Computar infectado com malware após a instalação do sXe-injected

Boa noite,

Meu computar foi infectado após a instalação do sXe-injected, foram detectados 185 ameaças pelo Malwarebytes. Aguardo algum passo para resolver o problema.

Muito obrigado.

Boa noite tonelli,

• Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ><[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ...Nicolas Coolman)
  
• Salve-o no Disco local (C ou D).
  
• Desabilite seu antivírus, e execute ZHPDiag.exe para instalar.
  
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Execute o ícone do pergaminho!
  
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Clique na opção "COMPLETA" e aguarde a conclusão.
  
• Clique OK e,ao concluir, poste o relatório! ( ZHPDiag.txt )
  
• Obs: O relatório por ser extenso deve ser postado em um desses sites:
  
• Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !
  

Um grande abraço.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Ta aí o que foi pedido.

Obrigado.

Boa noite tonelli, poste por favor também o relatório do Malwarebytes com a remoção das ameaças que você disse que foram detectadas.

• Execute este script na ferramenta ZHPFix.
  
• Copie estas informações que estão em vermelho para o Bloco de notas.
  
• Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
  
• À seguir, minimize o Bloco de notas.
  
  Script ZHPFix
  SysRestore
  O2 - BHO: IESpeakDoc [64Bits] - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} Chave orfã    
  O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã    
  [HKCU\Software\Baidu Security]    
  [HKCU\Software\Conduit]   =>Toolbar.Conduit
  [HKCU\Software\Linkey]   =>PUP.LinkeySearch
  [HKCU\Software\SimplyTech]   =>PUP.SimplyTech
  [HKLM\Software\EnigmaSoftwareGroup]   =>PUP.EnigmaSoftware
  [HKLM\Software\Wow6432Node\AskPartnerNetwork]   =>Toolbar.AskBar
  [HKLM\Software\Wow6432Node\Baidu_Drp_pos]    
  [HKLM\Software\Wow6432Node\Conduit]   =>Toolbar.Conduit
  [HKLM\Software\Wow6432Node\SupDp]   =>PUP.SupTab
  O43 - CFD: 15/03/2015 - 20:03:32 - [] ----D C:\Program Files (x86)\Baidu Security    
  O43 - CFD: 15/03/2015 - 20:03:32 - [] ----D C:\ProgramData\Baidu Security    
  O43 - CFD: 06/12/2014 - 20:07:15 - [] ----D C:\ProgramData\boost_interprocess    
  O43 - CFD: 13/07/2014 - 12:59:23 - [] ----D C:\ProgramData\Microsoft Toolkit   =>Trojan.AutoKMS
  O43 - CFD: 15/03/2015 - 20:11:09 - [] ----D C:\ProgramData\PC Faster
  O43 - CFD: 12/07/2014 - 12:16:37 - [] ----D C:\Users\Acer\AppData\Local\Apps    
  O43 - CFD: 13/07/2014 - 12:14:23 - [] ----D C:\Users\Acer\AppData\Local\Microsoft Toolkit   =>Trojan.AutoKMS
  O44 - LFC:[MD5.68444E9D77D56E5524C62DB51953C7F3] - 15/03/2015 - 20:03:50 ---A- . (...) -- C:\user.js   [45]    
  O45 - LFCP:[MD5.23B8499661AF8A234FBB6249E318439A] - 15/03/2015 - 20:03:40 ---A- - C:\Windows\Prefetch\MYSTARTSEACH_29_12-55037C5A.E-68BB2784.pf   =>Spyware.VMNToolbar
  O45 - LFCP:[MD5.BC3E30DC0584C930F0EE81EC3A214044] - 15/03/2015 - 20:03:52 ---A- - C:\Windows\Prefetch\SHOPPERZ_2002--83FDDE82.EXE-CC5B24C6.pf   =>PUP.Shopperz
  O45 - LFCP:[MD5.45AC0F622806CB9F0BD165AB0E712ECC] - 15/03/2015 - 20:03:55 ---A- - C:\Windows\Prefetch\SHOPPERZ_2002--83FDDE82.TMP-95616D0A.pf   =>PUP.Shopperz
  O45 - LFCP:[MD5.FC46AD70350835E839208B5BF1528353] - 15/03/2015 - 20:03:47 ---A- - C:\Windows\Prefetch\VUUPCINSTALLER.EXE-660F48F3.pf   =>PUP.VuuPC
  O45 - LFCP:[MD5.55315ACB4237B42E46A9027CD9A1D1AA] - 15/03/2015 - 20:05:42 ---A- - C:\Windows\Prefetch\WPM_V20.0.0.1953_0302.EXE-8D4D918D.pf   =>PUP.WpManager
  O61 - LFC: 10/03/2015 - 21:07:48 ---A- . (.Baidu Inc..) -- C:\Users\Acer\AppData\Local\Temp\nsx7BFF.tmp\LogReporter.exe   [730816]
  O61 - LFC: 10/03/2015 - 21:07:48 ---A- . (.Baidu Inc..) -- C:\Users\Acer\AppData\Local\Temp\nsy7E22.tmp\LogReporter.exe   [730816]
  O61 - LFC: 12/03/2015 - 21:07:48 ---A- . (.Baidu Inc..) -- C:\Users\Acer\AppData\Local\Temp\nsx7BFF.tmp\InstallCheck.dll   [48832]
  O61 - LFC: 12/03/2015 - 21:07:48 ---A- . (.Baidu Inc..) -- C:\Users\Acer\AppData\Local\Temp\nsx7BFF.tmp\InstallUtility.dll   [1138368]
  O61 - LFC: 12/03/2015 - 21:07:48 ---A- . (.Baidu Inc..) -- C:\Users\Acer\AppData\Local\Temp\nsy7E22.tmp\InstallCheck.dll   [48832]
  O61 - LFC: 12/03/2015 - 21:07:48 ---A- . (.Baidu Inc..) -- C:\Users\Acer\AppData\Local\Temp\nsy7E22.tmp\InstallUtility.dll   [1138368]
  O61 - LFC: 15/03/2015 - 21:07:34 ---A- . (...) -- C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\IE\9SBX5SBA\WinCheckSetup[1].exe   [456212]   =>PUP.Wincheck
  O61 - LFC: 15/03/2015 - 21:07:34 ---A- . (...) -- C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\IE\ENN7JZQV\ConvertAdSetup[1].exe   [1155028]   =>Adware.Pirrit
  O61 - LFC: 15/03/2015 - 21:07:48 ---A- . (.Baidu, Inc..) -- C:\Users\Acer\AppData\Local\Temp\Baidu_Secure_SystemUp_5.1.3.114963.exe   [25490480]
  O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]   =>PUP.StartSearch
  O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]   =>PUP.StartSearch
  O69 - SBI: SearchScopes [HKCU] {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [DefaultScope] - (e) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]   =>PUP.StartSearch
  O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]   =>PUP.StartSearch
  O69 - SBI: SearchScopes [HKCU] {E733165D-CBCF-4FDA-883E-ADEF965B476C} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]   =>PUP.StartSearch
  [HKCU\Software\APN PIP]   =>Toolbar.Ask
  [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]   =>Toolbar.Conduit
  [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]   =>Toolbar.Conduit
  [HKLM\Software\Wow6432Node\AskPartnerNetwork]   =>Toolbar.Ask
  C:\ProgramData\Microsoft Toolkit   =>Trojan.AutoKMS^
  C:\Users\Acer\AppData\Local\Microsoft Toolkit   =>Trojan.AutoKMS^
  [HKCU\Software\Conduit]   =>Toolbar.Conduit^
  [HKCU\Software\Linkey]   =>PUP.LinkeySearch^
  [HKCU\Software\SimplyTech]   =>PUP.SimplyTech^
  [HKLM\Software\EnigmaSoftwareGroup]   =>PUP.EnigmaSoftware^
  [HKLM\Software\Wow6432Node\Conduit]   =>Toolbar.Conduit^
  [HKLM\Software\Wow6432Node\SupDp]   =>PUP.SupTab^
  EmptyClsid
  FirewallRaz
  EmptyPrefetch
  EmptyTemp
  EmptyFlash
  
  
  
• Abra a ferramenta ZHPFix. <[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]>
  
• Clique em IMPORTAÇÃO > OK
  
• Clique "GO".
  
• Poste o Relatório!
  

Um grande abraço.  

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data da Verificação: 15/03/2015
Hora da Verificação: 20:12:14
Arquivo de Log:
Administrador: Sim

Versão: 2.00.4.1028
Base de Dados de Malware: v2015.03.15.06
Base de Dados de Rootkit: v2015.02.25.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado

SO: Windows 8.1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Acer

Tipo da Verificação: Verificar Ameaça
Resultado: Terminado
Objetos Verificados: 387448
Tempo Decorrido: 25 min, 43 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 7
Trojan.Downloader, C:\Users\Acer\AppData\Local\Temp\nstB4E4.tmp, 3476, Nenhuma ação do usuário, [ab2776cf86041521c1b063b71fe44db3]
PUP.Optional.Bundle, C:\Users\Acer\AppData\Local\Temp\nstB4E5.tmp, 1188, Apagar ao Reiniciar, [26ac7cc94f3b4aec1252b5276c991de3]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 5340, Apagar ao Reiniciar, [6b670a3b8109f3433ac245c9927010f0]
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, 6356, Apagar ao Reiniciar, [cc065ee789012511c60b6dc2ac560af6]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, 2152, Apagar ao Reiniciar, [9b37c08551396dc9b1a98a2d2ed557a9]
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\UninstallManager.exe, 3388, Apagar ao Reiniciar, [844e2124f694979f385f318be32047b9]
PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 5956, Apagar ao Reiniciar, [30a28eb76723b87ea06f209b996a718f]

Módulos: 9
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Apagar ao Reiniciar, [ab27063f92f8c96d4fb19cd2fb05a060],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Apagar ao Reiniciar, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Apagar ao Reiniciar, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Apagar ao Reiniciar, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Apagar ao Reiniciar, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Apagar ao Reiniciar, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Apagar ao Reiniciar, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Apagar ao Reiniciar, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Apagar ao Reiniciar, [9b37c08551396dc9b1a98a2d2ed557a9],

Chaves de Registro: 37
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Quarentena, [6b670a3b8109f3433ac245c9927010f0],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarentena, [5f734005d4b6c3730b0238eda2610ff1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarentena, [5f734005d4b6c3730b0238eda2610ff1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarentena, [5f734005d4b6c3730b0238eda2610ff1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarentena, [5f734005d4b6c3730b0238eda2610ff1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarentena, [5f734005d4b6c3730b0238eda2610ff1],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarentena, [5f734005d4b6c3730b0238eda2610ff1],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mystartsearch uninstall, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [4a882b1a6e1c75c17f9929f49471857b],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarentena, [8c46261f2c5e2c0a9bbe08af62a111ef],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarentena, [9c36c28302881224574aba421de614ec],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, Quarentena, [369c59ec2b5f4de92c00e5da8281c63a],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, Quarentena, [a82ac97c652555e16cd6ffb43bc8827e],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [ddf5fd4862288aac3edae8350cf94db3],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarentena, [b41e8cb9b5d52016f70f3a76aa59966a],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarentena, [1cb662e33753b4820104d7d9f013e31d],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarentena, [f7dba99c0c7e33033b68902f55aee020],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarentena, [be144ef78109c37363a0159b31d27c84],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarentena, [1cb63b0a06842a0cac6c349924df3ec2],
PUP.Optional.cherimoya.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, Quarentena, [349eb095f69461d54c570fa60ef57c84],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarentena, [30a28eb76723b87ea06f209b996a718f],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarentena, [5b77063fa5e5ef4783d0bb078083da26],
PUP.Optional.Shopperz.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarentena, [646ef94c7812f93dc7ab8823946fe51b],
PUP.Optional.Shopperz.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarentena, [5280380d5535bb7b1c560c9f6c9707f9],
PUP.Optional.Shopperz.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarentena, [23af8abb26647cbabfb36d3e3ec520e0],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HomeTab, Quarentena, [04ce11348cfe57df8932d60957ac8878],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SearchProtectWS, Quarentena, [b0224df84e3c48ee45c4a90762a19c64],
PUP.Optional.TNT.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TNT2, Quarentena, [963c172ebbcf191d04e63180669d0000],
PUP.Optional.Wajam.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WajIntEnhance, Quarentena, [557d3a0b12784fe77ac93182719232ce],
PUP.Optional.Shopperz.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarentena, [ebe73c097713e35392e0c0eb29da0ff1],
PUP.Optional.Qone8, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [b220f05513772412d83f41dc64a1f709],
PUP.Optional.Iminent.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarentena, [d3fffe47a7e37abc906039729f6422de],
PUP.Optional.Iminent.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarentena, [983af1547a10d264e20feac12ad932ce],
PUP.Optional.Linkey.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, Quarentena, [ba18dc69543682b41ed42784897a6799],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarentena, [b61c5beaff8b9c9a589b0c9fbe45e719],
PUP.Optional.Wajam.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarentena, [438f56ef5e2cc27413e17d2e8f749a66],
PUP.Optional.Wajam.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Quarentena, [d1016dd8d5b547efc53f90200bf85fa1],

Valores de Registro: 1
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, ima, Quarentena, [1cb63b0a06842a0cac6c349924df3ec2]

Dados de Registro: 14
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: (iexplore.exe), Ruim: (C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.mystartsearch.com/web/?type=ds&ts=1426460698&from=ima&uid=WDCXWD5000BPVT-22HXZT3_WD-WX31C12M3783M3783&q={searchTerms}),Substituído,[32a099acf793a6905dcfaa3331d4b947]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.mystartsearch.com/?type=hp&ts=1426460698&from=ima&uid=WDCXWD5000BPVT-22HXZT3_WD-WX31C12M3783M3783),Substituído,[5e7456ef395162d4b379ffde768f7c84]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.mystartsearch.com/?type=hp&ts=1426460698&from=ima&uid=WDCXWD5000BPVT-22HXZT3_WD-WX31C12M3783M3783),Substituído,[587a4cf9ec9e4ee879b3e2fb4cb918e8]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.mystartsearch.com/web/?type=ds&ts=1426460698&from=ima&uid=WDCXWD5000BPVT-22HXZT3_WD-WX31C12M3783M3783&q={searchTerms}),Substituído,[4b8778cda4e685b1fe2ef3eac3427c84]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bom: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Ruim: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Substituído,[e3efbb8a503af0465d585990c73ed927]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: (iexplore.exe), Ruim: (C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.mystartsearch.com/web/?type=ds&ts=1426460698&from=ima&uid=WDCXWD5000BPVT-22HXZT3_WD-WX31C12M3783M3783&q={searchTerms}),Substituído,[b220f94c107aba7c50dc736a47be31cf]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.mystartsearch.com/?type=hp&ts=1426460698&from=ima&uid=WDCXWD5000BPVT-22HXZT3_WD-WX31C12M3783M3783),Substituído,[72605bea8a00d95d121a5e7f9273966a]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.mystartsearch.com/?type=hp&ts=1426460698&from=ima&uid=WDCXWD5000BPVT-22HXZT3_WD-WX31C12M3783M3783),Substituído,[3e94c67f32586acc28049746f411ba46]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.mystartsearch.com/web/?type=ds&ts=1426460698&from=ima&uid=WDCXWD5000BPVT-22HXZT3_WD-WX31C12M3783M3783&q={searchTerms}),Substituído,[d2006adbbeccb38337f5c4191beae31d]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bom: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Ruim: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Substituído,[ac265aeb3753e94dcfe602e715f03cc4]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.mystartsearch.com/?type=hp&ts=1426460698&from=ima&uid=WDCXWD5000BPVT-22HXZT3_WD-WX31C12M3783M3783),Substituído,[1eb45aeb4d3def47939add0033d2bb45]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-4163718600-10374180-3483674898-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bom: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ruim: (http://www.mystartsearch.com/?type=hp&ts=1426460698&from=ima&uid=WDCXWD5000BPVT-22HXZT3_WD-WX31C12M3783M3783),Substituído,[2ca685c08bff3204111c3e9fb550b34d]

Pastas: 35
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\code, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Apagar ao Reiniciar, [d7fbd273e9a13df9dc6592f331d2ef11],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarentena, [d7fbd273e9a13df9dc6592f331d2ef11],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarentena, [def40e37f694de584e89168bee15b947],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarentena, [def40e37f694de584e89168bee15b947],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GU Player, Quarentena, [8b47a89d7c0e6bcb529e2d77c73c8080],

Arquivos: 119
Trojan.Downloader, C:\Users\Acer\AppData\Local\Temp\nstB4E4.tmp, Nenhuma ação do usuário, [ab2776cf86041521c1b063b71fe44db3],
PUP.Optional.Bundle, C:\Users\Acer\AppData\Local\Temp\nstB4E5.tmp, Nenhuma ação do usuário, [26ac7cc94f3b4aec1252b5276c991de3],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Quarentena, [6b670a3b8109f3433ac245c9927010f0],
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, Quarentena, [cc065ee789012511c60b6dc2ac560af6],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Quarentena, [ab27063f92f8c96d4fb19cd2fb05a060],
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, Quarentena, [5f734005d4b6c3730b0238eda2610ff1],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, Quarentena, [e2f02c19a4e62016639d09650cf4c937],
PUP.Optional.Shopperz.A, C:\Users\Acer\AppData\Local\Temp\n9342\Shopperz_2002--83fdde82.exe, Quarentena, [3b971b2a5832fd391497de4517efe11f],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_76.exe, Quarentena, [eee481c40b7f0f271f5aae7476900ef2],
PUP.Optional.BrowserWatch, C:\Users\Acer\AppData\Local\Temp\B934D573F69tmp\tmp\XTab_Setup1998.exe, Quarentena, [04ce0342f496330335cb323c24dc2bd5],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage, Quarentena, [6d65ed58e1a941f501c4cde9b84bb848],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal, Quarentena, [d8fa4302a5e5e74f75505462c53ee31d],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, Quarentena, [9b37c08551396dc9b1a98a2d2ed557a9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\MessageBox.xml, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\428.json, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\uninstallDlg2.xml, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\UninstallManager.exe, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\bg.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\bg1.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\bk_shadow.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\button.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\button1.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\checkbox.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\checkbox_select.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\checked.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\close.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\loading_bg.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\loading_light.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\min.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\scrollbar.bmp, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\Thumbs.db, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\unchecked.png, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\code\code1.jpg, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\code\code2.jpg, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\code\code3.jpg, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\code\code4.jpg, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\code\code5.jpg, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\code\code6.jpg, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.MyStartSearch.A, C:\Users\Acer\AppData\Roaming\mystartsearch\images\code\Thumbs.db, Quarentena, [844e2124f694979f385f318be32047b9],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\C5D78CEA-DFB9-4338-A29A-B9A7501D1AB2.job, Quarentena, [22b06fd6682262d4b85254e037ce8779],
PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Apagar ao Reiniciar, [30a28eb76723b87ea06f209b996a718f],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\avcodec-54.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\avdevice-54.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\avformat-54.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\avutil-51.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\GuPlayer.exe, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\libfreetype-6.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\libpng15-15.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\postproc-52.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\SDL.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\SDL_image.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\SDL_ttf.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\swresample-0.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\swscale-2.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\Uninstaller.exe, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Program Files (x86)\GU Player\zlib1.dll, Quarentena, [13bf86bfc4c6082ee00f3d6709fa2fd1],
PUP.Optional.GUPlayer.A, C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GU Player\GU Player.lnk, Quarentena, [8b47a89d7c0e6bcb529e2d77c73c8080],
PUP.Optional.GUPlayer.A, C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GU Player\Uninstall GU Player.lnk, Quarentena, [8b47a89d7c0e6bcb529e2d77c73c8080],

Setores Físicos: 0
(Nenhum item malicioso detectado)


(end)

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Relatório do ZHP.

Obrigado.

Boa noite tonelli,

• Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...par Xplode)
  
• Ou aqui >>[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]<<
  
• Salve-a na sua Desktop (área de trabalho).
  
• Feche todos os programas e navegadores de internet abertos.
  
• Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
  
• Clique em Examinar, para iniciar o escaneamento!
  
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Ao término, clique em limpar
  
• Copie o log ou clique "Relatório".
  
• Poste: >>C:\AdwCleaner\AdwCleaner [S0].txt<<
  

• Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Oleg N. Scherbakov)>
  
• Salve-o no desktop!
  
• Desabilite seu antivírus!
  
• Para Windows 7, clique direito em JRT.exe e execute-o como [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  
• Aguarde a conclusão e poste o relatório. ( JRT.txt )
  

Um grande abraço.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Obrigado

Boa noite tonelli,

• Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...by Smeenk)
  
• Salve na sua Desktop (Área de trabalho) !
  
• Execute o arquivo Zoek.exe.
  
• Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!
  
  createsrpoint;
  emptyclsid;
  iedefaults;
  CHRdefaults;
  shortcutfix;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b
  emptyfolderscheck;delete
  
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
  
• Clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem], aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
  
• Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
  
• Anexe o zoek-results.txt na sua próxima resposta.
  

Um grande abraço.

Zoek.exe v5.0.0.0 Updated 15-March-2015
Tool run by Acer on 16/03/2015 at 0:05:35,27.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Acer\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-03-16-030217.log 21929 bytes

==== System Restore Info ======================

16/03/2015 00:06:51 Zoek.exe System Restore Point Created Successfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03/03/2015 20:31]

==== Chromium Look ======================

Google Chrome Version: 41.0.2272.89 (Up to date, latest Stable version: 41.0.2272.89)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/03/2015 20:30]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

AdBlock - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Graph Drawer - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnajhamddligoijcjepacihnbhfncike
Avast Online Security - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Turn Off the Lights - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd
Google Drive App Launcher - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
GBBD Banco do Brasil - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp
Graph.tk - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Acer\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\Acer\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\Acer\Desktop\pendrive\Atalho para Despesas PRO VIDA edinei.lnk - C:\Users\Acer\Desktop\pendrive\Despesas PRO VIDA cristiano.xls
C:\Users\Acer\Desktop\pendrive\Atalho para EMPATIA.lnk - \\Cristiano\c\Meus documentos\Os meus ficheiros recebidos\EMPATIA.ppt
C:\Users\Acer\Desktop\pendrive\Atalho para marcia.lnk - C:\Users\Acer\Documents\marcia.bmp
C:\Users\Acer\Desktop\pendrive\cristianonaves@hotmail.com Arquivo de Pastas Compartilhadas.lnk - C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Messenger\cristianonaves@hotmail.com\Sharing Folders
C:\Users\Acer\Desktop\pendrive\Minhas Pastas de Compartilhamento.lnk -
C:\Users\Acer\Desktop\pendrive\Pasta de destino do Picture Package.lnk - C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyDir.exe
C:\Users\Acer\Desktop\pendrive\area de trabalho\Acrobat Reader 5.0.lnk - X:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Users\Acer\Desktop\pendrive\area de trabalho\CobCaixa.lnk - C:\Caixa\CobCaixa\CobCaixa.exe
C:\Users\Acer\Desktop\pendrive\area de trabalho\DivX Player 2.0 Alpha.lnk - C:\Arquivos de programas\DivX\DivX Player 2.0 Alpha\DivX Player 2.0 Alpha.exe
C:\Users\Acer\Desktop\pendrive\area de trabalho\Gerenciador Financeiro.lnk - \\Servcristiano\c\BancoBrasil\officeIE\index.html
C:\Users\Acer\Desktop\pendrive\area de trabalho\Microsoft Excel.lnk - C:\Arquivos de programas\Microsoft Office\Office\Excel.exe
C:\Users\Acer\Desktop\pendrive\area de trabalho\Microsoft PowerPoint.lnk - C:\Arquivos de programas\Microsoft Office\Office\Powerpnt.exe
C:\Users\Acer\Desktop\pendrive\area de trabalho\Microsoft Word.lnk - C:\Arquivos de programas\Microsoft Office\Office\Winword.exe
C:\Users\Acer\Desktop\pendrive\area de trabalho\Mozilla Firefox.lnk - \\Servcristiano\c\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Users\Acer\Desktop\pendrive\area de trabalho\Norton SystemWorks.lnk - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Nmain.exe
C:\Users\Acer\Desktop\pendrive\area de trabalho\Outlook Express.lnk - C:\Arquivos de programas\Outlook Express\msimn.exe
C:\Users\Acer\Desktop\pendrive\area de trabalho\Sisad Pró-Vida.lnk -
C:\Users\Acer\Desktop\pendrive\area de trabalho\WinZip.lnk - C:\Arquivos de programas\WinZip\Winzip32.exe
C:\Users\Acer\Desktop\pendrive\Brasindice\1-Mapear Farmácia.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\Acrobat Reader 5.0.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\CobCaixa.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\DivX Player 2.0 Alpha.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\Gerenciador Financeiro.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\Microsoft Excel.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\Microsoft PowerPoint.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\Microsoft Word.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\Mozilla Firefox.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\Norton SystemWorks.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\Outlook Express.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\Sisad Pró-Vida.lnk -
C:\Users\Acer\Desktop\pendrive\Cópia de area de trabalho\WinZip.lnk -
C:\Users\Acer\Desktop\pendrive\Minhas imagens\Amostras de imagens.lnk -
C:\Users\Acer\Desktop\pendrive\Picture Package'07_01_11_02\DCIM\101_SONY\Atalho para DSC00471.lnk - C:\Users\Acer\Desktop\pendrive\Picture Package'07_01_11_02\DCIM\101_SONY\DSC00471.JPG
C:\Users\Acer\Desktop\pendrive\Área de Tabalho Cristiano\mobile PhoneTools.lnk -
C:\Users\Acer\Desktop\pendrive\Área de Tabalho Cristiano\TabelaUnificada.exe.lnk -
C:\Users\Acer\Desktop\pendrive\Área de Tabalho Cristiano\DOC CRISTIANO\Atalho para 3º SETOR.lnk -
C:\Users\Acer\Desktop\pendrive\Área de Tabalho Cristiano\DOC CRISTIANO\Atalho para Empresas.lnk -
C:\Users\Acer\Desktop\pendrive\Área de Tabalho Cristiano\DOC CRISTIANO\Atalho para Tabelas.lnk -
C:\Users\Acer\Desktop\pendrive\Área de Tabalho Cristiano\DOC CRISTIANO\Brasindice\1-Mapear Farmácia.lnk -
C:\Users\Acer\Desktop\pendrive\Área de Tabalho Cristiano\DOC CRISTIANO\CNSP\Atalho para TEXTOS ENFEMAGEM.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast antivirus.lnk -
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast SafeZone.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe /sfzonebrowser
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype para a área de trabalho.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\Users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk - C:\Users\Acer\AppData\Roaming\Spotify\spotify.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Acer\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=33 folders=26 22829722 bytes)

==== Empty Temp Folders ======================

C:\Users\Acer\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Acer\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 16/03/2015 at 0:32:23,74 ======================

Boa noite toneli, está ficando tarde amanhã eu vou dar uma olhada no relatório da Zoek. Um grande abraço.

Sem problemas caedurodrigues,

Forte abraço!

Bom dia tonelli,

• Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Farbar)>
  
• Ou aqui:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Salve-a na Área de trabalho !
  
• Execute a ferramenta ! Clique "Yes" >> "Scan".
  
  [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
• Verifique se as caixinhas em "Whitelist" estão assinaladas.
  
• Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
  
• Será gerado o relatório! (FRST.txt)
  
• Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
  
• Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
  
• Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !
  

Um grande abraço.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Obrigado

Boa noite tonelli,

• Copie estas informações que estão em vermelho,para o Bloco de Notas.
  
• Salve-a com o nome fixlist.txt
  
• Salve-a no mesmo local em que se encontra a FRST
  
  start
  CloseProcesses:
  Winlogon\Notify\igfxcui: igfxdev.dll [X]
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  HKU\S-1-5-21-4163718600-10374180-3483674898-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-21-4163718600-10374180-3483674898-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
  CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
  2015-03-15 20:03 - 2015-03-15 20:03 - 00000000 ____D () C:\Users\Public\Documents\Baidu
  Task: {31D10F70-B62E-4901-9DBB-61E3248CF742} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
  Task: {8CC93752-AD67-4F05-820D-B251D30004AB} - \Microsoft\Windows\Windows Defender\Windows Defender Verification No Task File <==== ATTENTION
  Task: {926DCDE9-06CA-4257-AD85-693BEBFF5801} - \Microsoft\Windows\Windows Defender\Windows Defender Cleanup No Task File <==== ATTENTION
  Task: {BF935B5C-4313-4188-9798-38BD1AEFC5F2} - \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan No Task File <==== ATTENTION
  Task: {EFC7467D-CF17-439D-9356-284F39A670DD} - \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance No Task File <==== ATTENTION
  
  EmptyTemp:
  CreateRestorePoint:
  end
  
• Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
  
• Poste o relatório! (Fixlog.txt)
  

Um grande abraço.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Obrigado.

Boa noite tonelli, como está o PC ?

Está notavelmente melhor,

Obrigado.

Boa noite tonelli, ainda há algum problema com o PC ? Caso não, siga os passos abaixo para encerrar o tópico.

Agora vamos remover as ferramentas utilizadas na desinfecção.

• Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...par Xplode)
  
• Salve-a na sua área de trabalho.
  
• Dê dois cliques no delfix.exe para executá-lo.
  
• Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo delfix.exe,depois clique em: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
  
  
• Marque as caixinhas, de acordo com a imagem.
  
• Clique no botão Executar.
  
• Reinicie o computador!
  
• Tudo OK ?
  

Um grande abraço.  

Tudo certo caedurodrigues,

Agradeço muito sua ajuda, obrigado.

Forte abraço!

Fico feliz que seu problema tenha sido resolvido.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > << Link!

> Leia as várias dicas que estão contidas na Cartilha de Segurança e fique livre de infecções!

CASO RESOLVIDO

> Necessitando nova verificação,para este computador,basta abrir "Novo Tópico" e relatar o problema.