Remoção da extensão UTAdRemovalApp 2.0

Bom, meu PC está uma bagaça, estou tentando ao máximo possível concerta o que for possível. Sempre usei o Yahoo para tirar dúvidas, mas nem sempre conseguia respostas. Um usuário me indicou o fórum, e cá estou eu.

Sobre o problema:

Baixei algum programa e esse programa trouxe a extensão UoTAdRiemoValApP 2.0 para o meu PC. Essa extensão encheu meu PC de propagandas e deixou-o lerdo. Dei uma pesquisada para saber mais sobre a extensão e descobri que é desses programas colocados por Hackers no seu PC.

Outra coisa, do lado da extensão vai estar escrito ''Ativada. Instalada pela política empresarial.'' E não da para excluí-la.

É isso, gostaria de tirá-la do meu PC. Sem que eu precise formata o computador!

   Olá.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Aqui o relatório:

# AdwCleaner v3.205 - Relatório criado 02/05/2014 às 13:59:47
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium  (32 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : iSafeKrnl
Serviço Deletada : iSafeNetFilter
[#] Serviço Deletada : iSafeService

***** [ Arquivos / Pastas ] *****

[!] Pasta Deletada : C:\Program Files\iSafe
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\1H1Q
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\Extensions\quick_start@gmail.com
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\Extensions\faoeou@eau-.net
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbidhpngejjicedjgbojnmgknhnmnpgi
[!] Pasta Deletada : C:\Program Files\iSafe
[!] Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
[!] Pasta Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbidhpngejjicedjgbojnmgknhnmnpgi
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\awesomehp.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\searchplugins\Mysearchdial.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\user.js
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\awesomehp.xml
Arquivo Deletada : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\searchplugins\Mysearchdial.xml

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{979F9A62-63A0-4E7C-AAB4-0750DEDEBBA1}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{979F9A62-63A0-4E7C-AAB4-0750DEDEBBA1}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E25C1B6C-6182-3927-0535-867DA4E8FC7F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E25C1B6C-6182-3927-0535-867DA4E8FC7F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E25C1B6C-6182-3927-0535-867DA4E8FC7F}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E25C1B6C-6182-3927-0535-867DA4E8FC7F}
Chave Deletedo : HKCU\Software\V9
Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\Software\awesomehpSoftware
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Chave Deletedo : HKLM\Software\iSafe

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16514

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (pt-BR)

[ Arquivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js ]

Linha deletada : user_pref("aol_toolbar.default.homepage.check", false);
Linha deletada : user_pref("aol_toolbar.default.search.check", false);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.NxKT1jWZa.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"[...]
Linha deletada : user_pref("extensions.Ou2Ed.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1[...]
Linha deletada : user_pref("extensions.enabledAddons", "%7BF17C1572-C9EC-4e5c-A542-D05CBB5C5A08%7D:10.0.5.1,daplinkchecker%40speedbit.com:1.0.1.8,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0");
Linha deletada : user_pref("extensions.mysearchdial.AL", 2);
Linha deletada : user_pref("extensions.mysearchdial.aflt", "dsites0301");
Linha deletada : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Linha deletada : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0DtDyCyDyDtAtG0DyD0DzytGy[...]
Linha deletada : user_pref("extensions.mysearchdial.cr", "854936854");
Linha deletada : user_pref("extensions.mysearchdial.dfltLng", "");
Linha deletada : user_pref("extensions.mysearchdial.dfltSrch", true);
Linha deletada : user_pref("extensions.mysearchdial.dnsErr", true);
Linha deletada : user_pref("extensions.mysearchdial.excTlbr", false);
Linha deletada : user_pref("extensions.mysearchdial.hmpg", true);
Linha deletada : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCt[...]
Linha deletada : user_pref("extensions.mysearchdial.id", "6466B300D2E5E84D");
Linha deletada : user_pref("extensions.mysearchdial.instlDay", "16133");
Linha deletada : user_pref("extensions.mysearchdial.instlRef", "0211_a");
Linha deletada : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBt[...]
Linha deletada : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Linha deletada : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Linha deletada : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Linha deletada : user_pref("extensions.mysearchdial.tlbrId", "base");
Linha deletada : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDt[...]
Linha deletada : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Linha deletada : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Linha deletada : user_pref("extensions.mysearchdial_i.newTab", false);
Linha deletada : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Linha deletada : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.00:29:16");
Linha deletada : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Linha deletada : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
Deletedo [Extension] : fbidhpngejjicedjgbojnmgknhnmnpgi
Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [9899 octets] - [02/05/2014 13:57:45]
AdwCleaner[R1].txt - [10527 octets] - [02/05/2014 13:58:28]
AdwCleaner[S0].txt - [10075 octets] - [02/05/2014 13:59:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10136 octets] ##########

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 02/05/2014
Hora da Verificação: 16:00:03
Logfile: LOG.txt
Administrador: Sim

Versão: 2.00.1.1004
Malware Database: v2014.05.02.10
Rootkit Database: v2014.03.27.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Chameleon: Desabilitado

OS: Windows 7
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Usuario

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 339081
Tempo Decorrido: 1 hr, 3 min, 52 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 22
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{920A4C19-53FB-38A8-BC00-B9F37CA70339}, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{920A4C19-53FB-38A8-BC00-B9F37CA70339}, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\BiutSAver.BiutSAver, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\BiutSAver.BiutSAver.5.1, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1574201965-1944898624-3258338672-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{920A4C19-53FB-38A8-BC00-B9F37CA70339}, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1574201965-1944898624-3258338672-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{920A4C19-53FB-38A8-BC00-B9F37CA70339}, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{920A4C19-53FB-38A8-BC00-B9F37CA70339}, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{920A4C19-53FB-38A8-BC00-B9F37CA70339}\INPROCSERVER32, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}, Quarantined, [ffa361eb12692a0c184268df07fa36ca],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [5052341877049e985bd460519073ac54],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [b3ef113b2e4d0234e7480da4649ffc04],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [f9a9e5677b004aecf837a30e17ec837d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [dfc3f9533843d95db778892825de6f91],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [a7fb0a427407b2842f002a8746bdc23e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [554da4a8b8c35ed817185958917224dc],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [6042103c58232c0af33c5b5661a27c84],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [dac88fbd5b20f046939cbff2be45f20e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [8220e765ec8fdd5931fe446d8281c040],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [d7cb8fbdfe7dee4806293c753fc4b14f],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [683a9cb04b30af8762cdad0411f249b7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [1b87ea626714ea4c9996ab06857eba46],
PUP.Optional.BeatTool.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update BeatTool, Quarantined, [5a4868e4ccafa690b511126dbe44c33d],

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 5
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\content, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\content\images, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\defaults, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\defaults\preferences, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],

Arquivos: 50
PUP.Optional.MultiPlug.A, C:\ProgramData\BitSAVer\gtJ.dll, Quarantined, [257d47054536092d1a404106f40d6a96],
PUP.Optional.MultiPlug.A, C:\Program Files\surf aand keep\MpIFdlJIO2.dll, Quarantined, [871be369f388ee4870eabb8c8180e31d],
PUP.Optional.MultiPlug.A, C:\Program Files\surf aand keep\MpIFdlJIO2.x64.dll, Quarantined, [efb30e3e4f2cef47ee6ce06727da38c8],
PUP.Optional.MultiPlug.A, C:\ProgramData\BitSAVer\gtJ.exe, Quarantined, [ffa361eb12692a0c184268df07fa36ca],
Rootkit.0access, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini, Quarantined, [f5ad0d3fbbc07cba6955089827d910f0],
PUP.Optional.BeatTool.A, C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RI1UHGB\Setup[1].exe, Quarantined, [b2f095b7304bc5714f7d9acb7b863ec2],
PUP.Optional.Amonetize.A, C:\Users\Usuario\AppData\Local\Temp\Launcher__4051_il604.exe, Quarantined, [9b07dc7096e52313e17b8eae808012ee],
PUP.Optional.ToolBarInstaller.A, C:\Users\Usuario\AppData\Local\Temp\130214_p.exe, Quarantined, [822059f3b0cb95a19dfe9777c53f9967],
PUP.Optional.BeatTool.A, C:\Users\Usuario\AppData\Local\Temp\130214_t.exe, Quarantined, [dbc766e6384377bf16493eee689c3dc3],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Local\Temp\130214_y.exe, Quarantined, [bfe35defd2a956e0cdc9182758a914ec],
PUP.Optional.InstallCore, C:\Users\Usuario\Downloads\Programas\ccleaner-4114619-32-bits.exe, Quarantined, [980a0448ee8d15211be32cf9d62ee61a],
PUP.Optional.InstallCore, C:\Users\Usuario\Downloads\Programas\download-accelerator-plus-10053-32-bits.exe, Quarantined, [c5ddbf8d067585b18220719422e2ee12],
PUP.Optional.Rapiddown, C:\Users\Usuario\Downloads\Programas\Media Player Classic - Home Cinema.exe, Quarantined, [f6ac2725df9c39fdc2c445f4f40c28d8],
PUP.Optional.Rapiddown, C:\Users\Usuario\Downloads\Programas\Revo Uninstaller.exe, Quarantined, [445e2b216e0dfc3a2a5c58e11ae67090],
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\searchplugins\Mysearchdial.xml, Quarantined, [bde5de6e611a0f2772f9146dcf339f61],
PUP.Optional.Awesomehp.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\awesomehp.xml, Quarantined, [3072b498d1aa01351aae9aee34ce9c64],
PUP.Optional.MindSpark.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zwinky.dl.tb.ask.com_0.localstorage, Quarantined, [782a09432a51d95dbdeb17a7f80b6d93],
PUP.Optional.MindSpark.A, C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zwinky.dl.tb.ask.com_0.localstorage-journal, Quarantined, [772bd07c5d1e78bea7014e7050b3837d],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\chrome.manifest, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\install.rdf, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\content\savesense.xul, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\content\images\icon32.png, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.SaveSense.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}\defaults\preferences\defaults.js, Quarantined, [554dad9fd3a82a0c65e4fe6fa26009f7],
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.AL", 2), Replaced,[8c16470542391f17e213aeb515efad53]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.aflt", "dsites0301"), Replaced,[2181af9d661573c3d5203e2504000df3]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"), Replaced,[b5ed70dc56255fd74fa6c59e7292f30d]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0DtDyCyDyDtAtG0DyD0DzytGyEzzyEzytGtC0C0D0AtGtBzyyD0C0EyDtBzyyDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEyEzy0FtD0FtGtAzy0B0FtG0CtDtBzztGtBzzyD0DtGtCtA0CyEyC0BzyyCyByCtDyC2Q"), Replaced,[742e5bf1d5a68da9b63f4d16b054a65a]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cr", "854936854"), Replaced,[3a687ece2a514ee84da8392a5fa511ef]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltLng", ""), Replaced,[861c58f47407cc6a9461f56ecf3544bc]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dfltSrch", true), Replaced,[e1c14b010f6c0d2935c09dc641c3e41c]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dnsErr", true), Replaced,[534f82caa1da88ae17de91d2df2537c9]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.excTlbr", false), Replaced,[a6fcf3596e0dea4c609592d13dc7df21]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpg", true), Replaced,[02a0d8747dfeef4744b1372cea1a6898]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0DtDyCyDyDtAtG0DyD0DzytGyEzzyEzytGtC0C0D0AtGtBzyyD0C0EyDtBzyyDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEyEzy0FtD0FtGtAzy0B0FtG0CtDtBzztGtBzzyD0DtGtCtA0CyEyC0BzyyCyByCtDyC2Q&cr=854936854&ir="), Replaced,[d4ce8ac2adce90a6cb2a085bec18a45c]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.id", "6466B300D2E5E84D"), Replaced,[673b58f40d6e2e08a055f27126de2ed2]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlDay", "16133"), Replaced,[2b771b316219ff377e77f96ae2229d63]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.instlRef", "0211_a"), Replaced,[7b27d775097283b39461560d8c7854ac]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0DtDyCyDyDtAtG0DyD0DzytGyEzzyEzytGtC0C0D0AtGtBzyyD0C0EyDtBzyyDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEyEzy0FtD0FtGtAzy0B0FtG0CtDtBzztGtBzzyD0DtGtCtA0CyEyC0BzyyCyByCtDyC2Q&cr=854936854&ir="), Replaced,[c8da5fed512a3afc31c4c2a1768e27d9]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prdct", "mysearchdial"), Replaced,[faa8ee5ea1da52e48471d192d232ab55]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"), Replaced,[9c066be199e270c6668fcb98d0348878]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"), Replaced,[8c165eee2c4f1422b63fb1b28f75aa56]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrId", "base"), Replaced,[dbc7ea622853d1651dd8afb44cb851af]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=dsites0301&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0C0DtDyCyDyDtAtG0DyD0DzytGyEzzyEzytGtC0C0D0AtGtBzyyD0C0EyDtBzyyDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyEyEzy0FtD0FtGtAzy0B0FtG0CtDtBzztGtBzzyD0DtGtCtA0CyEyC0BzyyCyByCtDyC2Q&cr=854936854&ir=&q="), Replaced,[2f730943ee8daf8728cd91d2db2958a8]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsn", "1.8.29.0"), Replaced,[01a1cb810b70d462f0052b388d773fc1]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.vrsni", "1.8.29.0"), Replaced,[cdd5b6962f4c75c185706af9d72dcb35]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.newTab", false), Replaced,[3072d37985f60a2c52a3f271030104fc]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.smplGrp", "none"), Replaced,[b7eb8ebe7209ed49995c3c27d33131cf]
PUP.Optional.MySearchDial.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.00:29:16"), Replaced,[346ed874b2c99c9a44b1ee7527dd5ea2]
PUP.Optional.Babylon.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkDS", 0), Replaced,[0c961b3186f5f83e10ee214237cd827e]
PUP.Optional.Babylon.A, C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtkHmpg", 0), Replaced,[960c3a12b1ca9f97dc224d167490e31d]

Physical Sectors: 0
(No malicious items detected)


(end)

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Usuario on 02/05/2014 at 16:37:25,24.
Microsoft Windows 7 Home Premium  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\AppData\Local\Temp\Rar$DIa0.112\zoek.scr    [Scan all users] [Script inserted]

==== System Restore Info ======================

02/05/2014 16:39:22 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeNetFilter deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js:
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.search.defaulturl", "");
user_pref("browser.newtab.url", "about:blank");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default

user.js not found
---- Lines speedbit modified from prefs.js ----

user_pref("extensions.enabledAddons", "%7BF17C1572-C9EC-4e5c-A542-D05CBB5C5A08%7D:10.0.5.1,daplinkchecker%40speedbit.com:1.0.1.8,%7B972ce4c6-7e08-4474
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "dsites0301");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyCyEyCyC0BtAtDtD0DtB0EyD0EzzyE0DtN0D0Tzu0SyBzytAtN1L2XzutBtFtCzztFtAtFtDtN1L1CzutDtBtCtC1V1TtN1
user_pref("extensions.irmysearch.cr", "854936854");
user_pref("extensions.irmysearch.instlRef", "0211_a");
---- Lines Sweet removed from prefs.js ----
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines extensions.NxKT1jWZa removed from prefs.js ----
user_pref("extensions.NxKT1jWZa.epoch", "1398771322");
user_pref("extensions.NxKT1jWZa.url", "http://driverguidemy.ru/sync2/?q=hfZ9oehMDdnMCyVUojaMg708BNmGWj8ckShGheDUojw9rdsFrjwEqjw8rGhIC7n0rjnEqds5rjwHqj
---- Lines extensions.Ou2Ed removed from prefs.js ----
user_pref("extensions.Ou2Ed.epoch", "1398771323");
user_pref("extensions.Ou2Ed.url", "http://skyfunnjobbest.info/sync2/?q=hfZ9ofhMWdsMCyVUojaMg708BNmGWj8ckShGheDUojwHrjsHrjaEqdgHqihIC7n0rjnEqds5rjwHqdw
---- FireFox user.js and prefs.js backups ----

prefs_052014_1656_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\gofdnhpakeadndlaofpilojffblehfjo deleted
C:\Users\Usuario\AppData\LocalLow\{920A4C19-53FB-38A8-BC00-B9F37CA70339} deleted
C:\Users\Usuario\AppData\LocalLow\{B96CF689-1852-9937-232D-8EB440A40BCC} deleted
C:\Users\Usuario\AppData\LocalLow\{E25C1B6C-6182-3927-0535-867DA4E8FC7F} deleted
C:\PROGRA~2\85d94afb08148879 deleted
C:\PROGRA~2\BitSAVer deleted
C:\Program Files\surf aand keep deleted
C:\Program Files\Common Files\SpeedBit deleted
C:\Users\Usuario\AppData\Roaming\iSafe deleted
C:\PROGRA~2\SpeedBit deleted
C:\PROGRA~2\InstallMate deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC deleted
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\firefox@mega.co.nz.xpi deleted
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\extensions\vlp_480@uo-e.com deleted
"C:\PROGRA~2\fbidhpngejjicedjgbojnmgknhnmnpgi\fbidhpngejjicedjgbojnmgknhnmnpgi.crx" deleted
"C:\PROGRA~2\fbidhpngejjicedjgbojnmgknhnmnpgi\update.xml" deleted
"C:\Program Files\iSafe\iSafeRKScanShell.dll" deleted
"C:\Program Files\iSafe\msvcr110.dll" deleted
"C:\Program Files\iSafe\sqlite3.dll" deleted
"C:\PROGRA~2\fbidhpngejjicedjgbojnmgknhnmnpgi" deleted
"C:\Program Files\iSafe" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"daplinkchecker@speedbit.com"="C:\Program Files\DAP\daplinkchecker" [08/11/2013 03:13]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}"="C:\Program Files\DAP\DAPFireFox" [08/11/2013 03:13]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default
- Download Accelerator Plus DAP extension - C:\Program Files\DAP\DAPFireFox
- DAP Link Checker - C:\Program Files\DAP\daplinkchecker

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default
C36444D7301A8C881FC7296B092609C7 - C:\Users\Usuario\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
8E151A2A185DAF9852322028ABE55534 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll - Silverlight Plug-In
8B93EF56BEF58F2EB6B6D92B57715131 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrlui.dll - Microsoft (R) Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ffdcfjdljhbehggjdkdioajnknjcpbjb - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx[21/05/2013 09:32]

Download Accelerator Plus (DAP) - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Flash Video Downloader - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcemfkdllcgnkeljaickakjlfdbcgadf

==== Chrome Fix ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_online.babylon.com_0.localstorage deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_online.babylon.com_0.localstorage-journal deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcemfkdllcgnkeljaickakjlfdbcgadf deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gcemfkdllcgnkeljaickakjlfdbcgadf_0.localstorage deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gcemfkdllcgnkeljaickakjlfdbcgadf_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}"
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google  Url="http://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Usuario\Desktop\Adobe Photoshop CS4.lnk - C:\Program Files\Adobe\Adobe Photoshop CS4\Required\Droplet Template.exe
C:\Users\Usuario\Desktop\Download Accelerator Plus (DAP).lnk - C:\Program Files\DAP\DAP.exe
C:\Users\Usuario\Desktop\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Usuario\Desktop\Google Chrome.lnk - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Usuario\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Usuario\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Usuario\Desktop\Miniaurélio.lnk -  
C:\Users\Usuario\Desktop\My DAP Downloads.lnk - C:\Users\Usuario\Downloads
C:\Users\Usuario\Desktop\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Usuario\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -  
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\mIRC.lnk - C:\Program Files\mIRC\mirc.exe
C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8  
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\SlimDrivers.lnk - C:\Windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe
C:\Users\Public\Desktop\YAC.lnk - C:\Program Files\iSafe\iStart.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC\IRCIntro Help.lnk - C:\Program Files\mIRC\ircintro.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC\mIRC Help.lnk - C:\Program Files\mIRC\mirc.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC\mIRC.lnk - C:\Program Files\mIRC\mirc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC\Readme.txt.lnk - C:\Program Files\mIRC\readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC\Versions.txt.lnk - C:\Program Files\mIRC\versions.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Nero ProductSetup.lnk - C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe -ScParameter=8  MODE="update"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Compartilhar\Nero MediaHome.lnk - C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\dados\Nero BackItUp.lnk - C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\dados\Nero Burning ROM.lnk - C:\Program Files\Nero\Nero 7\Core\nero.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\dados\Nero Express.lnk - C:\Program Files\Nero\Nero 7\Core\nero.exe -ScParameter=8  /w
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Etiquetas\Nero CoverDesigner.lnk - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Ferramentas\Nero BurnRights.lnk - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Ferramentas\Nero CD-DVD Speed.lnk - C:\Program Files\Nero\Nero 7\Nero Toolkit\CDSpeed.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Ferramentas\Nero DriveSpeed.lnk - C:\Program Files\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Ferramentas\Nero InfoTool.lnk - C:\Program Files\Nero\Nero 7\Nero Toolkit\InfoTool.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Ferramentas\Nero Scout.lnk - C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Foto e Vídeo\Nero PhotoSnap Viewer.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Foto e Vídeo\Nero PhotoSnap.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Foto e Vídeo\Nero Recode.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Foto e Vídeo\Nero Vision.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Adobe Premiere Plug-In [Inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero BackItUp [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Burn Plug-in (for MCE) [Manual em inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero BurnRights [Ajuda em inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero CD-DVD Speed [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero CoverDesigner [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Express [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Home [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero MediaHome [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero MediaStreaming Plug-in (for MCE) [Manual em inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Mobile [Manual em inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero PhotoSnap [Ajuda em inglês].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Recode [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero ShowTime [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero SoundTrax [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero StartSmart [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero Vision [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Manuais\Nero WaveEditor [Ajuda em Português (Brasileiro)].lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Tocar\Nero Mobile.lnk - C:\Program Files\Nero\Nero 7\Nero Mobile\SetupNeroMobile.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\Tocar\Nero ShowTime.lnk - C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe -ScParameter=8  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\áudio\Nero Burning ROM.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\áudio\Nero Express.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\áudio\Nero SoundTrax.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition\áudio\Nero WaveEditor.lnk -  

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8  
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Limpa profundamente arquivos de Spam.lnk - C:\Program Files\iSafe\iStart.exe -divertop -param0=9 -param1=0 -param2=1
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk - C:\Program Files\iSafe\iStart.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck deleted successfully

==== Empty IE Cache ======================

C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JID7W13M will be deleted at reboot
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Usuario\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Usuario\AppData\Local\Mozilla\Firefox\Profiles\7s9gfw7g.default\Cache will be emptied at reboot

==== Empty Chrome Cache ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1783 folders=217 280483122 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Usuario\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Usuario\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\iSafe"  not found
"C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JID7W13M" not found

==== EOF on 02/05/2014 at 17:05:01,82 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Usuario on 02/05/2014 at 17:23:29,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\7s9gfw7g.default\prefs.js

user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
Emptied folder: C:\Users\Usuario\AppData\Roaming\mozilla\firefox\profiles\7s9gfw7g.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/05/2014 at 17:28:59,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.5.1.49 - Nicolas Coolman  (01/05/2014)
~ Iniciado por Usuario (02/05/2014 17:51:48)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 32-bit  (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.10

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 51 GB (21%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 51 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C8ADAA6948993D839D14524847EA5B75] - (.Microsoft Corporation - Internet Extensions para Win32.) (.07/11/2013 - 14:59:57.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/336
~ Mes musiques (My Musics) : 47/368
~ Mes Videos (My Videos) : 1/19
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/133
~ Mon Bureau (My Desktop) : 0/40
~ Menu demarrer (Programs) : 1/31
~ Hidden Files:  Scanned in 00mn 01s



---\\ Processos lançados
[MD5.094A47AB1D4966C8CD318AD7EB1521A6] - (.SlimWare Utilities, Inc. - SlimDrivers.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe   [29395264] [PID.2232]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4858968] [PID.3600]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [254336] [PID.3712]
[MD5.6641B633A0A2618BC3739E0DCD6E1B9B] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe   [138808] [PID.3792]
[MD5.1B06D4DF241484C193CFDD89FB21E19A] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe   [172088] [PID.3860]
[MD5.B0010C958505273A76FAE4A089E1AACE] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [173624] [PID.3892]
[MD5.6E178947225BCAF1B727C80476C1425D] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe   [12013272] [PID.4048]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   [959904] [PID.4056]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe   [116648] [PID.2584]
[MD5.B141F8F8B0FF37FFC51F9B71EE7A641B] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   [19875432] [PID.2284]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe   [507264] [PID.1732]
[MD5.3F73B87BEC17FFF232B4A511A76F8606] - (.MPC-HC Team - MPC-HC.) -- C:\Program Files\MPC-HC\mpc-hc.exe   [8935232] [PID.2908]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe   [863184] [PID.2216]
[MD5.C6FD6C175276637C5D6F6EA293137F5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7867904] [PID.1100]
~ Processes Running:  Scanned in 00mn 03s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ffdcfjdljhbehggjdkdioajnknjcpbjb] Download Accelerator Plus (DAP) v.2.1.0.1, (Désactivé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: YAC.lnk . (...)  -- C:\Program Files\iSafe\iStart.exe (.not file.)  =>Trojan.Staser
~ Global Startup: 1 Legitimates Filtered in 00mn 03s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll  =>.Microsoft Corporation
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{9FCF86AF-57D5-49E3-AF38-F0EBD2222F27}] (...) -- C:\Users\Usuario\AppData\Roaming\awesomehp\UninstallManager.exe (.not file.)   [0]  =>PUP.Awesomehp
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core   [1034]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA   [1086]
O39 - APT:  - (..) -- C:\Windows\Tasks\SlimDrivers Startup.job   [390]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\SlimDrivers Startup   [390]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (iSafeKrnlKit) . (. - .) - C:\Program Files\iSafe\iSafeKrnlKit.sys (.not file.)  =>Trojan.Staser
~ Drivers: 66 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Codec 8.4f - (...) [HKLM] -- Codec_is1
O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM] -- Download Accelerator Plus (DAP)
~ Logic: 5 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\SpeedBit]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\SpeedBit]
~ Key Software: 214 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/03/2014 - 21:44:43 - [] ----D C:\Program Files\Baidu Security  =>Adware.BDSearch
O43 - CFD: 04/03/2014 - 00:36:05 - [] ----D C:\Program Files\Codec
O43 - CFD: 07/11/2013 - 15:16:38 - [] ----D C:\Program Files\DICIONARIO MiniAurelio Nova Ortografia
O43 - CFD: 04/03/2014 - 21:44:43 - [] ----D C:\ProgramData\Baidu Security  =>Adware.BDSearch
O43 - CFD: 09/04/2014 - 12:49:07 - [0] ----D C:\ProgramData\UoTAdRiemoValApP  =>PUP.RandomName
~ Program Folder: 153 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 02/05/2014 - 13:58:18 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll   [536576]
O44 - LFC:[MD5.53D2A391D874154326EEC3B778770D5C] - 02/05/2014 - 16:07:07 ---A- . (...) -- C:\LOG.txt   [17048]
O44 - LFC:[MD5.D22082B099ACF20E44AFCB9E2F9175BE] - 02/05/2014 - 17:02:29 ---A- . (...) -- C:\folders.txt   [84]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 02/05/2014 - 17:02:38 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.75A8EE6F0917AD9355367DBF25DB8415] - 02/05/2014 - 17:04:50 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys   [13464]
O44 - LFC:[MD5.BF10A345FE89F8D577719240F3256B48] - 02/05/2014 - 17:05:01 ---A- . (...) -- C:\zoek-results.log   [27689]
O44 - LFC:[MD5.703F8B6725269B3DCA76F2E3E5D3935C] - 02/05/2014 - 17:05:08 ---A- . (...) -- C:\Windows\System32\AutoKMS.log   [139469]  =>Trojan.Keygen
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 21/04/2014 - 23:07:00 ---A- . (...) -- C:\Windows\NeroDigital.ini   [69]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/04/2014 - 18:45:42 ---A- . (...) -- C:\Windows\Irremote.ini   [0]
O44 - LFC:[MD5.A6814842AD30E05FCCEF97C79895F500] - 22/04/2014 - 18:46:28 ---A- . (...) -- C:\Windows\System32\MsiExec.exe.log   [188]
O44 - LFC:[MD5.502C72805EDA405772C0D0F1AB334994] - 23/04/2014 - 07:20:06 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [38912]  =>Trojan.Staser
O44 - LFC:[MD5.12D71BD37BCEEA35B977F9E020C53841] - 30/04/2014 - 22:26:19 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [146512]
O44 - LFC:[MD5.2719BB30B547DC07B5160E345F51D983] - 30/04/2014 - 22:26:19 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [705786]
~ Files: 26 Legitimates Filtered in 00mn 34s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2013 - 04:59:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49376]  =>.ALWIL Software
O58 - SDL:07/11/2013 - 15:49:11 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum   [175]
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum   [175]
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [175176]  =>.ALWIL Software
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum   [175]  =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:23/04/2014 - 07:20:06 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [38912]  =>Trojan.Staser
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:02/05/2014 - 17:04:50 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys   [13464]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 78 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML.EP5BKXLXAQ6LJPTK5F7RBSRQII>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome.EP5BKXLXAQ6LJPTK5F7RBSRQII> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\users\usuario\appdata\local\google\chrome\application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A43D98F5A2B54F22C2B8191CBF27B438] [WIS][31/03/2014] (.SaveSense - Google Update Helper.) -- C:\Windows\Installer\1c6f4e6.msi   [40960]  =>PUP.SaveSense
~ WIS: 1 Legitimates Filtered in 00mn 03s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\Mysearchdial_RASAPI32  =>Adware.MyWebSearch
HKLM\SOFTWARE\Microsoft\Tracing\Mysearchdial_RASMANCS  =>Adware.MyWebSearch
HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32  =>Adware.MyWebSearch
HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS  =>Adware.MyWebSearch
~ BTK: 249 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory)  =>PUP.SaveSense
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher)  =>PUP.SaveSense
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand)  =>PUP.SaveSense
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class)  =>PUP.SaveSense
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class)  =>PUP.SaveSense
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory)  =>PUP.SaveSense
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class)  =>PUP.SaveSense
~ BCK: 6895 Legitimates Filtered in 00mn 14s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/04/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 07/11/2013 654848 |  (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 30/03/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/04/2008 800040 |  (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 22/01/2008 275752 |  (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 21/06/2013 162408 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 03/09/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2013 46808 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 28/02/2006 229376 |  (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 19/12/2006 81920 |  (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\system32\IoctlSvc.exe
SR - | Auto 10/03/2010 189728 |  (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 17s



---\\ Scâner Aditional (088)
Database Version : 13045 - (01/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 3
Fichiers trouvés  (Files found) : 11

C:\Program Files\Baidu Security   =>Adware.BDSearch^
C:\ProgramData\Baidu Security   =>Adware.BDSearch^
C:\ProgramData\UoTAdRiemoValApP   =>PUP.RandomName^
[HKCU\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Baidu Security]   =>Adware.BDSearch^
C:\Windows\Installer\1c6f4e6.msi   =>PUP.SaveSense^
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory)   =>PUP.SaveSense^
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher)   =>PUP.SaveSense^
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand)   =>PUP.SaveSense^
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class)   =>PUP.SaveSense^
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class)   =>PUP.SaveSense^
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory)   =>PUP.SaveSense^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class)   =>PUP.SaveSense^
C:\Windows\AutoKMS.exe   =>Trojan.Keygen
~ Additionnel Scan: 298446 Items scanned in 00mn 48s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Trojan.Staser
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Awesomehp
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.SaveSense
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.MyWebSearch
~ MSI: 5 link(s) detected in 00mn 00s



~ 675 Legitimates filtered by white list
End of the scan (462 lines in 02mn 41s)(0)

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em azul abaixo para ser analisado:
C:\Windows\System32\Drivers\iSafeKrnlBoot.sys

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Link - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Usuario at 02/05/2014 18:40:29
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 32-bit  (Build 7600)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: iSafeKrnlKit
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Mysearchdial_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Mysearchdial_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
ELIMINÉ: HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
ELIMINÉ: HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
ELIMINÉ: HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
ELIMINÉ: HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
ELIMINÉ: HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
ELIMINÉ: HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
ELIMINÉ: HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
ELIMINÉ: Service: Bonjour Service

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\yac.lnk
ELIMINA REINICIAR: c:\program files\bonjour\mdnsresponder.exe
ELIMINÉ: C:\Windows\Installer\1c6f4e6.msi
ELIMINÉ Temporários windows (124) (1.994.059 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {9FCF86AF-57D5-49E3-AF38-F0EBD2222F27}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
15 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 48s

========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/05/2014 18:40:34 [2179]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Desculpa, não tinha percebido que ''tínhamos ido'' para a página 2.

Relatório:

~ Relatório do ZHPDiag v2014.5.1.49 - Nicolas Coolman  (01/05/2014)
~ Iniciado por Usuario (03/05/2014 19:01:37)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 32-bit  (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.10

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 54 GB (23%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 54 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified  =>Hijacker.Application
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C8ADAA6948993D839D14524847EA5B75] - (.Microsoft Corporation - Internet Extensions para Win32.) (.07/11/2013 - 14:59:57.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/336
~ Mes musiques (My Musics) : 47/368
~ Mes Videos (My Videos) : 1/19
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/132
~ Mon Bureau (My Desktop) : 0/39
~ Menu demarrer (Programs) : 1/31
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processos lançados
[MD5.094A47AB1D4966C8CD318AD7EB1521A6] - (.SlimWare Utilities, Inc. - SlimDrivers.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe   [29395264] [PID.360]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4858968] [PID.2888]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [254336] [PID.3256]
[MD5.6641B633A0A2618BC3739E0DCD6E1B9B] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe   [138808] [PID.3428]
[MD5.1B06D4DF241484C193CFDD89FB21E19A] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe   [172088] [PID.3480]
[MD5.B0010C958505273A76FAE4A089E1AACE] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [173624] [PID.3544]
[MD5.6E178947225BCAF1B727C80476C1425D] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe   [12013272] [PID.3620]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   [959904] [PID.3628]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe   [116648] [PID.3820]
[MD5.B141F8F8B0FF37FFC51F9B71EE7A641B] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   [19875432] [PID.3836]
[MD5.173DB43DD48B60E6F61A54C88569026A] - (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe   [4110992] [PID.4036]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe   [507264] [PID.3448]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe   [863184] [PID.2028]
[MD5.C6FD6C175276637C5D6F6EA293137F5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7867904] [PID.5312]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [ffdcfjdljhbehggjdkdioajnknjcpbjb] Download Accelerator Plus (DAP) v.2.1.0.1, (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 10s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default\prefs.js
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} . (.Speedbit Ltd. - DAP Link Verification Extension.) -- C:\Program Files\DAP\LinkVerifier.dll
~ BHO: 2 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1574201965-1944898624-3258338672-1000\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll  =>.Microsoft Corporation
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: NameServer = 192.168.254.254,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{D60C2E4F-5471-4D50-9E38-84F49E654E55}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core   [1034]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA   [1086]
O39 - APT:  - (..) -- C:\Windows\Tasks\SlimDrivers Startup.job   [390]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\SlimDrivers Startup   [390]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 02s



---\\ Software instalados (042)
O42 - Logiciel: Codec 8.4f - (...) [HKLM] -- Codec_is1
O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM] -- Download Accelerator Plus (DAP)
~ Logic: 5 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\SpeedBit]
[HKLM\Software\SpeedBit]
~ Key Software: 212 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/03/2014 - 00:36:05 - [] ----D C:\Program Files\Codec
O43 - CFD: 07/11/2013 - 15:16:38 - [] ----D C:\Program Files\DICIONARIO MiniAurelio Nova Ortografia
O43 - CFD: 02/05/2014 - 20:59:32 - [] ----D C:\Program Files\Common Files\SpeedBit
O43 - CFD: 02/05/2014 - 20:59:34 - [] ----D C:\ProgramData\Speedbit
O43 - CFD: 02/05/2014 - 20:15:24 - [] ----D C:\Users\Usuario\AppData\Roaming\SpeedBit
~ Program Folder: 153 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 02/05/2014 - 13:58:18 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll   [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 02/05/2014 - 17:02:38 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.83E7F23B30989702637D764CDD2D1E30] - 02/05/2014 - 19:34:40 ---A- . (...) -- C:\ADS19BA.tmp   [2721]
O44 - LFC:[MD5.7D2448E9F834738D2E3B9D99851762A6] - 02/05/2014 - 19:34:40 ---A- . (...) -- C:\ADS19BB.tmp   [2592]
O44 - LFC:[MD5.815372073DA85B2098A37DED84083C8A] - 02/05/2014 - 20:35:23 ---A- . (...) -- C:\Windows\_MSRSTRT.EXE   [2560]
O44 - LFC:[MD5.45960B40C1ECB75ED5549A80049879E1] - 02/05/2014 - 20:59:27 ---A- . (.Jin Hui    E-mail: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]   We - Animation GIF Control.) -- C:\Windows\System32\AniGIF.ocx   [172032]
O44 - LFC:[MD5.75A8EE6F0917AD9355367DBF25DB8415] - 03/05/2014 - 13:57:07 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys   [13464]
O44 - LFC:[MD5.473F890FAAF843EF8B7BFC3F8379FE60] - 03/05/2014 - 13:58:42 ---A- . (...) -- C:\Windows\System32\AutoKMS.log   [140865]  =>Trojan.Keygen
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 21/04/2014 - 23:07:00 ---A- . (...) -- C:\Windows\NeroDigital.ini   [69]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/04/2014 - 18:45:42 ---A- . (...) -- C:\Windows\Irremote.ini   [0]
O44 - LFC:[MD5.A6814842AD30E05FCCEF97C79895F500] - 22/04/2014 - 18:46:28 ---A- . (...) -- C:\Windows\System32\MsiExec.exe.log   [188]
O44 - LFC:[MD5.502C72805EDA405772C0D0F1AB334994] - 23/04/2014 - 07:20:06 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [38912]  =>Trojan.Staser
O44 - LFC:[MD5.12D71BD37BCEEA35B977F9E020C53841] - 30/04/2014 - 22:26:19 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [146512]
O44 - LFC:[MD5.2719BB30B547DC07B5160E345F51D983] - 30/04/2014 - 22:26:19 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [705786]
~ Files: 27 Legitimates Filtered in 00mn 02s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2013 - 04:59:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49376]  =>.ALWIL Software
O58 - SDL:07/11/2013 - 15:49:11 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum   [175]
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum   [175]
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [175176]  =>.ALWIL Software
O58 - SDL:07/11/2013 - 15:49:12 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum   [175]  =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:23/04/2014 - 07:20:06 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [38912]  =>Trojan.Staser
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:03/05/2014 - 13:57:07 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys   [13464]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 78 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML.EP5BKXLXAQ6LJPTK5F7RBSRQII>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome.EP5BKXLXAQ6LJPTK5F7RBSRQII> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\users\usuario\appdata\local\google\chrome\application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS  =>Trojan.Staser
~ BTK: 255 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/04/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 07/11/2013 654848 |  (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 30/03/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/04/2008 800040 |  (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 22/01/2008 275752 |  (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 21/06/2013 162408 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 03/09/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 09/05/2013 46808 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 19/12/2006 81920 |  (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\system32\IoctlSvc.exe
SR - | Auto 10/03/2010 189728 |  (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 12s



---\\ Scâner Aditional (088)
Database Version : 13045 - (01/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 2

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified   =>Hijacker.Application^
C:\Windows\AutoKMS.exe   =>Trojan.Keygen
~ Additionnel Scan: 298119 Items scanned in 00mn 29s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Trojan.Staser
~ MSI: 1 link(s) detected in 00mn 00s



~ 672 Legitimates filtered by white list
End of the scan (416 lines in 01mn 17s)(0)

 Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta juntamente com o log do ZHPFix pedido abaixo. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).
_________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com os logs do Farbar pedidos acima.

FRST.txt :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by Usuario (administrator) on USUARIO-PC on 03-05-2014 19:30:55
Running from C:\Users\Usuario\Downloads
Microsoft Windows 7 Home Premium  (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Speedbit Ltd.) C:\Program Files\DAP\DAP.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(DsNET) C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
(DsNET Corp.) C:\Program Files\DsNET Corp\aTube Catcher 2.0\eWorker.exe
() C:\Program Files\DsNET Corp\aTube Catcher 2.0\ffmpeg.dll


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12013272 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKU\S-1-5-21-1574201965-1944898624-3258338672-1000\...\Run: [Google Update] => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-07] (Google Inc.)
HKU\S-1-5-21-1574201965-1944898624-3258338672-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\S-1-5-21-1574201965-1944898624-3258338672-1000\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [4110992 2014-05-02] (Speedbit Ltd.)
HKU\S-1-5-21-1574201965-1944898624-3258338672-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EBA13C4ECDBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{A216F64B-8707-4022-B4C2-9FE5CBA2CBB2}: [NameServer]192.168.254.254,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\7s9gfw7g.default
FF NewTab: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Keyword.URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Usuario\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Usuario\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-07]
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2014-05-02]
FF HKCU\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files\DAP\DAPFireFox [2014-05-02]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02]
CHR Extension: (Pesquisa do Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02]
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx [2014-05-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-11-07] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-11-07] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-05-03] ()
S3 iSafeKrnlBoot; \??\system32\DRIVERS\iSafeKrnlBoot.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 19:30 - 2014-05-03 19:31 - 00011114 _____ () C:\Users\Usuario\Downloads\FRST.txt
2014-05-03 19:30 - 2014-05-03 19:30 - 00000000 ____D () C:\FRST
2014-05-03 19:28 - 2014-05-03 19:29 - 01050624 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2014-05-03 19:02 - 2014-05-03 19:02 - 00027892 _____ () C:\Users\Usuario\Desktop\ZHPDiag.txt
2014-05-03 03:05 - 2014-05-03 03:16 - 598062619 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 08 - Blu-Ray 1080p.mkv
2014-05-03 02:39 - 2014-05-03 02:48 - 426982553 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 07 - Blu-Ray 1080p.mkv
2014-05-03 02:21 - 2014-05-03 02:36 - 756224304 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 06 - Blu-Ray 1080p.mkv
2014-05-03 01:54 - 2014-05-03 02:12 - 817595307 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 05 - Blu-Ray 1080p.mkv
2014-05-03 01:34 - 2014-05-03 01:48 - 635480105 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 04 - Blu-Ray 1080p.mkv
2014-05-03 00:36 - 2014-05-03 00:52 - 586200724 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 03 - Blu-Ray 1080p.mkv
2014-05-03 00:22 - 2014-05-03 00:35 - 595887114 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 02v2 - Blu-Ray 1080p.mkv
2014-05-03 00:07 - 2014-05-03 00:19 - 650099796 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 01v2 - Blu-Ray 1080p.mkv
2014-05-02 21:29 - 2014-05-02 21:29 - 00030131 _____ () C:\Users\Usuario\Downloads\e631b4008fba4f5cb02e5d13f03a33c9_A.jpeg
2014-05-02 21:00 - 2014-05-02 21:19 - 00001527 _____ () C:\Users\Usuario\Desktop\My DAP Downloads.lnk
2014-05-02 21:00 - 2014-05-02 21:00 - 00000897 _____ () C:\Users\Usuario\Desktop\Download Accelerator Plus (DAP).lnk
2014-05-02 20:59 - 2014-05-02 20:59 - 00172032 _____ (Jin Hui E-mail: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Web: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] C:\Windows\system32\AniGIF.ocx
2014-05-02 20:59 - 2014-05-02 20:59 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\Program Files\DAP
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2014-05-02 20:15 - 2014-05-02 20:15 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\SpeedBit
2014-05-02 20:11 - 2014-05-02 20:11 - 00000000 ____D () C:\Users\Usuario\AppData\Local\CrashRpt
2014-05-02 20:06 - 2014-05-02 20:35 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-05-02 19:34 - 2014-05-02 20:59 - 00000000 ____D () C:\Users\Todos os Usuários\Speedbit
2014-05-02 19:34 - 2014-05-02 20:59 - 00000000 ____D () C:\ProgramData\Speedbit
2014-05-02 19:34 - 2014-05-02 19:34 - 00002721 _____ () C:\ADS19BA.tmp
2014-05-02 19:34 - 2014-05-02 19:34 - 00002592 _____ () C:\ADS19BB.tmp
2014-05-02 17:51 - 2014-05-03 19:02 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\ZHP
2014-05-02 17:51 - 2014-05-03 19:01 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-05-02 17:51 - 2014-05-02 17:51 - 00001937 _____ () C:\Users\Usuario\Desktop\ZHPFix.lnk
2014-05-02 17:51 - 2014-05-02 17:51 - 00001810 _____ () C:\Users\Usuario\Desktop\ZHPDiag.lnk
2014-05-02 17:51 - 2014-05-02 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-02 17:23 - 2014-05-02 17:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-02 17:02 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-02 16:46 - 2014-05-02 16:46 - 00000132 _____ () C:\Users\Usuario\AppData\default.pls
2014-05-02 16:36 - 2014-05-02 17:00 - 00000000 ____D () C:\zoek_backup
2014-05-02 14:53 - 2014-05-02 20:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 14:52 - 2014-05-02 16:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-02 14:52 - 2014-05-02 14:52 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 14:52 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-02 14:52 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-02 14:52 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-02 13:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-02 13:57 - 2014-05-02 14:01 - 00000000 ____D () C:\AdwCleaner
2014-04-28 09:21 - 2014-04-28 09:22 - 00000000 ____D () C:\Users\Usuario\Desktop\Toradora
2014-04-27 15:20 - 2014-04-27 15:20 - 00000000 ____D () C:\Users\Usuario\Documents\NeroVision
2014-04-27 15:13 - 2014-04-27 15:13 - 00000000 ____D () C:\Users\Usuario\Documents\Nero Home
2014-04-25 13:17 - 2014-04-26 13:55 - 712832794 _____ () C:\Users\Usuario\Downloads\Jongens (2014).avi
2014-04-22 21:02 - 2014-04-22 21:02 - 00002732 _____ () C:\Users\Public\Desktop\Nero StartSmart.lnk
2014-04-22 21:02 - 2014-04-22 21:02 - 00002592 _____ () C:\Users\Public\Desktop\Nero Home.lnk
2014-04-22 21:02 - 2014-04-22 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2014-04-22 21:00 - 2014-05-02 16:46 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Ahead
2014-04-22 20:59 - 2014-04-22 20:59 - 00000000 ____D () C:\Users\Todos os Usuários\Ahead
2014-04-22 20:59 - 2014-04-22 20:59 - 00000000 ____D () C:\ProgramData\Ahead
2014-04-22 20:55 - 2014-04-22 20:58 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2014-04-22 18:45 - 2014-04-22 18:45 - 00000000 _____ () C:\Windows\Irremote.ini
2014-04-22 18:21 - 2014-04-23 07:20 - 00038912 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-20 13:41 - 2014-04-20 13:41 - 00004608 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-12 21:32 - 2014-04-12 21:32 - 00197904 ____H () C:\Windows\system32\mlfcache.dat
2014-04-12 21:02 - 2014-04-17 01:34 - 00000000 ____D () C:\Program Files\mIRC
2014-04-12 21:02 - 2014-04-12 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2014-04-12 20:57 - 2014-04-12 21:02 - 00000913 _____ () C:\Users\Public\Desktop\mIRC.lnk
2014-04-12 20:54 - 2014-04-17 03:35 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\mIRC
2014-04-12 20:09 - 2014-04-12 20:09 - 00000000 ____D () C:\Users\Usuario\Downloads\Filmes
2014-04-12 11:12 - 2014-04-12 11:32 - 483050599 _____ () C:\Users\Usuario\Desktop\[Ecchi~Nyaa]_Ore_no_Nounai_Sentakushi_ga,_Gakuen_LoveCome_o_Zenryoku_de_Jama_Shiteiru_01_[Blu-Ray_720p_Hi10p_AAC][9F6C48EF].mkv

==================== One Month Modified Files and Folders =======

2014-05-03 19:31 - 2014-05-03 19:30 - 00011114 _____ () C:\Users\Usuario\Downloads\FRST.txt
2014-05-03 19:30 - 2014-05-03 19:30 - 00000000 ____D () C:\FRST
2014-05-03 19:29 - 2014-05-03 19:28 - 01050624 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2014-05-03 19:13 - 2013-11-07 14:57 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA.job
2014-05-03 19:10 - 2013-11-07 14:30 - 00000000 ____D () C:\Users\Usuario\AppData\Local\VirtualStore
2014-05-03 19:06 - 2009-07-14 01:34 - 00019312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 19:06 - 2009-07-14 01:34 - 00019312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 19:02 - 2014-05-03 19:02 - 00027892 _____ () C:\Users\Usuario\Desktop\ZHPDiag.txt
2014-05-03 19:02 - 2014-05-02 17:51 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\ZHP
2014-05-03 19:01 - 2014-05-02 17:51 - 00000000 ____D () C:\Program Files\ZHPDiag
2014-05-03 18:58 - 2013-11-07 16:24 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-03 16:06 - 2013-11-07 14:26 - 00130546 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 13:58 - 2013-11-07 15:31 - 00140865 _____ () C:\Windows\system32\AutoKMS.log
2014-05-03 13:57 - 2013-11-19 10:36 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-03 13:57 - 2013-11-19 10:36 - 00000390 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-05-03 13:56 - 2014-03-31 18:55 - 00014730 _____ () C:\Windows\PFRO.log
2014-05-03 13:56 - 2014-03-23 01:00 - 00006448 _____ () C:\Windows\setupact.log
2014-05-03 13:56 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 03:16 - 2014-05-03 03:05 - 598062619 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 08 - Blu-Ray 1080p.mkv
2014-05-03 02:48 - 2014-05-03 02:39 - 426982553 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 07 - Blu-Ray 1080p.mkv
2014-05-03 02:36 - 2014-05-03 02:21 - 756224304 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 06 - Blu-Ray 1080p.mkv
2014-05-03 02:13 - 2013-11-07 14:57 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core.job
2014-05-03 02:12 - 2014-05-03 01:54 - 817595307 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 05 - Blu-Ray 1080p.mkv
2014-05-03 01:48 - 2014-05-03 01:34 - 635480105 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 04 - Blu-Ray 1080p.mkv
2014-05-03 00:52 - 2014-05-03 00:36 - 586200724 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 03 - Blu-Ray 1080p.mkv
2014-05-03 00:35 - 2014-05-03 00:22 - 595887114 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 02v2 - Blu-Ray 1080p.mkv
2014-05-03 00:19 - 2014-05-03 00:07 - 650099796 _____ () C:\Users\Usuario\Downloads\AWH - Machine-Doll wa Kizutsukanai 01v2 - Blu-Ray 1080p.mkv
2014-05-02 22:20 - 2013-11-08 20:58 - 00000000 ____D () C:\Users\Usuario\Downloads\Programas
2014-05-02 21:29 - 2014-05-02 21:29 - 00030131 _____ () C:\Users\Usuario\Downloads\e631b4008fba4f5cb02e5d13f03a33c9_A.jpeg
2014-05-02 21:19 - 2014-05-02 21:00 - 00001527 _____ () C:\Users\Usuario\Desktop\My DAP Downloads.lnk
2014-05-02 21:00 - 2014-05-02 21:00 - 00000897 _____ () C:\Users\Usuario\Desktop\Download Accelerator Plus (DAP).lnk
2014-05-02 20:59 - 2014-05-02 20:59 - 00172032 _____ (Jin Hui E-mail: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Web: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] C:\Windows\system32\AniGIF.ocx
2014-05-02 20:59 - 2014-05-02 20:59 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Download Accelerator Plus (DAP).lnk
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Accelerator Plus (DAP)
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\Program Files\DAP
2014-05-02 20:59 - 2014-05-02 20:59 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit
2014-05-02 20:59 - 2014-05-02 19:34 - 00000000 ____D () C:\Users\Todos os Usuários\Speedbit
2014-05-02 20:59 - 2014-05-02 19:34 - 00000000 ____D () C:\ProgramData\Speedbit
2014-05-02 20:35 - 2014-05-02 20:06 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE
2014-05-02 20:15 - 2014-05-02 20:15 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\SpeedBit
2014-05-02 20:11 - 2014-05-02 20:11 - 00000000 ____D () C:\Users\Usuario\AppData\Local\CrashRpt
2014-05-02 20:03 - 2014-05-02 14:53 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 20:02 - 2013-11-08 03:14 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\EQATEC Analytics
2014-05-02 19:34 - 2014-05-02 19:34 - 00002721 _____ () C:\ADS19BA.tmp
2014-05-02 19:34 - 2014-05-02 19:34 - 00002592 _____ () C:\ADS19BB.tmp
2014-05-02 17:51 - 2014-05-02 17:51 - 00001937 _____ () C:\Users\Usuario\Desktop\ZHPFix.lnk
2014-05-02 17:51 - 2014-05-02 17:51 - 00001810 _____ () C:\Users\Usuario\Desktop\ZHPDiag.lnk
2014-05-02 17:51 - 2014-05-02 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-02 17:23 - 2014-05-02 17:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-02 17:04 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-05-02 17:00 - 2014-05-02 16:36 - 00000000 ____D () C:\zoek_backup
2014-05-02 16:46 - 2014-05-02 16:46 - 00000132 _____ () C:\Users\Usuario\AppData\default.pls
2014-05-02 16:46 - 2014-04-22 21:00 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Ahead
2014-05-02 16:00 - 2014-05-02 14:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-02 16:00 - 2009-07-14 01:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-02 14:52 - 2014-05-02 14:52 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 14:52 - 2014-05-02 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-02 14:01 - 2014-05-02 13:57 - 00000000 ____D () C:\AdwCleaner
2014-05-02 01:32 - 2013-11-07 16:46 - 00000482 _____ () C:\Users\Usuario\Documents\jkhg.txt
2014-05-01 14:00 - 2013-11-07 16:44 - 00000000 ____D () C:\Users\Usuario\Downloads\Animes
2014-05-01 13:18 - 2013-11-07 14:57 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Skype
2014-04-30 22:26 - 2013-11-07 14:35 - 01634728 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-30 22:26 - 2009-07-14 05:31 - 00705786 _____ () C:\Windows\system32\prfh0416.dat
2014-04-30 22:26 - 2009-07-14 05:31 - 00146512 _____ () C:\Windows\system32\prfc0416.dat
2014-04-29 13:29 - 2013-11-07 16:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 13:29 - 2013-11-07 15:12 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-28 09:22 - 2014-04-28 09:21 - 00000000 ____D () C:\Users\Usuario\Desktop\Toradora
2014-04-28 08:12 - 2014-02-26 14:41 - 00000000 ____D () C:\FFOutput
2014-04-27 15:20 - 2014-04-27 15:20 - 00000000 ____D () C:\Users\Usuario\Documents\NeroVision
2014-04-27 15:13 - 2014-04-27 15:13 - 00000000 ____D () C:\Users\Usuario\Documents\Nero Home
2014-04-26 13:55 - 2014-04-25 13:17 - 712832794 _____ () C:\Users\Usuario\Downloads\Jongens (2014).avi
2014-04-24 06:48 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-23 22:56 - 2013-11-07 17:03 - 00000000 ____D () C:\Users\Usuario\Downloads\Imagens
2014-04-23 07:20 - 2014-04-22 18:21 - 00038912 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-22 21:10 - 2013-11-07 14:48 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Ahead
2014-04-22 21:02 - 2014-04-22 21:02 - 00002732 _____ () C:\Users\Public\Desktop\Nero StartSmart.lnk
2014-04-22 21:02 - 2014-04-22 21:02 - 00002592 _____ () C:\Users\Public\Desktop\Nero Home.lnk
2014-04-22 21:02 - 2014-04-22 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2014-04-22 20:59 - 2014-04-22 20:59 - 00000000 ____D () C:\Users\Todos os Usuários\Ahead
2014-04-22 20:59 - 2014-04-22 20:59 - 00000000 ____D () C:\ProgramData\Ahead
2014-04-22 20:58 - 2014-04-22 20:55 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2014-04-22 20:56 - 2013-11-07 14:46 - 00000000 ____D () C:\Users\Todos os Usuários\Nero
2014-04-22 20:56 - 2013-11-07 14:46 - 00000000 ____D () C:\ProgramData\Nero
2014-04-22 20:55 - 2013-11-07 14:46 - 00000000 ____D () C:\Program Files\Nero
2014-04-22 18:51 - 2013-11-07 14:46 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-04-22 18:46 - 2013-11-07 14:47 - 00001024 _____ () C:\Users\Usuario\.rnd
2014-04-22 18:46 - 2013-11-07 14:47 - 00000188 _____ () C:\Windows\system32\MsiExec.exe.log
2014-04-22 18:45 - 2014-04-22 18:45 - 00000000 _____ () C:\Windows\Irremote.ini
2014-04-22 18:21 - 2013-11-07 14:57 - 00001325 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-22 18:21 - 2013-11-07 14:31 - 00001597 _____ () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-22 14:54 - 2013-11-07 14:59 - 00001899 _____ () C:\Users\Usuario\Desktop\Google Chrome.lnk
2014-04-21 23:07 - 2013-11-08 03:35 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-04-20 13:41 - 2014-04-20 13:41 - 00004608 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-17 03:35 - 2014-04-12 20:54 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\mIRC
2014-04-17 01:34 - 2014-04-12 21:02 - 00000000 ____D () C:\Program Files\mIRC
2014-04-12 21:32 - 2014-04-12 21:32 - 00197904 ____H () C:\Windows\system32\mlfcache.dat
2014-04-12 21:02 - 2014-04-12 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2014-04-12 21:02 - 2014-04-12 20:57 - 00000913 _____ () C:\Users\Public\Desktop\mIRC.lnk
2014-04-12 20:09 - 2014-04-12 20:09 - 00000000 ____D () C:\Users\Usuario\Downloads\Filmes
2014-04-12 11:32 - 2014-04-12 11:12 - 483050599 _____ () C:\Users\Usuario\Desktop\[Ecchi~Nyaa]_Ore_no_Nounai_Sentakushi_ga,_Gakuen_LoveCome_o_Zenryoku_de_Jama_Shiteiru_01_[Blu-Ray_720p_Hi10p_AAC][9F6C48EF].mkv
2014-04-03 09:51 - 2014-05-02 14:52 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-02 14:52 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-02 14:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 02:40

==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by Usuario at 2014-05-03 19:32:03
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_b741c3c52d3108664cedeb2b76f6d96) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 1.0 (HKLM\...\Tradução Adobe Photoshop CS4_is1) (Version:  - Nando Backer Software Developer)
Adobe Reader X (10.1. - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
aTube Catcher (HKLM\...\aTube Catcher) (Version: 2.9.4272 - DsNET Corp)
avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1489.0 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Codec 8.4f (HKLM\...\Codec_is1) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (HKLM\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (Version: 16.0 - Corel Corporation) Hidden
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version:  - )
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10059 (Build 2593) - Speedbit Ltd.)
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FormatFactory 3.3.1.0 (HKLM\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Google Chrome (HKCU\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware versão 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) Portuguese (Brazil) (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Miniaurélio (HKLM\...\{01A373F1-B268-43CA-A8F1-45708A62F50A}) (Version: 5.12 - Positivo Informática.)
mIRC (HKLM\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Mozilla Firefox 28.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 28.0 (x86 pt-BR)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MPC-HC 1.7.3 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.3 - MPC-HC Team)
Nero 7 Ultra Edition (HKLM\...\{C6115A28-F277-4E82-B067-84D28BF21046}) (Version: 7.03.1357 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PeaZip 5.1.1 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype 6.6 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Ultimate Codecs Packages (HKCU\...\Ultimate Codecs Packages) (Version:  - ) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points  =========================

02-05-2014 19:39:09 zoek.exe restore point
02-05-2014 21:39:59 ZHPFix Restore System Point
02-05-2014 23:04:24 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
02-05-2014 23:33:08 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
03-05-2014 21:51:09 ZHPFix Restore System Point

==================== Hosts content: ==========================

2009-07-13 23:04 - 2014-05-02 16:39 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {33235AB0-22BE-4E4A-954C-CDCFA65D5CFC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: {3EC36B8B-77C9-48B4-9C44-7202DF9E7FD1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {52E22773-E629-4AFF-9BCB-503B6BE77548} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {58659119-61F6-40F0-925B-2F17BE98CDC0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2013-11-07] (Microsoft)
Task: {772BF1E3-C3C0-42A1-A688-BD192EE976FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {874E4575-3352-4728-BBDC-99CB3E88ABA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {8982478E-518F-4037-850C-FA08CC737FB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: {89F25690-8414-4455-959A-188454A27B94} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {CF56E9B6-85EA-4368-A9EE-44344FC3029B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E5F247AC-E4E0-4178-91B0-AB21559EA09B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {EFBDD970-01E2-42D9-8BE1-0AE7AF9B69D0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F182866C-BEEC-4B88-85B3-9E7881420F74} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2014-05-03 18:02 - 2014-05-03 14:05 - 02292736 _____ () C:\Program Files\AVAST Software\Avast\defs\14050301\algo.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-02 21:00 - 2014-05-02 21:00 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00014848 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\HotFileCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00040960 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\YouTubeCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012288 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\FileFactoryCom.dll
2013-12-05 09:20 - 2013-12-03 23:47 - 00702416 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 09:20 - 2013-12-03 23:47 - 00099792 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 04055504 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 00399312 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 09:19 - 2013-12-03 23:47 - 01619408 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 13586896 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2011-01-18 03:07 - 2011-01-18 03:07 - 12433408 _____ () C:\Program Files\DsNET Corp\aTube Catcher 2.0\ffmpeg.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 06:51:07 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {e9fe2f0c-4f48-4f90-8a95-541c01913ef9}

Error: (05/03/2014 04:29:16 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (05/02/2014 09:15:01 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (05/02/2014 08:33:08 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {f3f42b67-dc01-4968-bd05-dcd015342424}

Error: (05/02/2014 08:04:23 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {1a543900-2ea4-4aea-98ac-d9be5bc6864f}

Error: (05/02/2014 06:39:58 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {950ea0b0-715d-45e9-b9a4-3cb649ec38de}


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (05/03/2014 06:51:07 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {e9fe2f0c-4f48-4f90-8a95-541c01913ef9}

Error: (05/03/2014 04:29:16 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (05/02/2014 09:15:01 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (05/02/2014 08:33:08 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {f3f42b67-dc01-4968-bd05-dcd015342424}

Error: (05/02/2014 08:04:23 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {1a543900-2ea4-4aea-98ac-d9be5bc6864f}

Error: (05/02/2014 06:39:58 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
  Obtendo Dados do Gravador

Contexto:
  Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
  Nome do Gravador: System Writer
  ID de Instância de Gravador: {950ea0b0-715d-45e9-b9a4-3cb649ec38de}


==================== Memory info ===========================

Percentage of memory in use: 75%
Total physical RAM: 2013.24 MB
Available physical RAM: 499.06 MB
Total Pagefile: 4026.48 MB
Available Pagefile: 1902.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:52.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 233 GB) (Disk ID: 94B794B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ZHPFix:

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Usuario at 03/05/2014 19:35:34
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 32-bit  (Build 7600)

Reciclagem vazia (00mn 30s)

========== Elementos dos dados do Registo ==========
ELIMINÉ Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (34) (582.839 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 52s

========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/05/2014 18:40:34 [2261]
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R2].txt - 03/05/2014 18:51:36 [1196]
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R3].txt - 03/05/2014 19:36:04 [1088]

falta só o outro log do Farbar (Addition)

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by Usuario at 2014-05-03 19:32:03
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_b741c3c52d3108664cedeb2b76f6d96) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 1.0 (HKLM\...\Tradução Adobe Photoshop CS4_is1) (Version: - Nando Backer Software Developer)
Adobe Reader X (10.1.Cool - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
aTube Catcher (HKLM\...\aTube Catcher) (Version: 2.9.4272 - DsNET Corp)
avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1489.0 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Codec 8.4f (HKLM\...\Codec_is1) (Version: - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (HKLM\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (Version: 16.0 - Corel Corporation) Hidden
DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version: - )
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10059 (Build 2593) - Speedbit Ltd.)
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FormatFactory 3.3.1.0 (HKLM\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Google Chrome (HKCU\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware versão 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) Portuguese (Brazil) (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Miniaurélio (HKLM\...\{01A373F1-B268-43CA-A8F1-45708A62F50A}) (Version: 5.12 - Positivo Informática.)
mIRC (HKLM\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Mozilla Firefox 28.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 28.0 (x86 pt-BR)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MPC-HC 1.7.3 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.3 - MPC-HC Team)
Nero 7 Ultra Edition (HKLM\...\{C6115A28-F277-4E82-B067-84D28BF21046}) (Version: 7.03.1357 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OpenSource Flash Video Splitter 1.0.0.5 (HKLM\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PeaZip 5.1.1 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.6 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Ultimate Codecs Packages (HKCU\...\Ultimate Codecs Packages) (Version: - ) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points =========================

02-05-2014 19:39:09 zoek.exe restore point
02-05-2014 21:39:59 ZHPFix Restore System Point
02-05-2014 23:04:24 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
02-05-2014 23:33:08 Revo Uninstaller's restore point - Download Accelerator Plus (DAP)
03-05-2014 21:51:09 ZHPFix Restore System Point

==================== Hosts content: ==========================

2009-07-13 23:04 - 2014-05-02 16:39 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {33235AB0-22BE-4E4A-954C-CDCFA65D5CFC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: {3EC36B8B-77C9-48B4-9C44-7202DF9E7FD1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {52E22773-E629-4AFF-9BCB-503B6BE77548} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {58659119-61F6-40F0-925B-2F17BE98CDC0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2013-11-07] (Microsoft)
Task: {772BF1E3-C3C0-42A1-A688-BD192EE976FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {874E4575-3352-4728-BBDC-99CB3E88ABA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {8982478E-518F-4037-850C-FA08CC737FB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)
Task: {89F25690-8414-4455-959A-188454A27B94} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {CF56E9B6-85EA-4368-A9EE-44344FC3029B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {E5F247AC-E4E0-4178-91B0-AB21559EA09B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {EFBDD970-01E2-42D9-8BE1-0AE7AF9B69D0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1574201965-1944898624-3258338672-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F182866C-BEEC-4B88-85B3-9E7881420F74} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000Core.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574201965-1944898624-3258338672-1000UA.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2014-05-03 18:02 - 2014-05-03 14:05 - 02292736 _____ () C:\Program Files\AVAST Software\Avast\defs\14050301\algo.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-02 21:00 - 2014-05-02 21:00 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00011776 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00010240 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012800 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00010752 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00014848 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\HotFileCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00040960 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\YouTubeCom.dll
2014-05-02 21:00 - 2014-05-02 21:00 - 00012288 _____ () C:\ProgramData\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\FileFactoryCom.dll
2013-12-05 09:20 - 2013-12-03 23:47 - 00702416 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 09:20 - 2013-12-03 23:47 - 00099792 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 04055504 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 00399312 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 09:19 - 2013-12-03 23:47 - 01619408 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 09:20 - 2013-12-03 23:48 - 13586896 _____ () C:\Users\Usuario\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2011-01-18 03:07 - 2011-01-18 03:07 - 12433408 _____ () C:\Program Files\DsNET Corp\aTube Catcher 2.0\ffmpeg.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 06:51:07 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {e9fe2f0c-4f48-4f90-8a95-541c01913ef9}

Error: (05/03/2014 04:29:16 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (05/02/2014 09:15:01 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (05/02/2014 08:33:08 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {f3f42b67-dc01-4968-bd05-dcd015342424}

Error: (05/02/2014 08:04:23 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {1a543900-2ea4-4aea-98ac-d9be5bc6864f}

Error: (05/02/2014 06:39:58 PM) (Source: VSS) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {950ea0b0-715d-45e9-b9a4-3cb649ec38de}


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (05/03/2014 06:51:07 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {e9fe2f0c-4f48-4f90-8a95-541c01913ef9}

Error: (05/03/2014 04:29:16 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (05/02/2014 09:15:01 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (05/02/2014 08:33:08 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {f3f42b67-dc01-4968-bd05-dcd015342424}

Error: (05/02/2014 08:04:23 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {1a543900-2ea4-4aea-98ac-d9be5bc6864f}

Error: (05/02/2014 06:39:58 PM) (Source: VSS)(User: )
Description: 0x80070005, Acesso negado.


Operação:
Obtendo Dados do Gravador

Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {950ea0b0-715d-45e9-b9a4-3cb649ec38de}


==================== Memory info ===========================

Percentage of memory in use: 75%
Total physical RAM: 2013.24 MB
Available physical RAM: 499.06 MB
Total Pagefile: 4026.48 MB
Available Pagefile: 1902.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:52.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool (Size: 233 GB) (Disk ID: 94B794B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo lugar onde você deixou o Farbar (FRST) que é este local abaixo:
C:\Users\Usuario\Downloads

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-05-2014
Ran by Usuario at 2014-05-03 21:22:10 Run:1
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Ultimate Codecs Packages (HKCU\...\Ultimate Codecs Packages) (Version: - ) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:56E2E879
end
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
"C:\Users\Todos os Usuários\TEMP" => ":56E2E879" ADS not found.


The system needed a reboot.

==== End of Fixlog ====

Reinicie o PC e nos diga como está o computador depois destes procedimentos.

A extensão saiu, assim como as propagadas! (ufa). O PC está mais rápido e até resolveu um problema que eu tinha no Mega.