - C:\PerfLogs
[30/04/2014 - 14:49:59 | D] - C:\Program Files
[30/04/2014 - 11:38:38 | HD] - C:\ProgramData
[03/11/2012 - 13:12:00 | SHD] - C:\Recovery
[30/04/2014 - 13:45:49 | N | 2 Ko | 05CB4731C8DB99A319FC450E218A32B3] - C:\sc-cleaner.txt
[16/01/2013 - 17:48:10 | SHD] - C:\System Volume Information
[30/04/2014 - 16:33:59 | D] - C:\UsbFix
[30/04/2014 - 16:36:28 | A | 9 Ko | 2CDC2CF33914AF1347E95B335A6C00B5] - C:\UsbFix [Clean 2] DANIEL-PC.txt
[03/11/2012 - 13:12:17 | D] - C:\Users
[07/11/2007 - 07:00:40 | N | 6 Ko] - C:\vcredist.bmp
[07/11/2007 - 07:09:22 | N | 1409 Ko] - C:\VC_RED.cab
[07/11/2007 - 07:12:28 | N | 228 Ko] - C:\VC_RED.MSI
[30/04/2014 - 15:41:14 | D] - C:\Windows
[03/11/2012 - 13:45:54 | D] - C:\Windows.old
[30/04/2014 - 11:43:13 | N | 19 Ko] - C:\zoek-results.log
[30/04/2014 - 10:57:38 | N | 1 Ko] - C:\zoek-results2014-04-30-135738.log
[30/04/2014 - 11:39:05 | D] - C:\zoek_backup
[29/10/2013 - 09:11:40 | HD] - E:\System Volume Information
[23/01/2014 - 20:55:54 | N | 380 Ko | 9A2347903D6EDB84C10F288BC0578C1C] - E:\HijackThis.exe
[27/03/2014 - 21:00:16 | D] - E:\ATIVADORES
[02/02/2014 - 19:04:52 | D] - E:\Advanced SystemCare 7.1
[18/03/2014 - 20:36:48 | N | 4653 Ko | C8F069A68D57DA55102D58CFE24C0D72] - E:\ccsetup411.exe
[24/04/2014 - 12:07:32 | N | 24596 Ko | DAEA1730B8A5FA2856929D0AD7394C96] - E:\Firefox Setup 28.0.exe
[05/11/2013 - 10:46:30 | N | 50 Ko | D9DE89F0FAF18019BC9595F0F47BCA61] - E:\ATF-Cleaner.exe
[31/07/2011 - 16:14:38 | N | 75 Ko | 64BAEC464B396B66A353D8FC2F42A4E3] - E:\PureRa.exe
[05/02/2009 - 19:37:00 | N | 953 Ko | 6F15F0112DDCF74FD2FB070B5A3139A3] - E:\kavremover9.exe
[27/03/2014 - 17:02:56 | N | 17113 Ko | 32A7154F9934CF3AA5D945D02D069D1F] - E:\mbam-setup-2.0.0.1000.exe
[29/04/2014 - 22:31:32 | N | 1280 Ko | A8DDCC18FC3706A5752713E9CC05A0BD] - E:\AdwCleaner.exe
[25/01/2013 - 09:27:34 | D] - E:\WinRar 4.20 PT-BR + Registro
[28/10/2013 - 21:00:06 | N | 83271 Ko | 9A2C588B541EE138FD3AC00AD629C433] - E:\avast_free_antivirus_setup.exe
[21/04/2014 - 08:21:12 | N | 8276 Ko | 97DDAADC3A244878B6A2111F36485C3D] - E:\Samsung_USB_Driver_Installer.exe
[29/04/2014 - 22:06:32 | N | 13 Ko] - E:\hijackthis.log

################## | Vaccin |

E:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |

Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Instale-o e utilize-o seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste o relatório do McShield Anti-Malware Tool que terá o nome MCShield-AllScans.txt, o qual estará na área de trabalho (Desktop) de seu PC.

como não vi fazendo nenhuma varredura copiei o log direto do aplicativo.

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

>>> v 3.0.5.28 / DB: 2014.4.28.1 / Windows 7 <<<


30/04/2014 16:48:17 > Unidade C: - escaneamento iniciado (Windows ~466 GB, NTFS HDD )...



=> A unidade está limpa.


30/04/2014 16:48:17 > Unidade E: - escaneamento iniciado (LUIZ FCO ~3733 MB, FAT32 unidade flash )...



=> A unidade está limpa.