Emails enviando links que direcionam a vírus

Olá a todos!
Utilizo um gerenciador de emails, o Mozilla ThunderBird, e notei que meus emails estão enviando mensagens com links para vírus para mim mesmo (ele envia e recebe o email). As contas "contaminadas" são do Yahoo e Terra. Estou preocupada... Podem me ajudar, por favor? Desde já agradeço a atenção dispensada
Segue abaixo log do Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:38:39, on 24/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Baixou Agora App\BaixouAgora.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Users\Lucilene\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucilene\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucilene\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucilene\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Lucilene\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE /c
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3200 Scan2PC] "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lucilene\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Baixou Agora] "C:\Program Files\Baixou Agora App\BaixouAgora.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify:  GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: User-mode service for AzBusFix (AzBusFixService) - Conexant Systems, Inc. - C:\Windows\system32\AzBusMon.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8692 bytes

Olá.

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Olá! Segue o log pedido...



~ Relatório do ZHPDiag v2014.7.24.108 - Nicolas Coolman  (24/07/2014)
~ Iniciado por Lucilene (25/07/2014 00:58:31)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16540
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.5.464
ESET Online Scanner v3
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v3.14

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Java 7 Update 65

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2008 MB (68% free)
System Restore: Activé (Enable)
System drive C: has 62 GB (47%) free of 132 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LUCILENE-PC
~ User Name: Lucilene
~ All Users Names: Lucilene, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Lucilene\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Lucilene\AppData\Roaming\
~ %Desktop% : C:\Users\Lucilene\Desktop\
~ %Favorites% : C:\Users\Lucilene\Favorites\
~ %LocalAppData% : C:\Users\Lucilene\AppData\Local\
~ %StartMenu% : C:\Users\Lucilene\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 62 Go of 132 Go)
D: Hard drive, Flash drive, Thumb drive (Free 7 Go of 20 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CFE0CEE587F9CEA4C29DEEC6D85FC91C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/02/2013 - 07:30:16.) -- C:\Windows\System32\wininet.dll [1766912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.31/08/2012 - 14:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 5/1438
~ Mes musiques (My Musics) : 17/386
~ Mes Videos (My Videos) : 7/76
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 2/10111
~ Mon Bureau (My Desktop) : 4/1959
~ Menu demarrer (Programs) : 1/36
~ Hidden Files:  Scanned in 00mn 04s



---\\ Processos lançados
[MD5.71C19C46A15F72CD3DB171B200CE3386] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe   [141848] [PID.2428]
[MD5.ED42244DCCCF367BAD825680274D6FD7] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe   [174104] [PID.2440]
[MD5.8AE8B7F7A5D433E222CE07231BECD099] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [151064] [PID.2452]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe   [30040] [PID.2464]
[MD5.96E1AFDEBDE3D1672302D03D00F483BE] - (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files\Winamp\winampa.exe   [85600] [PID.2472]
[MD5.9FE62954FD1162671CB295577F9969BE] - (.Conexant Systems, Inc. - SmartAudio.) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe   [2713144] [PID.2480]
[MD5.2F95FF9F837A8D135F303B6AF8F52763] - (...) -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe   [688128] [PID.2488]
[MD5.47ECED6CBB05BA4DC05DE6E043DA0C42] - (.No owner - ScanToPc MFC Application.) -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe   [1989120] [PID.2500]
[MD5.1E9B225DE829A6F666A0BA9B8A7984BF] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe   [750160] [PID.2512]
[MD5.1DE859B82E381A645C44284A5044BC33] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [256896] [PID.2528]
[MD5.300D7E29E0DF5267D6E2B268BADAFF90] - (...) -- C:\Program Files\Baixou Agora App\BaixouAgora.exe   [2186216] [PID.2552]
[MD5.3D558E2572EDF52FAD098AF2534B4E20] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe   [279456] [PID.2560]
[MD5.A6E68C1552D032A32DB73555E2506564] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe   [252952] [PID.2680]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [53784] [PID.168]
[MD5.80E04F074334739C96E1C08C331FB82D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8080384] [PID.5172]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [nbfjpmeddmamejnmmppjlfglfhcjbbai] Baixou Agora v.1.4.3, (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 12s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Lucilene\AppData\Roaming\Mozilla\Firefox\Profiles\noc9k82v.default\prefs.js
M3 - MFPP: Plugins - [Lucilene] -- C:\Program Files\Mozilla FireFox\searchplugins\ergative.xml
M0 - MFSP: prefs.js [Lucilene - noc9k82v.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Lucilene\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [WinampAgent] . (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio.) -- C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] . (...) -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
O4 - HKLM\..\Run: [3200 Scan2PC] . (.No owner - ScanToPc MFC Application.) -- C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Lucilene\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Baixou Agora] . (...) -- C:\Program Files\Baixou Agora App\BaixouAgora.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-179182008-1739221069-3547690239-1001\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Lucilene\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-179182008-1739221069-3547690239-1001\..\Run: [Baixou Agora] . (...) -- C:\Program Files\Baixou Agora App\BaixouAgora.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEA1F5FD-486C-4703-BACE-52282DC3F814}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BEA1F5FD-486C-4703-BACE-52282DC3F814}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{BEA1F5FD-486C-4703-BACE-52282DC3F814}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify:  GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
O20 - Winlogon Notify:  GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 6 Legitimates Filtered in 00mn 05s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{214C2DF4-A3BC-405D-8A81-68BC613941A4}] (...) -- C:\Users\Lucilene\Desktop\BluetoothDriverInstaller.exe (.not file.)   [0]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-179182008-1739221069-3547690239-1001Core   [1064]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-179182008-1739221069-3547690239-1001UA   [1086]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1056]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1060]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-179182008-1739221069-3547690239-1001Core   [1038]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-179182008-1739221069-3547690239-1001UA   [1090]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (badriver) . (. - .) - C:\Windows\System32\drivers\badriver.sys (.not file.)
O41 - Driver:  (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.7 - (.Ares Development Group.) [HKLM] -- Ares
O42 - Logiciel: Baixou Agora App - (.Baixou.) [HKLM] -- {2A13314E-EEEE-410D-BF82-EE201FC46CEC}_is1
O42 - Logiciel: Banco de Atividades FTD - Português - (...) [HKCU] -- FTD_Atividades_portugues
O42 - Logiciel: BrainHoney ToGo - (.Agilix Labs, Inc..) [HKLM] -- {FA15BC64-22E7-4B47-940B-5772B056DDF7}
O42 - Logiciel: Farejador 12 - (...) [HKLM] -- ST6UNST #1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: TinyPDF 2.0 - (.Real Software Solutions, Inc..) [HKLM] -- TinyPDF_is1
~ Logic: 21 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Agilix]
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baixou Agora]
[HKCU\Software\FTD]
[HKCU\Software\GbAs]
[HKCU\Software\Lanmisoft]
[HKCU\Software\ShiningMorning]
[HKLM\Software\Agilix]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Longman]
[HKLM\Software\ShiningMorning]
~ Key Software: 223 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/07/2012 - 21:32:26 - [] ----D C:\Program Files\Agilix
O43 - CFD: 26/01/2012 - 20:04:12 - [] ----D C:\Program Files\Ares
O43 - CFD: 15/06/2014 - 11:52:02 - [] ----D C:\Program Files\Baixou Agora App
O43 - CFD: 12/01/2013 - 22:38:59 - [] ----D C:\Program Files\Farejador 12
O43 - CFD: 24/12/2012 - 15:57:32 - [] ----D C:\Program Files\Lanmisoft
O43 - CFD: 16/09/2012 - 15:42:10 - [] ----D C:\Program Files\TinyPDF
O43 - CFD: 25/03/2013 - 01:22:30 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 20/02/2012 - 13:41:31 - [] ----D C:\Program Files\WMCap 5
O43 - CFD: 06/03/2014 - 23:51:46 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 25/07/2012 - 21:39:43 - [] ----D C:\Users\Lucilene\AppData\Roaming\Agilix
O43 - CFD: 24/12/2012 - 22:02:48 - [] ----D C:\Users\Lucilene\AppData\Roaming\Lanmisoft
O43 - CFD: 17/03/2013 - 17:55:23 - [] ----D C:\Users\Lucilene\AppData\Roaming\VIVO INTERNET
O43 - CFD: 29/03/2013 - 13:48:56 - [] ----D C:\Users\Lucilene\AppData\Local\Ares
O43 - CFD: 25/07/2012 - 21:32:27 - [] ----D C:\Users\Lucilene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Agilix
O43 - CFD: 26/01/2012 - 20:04:11 - [0] ----D C:\Users\Lucilene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
O43 - CFD: 12/01/2013 - 22:38:59 - [] ----D C:\Users\Lucilene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Farejador 12
~ Program Folder: 182 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.491DD823BAA3498953AB1E99FDDABCDA] - 17/07/2014 - 22:23:12 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [128094]
O44 - LFC:[MD5.0A87A7833D45C0CB48F73A9906CB4185] - 17/07/2014 - 22:23:12 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [663804]
O44 - LFC:[MD5.E4E994FF918ED7EB6728A5C63720175D] - 24/07/2014 - 22:17:49 ---A- . (...) -- C:\zoek-results2014-07-25-011749.log   [13146]
O44 - LFC:[MD5.DF5FFB16CA29598D2E7B8D1FC712CADA] - 24/07/2014 - 22:20:46 ---A- . (...) -- C:\ZA-Scan.txt   [13179]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 24/07/2014 - 22:28:21 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys   [31088]
~ Files: 19 Legitimates Filtered in 00mn 02s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\PROGRA~1\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{b2e10e6c-8eb3-11e2-948e-2c8158bf7f47}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{b2e10e80-8eb3-11e2-948e-2c8158bf7f47}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:28/05/2014 - 09:14:42 ---A- . (.Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\badriver-new.sys   [53736]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\GbpKm.sys   [47192]
O58 - SDL:24/07/2014 - 22:28:21 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\gbpndisrd.sys   [31088]
O58 - SDL:06/03/2014 - 23:54:54 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys   [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:27/08/2012 - 14:50:24 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys   [28520]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:19/03/2012 - 15:22:32 ---A- . (.ShiningMorning Inc. - No Comment.) -- C:\Windows\System32\Drivers\vasdDev.sys   [1451312]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 82 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm)  .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 77 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Lucilene\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.E796AE3A2A3895CB2A1E224827D2A6D9] [SPRF][06/03/2014] (...) -- C:\Users\Lucilene\AppData\Roaming\unins000.dat   [45861]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][06/03/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Lucilene\AppData\Roaming\unins000.exe   [720082]
[MD5.35FF19A3ECC56C5E9ED29D49C0FFEDCA] [SPRF][24/07/2014] (.Eric_71 - MbrScan.) -- C:\Users\Lucilene\Desktop\MbrScan.exe   [147456]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BetterInstaller_RASAPI32  =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\BetterInstaller_RASMANCS  =>Adware.MegaSearch
~ BTK: 284 Legitimates Filtered in 00mn 01s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 07/02/2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/02/2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 235696 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Demand 11/06/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 21/06/2013 162408 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 01/07/2014 430160 |  (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 01/07/2014 430160 |  (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 28/04/2009 60928 |  (AzBusFixService) . (.Conexant Systems, Inc..) - C:\Windows\system32\AzBusMon.exe
SR - | Auto 26/06/2014 555048 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\XAudio32.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 25s



---\\ Scâner Aditional (088)
Database Version : 13026 - (24/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 0

~ Additionnel Scan: 210769 Items scanned in 00mn 45s



---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Browser Helper Objects do navegador (02)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.MegaSearch
~ MSI: 1 link(s) detected in 00mn 00s



~ 753 Legitimates filtered by white list
End of the scan (495 lines in 02mn 10s)(0)

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Boa tarde!
Segue abaixo o relatório pedido

Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Lucilene at 25/07/2014 18:06:45
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 07s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: badriver
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BetterInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BetterInstaller_RASMANCS

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (14) (244.248 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {214C2DF4-A3BC-405D-8A81-68BC613941A4}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
3 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 11s

========== Caminho do ficheiro do relatório ==========
C:\Users\Lucilene\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25/07/2014 18:06:52 [1126]

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Olá! Segue relatóro do MalwareBytes

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 25/07/2014
Hora da Verificação: 19:21:17
Logfile: Malwarebytes LOG.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.07.25.08
Rootkit Database: v2014.07.17.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Lucilene

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 431335
Tempo Decorrido: 3 hr, 10 min, 26 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 1
PUP.Optional.HomeTab.A, HKU\S-1-5-21-179182008-1739221069-3547690239-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\SIMPLYTECH\HomeTab, Delete-on-Reboot, [15a7247f4932ba7cd9bdece51be708f8],

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 1
PUP.Optional.Somoto.A, C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000, Quarantined, [06b64f54700b7eb82f9f3700e71d8977],

Physical Sectors: 0
(No malicious items detected)


(end)

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.216 - Relatório criado 26/07/2014 às 12:27:03
# Atualizado 17/07/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Lucilene - LUCILENE-PC
# Executando de : C:\Users\Lucilene\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v

[ Arquivo : C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\f44e4qvz.default\prefs.js ]


[ Arquivo : C:\Users\Lucilene\AppData\Roaming\Mozilla\Firefox\Profiles\noc9k82v.default\prefs.js ]


-\\ Google Chrome v

[ Arquivo : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Arquivo : C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [8951 octets] - [23/01/2014 15:33:06]
AdwCleaner[R1].txt - [9011 octets] - [23/01/2014 15:38:37]
AdwCleaner[R2].txt - [9071 octets] - [23/01/2014 15:49:36]
AdwCleaner[R3].txt - [1354 octets] - [23/01/2014 16:24:02]
AdwCleaner[R4].txt - [1841 octets] - [26/07/2014 12:24:47]
AdwCleaner[S0].txt - [8971 octets] - [23/01/2014 15:50:53]
AdwCleaner[S1].txt - [1753 octets] - [26/07/2014 12:27:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1813 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 26-07-2014
Tool run by Lucilene on 26/07/2014 at 14:59:53,86.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Lucilene\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-25-011749.log 13146 bytes
C:\zoek-results2014-07-25-012046.log 13179 bytes

==== System Restore Info ======================

26/07/2014 15:02:08 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\f44e4qvz.default\prefs.js:

Added to C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\f44e4qvz.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\ADMINI~1\AppData\Roaming\Thunderbird\Profiles\hshp6yrb.default\prefs.js:

Added to C:\Users\ADMINI~1\AppData\Roaming\Thunderbird\Profiles\hshp6yrb.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Lucilene\AppData\Roaming\Mozilla\Firefox\Profiles\noc9k82v.default\prefs.js:
user_pref("browser.startup.homepage", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
user_pref("browser.search.selectedEngine", "Ergative");
user_pref("keyword.URL", "http://www.ergative.com/search.php?q=");

Added to C:\Users\Lucilene\AppData\Roaming\Mozilla\Firefox\Profiles\noc9k82v.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Lucilene\AppData\Roaming\Thunderbird\Profiles\c66cbunf.default\prefs.js:

Added to C:\Users\Lucilene\AppData\Roaming\Thunderbird\Profiles\c66cbunf.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Users\Public\sdelevURL.tmp deleted
C:\Users\Lucilene\Searches deleted
C:\Windows\Launcher.exe deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Users\Lucilene\AppData\Roaming\unins000.exe deleted
"C:\Windows\Installer\304733.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Lucilene\AppData\Local\GAS Tecnologia\GBBD\bb\sf.xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Thunderbird\Profiles\hshp6yrb.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

ProfilePath: C:\Users\Lucilene\AppData\Roaming\Mozilla\Firefox\Profiles\noc9k82v.default
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Lucilene\AppData\Roaming\Mozilla\Firefox\Profiles\noc9k82v.default
486DCD78DFB28733BFDD4D4EFEA2FD50 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U65
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
1A4574EF548F0C871013EA5568ACAE05 - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 11:45]
nbfjpmeddmamejnmmppjlfglfhcjbbai - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Lucilene\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[]

Google Docs - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Lucilene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Lucilene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Lucilene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Lucilene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Lucilene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Skype Click to Call - Lucilene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Lucilene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Lucilene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage-journal deleted successfully
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.about.com_0.localstorage-journal deleted successfully
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.elvisfind.com_0.localstorage-journal deleted successfully
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.onlinesearches.com_0.localstorage-journal deleted successfully
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_publicrecords.onlinesearches.com_0.localstorage-journal deleted successfully
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bluetooth-driver-installer.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.goodsearch.com_0.localstorage-journal deleted successfully
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.zabasearch.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.terra.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.terra.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

==== Reset Google Chrome ======================

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-179182008-1739221069-3547690239-1001\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Lucilene\Desktop\AMP Font Viewer.lnk - C:\Program Files\AMP Font Viewer\FontViewer.exe
C:\Users\Lucilene\Desktop\Ares.lnk - C:\Program Files\Ares\Ares.exe
C:\Users\Lucilene\Desktop\Audacity.lnk - C:\Program Files\Audacity\audacity.exe
C:\Users\Lucilene\Desktop\BrainHoney ToGo.lnk - C:\Users\Lucilene\AppData\Roaming\Microsoft\Installer\{FA15BC64-22E7-4B47-940B-5772B056DDF7}\App.ico
C:\Users\Lucilene\Desktop\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Lucilene\Desktop\Google Chrome.lnk - C:\Users\Lucilene\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucilene\Desktop\Kindle.lnk - C:\Users\Lucilene\AppData\Local\Amazon\Kindle\application\Kindle.exe
C:\Users\Lucilene\Desktop\Português.lnk -
C:\Users\Lucilene\Desktop\Sweet Home 3D.lnk - C:\Program Files\Sweet Home 3D\SweetHome3D.exe
C:\Users\Lucilene\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Lucilene\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ Google Earth.lnk - C:\Program Files\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\Ashampoo Burning Studio 2012.lnk - C:\Program Files\Ashampoo\Ashampoo Burning Studio 2012\burningstudio2012.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\Avira Control Center.lnk - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\PrtScr.lnk - C:\Program Files\PrtScr\PrtScr.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files\Winamp\winamp.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Lucilene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Lucilene\AppData\Local\Google\Chrome\Application\chrome.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files\Winamp\winamp.exe
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,Options_RunDLL 1
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Farejador 12.LNK - C:\Program Files\Farejador 12\Farejador12.exe
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Users\Lucilene\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Lucilene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PrtScr.lnk - C:\Program Files\PrtScr\PrtScr.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nbfjpmeddmamejnmmppjlfglfhcjbbai deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

==== Empty IE Cache ======================

C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lucilene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Lucilene\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=21 folders=1 942003 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrador\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Lucilene\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Lucilene\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 26/07/2014 at 15:25:35,75 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Lucilene on 26/07/2014 at 16:56:11,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/07/2014 at 17:01:36,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Como está o PC?

Boa noite!
Aparentemente, está tudo bem. Não recebi nenhum email estranho e os procedimentos executados deixaram o PC mais rápido.

Fico feliz que o problema tenha sido resolvido.

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.