Pc Infectado Pelo Rundir

To com um not de um cliente e me foi pedido a retirada do 123Rede das Paginas do google do IE e do Chrome, Foi feito a retiradda com ZOEK. Mas a partir desse dia o AVG (Que Foi instalado depois da retirada do avast) Tem Verificado a presença de um cavalo de troia na pasta.

Olá.

acesse o log (relatório) do Zoek que está em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by PR on 12/06/2015 at 20:53:45,00.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: E:\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-05-31-202228.log 2084 bytes

==== Empty Folders Check ======================

C:\Program Files\VS Revo Group deleted successfully
C:\Users\PR\AppData\Roaming\PhotoScape deleted successfully
C:\Users\PR\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\PR\AppData\Local\macasoft deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gedylipi]

==== Deleting Files \ Folders ======================

C:\Users\PR\AppData\Roaming\5EC97FE0-1427725083-11DE-AA0F-00248CDC6628 not found

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\PR\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2015-06-12 16:50:48 D7324EB1EDCB8990F8522DE0311359E9 867240 ----a-w- C:\Windows\System32\npDeployJava1.dll
2015-06-12 16:50:48 2A7915FBC3601CDF5F4C2F6528A501FB 789416 ----a-w- C:\Windows\System32\deployJava1.dll
2015-06-11 02:00:30 A3F7329F6D8EA371316F019EF19F2551 879104 ----a-w- C:\Windows\System32\appraiser.dll
2015-06-11 02:00:30 9BA4FB5EA245A26D5FC1E061DAF29647 571392 ----a-w- C:\Windows\System32\generaltel.dll
2015-06-11 02:00:30 047146E831EA517A1B65AD6646FF4909 163840 ----a-w- C:\Windows\System32\aepic.dll
2015-06-11 02:00:29 E14C37DFCEDAD75474570C1E650D2EBC 901120 ----a-w- C:\Windows\System32\aeinv.dll
2015-06-11 02:00:29 94706C6DD2660039B4D193512C2CE8C2 333824 ----a-w- C:\Windows\System32\devinv.dll
2015-06-11 02:00:29 8F24AB8081EBA455A5FDF5990CC318C0 202752 ----a-w- C:\Windows\System32\aepdu.dll
2015-06-11 02:00:29 4C889CD7AB77ABAAF86AA0956EFDC840 37888 ----a-w- C:\Windows\System32\acmigration.dll
2015-06-11 02:00:29 05335321524A70C5520CBFAEE13B702E 621568 ----a-w- C:\Windows\System32\invagent.dll
2015-06-11 02:00:26 BCD4C37A7043E75131111EA447210DE7 2384384 ----a-w- C:\Windows\System32\win32k.sys
2015-06-11 02:00:20 FA628D79E5FD267039A2F7637BA10754 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-11 02:00:20 C842601A18BA4D9058E7C0EFA5683513 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-11 02:00:20 ABE3B4B605499D726C27ACB6F756BC11 685568 ----a-w- C:\Windows\System32\ie4uinit.exe
2015-06-11 02:00:20 8C3A03295F56D1FFB51D9D05DA42B12D 47616 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-11 02:00:20 81C1182A9EE7AC4D21187811DE66A7D0 30720 ----a-w- C:\Windows\System32\iernonce.dll
2015-06-11 02:00:20 185490A6C3BEDAC5EF547314F68AB07B 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-11 02:00:19 E21AE910DF0C5CB7D46D8FA17A4567DE 115712 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-11 02:00:19 C93AE4D14AEF5169791B35D97AE7C9FC 47104 ----a-w- C:\Windows\System32\jsproxy.dll
2015-06-11 02:00:19 B6D8148C1C697A7BF04EE0FE82408B6A 710144 ----a-w- C:\Windows\System32\ieapfltr.dll
2015-06-11 02:00:19 AD2726E4A53EC118D88CCA40260E1AE0 342728 ----a-w- C:\Windows\System32\iedkcs32.dll
2015-06-11 02:00:19 96837E5864777688477AF6DE2332C06D 503808 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-11 02:00:19 7DBCBB1647B7CD71E2039C1B50A12717 620032 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-11 02:00:19 53E9614ADFA6A40A452BA014CEF6F261 1309696 ----a-w- C:\Windows\System32\urlmon.dll
2015-06-11 02:00:19 2DED8A99E45053C42DD21D6937D3960C 689152 ----a-w- C:\Windows\System32\msfeeds.dll
2015-06-11 02:00:19 17B0852D8202A872C3E6D01B518B6A4E 418304 ----a-w- C:\Windows\System32\dxtmsft.dll
2015-06-11 02:00:18 8C8B8C78C0CCD5D36ABCB115B0B581E1 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-06-11 02:00:17 FB5C9234E4BF6BDAF4A954763A4582BA 168960 ----a-w- C:\Windows\System32\msrating.dll
2015-06-11 02:00:17 5C06EE62F06E990E9521EA80B8D4D4B8 62464 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-11 02:00:17 4ABEEF30EA5B9F4718312DCB60B6C9BC 2052608 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-11 02:00:16 E4EB138060BAE0DBAB1A3B71A3141FE7 1950720 ----a-w- C:\Windows\System32\wininet.dll
2015-06-11 02:00:16 C27C8CACEBC712BE2AD791715E9734EC 664064 ----a-w- C:\Windows\System32\jscript.dll
2015-06-11 02:00:16 AD392013A39DE951627EE402002E800C 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-11 02:00:15 F26680AF396F89F7ABFDA1D1D6B62011 285696 ----a-w- C:\Windows\System32\dxtrans.dll
2015-06-11 02:00:15 1A628C1F5470F0AF21E37E425026F27A 478208 ----a-w- C:\Windows\System32\ieui.dll
2015-06-11 02:00:14 DB254D50B4527C2821C537E0587B44E8 12829696 ----a-w- C:\Windows\System32\ieframe.dll
2015-06-11 02:00:13 EF853EA2A6A7BD891CCF31B0C2915352 341504 ----a-w- C:\Windows\System32\html.iec
2015-06-11 02:00:13 6B7210618D7E2CE0404ECF748701253A 76288 ----a-w- C:\Windows\System32\mshtmled.dll
2015-06-11 02:00:12 9F6066005D8B8620598085C7499E9B70 64000 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-11 02:00:12 85E21CCF38166E0D6DE2E42D9D3823BD 1155072 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-11 02:00:11 975421AC32F9F6E27A58F75DAB4B5871 19607040 ----a-w- C:\Windows\System32\mshtml.dll
2015-06-11 02:00:11 3FD7E6DB5D81FE400DB4D81D278596E6 4305920 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-11 02:00:10 927E38A35E4DFC4E294BD130BAA6F759 2278912 ----a-w- C:\Windows\System32\iertutil.dll
2015-06-11 01:58:25 7AB2DE012C88870C9274E966EC88AB61 853504 ----a-w- C:\Windows\System32\diagtrack.dll
2015-06-11 01:58:24 2CA16814DA3C5B2D8C7E70DC47A45ED1 551424 ----a-w- C:\Windows\System32\kerberos.dll
2015-06-11 01:58:23 CA2628766DC1DFAF7D993C1E33391478 262656 ----a-w- C:\Windows\System32\rstrui.exe
2015-06-11 01:58:23 BBABC6702529CFADAC0EC2B28168A288 248832 ----a-w- C:\Windows\System32\schannel.dll
2015-06-11 01:58:23 9E68E1BDEBD85FC8803707370BE0FC6E 641536 ----a-w- C:\Windows\System32\advapi32.dll
2015-06-11 01:58:23 8DF4BACE3A14DA53F787631839C9A400 1061376 ----a-w- C:\Windows\System32\lsasrv.dll
2015-06-11 01:58:23 7EBEA2FD2CA9200B18BC8252AF018797 1307648 ----a-w- C:\Windows\System32\ntdll.dll
2015-06-11 01:58:23 6D4B495554B49F5221A946F4DA3A6A74 400896 ----a-w- C:\Windows\System32\srcore.dll
2015-06-11 01:58:23 641A14E6AC492ED45BC68815E2E2F566 3989440 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-06-11 01:58:23 583FFF12D2F0D6E1A8746462C433895F 3934144 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-06-11 01:58:23 3C1BE79C3CE6EB378108B11D94CA1072 364544 ----a-w- C:\Windows\System32\tracerpt.exe
2015-06-11 01:58:22 FCA6EFFEE6D7D42E794F0E538297026C 43008 ----a-w- C:\Windows\System32\srclient.dll
2015-06-11 01:58:22 FB224B0A63B8F58E91FE8A314AD295AD 17408 ----a-w- C:\Windows\System32\diskperf.exe
2015-06-11 01:58:22 F85FA29340A536C8E0A16151B9B03923 50176 ----a-w- C:\Windows\System32\auditpol.exe
2015-06-11 01:58:22 EA141596564AE0C670EDD0F2636EC29C 259584 ----a-w- C:\Windows\System32\msv1_0.dll
2015-06-11 01:58:22 D2967F6D4205A227AAA7D094C12F7141 22528 ----a-w- C:\Windows\System32\lsass.exe
2015-06-11 01:58:22 C5C99A03FD48D39B6D36D46682A93B7D 38912 ----a-w- C:\Windows\System32\csrsrv.dll
2015-06-11 01:58:22 ABD1DC994FD40C5F74F7DFDCEEB64599 69632 ----a-w- C:\Windows\System32\smss.exe
2015-06-11 01:58:22 A9E8F961F7FE1EDEEF8F46EEB800F2D8 172032 ----a-w- C:\Windows\System32\wdigest.dll
2015-06-11 01:58:22 9A50B2567918BF7DDD600ECE5DB5ED76 221184 ----a-w- C:\Windows\System32\ncrypt.dll
2015-06-11 01:58:22 911B76808EB28284B7395E62C8645319 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-06-11 01:58:22 87BCBD110BB804C8AB3632CEB3B8DA32 15872 ----a-w- C:\Windows\System32\sspisrv.dll
2015-06-11 01:58:22 7E7933E63BBE2BE71CC908EF140458EF 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-06-11 01:58:22 7A9F94E0F53C8F6E09405351AC104A3C 17408 ----a-w- C:\Windows\System32\credssp.dll
2015-06-11 01:58:22 769E395FF48802E1276FB615466E38C9 100352 ----a-w- C:\Windows\System32\sspicli.dll
2015-06-11 01:58:22 65A5E27C2217D606E212B6088CCD6104 92160 ----a-w- C:\Windows\System32\sechost.dll
2015-06-11 01:58:22 629AD3FDA168D82D459164044A29F9BB 40448 ----a-w- C:\Windows\System32\typeperf.exe
2015-06-11 01:58:22 619D5101114C71E1A4A585C5E68301B7 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-06-11 01:58:22 5643A88C6DA8AAEC9CE2845431942650 65536 ----a-w- C:\Windows\System32\TSpkg.dll
2015-06-11 01:58:22 52C869A640B8169D7C8460FB1646ABF5 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2015-06-11 01:58:22 4238391DE3E3FDCD2C731C1E4E0F402C 635392 ----a-w- C:\Windows\System32\tdh.dll
2015-06-11 01:58:22 3E6731BF36A7D6C62D09671B427B6B67 37888 ----a-w- C:\Windows\System32\relog.exe
2015-06-11 01:58:22 3B5DA649BF7B7D07510C06DE0AEEB4EB 82944 ----a-w- C:\Windows\System32\logman.exe
2015-06-11 01:58:22 2E65BF3D85BB2C831669FBCBDE6C9879 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-06-11 01:58:22 2D23A10FBFA09DC1B61799128BBA91A2 22016 ----a-w- C:\Windows\System32\secur32.dll
2015-06-11 01:58:15 A98E8F79C738CAF23C152DBCABD978FE 11411456 ----a-w- C:\Windows\System32\wmp.dll
2015-06-11 01:58:14 DA27A4EA7B7C77FAFDB3F94D83E310C1 12625408 ----a-w- C:\Windows\System32\wmploc.DLL
2015-06-11 01:58:14 605E9B2CFA3445ED7716D0B345EE21EC 8192 ----a-w- C:\Windows\System32\spwmp.dll
2015-06-11 01:58:14 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\Windows\System32\msdxm.ocx
2015-06-11 01:58:14 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\Windows\System32\dxmasf.dll
2015-06-11 01:58:12 A83DD77AC941A8B1B2652035EA589149 169984 ----a-w- C:\Windows\System32\winsrv.dll
2015-06-11 01:58:12 957655757F43858692289B96F73716D8 868352 ----a-w- C:\Windows\System32\kernel32.dll
2015-06-11 01:58:12 87A703DECCDC1BFCAC67E1D4686F67B6 293376 ----a-w- C:\Windows\System32\KernelBase.dll
2015-06-11 01:58:12 015E337ABA03750D890A035819688FE1 271360 ----a-w- C:\Windows\System32\conhost.exe
2015-06-11 01:58:10 58788565442368B0615DDAF1D452B843 530432 ----a-w- C:\Windows\System32\comctl32.dll
2015-06-01 18:47:53 8A4CEBF34370D689E198E6673C1F2C40 74072 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2015-06-01 18:47:52 8E0BB968FF41D80E5F2C747C04DB79AE 248672 ----a-w- C:\Windows\System32\d3dx11_43.dll
2015-06-01 18:47:52 81DFDDFB401D663BA7E6AD1C80364216 527192 ----a-w- C:\Windows\System32\XAudio2_7.dll
2015-06-01 18:47:52 1C9B45E87528B8BB8CFA884EA0099A85 2106216 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2015-06-01 18:46:17 501AC862517C5445742BEE8A2B88414E 453456 ----a-w- C:\Windows\System32\d3dx10_42.dll
2015-06-01 18:44:39 26AF232140C88B42D92A88F2198EDF6A 3426072 ----a-w- C:\Windows\System32\d3dx9_32.dll
====== C:\Windows\system32\drivers =====
2015-06-12 16:53:13 04B309A1A653177994630C2773E659F1 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-12 16:52:57 3C21F7E95FFCA33EF1A83AA33D9663CF 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-06-12 16:52:57 167BCE00050B19DA25065335645A3C7A 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-06-12 16:52:57 155BF99B2B87E0C298CAC3B4B8136D83 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-11 02:00:25 575DF237408CA735631F7A0DC423D873 54656 ----a-w- C:\Windows\System32\drivers\stream.sys
2015-06-11 01:58:22 3C9D9DFCF517103677D7B6255C727B48 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-06-11 01:58:22 0DFC56491C8B56A35AD52EAF770752FE 137664 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-06-01 18:52:51 2262614848962DDB38FFB7C883E6FB55 49856 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2015-05-14 16:49:12 73071EDF26739B6A364A4FA2C1744500 29664 ----a-w- C:\Windows\System32\drivers\avgidsshimx.sys
====== C:\Windows\Tasks ======
2015-06-12 21:10:19 189C9578A38E64DD2510BE14507AC380 2962 ----a-w- C:\Windows\system32\Tasks\{30EEA7F4-A438-466E-90CC-B82F696D668D}
2015-06-12 21:09:18 189C9578A38E64DD2510BE14507AC380 2962 ----a-w- C:\Windows\system32\Tasks\{2A1683F2-DB4E-40A4-B684-DD1EBE1F0CCF}
2015-06-03 22:09:58 2D2D5809E604159C47CE4272DC3E0F29 3100 ----a-w- C:\Windows\system32\Tasks\{8F690CD9-A19E-4402-BDCF-CF529860A253}
2015-06-03 22:08:53 2D2D5809E604159C47CE4272DC3E0F29 3100 ----a-w- C:\Windows\system32\Tasks\{239E5257-C5E4-406F-B28C-4EE0904FF40A}
2015-06-01 18:39:20 8539728C2ADE1FCA6C444A81F79276B1 3106 ----a-w- C:\Windows\system32\Tasks\{EAF2134E-81A0-405E-AC6D-D76C31305FD0}
2015-05-31 19:19:57 C8E7DF0CDB17309B2F7BD4B1605504AE 3968 ----a-w- C:\Windows\system32\Tasks\Software Removal Tool logs upload retry
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-06-12 16:50:24 -------- d-----w- C:\Program Files\Common Files\Java
2015-06-08 12:57:02 -------- d-----w- C:\Program Files\Common Files\Steganos
2015-06-04 23:04:56 -------- d-----w- C:\Program Files\PhotoScape
2015-06-01 18:49:53 -------- d-----w- C:\Program Files\Windows Live
2015-06-01 18:43:25 -------- d-----w- C:\Program Files\Microsoft OneDrive
2015-06-01 18:37:58 -------- d-----w- C:\Program Files\Common Files\Windows Live
2015-06-01 16:23:07 -------- d--h--w- C:\Program Files\GAS Tecnologia
2015-06-01 16:23:07 -------- d-----w- C:\Program Files\Diebold
2015-05-31 20:22:18 -------- d-----w- C:\Program Files\AVG
======= C: =====
2015-05-20 21:46:22 E1E86E523FC84CC0C3660B1F60BD3C30 1822 ----a-w- C:\Google Chrome.lnk
====== C:\Users\PR\AppData\Roaming ======
2015-06-12 23:38:33 -------- d-----w- C:\Users\PR\AppData\Roaming\RunDir
2015-06-08 12:59:40 -------- d-----w- C:\Users\PR\AppData\Roaming\Steganos Updates
2015-06-08 12:57:05 -------- d-----w- C:\Users\PR\AppData\Roaming\Steganos VPN
2015-06-08 12:57:04 -------- d-----w- C:\Users\PR\AppData\Roaming\Steganos
2015-06-06 12:20:34 -------- d-----w- C:\Users\PR\AppData\Local\GWX
2015-06-03 21:49:43 -------- d-----w- C:\Users\PR\AppData\Local\Chromium
2015-06-01 19:24:25 -------- d-----w- C:\Users\PR\AppData\Local\Windows Live Writer
2015-06-01 18:41:15 -------- d-----w- C:\Users\PR\AppData\Local\Windows Live
2015-05-31 20:26:17 -------- d-----w- C:\Users\PR\AppData\Roaming\AVG2015
2015-05-31 20:25:03 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2015
2015-05-31 20:24:37 -------- d-----w- C:\Users\PR\AppData\Roaming\TuneUp Software
2015-05-31 20:22:20 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2015
2015-05-31 20:05:39 -------- d-----w- C:\Users\PR\AppData\Local\Avg2015
====== C:\Users\PR ======
2015-06-12 16:50:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-04 23:05:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2015-06-01 18:58:41 -------- d-----w- C:\Users\PR\Tracing
2015-06-01 18:52:40 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-06-01 18:43:21 -------- d-----r- C:\Users\PR\OneDrive
2015-06-01 18:43:09 -------- d-----w- C:\Users\TODOSO~1\Microsoft OneDrive
2015-06-01 18:43:09 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2015-05-31 20:24:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-31 20:23:22 -------- d-----w- C:\Users\TODOSO~1\AVG2015
2015-05-31 20:23:22 -------- d-----w- C:\ProgramData\AVG2015
2015-05-31 20:05:39 -------- d--h--w- C:\Users\TODOSO~1\Common Files
2015-05-31 20:05:39 -------- d--h--w- C:\ProgramData\Common Files
2015-05-31 19:46:42 -------- d-----w- C:\Users\Public\Documents\PC Faster
2015-05-20 21:43:41 -------- d-----w- C:\Users\TODOSO~1\Tliifbler
2015-05-20 21:43:41 -------- d-----w- C:\ProgramData\Tliifbler

====== C: exe-files ==
2015-06-12 23:38:33 9670A9B44C01F0F4F1F98D5AEB535EDF 195440 ----a-w- C:\Users\PR\AppData\Roaming\RunDir\temp\autoupdate.exe
2015-06-12 17:06:47 0A78280C06D969117206C16FA37CE442 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2418499362-4291286301-2304700633-1000\$IJA2M8D.exe
2015-06-12 16:50:01 EED888394AC81A663F12C6EC43AB2838 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\javaw.exe
2015-06-12 16:50:01 EED888394AC81A663F12C6EC43AB2838 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe
2015-06-12 16:50:01 4586CD8F1C929EF184098A22FE31A857 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\javaws.exe
2015-06-12 16:50:01 4586CD8F1C929EF184098A22FE31A857 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe
2015-06-12 16:50:01 1E2E159D0621A466CFA7CE06E4DA9CAE 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\java.exe
2015-06-12 16:50:01 1E2E159D0621A466CFA7CE06E4DA9CAE 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe
2015-06-12 16:49:57 FF589C55E0CB6A0A1BD9570217BB1A42 15968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\tnameserv.exe
2015-06-12 16:49:57 FD8978875A992C876AF430B35DF9CFA7 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\pack200.exe
2015-06-12 16:49:57 F16868F20E4701142FAEF8C9FA847D27 30304 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\jabswitch.exe
2015-06-12 16:49:57 EF66D96BC42BCE52686A7635AB11D8DD 68192 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe
2015-06-12 16:49:57 EED888394AC81A663F12C6EC43AB2838 191072 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\javaw.exe
2015-06-12 16:49:57 D3DA34876B7F6D06D26D29CA77BD25A2 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\ktab.exe
2015-06-12 16:49:57 CF683290B3369A1491A5B8B4D19F79B3 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\jjs.exe
2015-06-12 16:49:57 C57CA849D13177E1F43CFEF51374F1EE 159328 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\unpack200.exe
2015-06-12 16:49:57 B66ED84383EA6C6218CA47BC49C15615 50784 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\ssvagent.exe
2015-06-12 16:49:57 A1A1BC927541346D840BBB511F557848 15968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\policytool.exe
2015-06-12 16:49:57 98903A3C01AA820E7FCC19A0A60126C0 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\klist.exe
2015-06-12 16:49:57 88FFC43B0E3BB3E30F70CB7B08D499B4 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\java-rmi.exe
2015-06-12 16:49:57 5DF39BE82C777B7EDAD34E3A7A7EADB7 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\rmid.exe
2015-06-12 16:49:57 4EA6A4DD2EB584C4C2BF39A9A7D0D580 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\keytool.exe
2015-06-12 16:49:57 4586CD8F1C929EF184098A22FE31A857 271968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\javaws.exe
2015-06-12 16:49:57 3C0A1F0D13A8998E9A1825A853FF3B39 15456 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\kinit.exe
2015-06-12 16:49:57 2682BB5D60C30DCB5A2BC414D01D6764 15968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\rmiregistry.exe
2015-06-12 16:49:57 1F29E31C6B9A487FF32006C4E223BA4F 15968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\orbd.exe
2015-06-12 16:49:57 1E2E159D0621A466CFA7CE06E4DA9CAE 190560 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\java.exe
2015-06-12 16:49:57 1CCD26E1E9FC582ABAA5D5FD1FA47A6B 76384 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\jp2launcher.exe
2015-06-12 16:49:57 134D4B0A753808F8F8645DCF3FA00173 15968 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\servertool.exe
2015-06-11 20:42:01 8D0FBE94B0DFDF12AB8CA0FDFAB6E474 2779584 ----a-w- C:\Windows\Temp\AVG-Secure-Search-Update_0615av_clean.exe
2015-06-11 20:40:44 323DC3CBD517732F58EB569FA22B7A91 7156768 ----a-w- C:\Program Files\AVG\AVG2015\Notification\Launcher.exe
2015-06-11 02:00:20 FA628D79E5FD267039A2F7637BA10754 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-11 02:00:20 C842601A18BA4D9058E7C0EFA5683513 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-11 02:00:20 ABE3B4B605499D726C27ACB6F756BC11 685568 ----a-w- C:\Windows\System32\ie4uinit.exe
2015-06-11 02:00:19 E21AE910DF0C5CB7D46D8FA17A4567DE 115712 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-11 02:00:19 2B3CF8F7903266E2AA5C9D9850FAA8F6 221184 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2015-06-11 02:00:17 F2831268EC600225F611DC02166EACF0 815304 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2015-06-11 02:00:17 29874C10D7D0088CD8743EC8F5DABBE4 473600 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2015-06-11 01:58:23 CA2628766DC1DFAF7D993C1E33391478 262656 ----a-w- C:\Windows\System32\rstrui.exe
2015-06-11 01:58:23 641A14E6AC492ED45BC68815E2E2F566 3989440 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-06-11 01:58:23 583FFF12D2F0D6E1A8746462C433895F 3934144 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-06-11 01:58:23 3C1BE79C3CE6EB378108B11D94CA1072 364544 ----a-w- C:\Windows\System32\tracerpt.exe
2015-06-11 01:58:22 FB224B0A63B8F58E91FE8A314AD295AD 17408 ----a-w- C:\Windows\System32\diskperf.exe
2015-06-11 01:58:22 F85FA29340A536C8E0A16151B9B03923 50176 ----a-w- C:\Windows\System32\auditpol.exe
2015-06-11 01:58:22 D2967F6D4205A227AAA7D094C12F7141 22528 ----a-w- C:\Windows\System32\lsass.exe
2015-06-11 01:58:22 ABD1DC994FD40C5F74F7DFDCEEB64599 69632 ----a-w- C:\Windows\System32\smss.exe
2015-06-11 01:58:22 629AD3FDA168D82D459164044A29F9BB 40448 ----a-w- C:\Windows\System32\typeperf.exe
2015-06-11 01:58:22 3E6731BF36A7D6C62D09671B427B6B67 37888 ----a-w- C:\Windows\System32\relog.exe
2015-06-11 01:58:22 3B5DA649BF7B7D07510C06DE0AEEB4EB 82944 ----a-w- C:\Windows\System32\logman.exe
2015-06-11 01:58:14 6F139F39295000E6301C0D08F7493CC6 101888 ----a-w- C:\Program Files\Windows Media Player\wmpconfig.exe
2015-06-11 01:58:14 5F7B628B5F10531E8DE3E711ED73AAD7 164864 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2015-06-11 01:58:14 3505E5A7664FD84AC8AE51FE3B545AE1 102400 ----a-w- C:\Program Files\Windows Media Player\wmpshare.exe
2015-06-11 01:58:12 015E337ABA03750D890A035819688FE1 271360 ----a-w- C:\Windows\System32\conhost.exe
2015-06-08 16:45:20 D17E193E01274D677A5DAD9A89F50252 13890640 ----a-w- C:\Program Files\Google\Update\Install\{94DB8956-BF92-44DA-9F1D-80F0792FBA93}\43.0.2357.81_41.0.2272.101_chrome_updater.exe
2015-06-08 16:45:20 D17E193E01274D677A5DAD9A89F50252 13890640 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.81\43.0.2357.81_41.0.2272.101_chrome_updater.exe
2015-06-08 13:41:55 8939E7E08BA086FF3ADC54579B5CB8BF 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2418499362-4291286301-2304700633-1000\$IFZXXF2.exe
2015-06-08 13:41:40 C77D21AE7F62B123196563BB800566B2 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2418499362-4291286301-2304700633-1000\$I5EO21J.exe
2015-06-08 12:59:41 23049F0E0718045A465D0F7ED1E8EC54 21384664 ----a-w- C:\Users\PR\AppData\Roaming\Steganos Updates\okayfreedom.exe
=== C: other files ==
2015-06-12 16:53:13 04B309A1A653177994630C2773E659F1 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-12 16:52:57 3C21F7E95FFCA33EF1A83AA33D9663CF 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-06-12 16:52:57 167BCE00050B19DA25065335645A3C7A 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-06-12 16:52:57 155BF99B2B87E0C298CAC3B4B8136D83 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-12 16:49:57 5DDC15149346900F16B38C65502BACA9 14130 ----a-w- C:\Program Files\Java\jre1.8.0_45\lib\deploy\ffjcext.zip
2015-06-11 02:00:26 BCD4C37A7043E75131111EA447210DE7 2384384 ----a-w- C:\Windows\System32\win32k.sys
2015-06-11 02:00:25 575DF237408CA735631F7A0DC423D873 54656 ----a-w- C:\Windows\System32\drivers\stream.sys
2015-06-11 01:58:22 3C9D9DFCF517103677D7B6255C727B48 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-06-11 01:58:22 0DFC56491C8B56A35AD52EAF770752FE 137664 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-06-09 02:03:29 44661BD97327AF96744144F661BE3543 108577 ----a-w- C:\Users\PR\Downloads\Outlook.com (5).zip
2015-06-09 02:01:16 7AE9179924D04D24E853780BF706AB50 108577 ----a-w- C:\Users\PR\Downloads\Outlook.com (4).zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AviraSpeedup"="C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe -autorun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"
"OKAYFREEDOM_Update"="C:\Program Files\OkayFreedom\Updater.exe --resume --verbosity silent"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"AviraSpeedup"="C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe -autorun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"AVG_UI"="C:\Program Files\AVG\AVG2015\avgui.exe /TRAYONLY"
"Diebold - Warsaw"="C:\Program Files\Diebold\Warsaw\core.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"
"OKAYFREEDOM_Update"="C:\Program Files\OkayFreedom\Updater.exe --resume --verbosity silent"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Baidu PC Faster 4.0.0.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Baidu PC Faster 4.0.0.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\PC Faster\\5.1.0.0\\PCFTray.exe\" -auto -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Baidu PC Faster 5.1.0.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Baidu PC Faster 5.1.0.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\PC Faster\\5.1.0.0\\PCFTray.exe\" -auto -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Diebold - Warsaw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Diebold - Warsaw"
"hkey"="HKLM"
"command"="C:\\Program Files\\Diebold\\Warsaw\\core.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoobzoYouTubeAccelerator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoobzoYouTubeAccelerator"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\YouTube Accelerator\\YouTubeAccelerator.exe\" /startup"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/02/2015 17:02]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [15/03/2015 20:57]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [15/03/2015 20:57]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\060184C3-9766-46a0-B258-F4518A0B2633" [C:\Windows\system32\CScript.exe]
"C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Installer_sense" [C:\Users\PR\AppData\Local\Installer\Installsense_19364\DCytaiesmt_smtyc_setup.exe]
"C:\Windows\system32\tasks\Software Removal Tool logs upload retry" [E:\software_removal_tool.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{16D17F1B-16A0-4505-A80E-12D797DC4B81}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\system32\tasks\{239E5257-C5E4-406F-B28C-4EE0904FF40A}" ["c:\program files\google\chrome\application\chrome.exe"]
"C:\Windows\system32\tasks\{2A1683F2-DB4E-40A4-B684-DD1EBE1F0CCF}" [C:\Program Files\Microsoft Office\Office14\WINWORD.EXE]
"C:\Windows\system32\tasks\{30EEA7F4-A438-466E-90CC-B82F696D668D}" [C:\Program Files\Microsoft Office\Office14\WINWORD.EXE]
"C:\Windows\system32\tasks\{8F690CD9-A19E-4402-BDCF-CF529860A253}" ["c:\program files\google\chrome\application\chrome.exe"]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

ProfilePath: C:\Users\PR\AppData\Roaming\Mozilla\Firefox\Profiles\FSeKXfT2.default
- Avira Browser Safety - %ProfilePath%\extensions\abs@avira.com

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 41.0.2272.101

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Google Slides - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
VideoDownloadConverter - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobljdomjnoffhafnemcapdkbdnllpki
Google Sheets - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\PR\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.google.com.br/",
"startup_urls": [ "https://www.google.com.br/" ]


==== shortcuts on Users Desktops ======================

C:\Users\PR\Desktop\CorelDRW - Atalho.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exe
C:\Users\PR\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PR\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\PR\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\PR\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\PR\Desktop\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AVG 2015.lnk - C:\Program Files\AVG\AVG2015\avgui.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Manual do usuário L800.lnk -
C:\Users\Public\Desktop\Manual Epson Stylus TX133_TX135.lnk - C:\Program Files\epson\guide\tx133_p\index.html
C:\Users\Public\Desktop\Megacubo.lnk - C:\Program Files\Megacubo\megacubo.exe
C:\Users\Public\Desktop\MyEpson Portal.lnk - C:\Program Files\epson\MyEpson Portal\mep.exe /S
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\PR\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk - C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2015.lnk - C:\Program Files\AVG\AVG2015\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\EPSON Scan\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\EPSON TX133 TX135 Series\Atualização do driver.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\EPSON TX133 TX135 Series\Desinstalar software da impressora EPSON.lnk - C:\Windows\System32\spool\drivers\w32x86\3\E_FINSHJB.EXE /R /APD /P:"EPSON TX133 TX135 Series"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\EPSON TX133 TX135 Series\Suporte técnico.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\Manual Epson Stylus TX133_TX135\Desinstalador.lnk - C:\Program Files\epson\guide\tx133_p\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\Manual Epson Stylus TX133_TX135\Manual Epson Stylus TX133_TX135.lnk - C:\Program Files\epson\guide\tx133_p\index.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Easy Photo Print.lnk - C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Read Me\Easy Photo Print.lnk - C:\Program Files\Epson Software\Easy Photo Print\DspReadMe.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Megacubo\Megacubo.lnk - C:\Program Files\Megacubo\megacubo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Megacubo\Sleepr.lnk - C:\Program Files\Megacubo\megacubo.exe -load:sleepr
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk - C:\Program Files\PhotoScape\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk - C:\Windows\Installer\{C74DCAC0-DDB3-4135-A70C-0553BF9490BC}\fssicon.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk - C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Megacubo.lnk - C:\Program Files\Megacubo\megacubo.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4012f698d73a1d52\BoBrowser.lnk - C:\Program Files\speed browser\Application\browser.exe --c=5008
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\PR\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\PR\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PR\AppData\Local\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 12/06/2015 at 21:01:55,19 ======================

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
autoclean;
emptyalltemp;
iedefaults;
resetieproxy;
resethosts;
shortcutfix;
ffdefaults;
firefoxlook;
reset chrome;
chrdefaults;
chromelook;
emptyfolderscheck;delete

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by PR on 13/06/2015 at 16:07:21,81.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PR\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-05-31-202228.log 2084 bytes
C:\zoek-results2015-06-13-000155.log 43761 bytes

==== System Restore Info ======================

13/06/2015 16:09:37 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\VS Revo Group deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{106736F-884E-4741-8B9-B1B369BE6B6C} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11EB57EA-77F6-4ED9-984-FE730DDD34B} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{128DABFA-B7F5-47EA-ADC9-3C7BC7FDAAA} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15E6DB6B-D385-485B-8C0-E12912DB8E6} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18DDFB51-6FEE-410F-8C81-0CA830F82E} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19033996-D717-4104-9BD4-7F44AD1B54A} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19198AD7-8FA2-4036-B575-BE7E883D29F} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19597698-9A65-49F1-89D-D6D533C6223} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{196BC750-76D-41F6-A2C4-8FB55EA99F81} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A012BDB-53BC-411D-934B-A38FB430BE5C} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B693AE8-E55B-40A2-A35A-81AB6F986D1} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BF2D9F7-AA2A-41D7-B24A-D06545B8A5E0} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219ED57F-2804-439A-AB60-5F1B227FBF3} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2269B408-F2D5-487F-BEDE-CED02560CA64} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{233930C-E3D5-403A-95F3-19D0552A1DD0} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24BAF30A-9C6A-4CAB-B179-F42C8AE3EEAA} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{259E50CA-804D-4B5D-ADC6-1F1C7F9A354} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25AD3968-C78E-4D12-9AFC-44B394E8E5D8} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28FFEB00-34AF-4421-B62E-CD98EF3BBB7} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29E2D5D5-9923-4019-8ED0-F2ECF01461CE} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D0310A-644-4992-9629-938D9C322C71} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D2F64E2-41A2-43FA-9E9B-593435399644} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2DCEE863-E204-4725-B05-8AC87D7A606C} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{306C0AC3-D744-4C25-A0C5-3E18E9F45712} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31F5065E-B1EA-4BF2-8CFD-E4F7A32D9BFC} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3292E97C-53CF-46E7-B5B0-6B5EE76D38A} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37A6C415-DF43-4680-AE9B-BC6CE1B7FA} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CCB1DF2-4838-4AFE-A15A-CDB024F1078} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E5F755-E91-42F4-A59-659E7A04799} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AC0B3C2-310A-4F45-B62-BB924066B2E2} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9B68E2-E509-4A31-8187-3FD11E89452A} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4BDB9F69-B4CD-4AB6-85F4-3C99B65755B} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C076348-A71-4564-AF7D-FEB3BFB63C44} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60B12B97-23F8-4F0D-B972-B65E9B7B4D5F} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6209A56E-AAAB-4399-AE31-28111ADE929F} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68DC395B-4B10-4308-A17F-B5A0F33425D} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6975D417-16F7-4001-8435-50D6A3C2CE29} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AEF6303-11C1-48A2-B516-546CB525514} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BBBDF9B-1861-48D0-B4B1-3C66EBC8735A} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CF552E7-1E79-4A84-8FE5-3EAD3FA2F3D} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E71EB1C-4FD2-4ECF-A8A5-64BB317F877} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72587D28-A6C-4BCF-81A2-9CB1DFE6840} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72D82A7F-DF30-4B0C-A0C-A24F6E6616F} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7786D0DC-C328-49C3-841D-53C0DF5CC57A} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A70F705-2A07-4DE3-88E6-6BDF5B7DE565} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C106BD8-8FB7-4B37-A16-76A2642CCA7A} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C81F951-8FF6-4AD2-9C9E-5C12F2C172CB} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CFDA85A-71AB-4EA7-AFCC-AE20D1B1EBE} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DDF0144-DB99-450C-8C71-51F824F8189D} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85D96DB1-B781-449E-A3EE-1C65E77E16} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{876ACF04-E360-4BAF-8C98-A782B3F81358} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88F3624C-8DBC-4BB3-9C9D-AC8182BB36A9} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C339AE0-245-4491-BE5D-A873FA8E4A5} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DC99779-F40E-48AA-B0CE-7E66AC1AA2F4} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{919D1F36-4F40-4C61-8C60-4B88E8325954} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95F6C0B3-AF63-486E-9538-C65B387FCA71} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A41E6B-BCA3-445E-B755-1F645B665CF2} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B1705E2-48B8-4495-803C-FD806563A3D0} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B29109D-D3A1-47D1-9CA7-2D92A47A11AD} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D90F1F3-870B-4C93-96F1-DF9A9DF02BFC} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E2A9959-D5AF-4F9E-9588-5FC7C820BD} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A04DA566-E939-4428-9CFB-926447FCBDD} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0692856-FCF2-41C7-9345-21C844F1FA2} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A310B4F-CB0F-4121-803E-A5D445FCAEF} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4FD06BB-5EBD-405C-A683-695F3FFCC5D8} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A940396C-2511-4E3D-9BE-EB66E5BD78F6} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB98B1A9-D8EB-46B0-B69F-4847E531CAF9} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF9C24EC-E1A2-4853-8AAD-C8E958C9AD7} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B25839AF-9A66-453C-8D27-EE4BE94B262} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB5C39A1-52F6-41DD-AED-2BF0D8248928} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBBFF96A-3C69-4C46-A725-28ED1369A7A} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDD14769-1078-4C29-915D-3EE7B7BEF212} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE77A527-6930-4788-8057-B62B55B9157} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1282B03-4982-45F8-AFAC-4B669B167165} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C51AC364-732A-4D65-A22D-DCAFD179815F} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8E58B52-5BA3-4268-BB8A-4AB1918E1589} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0B5FD45-336C-41E7-B4B7-DDD5A34F5F9} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1850A89-17CA-4460-9FE9-C3FC37C4698} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D190F517-B833-4180-B0C3-A688FA4ADED} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2C7C90E-3BAA-4B21-A38E-BA92FADA63E9} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D793C183-801A-4637-9C96-5091864D0A1} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFC68205-6A51-4353-A2FE-A15DC7FFD365} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DA1712-62A4-4C51-AC83-AB756F39CADD} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E39490B5-6162-45A8-A16A-4994D7CBD726} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4484BBE-AD01-4423-BAA7-57D84AC9B7A} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4FDA187-24B-42CE-B523-455F29DB3289} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E515E6C4-3F5-4541-864D-468BA2B23261} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E580F121-6A3C-47EC-8C8D-2DBBCB2A69} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6FBEC62-378E-4E40-A81C-93D5DBB2F48F} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E76F5DE5-B75-46A6-8CA3-55775782343} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA14849C-AD20-43F6-8533-3B623FB2E746} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB27A623-F0C7-4662-8FE2-4D1F4539F3DF} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB7420D4-B1F0-4412-BB63-CCBE4C129B11} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE236F1D-ACA6-4B47-ACFA-2B5467D5F52} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEFADD07-F418-4D31-8C2-C8F4F585A66} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0421676-DEFD-4822-BFC1-9DA84FE56E21} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F54354BA-2517-49E1-A49D-68B6E2238B6} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F54CCD9-EB27-4684-BDCF-66E6E1D5AB16} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5A7E789-85A-4E99-BCE8-11FFABD64163} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6262202-3C6-4B58-B31D-52C365872B61} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F888C9C3-6EB-4E1F-BC5A-77C57F58099} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F95070DD-8993-4F22-81F-FE5BD6CDC770} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA9A4AB5-3CCC-4A0C-BBC8-E455668C6E4} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FCE6290F-8661-40D0-B22B-E6C1C5B84D1} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD9391D4-1166-49A8-908-64425E5B82E} deleted successfully
HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF5CCA20-B5A4-4AFD-8D4D-C7B0E1122F2D} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\PR\AppData\Roaming\Mozilla\Firefox\Profiles\FSeKXfT2.default\prefs.js:

Added to C:\Users\PR\AppData\Roaming\Mozilla\Firefox\Profiles\FSeKXfT2.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\VS Revo Group not found
C:\Program Files\Arquivos Comuns deleted
C:\Users\PR\.android deleted
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4012f698d73a1d52\BoBrowser.lnk deleted
C:\PROGRA~2\Avg_Update_0215pi deleted
C:\PROGRA~2\FunGame deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\PR\AppData\Local\CrashRpt deleted
C:\Windows\system32\tasks\060184C3-9766-46a0-B258-F4518A0B2633 deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\PR\AppData\Roaming\Mozilla\Firefox\Profiles\FSeKXfT2.default\extensions\abs@avira.com deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\PR\AppData\Roaming\Mozilla\Firefox\Profiles\FSeKXfT2.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 41.0.2272.101

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Google Slides - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - PR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\PR\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.google.com.br/",
"startup_urls": [ "https://www.google.com.br/" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Old Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.google.com/?trackid=sp-006"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{8014853F-1F5B-4A3D-B4FF-B907C26B3E67} ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Google Url="https://www.google.com/search?q={searchTerms}"
{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url="https://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\PR\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\PR\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\PR\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\PR\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\PR\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\PR\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\PR\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\PR\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\PR\Desktop\CorelDRW - Atalho.lnk - C:\Program Files\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exe
C:\Users\PR\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PR\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PR\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\PR\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\PR\Desktop\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AVG 2015.lnk - C:\Program Files\AVG\AVG2015\avgui.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Manual do usuário L800.lnk -
C:\Users\Public\Desktop\Manual Epson Stylus TX133_TX135.lnk - C:\Program Files\epson\guide\tx133_p\index.html
C:\Users\Public\Desktop\Megacubo.lnk - C:\Program Files\Megacubo\megacubo.exe
C:\Users\Public\Desktop\MyEpson Portal.lnk - C:\Program Files\epson\MyEpson Portal\mep.exe /S
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\PR\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk - C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2015.lnk - C:\Program Files\AVG\AVG2015\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\EPSON Scan\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\EPSON TX133 TX135 Series\Atualização do driver.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\EPSON TX133 TX135 Series\Desinstalar software da impressora EPSON.lnk - C:\Windows\System32\spool\drivers\w32x86\3\E_FINSHJB.EXE /R /APD /P:"EPSON TX133 TX135 Series"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\EPSON TX133 TX135 Series\Suporte técnico.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\Manual Epson Stylus TX133_TX135\Desinstalador.lnk - C:\Program Files\epson\guide\tx133_p\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson\Manual Epson Stylus TX133_TX135\Manual Epson Stylus TX133_TX135.lnk - C:\Program Files\epson\guide\tx133_p\index.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Easy Photo Print.lnk - C:\Program Files\Epson Software\Easy Photo Print\EPQuicker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software\Read Me\Easy Photo Print.lnk - C:\Program Files\Epson Software\Easy Photo Print\DspReadMe.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Megacubo\Megacubo.lnk - C:\Program Files\Megacubo\megacubo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Megacubo\Sleepr.lnk - C:\Program Files\Megacubo\megacubo.exe -load:sleepr
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office\Diagnóstico do Microsoft Office.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office\Microsoft Office 2007 Configurações de Idioma.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk - C:\Program Files\PhotoScape\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk - C:\Windows\Installer\{C74DCAC0-DDB3-4135-A70C-0553BF9490BC}\fssicon.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk - C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Megacubo.lnk - C:\Program Files\Megacubo\megacubo.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Photo Gallery.lnk - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Baidu PC Faster 4.0.0.0 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Baidu PC Faster 5.1.0.0 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diebold - Warsaw deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoobzoYouTubeAccelerator deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PPUDA4X will be deleted at reboot
C:\Users\PR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WKLRDFH will be deleted at reboot
C:\Users\PR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F18N8XZJ will be deleted at reboot
C:\Users\PR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUJYC05K will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\PR\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\PR\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=168 folders=48 13247969 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\PR\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PR\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\PR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4PPUDA4X" not found
"C:\Users\PR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8WKLRDFH" not found
"C:\Users\PR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F18N8XZJ" not found
"C:\Users\PR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUJYC05K" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 13/06/2015 at 16:27:09,63 ======================

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Ja foi utilizado sem exito

Jonathabruno escreveu:Ja foi utilizado sem exito

poste o log (relatório) do Adwcleaner que está em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v4.206 - Relatório criado 12/06/2015 às 13:02:53
# Atualizado 01/06/2015 por Xplode
# Base de dados : 2015-06-09.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x86)
# Usuário : PR - PR-PC
# Executando de : E:\adwcleaner-4-206-multi-win.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Excluído : WindowsMangerProtect
[#] Serviço Excluído : innfd_1_10_0_14
[#] Serviço Excluído : SPDRIVER_1.41.0.1742

***** [ Arquivos / Pastas ] *****

Pasta Excluído : C:\BreakingNewsAlert
Pasta Excluído : C:\ProgramData\apn
Pasta Excluído : C:\ProgramData\Browser
Pasta Excluído : C:\ProgramData\WindowsMangerProtect
Pasta Excluído : C:\ProgramData\NetEngine
Pasta Excluído : C:\ProgramData\radio
Pasta Excluído : C:\Users\Public\Documents\Goobzo
Pasta Excluído : C:\Users\Public\Documents\ShopperPro
Pasta Excluído : C:\Users\Public\Documents\YTAHelper
Pasta Excluído : C:\Program Files\AnyProtectEx
Pasta Excluído : C:\Program Files\globalUpdate
Pasta Excluído : C:\Program Files\Special Box
Pasta Excluído : C:\Program Files\TermBlazer_1.10.0.16
Pasta Excluído : C:\Windows\system32\config\systemprofile\AppData\Roaming\ntsvc
Pasta Excluído : C:\Windows\system32\config\systemprofile\AppData\Local\speed browser
Pasta Excluído : C:\Users\PR\AppData\Local\globalUpdate
Pasta Excluído : C:\Users\PR\AppData\Local\iac
Pasta Excluído : C:\Users\PR\AppData\Local\iLivid
Pasta Excluído : C:\Users\PR\AppData\Local\speed browser
Pasta Excluído : C:\Users\PR\AppData\LocalLow\iac
Pasta Excluído : C:\Users\PR\AppData\Roaming\AnyProtectEx
Pasta Excluído : C:\Users\PR\AppData\Roaming\do-search
Pasta Excluído : C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\PRograms\AnyProtect PC Backup
Pasta Excluído : C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\PRograms\Gameo
Arquivo Excluído : C:\END
Arquivo Excluído : C:\ProgramData\Duplicaterecord.js
Arquivo Excluído : C:\Windows\system32\roboot.exe
Arquivo Excluído : C:\Users\PR\AppData\Roaming\UFHQH
Arquivo Excluído : C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
Arquivo Excluído : C:\Users\PR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
Arquivo Excluído : C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\PRograms\gameo.lnk
Arquivo Excluído : C:\Users\PR\AppData\Roaming\Microsoft\Windows\Start Menu\PRograms\Play Games Online.url
Arquivo Excluído : C:\Users\PR\AppData\Roaming\Mozilla\Firefox\PRofiles\FSeKXfT2.default\user.js

***** [ Tarefas agendadas ] *****

Tarefa Apagado : APSnotifierPP1
Tarefa Apagado : APSnotifierPP2
Tarefa Apagado : APSnotifierPP3
Tarefa Apagado : LaunchSignup
Tarefa Apagado : Run_Bobby_Browser
Tarefa Apagado : NetEngine
Tarefa Apagado : UFHQH

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Apagado : HKCU\Software\Classes\iLivid.torrent
Chave Apagado : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Apagado : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Apagado : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Chave Apagado : HKLM\SOFTWARE\Classes\SDP
Chave Apagado : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ToolbarProtector
Chave Apagado : HKLM\SOFTWARE\Classes\MapsGalaxy_39.ToolbarProtector.1
Chave Apagado : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper
Chave Apagado : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper.1
Chave Apagado : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Apagado : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Apagado : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655315567}
Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666316667}
Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{385F1935-3784-48D0-A61F-6385493DED3C}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\Web
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9114142F-D2C0-4130-989A-745992D7D88C}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DBF6A220-BE73-4D9C-940A-0206FB5AB194}
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Chave Apagado : HKCU\Software\AnyProtect
Chave Apagado : HKCU\Software\GlobalUpdate
Chave Apagado : HKCU\Software\Goobzo
Chave Apagado : HKCU\Software\ilivid
Chave Apagado : HKCU\Software\PennyBee
Chave Apagado : HKCU\Software\systweak
Chave Apagado : HKCU\Software\torch
Chave Apagado : HKCU\Software\gameo
Chave Apagado : HKCU\Software\GAMESDESKTOP
Chave Apagado : HKCU\Software\CrossBrowser
Chave Apagado : HKLM\SOFTWARE\do-searchSoftware
Chave Apagado : HKLM\SOFTWARE\GlobalUpdate
Chave Apagado : HKLM\SOFTWARE\SupDp
Chave Apagado : HKLM\SOFTWARE\supWindowsMangerProtect
Chave Apagado : HKLM\SOFTWARE\systweak
Chave Apagado : HKLM\SOFTWARE\torch
Chave Apagado : HKLM\SOFTWARE\SpeedBrowser
Chave Apagado : HKLM\SOFTWARE\Clara
Chave Apagado : HKLM\SOFTWARE\BubbleSound
Chave Apagado : HKLM\SOFTWARE\TermBlazer_1.10.0.16
Chave Apagado : HKU\.DEFAULT\Software\Goobzo
Chave Apagado : HKU\.DEFAULT\Software\Avg Secure Update
Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\do-search uninstall
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TermBlazer_1.10.0.16
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\a2g-secure.com
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystart.vi-view.com
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pt.reimageplus.com
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.searchult.com
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searches.vi-view.com
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchult.com
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vi-view.com
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17840

Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Mozilla Firefox v


-\\ Google Chrome v41.0.2272.101

[C:\Users\PR\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Startup_URLs] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] 7 Ultimate
[C:\Users\PR\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Default_Search_Provider_Data] :

-\\ Chromium v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [33459 bytes] - [12/06/2015 12:54:39]
AdwCleaner[S0].txt - [13791 bytes] - [12/06/2015 13:02:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13851 bytes] ##########

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.4 (06.13.2015:2)
OS: Windows 7 Ultimate x86
Ran by PR on 13/06/2015 at 17:03:11,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\baidu security



~~~ Chrome


[C:\Users\PR\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\PR\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\PR\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\PR\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/06/2015 at 17:06:54,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo.

Para executá-lo corretamente siga as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.

~ ZHPCleaner v2015.6.13.275 by Nicolas Coolman (2015\06\13)
~ Run by PR (Administrator) (13/06/2015 17:59:55)
~ Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\PR\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\PR\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 32-bit Service Pack 1 (Build 7601)


---\\ Serviços (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Navegadores de Internet (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Arquivo hosts (2)
SUBSTITUIDO:
Número de redirecionamentos encontrados 1/22


---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Explorer ( Arquivos, Pastas) (131)
MOVIDO pasta: C:\Users\PR\AppData\Roaming\logpath\execute.exe ()
MOVIDO pasta: C:\Windows\Prefetch\BOBROWSER.EXE-130C1EA7.pf (PUP.BoBrowser)
MOVIDO pasta: C:\Users\PR\Downloads\Não confirmado 165682.torchdownload (PUP.Torch)
MOVIDO arquivo: C:\Users\PR\AppData\Roaming\logpath ()
MOVIDO arquivo: C:\Windows\Installer\MSI1A51.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1ABF.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1C95.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1CF4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1D62.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI1DD0.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2116.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI24A4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2512.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2846.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI28E4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI297.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2A0D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2ACD.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2B36.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2CC.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2D65.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI2F92.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI404F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI40E5.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI41B1.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI42BC.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4398.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4647.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI472D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4A00.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4B77.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4D1D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4E6E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4EC3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI4FBE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI50C8.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI631.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI6CE4.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI745A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI81A6.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8371.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI841C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI84D8.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI85E3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI86EE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI86EB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI875E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8884.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI89C0.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8B48.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8CB0.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8D7B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8E09.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8EC7.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI8F0A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9024.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI905B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9126.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI940C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI95B2.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI96CC.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9A55.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9BE2.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9E45.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSI9F2B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA26D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA2F3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA3AB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA52C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA66.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA855.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIA86F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIABB3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB1FF.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB309.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB414.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB50F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB51B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB638.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB84C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIB966.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIBA12.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIBA86.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIBAAF.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIBB4C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIBC18.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIC68F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIC95C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICA90.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICAAC.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSICB4D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID116.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID4AC.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSID8E0.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDB6F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDC89.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDCAE.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDDB1.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDDC3.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIDF0B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE06F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE0A2.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE35E.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE42C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE526.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE6FB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE784.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE825.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE92F.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE96D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIE984.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIEA2A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIEB53.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIECAB.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIED00.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIEDA5.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIEE1A.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIEE52.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIEF56.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF10D.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF18B.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF312.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF4A0.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF4C8.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF809.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF913.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIF9BF.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFA4C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFB37.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFD0C.tmp- (Empty)
MOVIDO arquivo: C:\Windows\Installer\MSIFDF5.tmp- (Empty)


---\\ Registro ( Chaves, Valores, Dados ) (33)
SUPRIMIDO dados: HKLM\SOFTWARE\Classes\.html\\Default [Bad : BrowserHTM] (PUP.SpeedBrowser)
SUPRIMIDO chave*: HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin [VideoDownloadConverter_ScriptHelper] (PUP.MindSpark)
SUPRIMIDO chave*: HKLM\SOFTWARE\Clients\StartMenuInternet\speed browser [] (PUP.SpeedBrowser)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Classes\.torrent [iLivid.torrent] (Adware.Bandoo)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Classes\Magnet [iLivid.torrent] (Adware.Bandoo)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2418499362-4291286301-2304700633-1000\Software\Classes\Torch.torrent [] (PUP.Torch)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.boostsaves.com [19] (PUP.BoostSaves)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\free.videodownloadconverter.com [72] (PUP.MindSpark)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\genieo.com [] (PUP.Genieo)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\infonautapp.com [] (PUP.Infonaut)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\lp.torchbrowser.com [0] (PUP.Torch)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.boostsaves.com [0] (PUP.BoostSaves)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\torchbrowser.com [] (PUP.Torch)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\unicobrowser.co [] (PUP.UnicoBrowser)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.com [] (PUP.MindSpark)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [72] (PUP.Genieo)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [0] (PUP.UnicoBrowser)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] (Toolbar.Ask)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\BrowserHTM [] (PUP.SpeedBrowser)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\Magnet [iLivid.torrent] (Adware.Bandoo)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\Torch.torrent [] (PUP.Torch)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\Applications\ilivid-32-bits [1].exe [] (Adware.Bandoo)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\Applications\ilivid-32-bits.exe [] (Adware.Bandoo)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1427-t-bf.exe [] (Adware.Bandoo)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\Applications\iLividSetup-r20-n-bi.exe [] (Adware.Bandoo)
SUPRIMIDO chave*: HKLM\SOFTWARE\VideoDownloadConverter [] (PUP.MindSpark)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{132160E4-BCEF-4F1E-A5EB-051C791800E2} [C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~2\IE (Not File)] (PUP.Datamngr)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0699B3D-ABD0-46E5-A3C4-089435FF920A} [C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE (Not File)] (PUP.Datamngr)
SUPRIMIDO valor: HKLM\Software\Classes\.htm\OpenWithProgIDs\\BrowserHTM [] (PUP.SpeedBrowser)
SUPRIMIDO valor: HKLM\Software\Classes\.html\OpenWithProgIDs\\BrowserHTM [] (PUP.SpeedBrowser)
SUPRIMIDO valor: HKLM\Software\Classes\.shtml\OpenWithProgIDs\\BrowserHTM [] (PUP.SpeedBrowser)
SUPRIMIDO valor: HKLM\Software\Classes\.webp\OpenWithProgIDs\\BrowserHTM [] (PUP.SpeedBrowser)
SUPRIMIDO valor: HKLM\Software\Classes\.xht\OpenWithProgIDs\\BrowserHTM [] (PUP.SpeedBrowser)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 3329
~ Items encontrado : 1
~ items cancelados : 0
~ Items réparo : 164


End of clean at 18:00:46
===================
ZHPCleaner-[R]-13062015-18_00_46.txt
ZHPCleaner-[S]-13062015-17_46_19.txt

AVG Detecta assim

"";"Cavalo de Tróia Agent5.ZLR, c:\Users\PR\AppData\Roaming\RunDir\temp\autoupdate.exe";"Não resolvido"

AVG Detecta assim

"";"Cavalo de Tróia Agent5.ZLR, c:\Users\PR\AppData\Roaming\RunDir\temp\autoupdate.exe";"Não resolvido"

Calma que o problema será resolvido. Estamos removendo todas as outras infecções que também existem neste PC.
_______________________________________________________

Você chegou a fazer uma limpeza completa com o Malwarebytes neste PC?

Caso você tenha feito, siga as dicas abaixo para acessar o Log (relatório) do Malwarebytes:

Para isto abra o Malwarebytes > Clique no botão Histórico > Clique em Logs do Aplicativo > E dê um duplo clique com o botão esquerdo do mouse sobre o Scan Log mais atual para abri-lo. Isto é mostrado nesta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na próxima tela que surgirá clique no botão Exportar > e clique na opção Arquivo texto (*.txt):
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Na outra tela que vai aparecer dê um nome para este relatório (como LOG por exemplo) > Clique em Área de Trabalho (para que ele seja salvo no seu Desktop) > Clique em Salvar:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Clique em OK na próxima mensagem que aparece:


Depois disto é só postar este log do Malwarebytes em sua próxima resposta.
_________________________________________________

Caso você não tenha feito a verificação com o Malwarebytes, veja se neste PC tem a versão mais atualizada do Malwarebytes, que é a versão 2.1.6.1022. Se ele estiver com uma versão mais antiga, desinstale-o e baixe-o novamente em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Obs: Depois de acessar um destes links acima, clique no botão DOWNLOAD, como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este scan log (relatório de verificação) mais recente do Malwarebytes.

Ficamos no aguardo.

Você usou só a verificação de ameaças, que não é tão completa como a que é mostrada no tutorial que te passei. Siga as dicas abaixo para fazer a limpeza completa:

   Como executar uma verificação personalizada com o Malwarebytes:

   - Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Configurar Varredura:
   [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

   Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas todas estas opções:

   Verificar Objetos na Memória
   Verificar Inicialização e Registro
   Verificar Arquivos Compactados
   Verificar Rootkits

   Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

   Depois disto clique no botão Verificar Agora como mostra a imagem abaixo:
   [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

   Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

   [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

   Assim que a verificação terminar, aparecerá a frase Verificação Personalizada completada com sucesso. Caso seu PC esteja seguro e sem ameaças, uma mensagem parecida com esta abaixo aparecerá informando que "Ameaças Identificadas: 0" (Ou seja: Nenhum ítem malicioso foi detectado). Neste caso tudo está certo, seu computador está normal e você clicará no botão Terminar:

   [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

   Caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows com a frase Verificação Terminada - Malware Detectado na qual você clicará nela:

   [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

   Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Para remover a infecção, deixe todas as caixinhas marcadas em todos os itens que queira remover e clique no botão Remover Selecionadas, como mostra esta imagem:
   [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

   Surgirá então uma outra tela parecida com esta abaixo informando que as ameaças foram enviadas à quarentena, na qual você clicará no botão Terminar:

   [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

   Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, aceite esta reinicialização pelo Malwarebytes.

   Depois disto é só postar o novo Scan Log (log de verificação) que o Malwarebytes irá criar em sua próxima resposta:

   [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data da Verificação: 13/06/2015
Hora da Verificação: 21:37:06
Arquivo de Log: llll.txt
Administrador: Sim

Versão: 2.01.6.1022
Base de Dados de Malware: v2015.06.13.07
Base de Dados de Rootkit: v2015.06.02.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado

SO: Windows 7 Service Pack 1
Processador: x86
Sistema de Arquivos: NTFS
Usuário: PR

Tipo da Verificação: Verificação Personalizada
Resultado: Terminado
Objetos Verificados: 404463
Tempo Decorrido: 1 hr, 8 min, 23 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de Registro: 0
(Nenhum item malicioso detectado)

Valores de Registro: 0
(Nenhum item malicioso detectado)

Dados de Registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 2
PUP.Optional.TermBlazer.A, C:\AdwCleaner\Quarantine\C\Program Files\TermBlazer_1.10.0.16\Uninstall.exe.vir, Quarentena, [91aa5763c3c79f973131a3daa660e61a],
PUP.Optional.TermBlazer.A, C:\AdwCleaner\Quarantine\C\Program Files\TermBlazer_1.10.0.16\Service\tbsvc.exe.vir, Quarentena, [17247b3fcebcf0464e14423b9472728e],

Setores Físicos: 0
(Nenhum item malicioso detectado)


(end)

Esse próximo é mais rápido.

Desative temporariamente seu antivirus para evitar conflitos.

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo.

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
_____________________________________________________________________________

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Clique no botão Parcourir... > Selecione o arquivo do log (relatório) e clique no botão Abrir.

Clique no botão Créer le lien Cjoint

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

só um momento que vou montar o script para remover os problemas encontrados e daqui há pouco te passo o próximo procedimento.

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, tal como é indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
__________________________________________________________

Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
M3 - MFPP: Plugins - [PR] -- C:\Users\PR\AppData\Roaming\Mozilla\Firefox\Profiles\FSeKXfT2.default\searchplugins\Baixaki.xml
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
O4 - HKUS\.DEFAULT\..\Run: [AviraSpeedup] C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [AviraSpeedup] C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe (.not file.)
O4 - HKUS\S-1-5-21-2418499362-4291286301-2304700633-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd
O23 - Service: Internet Log Handler (NetLogHandler) . (.QNT - Net Service Handler for LocalSystem.) - C:\Users\PR\AppData\Roaming\Netlog\Netlog.exe
O23 - Service: Net.Tcp Service Handler (NetTcpHandler) . (.QNT - Net Service Handler for LocalSystem.) - C:\Users\PR\AppData\Roaming\NetService\netservice.exe
[MD5.00000000000000000000000000000000] [APT] [Software Removal Tool logs upload retry] (...) -- E:\software_removal_tool.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{10B7DBA3-9696-44E4-A6B2-332A21816A8D}] (...) -- C:\Users\PR\Downloads\Receitanet-1.05 (2).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4974081C-AEB1-4586-AF8C-155E1E805718}] (...) -- C:\Users\PR\Desktop\L800_x64_671APS_GM.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EAF2134E-81A0-405E-AC6D-D76C31305FD0}] (...) -- C:\Users\PR\Downloads\wlsetup-web.exe (.not file.) [0]
O40 - ASIC: speed browser - {7D2B3E1D-D096-4594-9D8F-A6667F12E0AC} . (...) -- C:\Program Files\speed browser\Application\40.0.2214.45\Installer\chrmstp.exe =>PUP.SpeedBrowser
[HKCU\Software\AviraSpeedup]
[HKCU\Software\Avira]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Baixaki]
[HKCU\Software\PC App Store]
[HKCU\Software\UFHQH]
[HKLM\Software\NetLogHandler]
[HKLM\Software\NetTcpHandler]
[HKLM\Software\NtIObits]
[HKLM\Software\NtSvcHandler]
[HKLM\Software\atajitos]
O43 - CFD: 13/06/2015 - 14:33:30 - [] ----D C:\Program Files\Avira
O43 - CFD: 31/05/2015 - 16:37:48 - [] ----D C:\ProgramData\AVAST Software
O43 - CFD: 25/03/2015 - 00:09:05 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
O43 - CFD: 24/02/2015 - 08:57:37 - [] ----D C:\Users\PR\AppData\Roaming\FunGame
O43 - CFD: 24/03/2015 - 09:35:34 - [] ----D C:\Users\PR\AppData\Roaming\NetService
O43 - CFD: 05/03/2015 - 17:07:34 - [] ----D C:\Users\PR\AppData\Roaming\PC App Store
O43 - CFD: 13/06/2015 - 16:40:44 - [] ----D C:\Users\PR\AppData\Roaming\RunDir
O43 - CFD: 13/12/2014 - 11:22:25 - [] ----D C:\Users\PR\AppData\Local\AviraSpeedup
O58 - SDL:29/04/2015 - 17:42:54 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [46440]
O61 - LFC: 08/06/2015 - 22:59:42 ---A- . (.QNT.) -- C:\Users\PR\AppData\Roaming\Netlog\Netlog.exe [167704]
O61 - LFC: 08/06/2015 - 22:59:42 ---A- . (.QNT.) -- C:\Users\PR\AppData\Roaming\RunDir\scud.exe [167704]
O61 - LFC: 08/06/2015 - 22:59:42 ---A- . (.QNT.) -- C:\Users\PR\AppData\Roaming\RunDir\temp\scud.exe [167704]
O64 - Services: CurCS - 29/04/2015 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {8014853F-1F5B-4A3D-B4FF-B907C26B3E67} - (([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider
SR - | Auto 08/06/2015 167704 | (NetLogHandler) . (.QNT.) - C:\Users\PR\AppData\Roaming\Netlog\Netlog.exe
SR - | Auto 20/03/2015 211824 | (NetTcpHandler) . (.QNT.) - C:\Users\PR\AppData\Roaming\NetService\netservice.exe
[HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}] (Groove WebBrowserView2) =>PUP.CrossRider^
ShortcutFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by PR at 14/06/2015 09:15:02
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BHBASE Parado

========== Chaves do Registo ==========
ELIMINÉ: Service: NetLogHandler
ELIMINÉ: Service: NetTcpHandler
ELIMINÉ: CLSID ASIC: \SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
ELIMINÉ: HKCU\Software\AviraSpeedup
ELIMINÉ: HKCU\Software\Avira
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\Baixaki
ELIMINÉ: HKCU\Software\PC App Store
ELIMINÉ: HKCU\Software\UFHQH
ELIMINÉ: HKLM\Software\NetLogHandler
ELIMINÉ: HKLM\Software\NetTcpHandler
ELIMINÉ: HKLM\Software\NtIObits
ELIMINÉ: HKLM\Software\NtSvcHandler
ELIMINÉ: HKLM\Software\atajitos
ELIMINÉ: SearchScopes :{012E1000-F331-11DB-8314-0800200C9A66}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: SearchScopes :{8014853F-1F5B-4A3D-B4FF-B907C26B3E67}
ELIMINÉ: SearchScopes :{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
ELIMINÉ: HKCR\CLSID\{206DAA08-0036-11D5-80D8-0050DA5F08E3}

========== Valores do Registo ==========
ELIMINÉ RunValue: CCleaner Monitoring
ELIMINÉ RunValue: AviraSpeedup

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\pr\appdata\roaming\mozilla\firefox\profiles\fsekxft2.default\searchplugins\baixaki.xml
ELIMINA REINICIAR: c:\program files\ccleaner\ccleaner.exe
ELIMINA REINICIAR: c:\users\pr\appdata\roaming\netlog\netlog.exe
ELIMINA REINICIAR: c:\users\pr\appdata\roaming\netservice\netservice.exe
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ Temporários windows (139) (7.262.387 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: Software Removal Tool logs upload retry
ELIMINÉ: {10B7DBA3-9696-44E4-A6B2-332A21816A8D}
ELIMINÉ: {4974081C-AEB1-4586-AF8C-155E1E805718}
ELIMINÉ: {EAF2134E-81A0-405E-AC6D-D76C31305FD0}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
20 : Chaves do Registo
2 : Valores do Registo
1 : Pastas
7 : Ficheiros
1 : Estado dos serviços
4 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 21s

========== Caminho do ficheiro do relatório ==========
C:\Users\PR\AppData\Roaming\ZHP\ZHPFix[R1].txt - 14/06/2015 09:15:06 [2593]

Pelo Que me parece a pasta sumiu !

Reinicie o PC.

Depois de ter reiniciado, faça o seguinte por gentileza:

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "COMPLETA" e aguarde a conclusão:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
_______________________________________________

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Clique no botão Parcourir... > Selecione o arquivo do log (relatório) e clique no botão Abrir.

Clique no botão Créer le lien Cjoint

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.