Navegadores infectados!

Boa tarde!
Amigos,
Já desinstalei o Chrome e o Fire fox e nada...
Peguei algo um pouco chato em meu PC!!
Segue abaixo o relatório.
Agradeço pela ajuda.

# AdwCleaner v3.205 - Relatório criado 01/05/2014 às 16:09:24
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Glauco - Glauco-PC
# Executando de : C:\Users\Aurelio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N06PU7ZS\adwcleaner.exe
# Opção : Examinar

***** [ Serviços ] *****

Serviço Encontrado : IePluginService
Serviço Encontrado : wStLibG64

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\END
Arquivo Encontrado : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Arquivo Encontrado : C:\Users\Aurelio\AppData\Local\funmoods-speeddial.crx
Arquivo Encontrado : C:\Users\Aurelio\AppData\Roaming\aps.uninstall.scan.results
Arquivo Encontrado : C:\Users\Aurelio\daemonprocess.txt
Arquivo Encontrado : C:\Windows\System32\Tasks\pricemeterdownloader
Arquivo Encontrado : C:\Windows\System32\Tasks\pricemetertask
Arquivo Encontrado : C:\Windows\System32\Tasks\pricemeterwatcher
Arquivo Encontrado : C:\Windows\System32\Tasks\SaveSense
Arquivo Encontrado : C:\Windows\Tasks\SaveSense.job
Pasta Encontrado : C:\Program Files (x86)\Bench
Pasta Encontrado : C:\Program Files (x86)\BringStar
Pasta Encontrado : C:\Program Files (x86)\Funmoods
Pasta Encontrado : C:\Program Files (x86)\predm
Pasta Encontrado : C:\Program Files (x86)\SaveSenseLive
Pasta Encontrado : C:\Program Files (x86)\SupTab
Pasta Encontrado : C:\Program Files (x86)\Uninstaller
Pasta Encontrado : C:\Users\Aurelio\.android
Pasta Encontrado : C:\Users\Aurelio\AppData\Local\Mobogenie
Pasta Encontrado : C:\Users\Aurelio\AppData\Local\PriceMeterLiveUpdate
Pasta Encontrado : C:\Users\Aurelio\AppData\Local\SaveSenseLive
Pasta Encontrado : C:\Users\Aurelio\AppData\Local\Tuguu_SL
Pasta Encontrado : C:\Users\Aurelio\AppData\Local\webplayer
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\awesomehp
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\baidu
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\Optimizer Elite Max
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\SaveSense
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\SupTab
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\Systweak
Pasta Encontrado : C:\Users\Aurelio\AppData\Roaming\webssearches
Pasta Encontrado : C:\Users\Aurelio\Documents\Mobogenie
Pasta Encontrado : C:\Users\Public\Documents\baidu
Pasta Encontrado : C:\Users\wangzhisong\AppData\Local\Mobogenie

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Encontrada : HKCU\Software\AnyProtect
Chave Encontrada : HKCU\Software\AppDataLow\Software\Crossrider
Chave Encontrada : HKCU\Software\AppDataLow\Software\DynConIE
Chave Encontrada : HKCU\Software\AppDataLow\Software\ViewPassword
Chave Encontrada : HKCU\Software\Funmoods
Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Encontrada : HKCU\Software\Optimizer Pro
Chave Encontrada : HKCU\Software\SaveSenseLive
Chave Encontrada : HKCU\Software\SmartBar
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKCU\Software\systweak
Chave Encontrada : HKCU\Software\TutoTag
Chave Encontrada : [x64] HKCU\Software\AnyProtect
Chave Encontrada : [x64] HKCU\Software\Funmoods
Chave Encontrada : [x64] HKCU\Software\InstallCore
Chave Encontrada : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Encontrada : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : [x64] HKCU\Software\Optimizer Pro
Chave Encontrada : [x64] HKCU\Software\SaveSenseLive
Chave Encontrada : [x64] HKCU\Software\SmartBar
Chave Encontrada : [x64] HKCU\Software\Softonic
Chave Encontrada : [x64] HKCU\Software\systweak
Chave Encontrada : [x64] HKCU\Software\TutoTag
Chave Encontrada : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Encontrada : HKLM\Software\aartemisSoftware
Chave Encontrada : HKLM\Software\Bench
Chave Encontrada : HKLM\SOFTWARE\Classes\*\shell\filescout
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\speedupmypc
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Encontrada : HKLM\Software\free_soft_to_day
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Encontrada : HKLM\Software\InstallCore
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Chave Encontrada : HKLM\Software\SaveSenseLive
Chave Encontrada : HKLM\Software\supTab
Chave Encontrada : HKLM\Software\supWPM
Chave Encontrada : HKLM\Software\Trymedia Systems
Chave Encontrada : HKLM\Software\Tutorials
Chave Encontrada : HKLM\Software\Uniblue
Chave Encontrada : HKLM\Software\webssearchesSoftware
Chave Encontrada : HKLM\Software\Wpm
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Encontrada : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Encontrada : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : [x64] HKLM\SOFTWARE\Speedchecker Limited
Valor Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Valor Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041

Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Mozilla Firefox v

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [21487 octets] - [15/02/2014 12:45:00]
AdwCleaner[R1].txt - [1053 octets] - [15/02/2014 12:51:58]
AdwCleaner[R2].txt - [1114 octets] - [15/02/2014 12:53:13]
AdwCleaner[R3].txt - [1174 octets] - [15/02/2014 12:56:36]
AdwCleaner[R4].txt - [11699 octets] - [01/05/2014 16:09:24]
AdwCleaner[S0].txt - [19883 octets] - [15/02/2014 12:45:59]
AdwCleaner[S1].txt - [1233 octets] - [15/02/2014 12:58:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [11881 octets] ##########

   Olá.

Clique com o botão direito do mouse em AdwCleaner.exe e escolha a opção Executar como administrador.

|- Caso surja uma mensagem do Windows com a pergunta "Deseja permitir que o programa a seguir faça alterações neste computador?" clique em Sim.

|- Dê iní­cio ao escaneamento, clicando no botão Examinar como mostra esta imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Assim que a verificação tiver sido concluída, clique no botão Limpar, como mostra esta imagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Surgirá, então, esta mensagem mostrada abaixo na qual você clicará no botão OK:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Depois dos procedimentos acima aparecerá esta última mensagem, onde você novamente clicará em OK:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Depois disto o PC será reiniciado. E aí é só você postar o relatório dele que estará em C:\AdwCleaner\AdwCleaner[S2].txt em sua próxima resposta.

aner v3.205 - Relatório criado 01/05/2014 às 23:20:38
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Aurelio - AURELIO-PC
# Executando de : C:\Users\Aurelio\Downloads\adwcleaner (3).exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [21487 octets] - [15/02/2014 12:45:00]
AdwCleaner[R1].txt - [1053 octets] - [15/02/2014 12:51:58]
AdwCleaner[R2].txt - [1114 octets] - [15/02/2014 12:53:13]
AdwCleaner[R3].txt - [1174 octets] - [15/02/2014 12:56:36]
AdwCleaner[R4].txt - [12058 octets] - [01/05/2014 16:09:24]
AdwCleaner[R5].txt - [2125 octets] - [01/05/2014 23:19:50]
AdwCleaner[S0].txt - [19883 octets] - [15/02/2014 12:45:59]
AdwCleaner[S1].txt - [1233 octets] - [15/02/2014 12:58:00]
AdwCleaner[S2].txt - [9303 octets] - [01/05/2014 16:27:06]
AdwCleaner[S3].txt - [2013 octets] - [01/05/2014 23:20:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2073 octets] ##########

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Scan Date: 02/05/2014
Scan Time: 01:30:49
Logfile: virus2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.02.02
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Aurelio

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 381816
Time Elapsed: 45 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 11
PUP.Optional.IEPluginService.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir, , [9109ca827efdb482129b3233d62bd52b],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir, , [5f3b6fdd116afe3858f559dc0ff1f30d],
Adware.Korad, C:\AdwCleaner\Quarantine\C\ProgramData\BasicServe\basicserve114.exe.vir, , [efab2c20681396a04a8837f51de4b050],
PUP.Optional.FileScout.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\file scout\filescout.exe.vir, , [21792e1efd7e4cea59713fc5e61b05fb],
PUP.Optional.PCFixSpeed.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\OpenCandy\0CFE646FC13F434CA9C5D21645B54749\SearchGolTB.exe.vir, , [1981a6a6e79453e3e283576de2215ca4],
PUP.Optional.OpenCandy.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\OpenCandy\5D9A2D88E9F649BEB55D8E737466E2DD\dlm.exe.vir, , [a4f676d692e9d264ab92c9538081758b],
PUP.Optional.OpenCandy.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\OpenCandy\D68CE7399FFE4F18BA7B04EA879FABB5\dlm.exe.vir, , [d5c598b45e1d68ce74c9c7551fe2c33d],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\OpenCandy\D68CE7399FFE4F18BA7B04EA879FABB5\SSStub_SearchProtect_p1v0.exe.vir, , [9109ee5e80fb65d1384345d47d840bf5],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe.vir, , [c9d137154b3076c066aaaa88669af50b],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Users\Aurelio\AppData\Roaming\SupTab\SupTab.dll.vir, , [752596b6b4c775c1c08d45f0c23ece32],
PUP.Optional.InstallCore, C:\Users\Aurelio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQMMV61T\samsung-kies-3214034-12-32-bits.exe, , [d9c129232e4dd75f466adf4de51f936d],

Physical Sectors: 0
(No malicious items detected)


(end)

 Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Aurelio on 03/05/2014 at 0:32:58,10.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aurelio\AppData\Local\Temp\Rar$EXa0.824\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

03/05/2014 00:34:07 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Aurelio\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\WPM deleted
C:\PROGRA~3\baidu deleted
C:\Users\Aurelio\AppData\Local\funmoods_2.3.8.crx deleted
C:\Users\Aurelio\AppData\Local\VLC Links deleted
C:\Users\Aurelio\AppData\Local\cache deleted
C:\Users\Aurelio\AppData\LocalLow\Plus-HD-1.3 deleted
C:\windows\SysNative\tasks\Funmoods Chat deleted
C:\Users\wangzhisong deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Users\Aurelio\AppData\Roaming\unins000.exe deleted
C:\Users\Aurelio\AppData\Roaming\Mozilla\Extensions\seesimilar02@SeeSimilar.com deleted
C:\Users\Aurelio\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com deleted
"C:\Users\Aurelio\AppData\Roaming\rmi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [05/09/2013 16:12]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"onlinetv@helper.com"="C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.xpi" [27/03/2014 12:14]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
mihecgifecjdmjjmkgnobfpladefgige - C:\Users\Aurelio\AppData\Local\VLC Links\extension.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[11/11/2013 16:46]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{3C8D6E72-587F-4D23-86E6-15A49ED22FDF} Unknown Url="Not_Found"
{62EA056F-91C7-1A35-0FF4-2A215BF6338B} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3C8D6E72-587F-4D23-86E6-15A49ED22FDF} deleted successfully
HKEY_USERS\S-1-5-21-2952356932-1996913521-2274159354-1000\Software\Microsoft\Internet Explorer\SearchScopes\{62EA056F-91C7-1A35-0FF4-2A215BF6338B} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Aurelio\Desktop\Diversos.lnk - C:\Users\Aurelio\Documents\Nova pasta
C:\Users\Aurelio\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Aurelio\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Aurelio\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual da consola do RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Uninstall Kies 3.lnk - C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe /removeonly
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual da consola do RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Iniciar Avira Free Antivirus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aurelio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mihecgifecjdmjjmkgnobfpladefgige deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aurelio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Aurelio\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aurelio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOEBW3FK will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=437 folders=45 13479669 bytes)

==== Empty Temp Folders ======================

C:\Users\Aurelio\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Aurelio\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Aurelio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOEBW3FK" not found

==== EOF on 03/05/2014 at 0:50:44,48 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x64
Ran by Aurelio on 03/05/2014 at 10:54:13,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.5.3.51 - Nicolas Coolman  (03/05/2014)
~ Iniciado por Aurelio (03/05/2014 11:28:31)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17105 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6038 MB (72% free)
System Restore: Activé (Enable)
System drive C: has 866 GB (93%) free of 922 GB

---\\ Modo de conexão ao sistema
~ Computer Name: AURELIO-PC
~ User Name: Aurelio
~ All Users Names: Convidado, Aurelio, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Aurelio\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Aurelio\AppData\Roaming\
~ %Desktop% : C:\Users\Aurelio\Desktop\
~ %Favorites% : C:\Users\Aurelio\Favorites\
~ %LocalAppData% : C:\Users\Aurelio\AppData\Local\
~ %StartMenu% : C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 866 Go of 922 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.06/07/2011 - 18:34:56.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.06/07/2011 - 18:36:49.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/91
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/350
~ Mon Bureau (My Desktop) : 1/705
~ Menu demarrer (Programs) : 1/6
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processos lançados
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe   [6963512] [PID.2028]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [20922016] [PID.2452]
[MD5.C0B97E53A0E39A48EEA2DCD500EEA07A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe   [283160] [PID.2920]
[MD5.F8077BAF8969C51FA9B5BF9C45CA012E] - (.PSafe - PSafe System Tray.) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe   [4163848] [PID.3040]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe   [689744] [PID.2588]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe   [295512] [PID.2652]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.2720]
[MD5.766D176C8B0187E0E2A79D58A2FC5CB0] - (.PSafe - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWDS.exe   [71680] [PID.4052]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe   [1015808] [PID.5044]
[MD5.0667ED9F8E905E1F73DB60ACCEDCBCA7] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [811728] [PID.4604]
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe   [233048] [PID.716]
[MD5.9F98821AE94E8CC78F7A5D423791B839] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe   [12971328] [PID.264]
[MD5.C155A13687144076286989EF078112C2] - (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe   [1917440] [PID.5436]
[MD5.01AA7A063ADF05C9217A1BDF901DFBAC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7868416] [PID.5756]
[MD5.6DE9AC13D76238AD7427E5453C8ECC54] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe   [519224] [PID.804]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe   [440400] [PID.1260]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe   [440400] [PID.1432]
[MD5.0E08BDD7326E657D59DB40BAD23D8169] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe   [1809720] [PID.1580]
[MD5.A8E7F3DB083EB0839DFC1C763CDD2594] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe   [857912] [PID.1928]
[MD5.41D6A19EE0EF3E1EF48B58A5CD8A200C] - (.PSafe - PSafe CategoryFinder.) -- C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe   [1259784] [PID.2020]
[MD5.0D00F10067084BAEF93E26C126BADAF0] - (.PSafe S/A - PSafe-SVC.) -- C:\Program Files (x86)\PSafe\PSafesvc.exe   [1722120] [PID.1176]
[MD5.68271BE9A8893FF5425F29786C361763] - (.PSafe - PSafeWD.) -- C:\Program Files (x86)\PSafe\PSafeWD.exe   [250632] [PID.2160]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.2180]
[MD5.090377B289C00EE8B041FDA2D8699C87] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe   [48640] [PID.3868]
[MD5.B25F192EA1F84A316EB7C19EFCCCF33D] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe   [13336] [PID.3764]
[MD5.97F6FFB8A305A77D25C6C0E07B71D252] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe   [5024576] [PID.4968]
[MD5.02CF67DC188222A92ED8818F7224442C] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe   [238400] [PID.4840]
~ Processes Running:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: onlinetv [64Bits] - {e6668de8-50bb-4ee3-9b43-cee14e6944fb} . (.onlinetv Company - onlinetv.) -- C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [PSafeSysTray] . (.PSafe - PSafe System Tray.) -- C:\Program Files (x86)\PSafe\PSafeSysTray.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe   =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2952356932-1996913521-2274159354-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2952356932-1996913521-2274159354-1000\..\RunOnce: [Uninstall C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
~ Application:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS2\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.4.0.146 189.4.0.141
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: PSafeLockBoxSvc (PSafeLockBoxSvc) . (.PSafe - PSafe CategoryFinder.) - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
O23 - Service: PSafeSVC (PSafeSVC) . (.PSafe S/A - PSafe-SVC.) - C:\Program Files (x86)\PSafe\PSafesvc.exe
O23 - Service: PSafeWD (PSafeWD) . (.PSafe - PSafeWD.) - C:\Program Files (x86)\PSafe\PSafeWD.exe
~ Services: 13 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AffiliatedUpdate] (...) -- C:\Users\Aurelio\AppData\Roaming\AFFILI~1\UPDATE~1\UPDATE~1.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [PCHelpers1st] (...) -- C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe (.not file.)   [0]  =>PUP.OptimizerEliteMax
[MD5.00000000000000000000000000000000] [APT] [PCHelpers_period] (...) -- C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe (.not file.)   [0]  =>PUP.OptimizerEliteMax
[MD5.00000000000000000000000000000000] [APT] [{536165F4-8E31-479A-8333-ACE95D754BBC}] (...) -- C:\Users\Aurelio\AppData\Roaming\awesomehp\UninstallManager.exe (.not file.)   [0]  =>PUP.Awesomehp
[MD5.00000000000000000000000000000000] [APT] [{C870FDBC-11E5-4358-BB7E-04730A92E7B7}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.)   [0]  =>Adware.BDSearch
[MD5.75527EA7A3B425057B56A6ED32235A49] [APT] [{F0F0D852-7318-451F-A305-345576FC0FA4}] (.CAIXA.) -- C:\Users\Aurelio\Downloads\iGBPCEFsf.exe   [2546504]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT: AffiliatedUpdate - (...) -- C:\Windows\Tasks\AffiliatedUpdate.job   [300]
O39 - APT: AffiliatedUpdate - (...) -- C:\Windows\System32\Tasks\AffiliatedUpdate   [300]
O39 - APT:  - (..) -- C:\Windows\Tasks\Funmoods Chat.job   [300]  =>PUP.Funmoods
O39 - APT: PCHelpers1st - (...) -- C:\Windows\Tasks\PCHelpers1st.job   [304]  =>PUP.OptimizerEliteMax
O39 - APT: PCHelpers1st - (...) -- C:\Windows\System32\Tasks\PCHelpers1st   [304]  =>PUP.OptimizerEliteMax
O39 - APT: PCHelpers_period - (...) -- C:\Windows\Tasks\PCHelpers_period.job   [304]  =>PUP.OptimizerEliteMax
O39 - APT: PCHelpers_period - (...) -- C:\Windows\System32\Tasks\PCHelpers_period   [304]  =>PUP.OptimizerEliteMax
~ Scheduled Task: 15 Legitimates Filtered in 00mn 01s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver:  (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver:  (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver:  (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\FMChat]
[HKCU\Software\GbAs]
[HKCU\Software\PriceMeterUpdater]  =>PUP.PriceMeter
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\HD Streamer]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]  =>Adware.BDSearch
[HKLM\Software\Wow6432Node\SPCP]
[HKLM\Software\Wow6432Node\Universal]
~ Key Software: 184 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/11/2013 - 13:03:37 - [] ----D C:\Program Files (x86)\Baidu Security  =>Adware.BDSearch
O43 - CFD: 15/03/2014 - 16:25:51 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 02/05/2014 - 00:35:17 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 03/09/2012 - 19:21:37 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 23/06/2013 - 14:36:57 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 27/03/2014 - 12:14:56 - [] ----D C:\ProgramData\Baidu Security  =>Adware.BDSearch
O43 - CFD: 03/09/2012 - 19:20:39 - [] ----D C:\ProgramData\Vivo
O43 - CFD: 10/10/2013 - 10:55:09 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 20/02/2014 - 22:47:58 - [0] ----D C:\Users\Aurelio\AppData\Roaming\80B07AD4
O43 - CFD: 29/11/2013 - 13:04:12 - [] ----D C:\Users\Aurelio\AppData\Roaming\Baidu Security  =>Adware.BDSearch
O43 - CFD: 02/05/2014 - 00:35:17 - [0] ----D C:\Users\Aurelio\AppData\Roaming\FunmoodsChat  =>PUP.Funmoods
~ Program Folder: 170 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/05/2014 - 15:16:02 ---A- . (...) -- C:\autoexec.bat   [0]
O44 - LFC:[MD5.B40998C5BE901002C33964892A5A8101] - 02/05/2014 - 01:30:49 ---A- . (...) -- C:\virus.txt   [2825]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 03/05/2014 - 00:32:49 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.9F67594FAD36AD5F6E01A8C9E1F1746B] - 03/05/2014 - 00:50:44 ---A- . (...) -- C:\zoek-results.log   [18047]
O44 - LFC:[MD5.7EFD5D57BDF90C236AAD5BE1DE9477C5] - 03/05/2014 - 11:08:34 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [147638]
O44 - LFC:[MD5.0B89C4E6A74B5BF759855B487782D68A] - 03/05/2014 - 11:08:34 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [705798]
~ Files: 25 Legitimates Filtered in 00mn 01s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:18/03/2014 - 22:27:24 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [109056]
O58 - SDL:18/03/2014 - 22:27:24 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [206080]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:27/03/2014 - 21:12:39 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys   [61120]  =>PUP.LinkiDoo
O58 - SDL:15/03/2014 - 10:26:54 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys   [31088]
~ Drivers: 61 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4547C099BA26A4144D6044315AC57DCC] [SPRF][11/11/2013] (...) -- C:\Users\Aurelio\AppData\Roaming\unins000.dat   [17526]
[MD5.A8DDCC18FC3706A5752713E9CC05A0BD] [SPRF][01/05/2014] (...) -- C:\Users\Aurelio\Desktop\adwcleaner.exe   [1310621]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico  =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0A517BFDBF16092D7D813FAA69BB7F65] [WIS][09/02/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\1d2b4d.msi   [1712128]  =>Adware.IncrediBar
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\b39709.msi   [4771840]  =>Toolbar.Bing
~ WIS: 2 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32  =>Adware.PUP.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS  =>Adware.PUP.NewPlayer
HKLM\SOFTWARE\Microsoft\Tracing\signup wizard_RASAPI32  =>PUP.JDIBackup
HKLM\SOFTWARE\Microsoft\Tracing\signup wizard_RASMANCS  =>PUP.JDIBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASAPI32  =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASMANCS  =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASAPI32  =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASMANCS  =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASAPI32  =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASMANCS  =>PUP.MovieMode
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32  =>Adware.PUP.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS  =>Adware.PUP.NewPlayer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASAPI32  =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASMANCS  =>PUP.BrowseSmart
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASAPI32  =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASMANCS  =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLinkSwift_RASAPI32  =>PUP.LinkSwift
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLinkSwift_RASMANCS  =>PUP.LinkSwift
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASAPI32  =>PUP.Storimbo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASMANCS  =>PUP.Storimbo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFortunitas_RASAPI32  =>PUP.Fortunitas
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFortunitas_RASMANCS  =>PUP.Fortunitas
~ BTK: 218 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 01/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 13/03/2014 1017424 |  (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Auto 21/10/2011 196176 |  (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe  =>Toolbar.Bing
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 13/03/2014 440400 |  (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/03/2014 440400 |  (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 12/07/2012 48640 |  (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe
SR - | Auto 13/10/2011 249648 |  (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe  =>Toolbar.Bing
SR - | Auto 25/03/2014 519224 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 13/09/2010 13336 |  (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 03/04/2014 1809720 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 18/05/2012 1259784 |  (PSafeLockBoxSvc) . (.PSafe.) - C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe
SR - | Auto 18/05/2012 1722120 |  (PSafeSVC) . (.PSafe S/A.) - C:\Program Files (x86)\PSafe\PSafesvc.exe
SR - | Auto 18/05/2012 250632 |  (PSafeWD) . (.PSafe.) - C:\Program Files (x86)\PSafe\PSafeWD.exe
SR - | Auto 14/08/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 25/04/2014 5024576 |  (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13045 - (03/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 4
Fichiers trouvés  (Files found) : 13

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply]   =>PUP.DealPly
C:\Program Files (x86)\Baidu Security   =>Adware.BDSearch^
C:\ProgramData\Baidu Security   =>Adware.BDSearch^
C:\Users\Aurelio\AppData\Roaming\Baidu Security   =>Adware.BDSearch^
C:\Users\Aurelio\AppData\Roaming\FunmoodsChat   =>PUP.Funmoods^
C:\Windows\Tasks\Funmoods Chat.job   =>PUP.Funmoods^
C:\Windows\Tasks\PCHelpers1st.job   =>PUP.OptimizerEliteMax^
C:\Windows\System32\Tasks\PCHelpers1st   =>PUP.OptimizerEliteMax^
C:\Windows\Tasks\PCHelpers_period.job   =>PUP.OptimizerEliteMax^
C:\Windows\System32\Tasks\PCHelpers_period   =>PUP.OptimizerEliteMax^
[HKCU\Software\Baidu Security]   =>Adware.BDSearch^
[HKCU\Software\PriceMeterUpdater]   =>PUP.PriceMeter^
[HKLM\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]   =>Adware.BDSearch^
C:\Windows\Installer\1d2b4d.msi   =>Adware.IncrediBar^
C:\Windows\Installer\b39709.msi   =>Toolbar.Bing^
C:\Users\Aurelio\Downloads\flvmplayer.exe   =>PUP.Offerware
~ Additionnel Scan: 211509 Items scanned in 00mn 16s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.OptimizerEliteMax
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Awesomehp
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.PriceMeter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.IncrediBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.MyPCBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Fortunitas
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Melondrea
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.BrowseSmart
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.LinkSwift
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Storimbo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Tarma
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.DealPly
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Offerware
~ MSI: 16 link(s) detected in 00mn 00s



~ 777 Legitimates filtered by white list
End of the scan (495 lines in 00mn 40s)(0)

 Há dois antivirus constando em seu PC: Avira e Psafe. Isto causa lentidão no PC e pode causar conflitos entre eles. Sugiro que desinstale o Psafe e fique só com o Avira. E sugiro também que configure o Avira seguindo as dicas destes tutoriais abaixo para que ele fique mais eficiente:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_________________________________________________________________________________________________________

 Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em azul abaixo para ser analisado:

C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.dll

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o log do ZHPFix pedido abaixo.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
____________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Aurelio at 03/05/2014 18:58:25
High Elevated Privileges : OK
Windows Vista Home Basic Edition, 64-bit  (Build 6000)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\Aurelio\Downloads\flvmplayer.exe

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\PriceMeterUpdater
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\signup wizard_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\signup wizard_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Fortunitas_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieModeService_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MovieMode_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLinkSwift_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateLinkSwift_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateStorimbo_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFortunitas_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFortunitas_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ:* HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\tasks\funmoods chat.job
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlibg64.sys
ELIMINÉ: C:\Windows\Installer\1d2b4d.msi
ELIMINÉ Temporários windows (126) (4.968.457 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: AffiliatedUpdate
ELIMINÉ: PCHelpers1st
ELIMINÉ: PCHelpers_period
ELIMINÉ: {536165F4-8E31-479A-8333-ACE95D754BBC}
ELIMINÉ: {C870FDBC-11E5-4358-BB7E-04730A92E7B7}
ELIMINÉ: {F0F0D852-7318-451F-A305-345576FC0FA4}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Processo memória
43 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
6 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 40s

========== Caminho do ficheiro do relatório ==========
C:\Users\Aurelio\AppData\Roaming\ZHP\ZHPFix[R1].txt - 03/05/2014 18:58:28 [4624]

No Virus Total está constando que o nome do arquivo enviado foi o file-6798366_dll, mas o arquivo que seria escaneado seria este:
C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.dll

Você tem certeza que enviou o arquivo correto?
____________________________________________________________________________

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Oi Power!!
Fiz a consulta novamente ao VIRUS TOTAL...

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Segue o LOG com as informações...




~ Relatório do ZHPDiag v2014.5.3.52 - Nicolas Coolman  (03/05/2014)
~ Iniciado por Aurelio (03/05/2014 19:58:14)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17105 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6038 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 867 GB (94%) free of 922 GB

---\\ Modo de conexão ao sistema
~ Computer Name: AURELIO-PC
~ User Name: Aurelio
~ All Users Names: Convidado, Aurelio, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Aurelio\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Aurelio\AppData\Roaming\
~ %Desktop% : C:\Users\Aurelio\Desktop\
~ %Favorites% : C:\Users\Aurelio\Favorites\
~ %LocalAppData% : C:\Users\Aurelio\AppData\Local\
~ %StartMenu% : C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 867 Go of 922 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.06/07/2011 - 18:34:56.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.06/07/2011 - 18:36:49.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/91
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/350
~ Mon Bureau (My Desktop) : 1/707
~ Menu demarrer (Programs) : 1/6
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processos lançados
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe   [6963512] [PID.2120]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [20922016] [PID.2372]
[MD5.C0B97E53A0E39A48EEA2DCD500EEA07A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe   [283160] [PID.1272]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe   [689744] [PID.2504]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe   [295512] [PID.2672]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.2528]
[MD5.9F98821AE94E8CC78F7A5D423791B839] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe   [12971328] [PID.2608]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe   [1015808] [PID.4428]
[MD5.0667ED9F8E905E1F73DB60ACCEDCBCA7] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe   [811728] [PID.736]
[MD5.DDBE89226D55D694F1B7B3DD0C324640] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe   [233048] [PID.5968]
[MD5.E948B39B496BE1302E974DEBB3ED51D2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7869440] [PID.21468]
[MD5.6DE9AC13D76238AD7427E5453C8ECC54] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe   [519224] [PID.796]
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe   [440400] [PID.1256]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe   [440400] [PID.1588]
[MD5.0E08BDD7326E657D59DB40BAD23D8169] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe   [1809720] [PID.1800]
[MD5.A8E7F3DB083EB0839DFC1C763CDD2594] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe   [857912] [PID.672]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.1872]
[MD5.97F6FFB8A305A77D25C6C0E07B71D252] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe   [5024576] [PID.2144]
[MD5.02CF67DC188222A92ED8818F7224442C] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe   [238400] [PID.4532]
[MD5.090377B289C00EE8B041FDA2D8699C87] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe   [48640] [PID.4172]
[MD5.B25F192EA1F84A316EB7C19EFCCCF33D] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe   [13336] [PID.4772]
~ Processes Running:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: onlinetv [64Bits] - {e6668de8-50bb-4ee3-9b43-cee14e6944fb} . (.onlinetv Company - onlinetv.) -- C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe   =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2952356932-1996913521-2274159354-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2952356932-1996913521-2274159354-1000\..\RunOnce: [Uninstall C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
~ Application:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CS2\Services\Tcpip\..\{040C7364-D564-49E9-9E88-DB629CA3B10B}: DhcpNameServer = 189.4.0.146 189.4.0.141
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.4.0.146 189.4.0.141
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 10 Legitimates Filtered in 00mn 04s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver:  (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver:  (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver:  (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 71 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\FMChat]
[HKCU\Software\GbAs]
[HKLM\Software\HD Streamer]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\SPCP]
[HKLM\Software\Wow6432Node\Universal]
~ Key Software: 177 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/03/2014 - 16:25:51 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 02/05/2014 - 00:35:17 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 03/09/2012 - 19:21:37 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 23/06/2013 - 14:36:57 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 03/09/2012 - 19:20:39 - [] ----D C:\ProgramData\Vivo
O43 - CFD: 10/10/2013 - 10:55:09 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 20/02/2014 - 22:47:58 - [0] ----D C:\Users\Aurelio\AppData\Roaming\80B07AD4
~ Program Folder: 164 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/05/2014 - 15:16:02 ---A- . (...) -- C:\autoexec.bat   [0]
O44 - LFC:[MD5.B40998C5BE901002C33964892A5A8101] - 02/05/2014 - 01:30:49 ---A- . (...) -- C:\virus.txt   [2825]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 03/05/2014 - 00:32:49 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.9F67594FAD36AD5F6E01A8C9E1F1746B] - 03/05/2014 - 00:50:44 ---A- . (...) -- C:\zoek-results.log   [18047]
O44 - LFC:[MD5.7EFD5D57BDF90C236AAD5BE1DE9477C5] - 03/05/2014 - 18:52:59 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [147638]
O44 - LFC:[MD5.0B89C4E6A74B5BF759855B487782D68A] - 03/05/2014 - 18:52:59 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [705798]
~ Files: 25 Legitimates Filtered in 00mn 26s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:18/03/2014 - 22:27:24 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [109056]
O58 - SDL:18/03/2014 - 22:27:24 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [206080]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:27/03/2014 - 21:12:39 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys   [61120]  =>PUP.LinkiDoo
O58 - SDL:15/03/2014 - 10:26:54 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys   [31088]
~ Drivers: 61 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4547C099BA26A4144D6044315AC57DCC] [SPRF][11/11/2013] (...) -- C:\Users\Aurelio\AppData\Roaming\unins000.dat   [17526]
[MD5.A8DDCC18FC3706A5752713E9CC05A0BD] [SPRF][01/05/2014] (...) -- C:\Users\Aurelio\Desktop\adwcleaner.exe   [1310621]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico  =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\b39709.msi   [4771840]  =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 02s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 01/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 13/03/2014 1017424 |  (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SS - | Auto 21/10/2011 196176 |  (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe  =>Toolbar.Bing
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 13/03/2014 440400 |  (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/03/2014 440400 |  (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 12/07/2012 48640 |  (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe
SR - | Auto 13/10/2011 249648 |  (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe  =>Toolbar.Bing
SR - | Auto 25/03/2014 519224 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 13/09/2010 13336 |  (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 03/04/2014 1809720 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 14/08/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 25/04/2014 5024576 |  (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13045 - (03/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 1

C:\Windows\Installer\b39709.msi   =>Toolbar.Bing^
~ Additionnel Scan: 210876 Items scanned in 00mn 16s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.LinkiDoo
~ MSI: 1 link(s) detected in 00mn 00s



~ 741 Legitimates filtered by white list
End of the scan (389 lines in 01mn 11s)(0)

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Aurelio at 03/05/2014 20:53:05
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlibg64.sys
ELIMINÉ Temporários windows (4) (883 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
6 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 17s

========== Caminho do ficheiro do relatório ==========
C:\Users\Aurelio\AppData\Roaming\ZHP\ZHPFix[R1].txt - 03/05/2014 18:58:28 [4706]
C:\Users\Aurelio\AppData\Roaming\ZHP\ZHPFix[R2].txt - 03/05/2014 20:45:56 [1476]
C:\Users\Aurelio\AppData\Roaming\ZHP\ZHPFix[R3].txt - 03/05/2014 20:53:09 [1262]

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Aurelio (administrator) on AURELIO-PC on 03-05-2014 22:31:37
Running from C:\Users\Aurelio\Desktop
Windows 7 Home Basic Service Pack 1 (X64) OS Language: Portuguese Brazilian
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) =================

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Positivo Informática) C:\Program Files\Positivo Informática\Recovery\Recovery2.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Positivo Informática S.A.) C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe
(Positivo Informática S.A.) C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe
(Positivo Informática S.A.) C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_206_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartUpManagerPositivo] => C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe [171520 2012-03-01] ()
HKLM\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-11-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2952356932-1996913521-2274159354-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2952356932-1996913521-2274159354-1000\...\RunOnce: [Uninstall C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aurelio\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-2952356932-1996913521-2274159354-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Assistente para criação de disco de recuperação.lnk
ShortcutTarget: Assistente para criação de disco de recuperação.lnk -> C:\Program Files\Positivo Informática\Recovery\Recovery2.exe (Positivo Informática)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: onlinetv - {e6668de8-50bb-4ee3-9b43-cee14e6944fb} - C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv64.dll (onlinetv Company)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: onlinetv - {e6668de8-50bb-4ee3-9b43-cee14e6944fb} - C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.dll (onlinetv Company)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1579848 2014-02-26] (Caixa Economica Federal)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1587768 2014-02-24] (Banco Itaú Unibanco)
Tcpip\Parameters: [DhcpNameServer] 189.4.0.146 189.4.0.141

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: gastecnologia.com.br/sf/cef - C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-05]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014-01-28]
FF HKCU\...\Firefox\Extensions: [onlinetv@helper.com] - C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.xpi
FF Extension: Online TV - C:\Users\Aurelio\AppData\Roaming\Online TV\onlinetv.xpi [2014-03-27]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Aurelio\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AppManagerService; C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe [48640 2012-07-12] (Positivo Informática S.A.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [519224 2014-03-25] (GAS Tecnologia)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 msi2500; C:\Windows\System32\DRIVERS\msi2500.sys [116352 2010-06-22] (Mirics)
R3 PositivoAudioDriverWdm; C:\Windows\System32\DRIVERS\pad.sys [69520 2012-03-06] (Positivo Informática S.A.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-03 22:31 - 2014-05-03 22:31 - 00015337 _____ () C:\Users\Aurelio\Desktop\FRST.txt
2014-05-03 22:31 - 2014-05-03 22:31 - 00000000 ____D () C:\FRST
2014-05-03 22:30 - 2014-05-03 22:30 - 02062336 _____ (Farbar) C:\Users\Aurelio\Desktop\FRST64.exe
2014-05-03 20:53 - 2014-05-03 20:53 - 00001344 _____ () C:\Users\Aurelio\Desktop\ZHPFixReport.txt
2014-05-03 18:55 - 2014-05-03 18:55 - 00001991 _____ () C:\Users\Aurelio\Desktop\ZHPFix.lnk
2014-05-03 18:55 - 2014-05-03 18:55 - 00001864 _____ () C:\Users\Aurelio\Desktop\ZHPDiag.lnk
2014-05-03 18:55 - 2014-05-03 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-03 18:54 - 2014-05-03 18:55 - 06779163 _____ (Nicolas Coolman ) C:\Users\Aurelio\Desktop\ZHPmmDiag2.exe
2014-05-03 11:27 - 2014-05-03 11:27 - 00003188 _____ () C:\Windows\System32\Tasks\{32D9EDAA-3DD5-4A53-B818-92E41550B860}
2014-05-03 11:25 - 2014-05-03 20:53 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\ZHP
2014-05-03 11:25 - 2014-05-03 20:50 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-05-03 11:07 - 2014-05-03 11:08 - 06778604 _____ (Nicolas Coolman ) C:\Users\Aurelio\Desktop\ZHPDiag2.exe
2014-05-03 10:58 - 2014-05-03 10:58 - 00000770 _____ () C:\Users\Aurelio\Desktop\JRT.txt
2014-05-03 10:54 - 2014-05-03 10:54 - 00000000 ____D () C:\Windows\ERUNT
2014-05-03 10:53 - 2014-05-03 10:53 - 01016261 _____ (Thisisu) C:\Users\Aurelio\Desktop\JRT.exe
2014-05-03 08:31 - 2014-04-29 11:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 08:31 - 2014-04-29 10:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 08:31 - 2014-04-29 09:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 08:31 - 2014-04-29 09:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-03 00:41 - 2014-05-03 00:32 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-03 00:33 - 2014-05-03 00:50 - 00018047 _____ () C:\zoek-results.log
2014-05-03 00:30 - 2014-05-03 00:30 - 04095370 _____ () C:\Users\Aurelio\Desktop\zoek.zip
2014-05-02 21:49 - 2014-05-03 00:40 - 00000000 ____D () C:\zoek_backup
2014-05-02 21:49 - 2014-05-02 21:50 - 01285120 _____ () C:\Users\Aurelio\Downloads\zoek.exe
2014-05-02 08:06 - 2014-05-03 20:48 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2952356932-1996913521-2274159354-1000
2014-05-02 03:00 - 2014-05-02 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 01:31 - 2014-05-03 18:33 - 00007264 _____ () C:\Users\Aurelio\Desktop\virus2.txt
2014-05-02 01:30 - 2014-05-02 01:30 - 00002825 _____ () C:\virus.txt
2014-05-02 00:22 - 2014-05-02 00:22 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 00:22 - 2014-05-02 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 00:22 - 2014-05-02 00:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-02 00:22 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-02 00:22 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-02 00:22 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-01 23:19 - 2014-05-01 23:29 - 01310621 _____ () C:\Users\Aurelio\Downloads\adwcleaner (3).exe
2014-05-01 23:18 - 2014-05-01 23:18 - 01310621 _____ () C:\Users\Aurelio\Desktop\adwcleaner.exe
2014-05-01 23:16 - 2014-05-01 23:16 - 01310621 _____ () C:\Users\Aurelio\Downloads\adwcleaner (2).exe
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\Users\Todos os Usuários\Samsung
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-05-01 19:34 - 2014-03-18 22:27 - 00206080 _____ (DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] C:\Windows\system32\Drivers\ssudmdm.sys
2014-05-01 19:34 - 2014-03-18 22:27 - 00109056 _____ (DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] C:\Windows\system32\Drivers\ssudbus.sys
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\Documents\My Weblog Posts
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Windows Live Writer
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\AppData\Local\Windows Live Writer
2014-05-01 18:56 - 2014-05-01 18:56 - 00001973 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-05-01 18:49 - 2014-05-01 18:56 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Samsung
2014-05-01 18:49 - 2014-05-01 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-01 18:49 - 2014-05-01 18:56 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-01 18:49 - 2014-05-01 18:52 - 00000000 ____D () C:\Users\Aurelio\AppData\Local\Downloaded Installations
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\Documents\SelfMV
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\Documents\samsung
2014-05-01 18:49 - 2014-02-25 16:48 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-05-01 18:48 - 2014-05-01 18:48 - 39500592 _____ (Samsung Electronics Co., Ltd.) C:\Users\Aurelio\Downloads\270-Kies3Setup.exe
2014-05-01 16:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-01 15:16 - 2014-05-01 15:16 - 00000000 _____ () C:\autoexec.bat
2014-05-01 15:15 - 2014-05-01 17:32 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-01 15:15 - 2014-05-01 15:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-01 15:11 - 2014-05-01 16:26 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aurelio\Downloads\SpyHunter-Installer.exe
2014-05-01 11:57 - 2014-05-01 11:56 - 02951802 _____ (InstallShield Software Corporation) C:\Users\Aurelio\Downloads\EClea2_0.exe
2014-05-01 11:32 - 2014-05-01 11:32 - 00000000 __SHD () C:\Users\Aurelio\AppData\Local\EmieUserList
2014-05-01 11:32 - 2014-05-01 11:32 - 00000000 __SHD () C:\Users\Aurelio\AppData\Local\EmieSiteList
2014-05-01 11:31 - 2014-04-13 23:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-01 11:31 - 2014-04-13 23:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-28 19:35 - 2014-04-28 19:35 - 00922448 _____ () C:\Windows\Minidump\042814-11700-01.dmp
2014-04-26 23:22 - 2014-04-26 23:22 - 00308360 _____ () C:\Users\Aurelio\Downloads\Setup (2).exe
2014-04-26 23:19 - 2014-04-26 23:30 - 00000000 ___RD () C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 17:34 - 2014-04-24 17:34 - 00462192 _____ () C:\Users\Aurelio\Downloads\Setup (1).exe
2014-04-22 15:55 - 2014-04-22 15:55 - 06747109 _____ () C:\Users\Aurelio\Downloads\HINO IGREJA.wmv
2014-04-22 14:46 - 2014-04-22 14:46 - 00126908 _____ () C:\Users\Aurelio\Documents\telos04.xps
2014-04-22 14:23 - 2014-04-22 14:23 - 00004215 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-22 14:23 - 2014-04-22 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-22 14:23 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-22 14:22 - 2014-04-22 14:22 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (3).exe
2014-04-22 14:19 - 2014-04-22 14:19 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (2).exe
2014-04-22 13:32 - 2014-04-22 13:32 - 00176473 _____ () C:\Users\Aurelio\Documents\sanepar04.xps
2014-04-22 13:28 - 2014-04-22 13:28 - 00310160 _____ () C:\Users\Aurelio\Documents\copel 05.xps
2014-04-22 13:26 - 2014-04-22 13:26 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (1).exe
2014-04-22 13:25 - 2014-04-22 13:25 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55.exe
2014-04-21 12:18 - 2014-04-21 12:18 - 00164574 _____ () C:\Users\Aurelio\Downloads\blossom.zip
2014-04-21 12:17 - 2014-04-21 12:17 - 00020128 _____ () C:\Users\Aurelio\Downloads\carolingia.zip
2014-04-21 12:16 - 2014-04-21 12:16 - 00038795 _____ () C:\Users\Aurelio\Downloads\english.zip
2014-04-21 12:16 - 2014-04-21 12:16 - 00030223 _____ () C:\Users\Aurelio\Downloads\anke_calligraphic_f.zip
2014-04-21 12:14 - 2014-04-21 12:14 - 00021473 _____ () C:\Users\Aurelio\Downloads\imitation.zip
2014-04-21 12:14 - 2014-04-21 12:14 - 00020332 _____ () C:\Users\Aurelio\Downloads\belphebe.zip
2014-04-21 12:11 - 2014-04-21 12:11 - 00039171 _____ () C:\Users\Aurelio\Downloads\saffron_too.zip
2014-04-21 12:09 - 2014-04-21 12:09 - 00028265 _____ () C:\Users\Aurelio\Downloads\adorable.zip
2014-04-21 12:08 - 2014-04-21 12:08 - 00046129 _____ () C:\Users\Aurelio\Downloads\angelina (1).zip
2014-04-21 12:07 - 2014-04-21 12:07 - 00046129 _____ () C:\Users\Aurelio\Downloads\angelina.zip
2014-04-19 23:49 - 2014-04-19 23:49 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-19 23:49 - 2014-04-19 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-19 23:27 - 2014-05-01 22:47 - 00000000 ____D () C:\Users\Aurelio\Desktop\Anna Clara
2014-04-19 21:08 - 2014-04-19 21:17 - 160702556 _____ () C:\Users\Aurelio\Downloads\Portable-CorelDRAW-X5-PT-BR.7z
2014-04-19 20:38 - 2014-04-19 20:41 - 219384716 _____ () C:\Users\Aurelio\Downloads\Corel DHRAW X5 Portable.rar
2014-04-14 08:56 - 2014-03-06 05:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-14 08:56 - 2014-03-06 05:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-14 08:56 - 2014-03-06 05:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-14 08:56 - 2014-03-06 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-14 08:55 - 2014-03-06 06:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-14 08:55 - 2014-03-06 05:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-14 08:55 - 2014-03-06 05:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-14 08:55 - 2014-03-06 05:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-14 08:55 - 2014-03-06 05:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-14 08:55 - 2014-03-06 05:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-14 08:55 - 2014-03-06 05:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-14 08:55 - 2014-03-06 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-14 08:55 - 2014-03-06 05:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-14 08:55 - 2014-03-06 05:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-14 08:55 - 2014-03-06 05:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-14 08:55 - 2014-03-06 05:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-14 08:55 - 2014-03-06 05:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-14 08:55 - 2014-03-06 05:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-14 08:55 - 2014-03-06 05:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-14 08:55 - 2014-03-06 04:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-14 08:55 - 2014-03-06 04:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-14 08:55 - 2014-03-06 04:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-14 08:55 - 2014-03-06 04:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-14 08:55 - 2014-03-06 04:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-14 08:55 - 2014-03-06 04:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-14 08:55 - 2014-03-06 04:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-14 08:55 - 2014-03-06 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-14 08:55 - 2014-03-06 04:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-14 08:55 - 2014-03-06 04:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-14 08:55 - 2014-03-06 04:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-14 08:55 - 2014-03-06 04:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-14 08:55 - 2014-03-06 04:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-14 08:55 - 2014-03-06 04:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-14 08:55 - 2014-03-06 04:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-14 08:55 - 2014-03-06 03:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-14 08:55 - 2014-03-06 03:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-14 08:55 - 2014-03-06 03:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-14 08:55 - 2014-03-06 03:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-14 08:55 - 2014-03-06 03:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-14 08:55 - 2014-03-06 02:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-14 08:55 - 2014-03-06 02:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-14 08:55 - 2014-03-06 02:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-14 08:55 - 2014-03-06 02:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-14 08:55 - 2014-03-06 02:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 18:52 - 2014-05-01 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-12 08:45 - 2014-05-03 11:13 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-04-12 08:45 - 2014-04-12 08:45 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-12 08:44 - 2014-04-12 08:44 - 06121704 _____ (TeamViewer GmbH) C:\Users\Aurelio\Downloads\TeamViewer_Setup_pt (1).exe
2014-04-10 22:40 - 2014-04-10 22:41 - 32965554 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_Atheros_8.0.0.279_W7x86W7x64_A.zip
2014-04-10 22:39 - 2014-04-10 22:46 - 399838146 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_Intel_13.0.0.107_W7x86W7x64_A.zip
2014-04-10 22:39 - 2014-04-10 22:40 - 24498508 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_liteon_9.0.0.173_W7x86_A.zip
2014-04-10 22:39 - 2014-04-10 22:39 - 02445158 _____ () C:\Users\Aurelio\Downloads\Chipset_Intel_9.1.1.1025_W7x86W7x64_A.zip
2014-04-09 19:50 - 2014-04-09 19:50 - 07106560 _____ () C:\Users\Aurelio\Downloads\estambul-bosforo (1).pps
2014-04-09 19:41 - 2014-04-09 19:41 - 07106560 _____ () C:\Users\Aurelio\Downloads\estambul-bosforo.pps
2014-04-09 16:05 - 2014-04-09 16:05 - 00170204 _____ () C:\Users\Aurelio\Documents\aguaPLesteA.xps
2014-04-08 18:26 - 2014-03-04 06:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 18:26 - 2014-03-04 06:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 18:26 - 2014-03-04 06:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 18:26 - 2014-03-04 06:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 18:26 - 2014-03-04 06:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 18:26 - 2014-03-04 06:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 18:26 - 2014-03-04 06:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 18:26 - 2014-03-04 06:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 18:26 - 2014-03-04 06:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 18:26 - 2014-03-04 05:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 18:26 - 2014-03-04 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 18:26 - 2014-02-03 23:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 18:26 - 2014-02-03 23:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 18:26 - 2014-02-03 23:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 18:26 - 2014-02-03 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 18:26 - 2014-02-03 23:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 18:26 - 2014-01-23 23:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-05-03 22:31 - 2014-05-03 22:31 - 00015337 _____ () C:\Users\Aurelio\Desktop\FRST.txt
2014-05-03 22:31 - 2014-05-03 22:31 - 00000000 ____D () C:\FRST
2014-05-03 22:30 - 2014-05-03 22:30 - 02062336 _____ (Farbar) C:\Users\Aurelio\Desktop\FRST64.exe
2014-05-03 22:28 - 2013-06-24 09:54 - 00000000 ____D () C:\Users\Todos os Usuários\GbPlugin
2014-05-03 22:28 - 2013-06-24 09:54 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-05-03 22:26 - 2014-03-29 14:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-03 22:26 - 2013-06-23 14:31 - 01792108 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 22:07 - 2014-03-15 16:02 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-03 20:57 - 2009-07-14 01:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 20:57 - 2009-07-14 01:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 20:54 - 2011-04-12 10:40 - 00705798 _____ () C:\Windows\system32\prfh0416.dat
2014-05-03 20:54 - 2011-04-12 10:40 - 00147638 _____ () C:\Windows\system32\prfc0416.dat
2014-05-03 20:54 - 2009-07-14 02:13 - 01635826 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-03 20:53 - 2014-05-03 20:53 - 00001344 _____ () C:\Users\Aurelio\Desktop\ZHPFixReport.txt
2014-05-03 20:53 - 2014-05-03 11:25 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\ZHP
2014-05-03 20:50 - 2014-05-03 11:25 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-05-03 20:48 - 2014-05-02 08:06 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2952356932-1996913521-2274159354-1000
2014-05-03 20:48 - 2014-03-29 09:26 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2952356932-1996913521-2274159354-1000
2014-05-03 20:48 - 2014-03-12 10:05 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Skype
2014-05-03 20:47 - 2010-11-21 00:47 - 00594438 _____ () C:\Windows\PFRO.log
2014-05-03 20:47 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 20:47 - 2009-07-14 01:51 - 00092677 _____ () C:\Windows\setupact.log
2014-05-03 18:55 - 2014-05-03 18:55 - 00001991 _____ () C:\Users\Aurelio\Desktop\ZHPFix.lnk
2014-05-03 18:55 - 2014-05-03 18:55 - 00001864 _____ () C:\Users\Aurelio\Desktop\ZHPDiag.lnk
2014-05-03 18:55 - 2014-05-03 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-05-03 18:55 - 2014-05-03 18:54 - 06779163 _____ (Nicolas Coolman ) C:\Users\Aurelio\Desktop\ZHPmmDiag2.exe
2014-05-03 18:33 - 2014-05-02 01:31 - 00007264 _____ () C:\Users\Aurelio\Desktop\virus2.txt
2014-05-03 11:27 - 2014-05-03 11:27 - 00003188 _____ () C:\Windows\System32\Tasks\{32D9EDAA-3DD5-4A53-B818-92E41550B860}
2014-05-03 11:13 - 2014-04-12 08:45 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-03 11:08 - 2014-05-03 11:07 - 06778604 _____ (Nicolas Coolman ) C:\Users\Aurelio\Desktop\ZHPDiag2.exe
2014-05-03 11:02 - 2013-06-23 14:36 - 00000000 ____D () C:\Users\Aurelio\PSafe
2014-05-03 10:58 - 2014-05-03 10:58 - 00000770 _____ () C:\Users\Aurelio\Desktop\JRT.txt
2014-05-03 10:54 - 2014-05-03 10:54 - 00000000 ____D () C:\Windows\ERUNT
2014-05-03 10:53 - 2014-05-03 10:53 - 01016261 _____ (Thisisu) C:\Users\Aurelio\Desktop\JRT.exe
2014-05-03 00:50 - 2014-05-03 00:33 - 00018047 _____ () C:\zoek-results.log
2014-05-03 00:40 - 2014-05-02 21:49 - 00000000 ____D () C:\zoek_backup
2014-05-03 00:32 - 2014-05-03 00:41 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-03 00:30 - 2014-05-03 00:30 - 04095370 _____ () C:\Users\Aurelio\Desktop\zoek.zip
2014-05-02 21:50 - 2014-05-02 21:49 - 01285120 _____ () C:\Users\Aurelio\Downloads\zoek.exe
2014-05-02 03:00 - 2014-05-02 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 01:30 - 2014-05-02 01:30 - 00002825 _____ () C:\virus.txt
2014-05-02 00:37 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\Speech
2014-05-02 00:35 - 2014-02-21 17:37 - 00000000 ____D () C:\Program Files (x86)\RBM
2014-05-02 00:22 - 2014-05-02 00:22 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-02 00:22 - 2014-05-02 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-02 00:22 - 2014-05-02 00:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 23:30 - 2014-02-15 12:44 - 00000000 ____D () C:\AdwCleaner
2014-05-01 23:29 - 2014-05-01 23:19 - 01310621 _____ () C:\Users\Aurelio\Downloads\adwcleaner (3).exe
2014-05-01 23:18 - 2014-05-01 23:18 - 01310621 _____ () C:\Users\Aurelio\Desktop\adwcleaner.exe
2014-05-01 23:16 - 2014-05-01 23:16 - 01310621 _____ () C:\Users\Aurelio\Downloads\adwcleaner (2).exe
2014-05-01 22:47 - 2014-04-19 23:27 - 00000000 ____D () C:\Users\Aurelio\Desktop\Anna Clara
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\Users\Todos os Usuários\Samsung
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-01 19:34 - 2014-05-01 19:34 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\Documents\My Weblog Posts
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Windows Live Writer
2014-05-01 19:25 - 2014-05-01 19:25 - 00000000 ____D () C:\Users\Aurelio\AppData\Local\Windows Live Writer
2014-05-01 18:56 - 2014-05-01 18:56 - 00001973 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-05-01 18:56 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Samsung
2014-05-01 18:56 - 2014-05-01 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-01 18:56 - 2014-05-01 18:49 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-05-01 18:56 - 2012-09-03 18:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-01 18:52 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\AppData\Local\Downloaded Installations
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\Documents\SelfMV
2014-05-01 18:49 - 2014-05-01 18:49 - 00000000 ____D () C:\Users\Aurelio\Documents\samsung
2014-05-01 18:48 - 2014-05-01 18:48 - 39500592 _____ (Samsung Electronics Co., Ltd.) C:\Users\Aurelio\Downloads\270-Kies3Setup.exe
2014-05-01 17:54 - 2014-03-15 19:49 - 00000000 ____D () C:\Users\Aurelio\AppData\Local\Windows Live
2014-05-01 17:32 - 2014-05-01 15:15 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-01 16:27 - 2013-06-23 14:34 - 00000000 ____D () C:\Users\Aurelio
2014-05-01 16:26 - 2014-05-01 15:11 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aurelio\Downloads\SpyHunter-Installer.exe
2014-05-01 15:16 - 2014-05-01 15:16 - 00000000 _____ () C:\autoexec.bat
2014-05-01 15:15 - 2014-05-01 15:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-01 13:10 - 2014-03-15 16:02 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-01 13:10 - 2013-07-19 13:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 13:10 - 2013-07-19 13:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 11:56 - 2014-05-01 11:57 - 02951802 _____ (InstallShield Software Corporation) C:\Users\Aurelio\Downloads\EClea2_0.exe
2014-05-01 11:38 - 2014-04-13 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-01 11:33 - 2013-06-23 14:52 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-01 11:32 - 2014-05-01 11:32 - 00000000 __SHD () C:\Users\Aurelio\AppData\Local\EmieUserList
2014-05-01 11:32 - 2014-05-01 11:32 - 00000000 __SHD () C:\Users\Aurelio\AppData\Local\EmieSiteList
2014-05-01 11:29 - 2013-09-13 15:29 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-05-01 11:29 - 2013-09-13 15:29 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-04-29 11:01 - 2014-05-03 08:31 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 10:40 - 2014-05-03 08:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 09:48 - 2014-05-03 08:31 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 09:34 - 2014-05-03 08:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 19:35 - 2014-04-28 19:35 - 00922448 _____ () C:\Windows\Minidump\042814-11700-01.dmp
2014-04-28 19:35 - 2013-07-19 09:52 - 277254306 _____ () C:\Windows\MEMORY.DMP
2014-04-28 19:35 - 2013-07-19 09:52 - 00000000 ____D () C:\Windows\Minidump
2014-04-26 23:30 - 2014-04-26 23:19 - 00000000 ___RD () C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-26 23:22 - 2014-04-26 23:22 - 00308360 _____ () C:\Users\Aurelio\Downloads\Setup (2).exe
2014-04-24 17:34 - 2014-04-24 17:34 - 00462192 _____ () C:\Users\Aurelio\Downloads\Setup (1).exe
2014-04-22 15:55 - 2014-04-22 15:55 - 06747109 _____ () C:\Users\Aurelio\Downloads\HINO IGREJA.wmv
2014-04-22 14:46 - 2014-04-22 14:46 - 00126908 _____ () C:\Users\Aurelio\Documents\telos04.xps
2014-04-22 14:24 - 2013-10-23 20:08 - 00000000 ____D () C:\Users\Todos os Usuários\Oracle
2014-04-22 14:24 - 2013-10-23 20:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-22 14:23 - 2014-04-22 14:23 - 00004215 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-22 14:23 - 2014-04-22 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-22 14:23 - 2013-10-23 20:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-22 14:22 - 2014-04-22 14:22 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (3).exe
2014-04-22 14:19 - 2014-04-22 14:19 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (2).exe
2014-04-22 13:32 - 2014-04-22 13:32 - 00176473 _____ () C:\Users\Aurelio\Documents\sanepar04.xps
2014-04-22 13:28 - 2014-04-22 13:28 - 00310160 _____ () C:\Users\Aurelio\Documents\copel 05.xps
2014-04-22 13:26 - 2014-04-22 13:26 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55 (1).exe
2014-04-22 13:25 - 2014-04-22 13:25 - 00921512 _____ (Oracle Corporation) C:\Users\Aurelio\Downloads\chromeinstall-7u55.exe
2014-04-22 09:41 - 2013-06-23 14:36 - 00116408 _____ () C:\Users\Aurelio\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-22 09:40 - 2009-07-14 01:45 - 00450088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 12:18 - 2014-04-21 12:18 - 00164574 _____ () C:\Users\Aurelio\Downloads\blossom.zip
2014-04-21 12:17 - 2014-04-21 12:17 - 00020128 _____ () C:\Users\Aurelio\Downloads\carolingia.zip
2014-04-21 12:16 - 2014-04-21 12:16 - 00038795 _____ () C:\Users\Aurelio\Downloads\english.zip
2014-04-21 12:16 - 2014-04-21 12:16 - 00030223 _____ () C:\Users\Aurelio\Downloads\anke_calligraphic_f.zip
2014-04-21 12:14 - 2014-04-21 12:14 - 00021473 _____ () C:\Users\Aurelio\Downloads\imitation.zip
2014-04-21 12:14 - 2014-04-21 12:14 - 00020332 _____ () C:\Users\Aurelio\Downloads\belphebe.zip
2014-04-21 12:11 - 2014-04-21 12:11 - 00039171 _____ () C:\Users\Aurelio\Downloads\saffron_too.zip
2014-04-21 12:09 - 2014-04-21 12:09 - 00028265 _____ () C:\Users\Aurelio\Downloads\adorable.zip
2014-04-21 12:08 - 2014-04-21 12:08 - 00046129 _____ () C:\Users\Aurelio\Downloads\angelina (1).zip
2014-04-21 12:07 - 2014-04-21 12:07 - 00046129 _____ () C:\Users\Aurelio\Downloads\angelina.zip
2014-04-20 10:09 - 2013-06-24 11:07 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-04-19 23:49 - 2014-04-19 23:49 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-19 23:49 - 2014-04-19 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-19 23:49 - 2013-06-24 11:08 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-19 21:17 - 2014-04-19 21:08 - 160702556 _____ () C:\Users\Aurelio\Downloads\Portable-CorelDRAW-X5-PT-BR.7z
2014-04-19 20:54 - 2014-03-27 12:14 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-04-19 20:49 - 2013-10-06 13:45 - 00000029 _____ () C:\Windows\SysWOW64\config.ini
2014-04-19 20:41 - 2014-04-19 20:38 - 219384716 _____ () C:\Users\Aurelio\Downloads\Corel DHRAW X5 Portable.rar
2014-04-14 20:13 - 2013-10-23 20:08 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-22 14:23 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2013-10-23 20:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2013-10-23 20:08 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 11:17 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 03:31 - 2013-06-23 19:41 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-04-13 23:24 - 2014-05-01 11:31 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-13 23:19 - 2014-05-01 11:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 19:53 - 2013-11-17 22:27 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\MacromediaFlesh
2014-04-12 08:46 - 2014-02-23 14:41 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\TeamViewer
2014-04-12 08:45 - 2014-04-12 08:45 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-04-12 08:44 - 2014-04-12 08:44 - 06121704 _____ (TeamViewer GmbH) C:\Users\Aurelio\Downloads\TeamViewer_Setup_pt (1).exe
2014-04-10 22:46 - 2014-04-10 22:39 - 399838146 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_Intel_13.0.0.107_W7x86W7x64_A.zip
2014-04-10 22:41 - 2014-04-10 22:40 - 32965554 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_Atheros_8.0.0.279_W7x86W7x64_A.zip
2014-04-10 22:40 - 2014-04-10 22:39 - 24498508 _____ () C:\Users\Aurelio\Downloads\Wireless LAN_liteon_9.0.0.173_W7x86_A.zip
2014-04-10 22:39 - 2014-04-10 22:39 - 02445158 _____ () C:\Users\Aurelio\Downloads\Chipset_Intel_9.1.1.1025_W7x86W7x64_A.zip
2014-04-09 19:50 - 2014-04-09 19:50 - 07106560 _____ () C:\Users\Aurelio\Downloads\estambul-bosforo (1).pps
2014-04-09 19:41 - 2014-04-09 19:41 - 07106560 _____ () C:\Users\Aurelio\Downloads\estambul-bosforo.pps
2014-04-09 16:05 - 2014-04-09 16:05 - 00170204 _____ () C:\Users\Aurelio\Documents\aguaPLesteA.xps
2014-04-09 11:28 - 2013-06-25 17:24 - 00000000 ____D () C:\Users\Aurelio\AppData\Roaming\Positivo Backup
2014-04-08 19:38 - 2013-11-09 21:21 - 00000000 ____D () C:\Users\Todos os Usuários\Microsoft Help
2014-04-08 19:38 - 2013-11-09 21:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 19:38 - 2013-07-17 23:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-08 19:37 - 2013-06-28 10:28 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 14:52 - 2014-03-31 21:40 - 00000000 ____D () C:\Users\Aurelio\.receitanet
2014-04-08 09:09 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-03 09:51 - 2014-05-02 00:22 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-02 00:22 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-05-02 00:22 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Aurelio\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-01 19:23

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Aurelio at 2014-05-03 22:31:56
Running from C:\Users\Aurelio\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Aplicação da Promoção Vivo Banda Larga (HKLM\...\{674e54ef-d593-4d80-8be2-35d0d8192a23}}_is1) (Version: 2.0.7.0 - Positivo Informática S.A.)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
Gerenciador de Inicialização Positivo (HKLM\...\{E365D4D7-BD51-4A7F-8ECA-0B6C0C42D3CF}_is1) (Version: 1.0.16.1 - Positivo Informática S.A.)
Java Auto Updater (HKLM-x32\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version:  - )
Malwarebytes Anti-Malware versão 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Positivo Áudio (HKLM\...\{D00FA097-5115-400D-84AD-4ADEF3EBDB5E}_is1) (Version: 1.4.1.0 - Positivo Informática S.A.)
Positivo Conversor 3D (HKLM\...\{D0582368-2DFF-48EA-AC8D-1FA8E31CA38C}_is1) (Version: 1.0.0.7 - Positivo Informática S.A.)
Positivo Experience (HKLM\...\{AAB13E97-449B-4D5B-BDE2-AB47B938B722}_is1) (Version: 1.3.4.2 - Positivo Informática S.A.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points  =========================

01-05-2014 14:31:10 Windows Update
01-05-2014 14:57:44 Installed EasyCleaner
01-05-2014 18:15:22 Installed SpyHunter
01-05-2014 18:55:08 Removed SpyHunter
01-05-2014 18:58:54 Installed SpyHunter
01-05-2014 19:08:47 Removed EasyCleaner
01-05-2014 20:30:18 Removed SpyHunter
01-05-2014 21:49:22 Installed Samsung Kies3
01-05-2014 21:52:12 Installed Samsung Kies3
01-05-2014 21:55:30 Removed Samsung Kies3
01-05-2014 21:56:02 Installed Samsung Kies3
02-05-2014 06:00:27 Windows Update
03-05-2014 03:33:56 zoek.exe restore point
03-05-2014 11:31:10 Windows Update
03-05-2014 21:57:54 ZHPFix Restore System Point
03-05-2014 23:45:37 ZHPFix Restore System Point
03-05-2014 23:52:55 ZHPFix Restore System Point

==================== Hosts content: ==========================

2009-07-13 23:34 - 2014-05-03 18:46 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2A0A4B32-D932-49E5-80BE-8B88850E6DCA} - \pricemetertask No Task File <==== ATTENTION
Task: {2E677BCE-BAF9-4547-91EA-3AEE7A5F1CF8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2952356932-1996913521-2274159354-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {44FE3A19-EF9F-4E48-8F00-90847626FA00} - \SaveSense No Task File <==== ATTENTION
Task: {64BEC2F6-5692-4C20-8354-06F320D471B8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2952356932-1996913521-2274159354-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {83E98B37-9DBA-45A9-96FF-660F87698654} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {8646CC45-A708-4A0B-88CF-507DFD000750} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {8DF7FF4B-B696-4E10-BDBC-355616E1142A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-01] (Adobe Systems Incorporated)
Task: {B349DF7B-CBA4-4174-A8D9-6730429627DA} - \LaunchApp No Task File <==== ATTENTION
Task: {C7CB3DAD-DD99-4D35-9F04-3E30D2430B32} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {DD191AED-FD49-42A3-81B6-F6A1847A77AA} - \Dealply No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-04-12 15:15 - 2010-11-12 01:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-03 18:29 - 2010-08-11 11:32 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-09-03 18:29 - 2010-08-11 11:32 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-09-03 18:29 - 2010-08-11 11:32 - 00105584 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2012-09-03 18:29 - 2010-08-11 11:32 - 64643696 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-10-06 13:41 - 2013-10-06 13:38 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-09-03 19:21 - 2012-03-12 10:54 - 00194560 _____ () C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Áudio\LibSoundManager.dll
2014-02-12 13:15 - 2014-02-12 13:15 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll
2012-09-03 18:30 - 2010-09-13 18:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\System32:9DAF8F0A_Cef.gbp
AlternateDataStreams: C:\Windows\System32:9DAF8F0A_Uni.gbp
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Aurelio\Documents\copel cta.tiff:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Aurelio\Documents\copel cta.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Aurelio\Documents\minha turma.tiff:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Aurelio\Documents\minha turma.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 08:52:31 PM) (Source: Application Hang) (User: )
Description: O programa ZHPDiag.exe versão 2014.5.3.52 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: fa4

Hora de Início: 01cf672a75cd4ebe

Hora de Término: 3

Caminho do Aplicativo: C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe

Id do Relatório: fc278f26-d31d-11e3-8bbc-c89cdcc10a4b

Error: (05/03/2014 08:49:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 08:46:45 PM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: IEXPLORE.EXE, versão: 11.0.9600.17041, carimbo de hora: 0x531807e4
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18247, carimbo de hora: 0x521ea8e7
Código de exceção: 0xc0000374
Deslocamento com falha: 0x000ce753
Identificação do processo com falha: 0x14fc
Hora de início do aplicativo com falha: 0xIEXPLORE.EXE0
Caminho do aplicativo com falha: IEXPLORE.EXE1
FCaminho do módulo de falhas: IEXPLORE.EXE2
Identificação do Relatório: IEXPLORE.EXE3

Error: (05/03/2014 06:48:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2014 00:37:49 PM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Assembly dependente rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (05/03/2014 11:04:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/03/2014 06:47:39 PM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
Bnbase
Bndef
Bprotect

Error: (05/03/2014 06:04:29 PM) (Source: Schannel) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi gerado: 40. O estado do erro interno é 252.

Error: (05/03/2014 06:04:29 PM) (Source: Schannel) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi gerado: 40. O estado do erro interno é 252.

Error: (05/03/2014 11:03:13 AM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
Bnbase
Bndef
Bprotect


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 6038.72 MB
Available physical RAM: 4364.32 MB
Total Pagefile: 12075.62 MB
Available Pagefile: 9254.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:921.75 GB) (Free:866.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 932 GB) (Disk ID: 8B5EA29C)
Partition 1: (Active) - (Size=10 GB) - (Type=27)
Partition 2: (Not Active) - (Size=922 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Execute o FRST64. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2014
Ran by Aurelio at 2014-05-03 23:50:01 Run:2
Running from C:\Users\Aurelio\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
2014-05-01 15:15 - 2014-05-01 15:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
Task: {2A0A4B32-D932-49E5-80BE-8B88850E6DCA} - \pricemetertask No Task File <==== ATTENTION
Task: {44FE3A19-EF9F-4E48-8F00-90847626FA00} - \SaveSense No Task File <==== ATTENTION
Task: {83E98B37-9DBA-45A9-96FF-660F87698654} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {8646CC45-A708-4A0B-88CF-507DFD000750} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {B349DF7B-CBA4-4174-A8D9-6730429627DA} - \LaunchApp No Task File <==== ATTENTION
Task: {C7CB3DAD-DD99-4D35-9F04-3E30D2430B32} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {DD191AED-FD49-42A3-81B6-F6A1847A77AA} - \Dealply No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Aurelio\Documents\copel cta.tiff: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Aurelio\Documents\copel cta.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Aurelio\Documents\minha turma.tiff: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Aurelio\Documents\minha turma.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:373E1720
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key not found.
BprotectEx => Service not found.
esgiguard => Service not found.
PCFApiUtil => Service not found.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A0A4B32-D932-49E5-80BE-8B88850E6DCA} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemetertask => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44FE3A19-EF9F-4E48-8F00-90847626FA00} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SaveSense => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83E98B37-9DBA-45A9-96FF-660F87698654} => Key not found.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8646CC45-A708-4A0B-88CF-507DFD000750} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterdownloader => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B349DF7B-CBA4-4174-A8D9-6730429627DA} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7CB3DAD-DD99-4D35-9F04-3E30D2430B32} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterwatcher => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD191AED-FD49-42A3-81B6-F6A1847A77AA} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => Key not found.
"C:\ProgramData\TEMP" => ":373E1720" ADS not found.
"C:\Users\Aurelio\Documents\copel cta.tiff" => ": 3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Aurelio\Documents\copel cta.tiff" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Users\Aurelio\Documents\minha turma.tiff" => ": 3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Aurelio\Documents\minha turma.tiff" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"C:\Users\Todos os Usuários\TEMP" => ":373E1720" ADS not found.

==== End of Fixlog ====

Como está seu PC depois destas limpezas?

Eu havia desinstalado o Chrome e o Firefox... Irei reinstala-los.
Apenas o IE 11 estava ativa. ( Apesar de eu QUASE nunca navegar através dele.)
Vou testar tudo e volto para dar meu testemunho.
Desde já gostaria de lhe agradecer e muito pela ajuda!
Grande abraço!!

Valeu, ficamos na espera.