PC com vírus de pendrive e propagandas

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:40, on 04/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marineide\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: SaveSense - {0f21b1e5-5afc-43c9-9c66-515046e92ec2} - C:\Program Files\SaveSense\SaveSenseIE.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BeatTool - {95ffef7e-d5b7-4afb-9b49-da6f9ee962d0} - C:\Program Files\BeatTool\BeatToolbho.dll (file missing)
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs:  C:\PROGRA~1\MOVIES~1\SAFETY~1\SAFETY~2.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update BeatTool - Unknown owner - C:\Program Files\BeatTool\updateBeatTool.exe (file missing)
O23 - Service: Util BeatTool - Unknown owner - C:\Program Files\BeatTool\bin\utilBeatTool.exe (file missing)
O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\ProgramData\WPM\wprotectmanager.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 8280 bytes

  Olá Luiz.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Já estou desde o momento da indicação de uso do Adwcleaner que ele ainda esta na fase de analise, estou estranhando essa demora, seria prudente ir para o modo seguro e rodar ele?

Sim, no modo seguro ele deverá fazer mais rapidamente a limpeza.

Já estou com 10 minutos e nada de conclusão do exame para poder mandar limpar. Qual sugestão?

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by Marineide on 04/05/2014 at 11:20:45,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funmoods
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
Successfully deleted: [File] C:\Windows\System32\Tasks\SaveSense
Successfully deleted: [File] C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Successfully deleted: [File] C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\savesenselive"
Successfully deleted: [Folder] "C:\Users\Marineide\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\Marineide\AppData\Roaming\funmoods"
Successfully deleted: [Folder] "C:\Users\Marineide\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Marineide\AppData\Roaming\savesense"
Successfully deleted: [Folder] "C:\Program Files\funmoods"
Successfully deleted: [Folder] "C:\Program Files\savesense"
Successfully deleted: [Folder] "C:\Program Files\savesenselive"



~~~ FireFox

Successfully deleted: [File] C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\user.js
Successfully deleted: [File] C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\searchplugins\funmoods.xml
Successfully deleted: [Folder] C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\extensions\ffxtlbr@funmoods.com
Successfully deleted: [Folder] C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
Successfully deleted the following from C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\prefs.js

user_pref("extensions.funmoods.aflt", "1543n");
user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
user_pref("extensions.funmoods.cd", "2XzuyEtN2Y1L1Qzu0EzztDtAzy0AyEtD0E0A0BtB0ByCyEyDtN0D0Tzu0CyBtCtCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1CzutCyDyEtA1G");
user_pref("extensions.funmoods.cntry", "BR");
user_pref("extensions.funmoods.cr", "1242516506");
user_pref("extensions.funmoods.cv", "cv5");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "B8A8D6F8356E36C098BEF98C150A138A");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=1543n&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AyEtD0E0A0BtB0ByCyEyDtN0D0Tzu0CyBtCtCtN1L2XzutBtFtBtFzztFtCtByEy
user_pref("extensions.funmoods.id", "E8039A40EAB2B645");
user_pref("extensions.funmoods.instlDay", "16050");
user_pref("extensions.funmoods.instlRef", "");
user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=1543n&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AyEtD0E0A0BtB0ByCyEyDtN0D0Tzu0CyBtCtCtN1L2XzutBtFtBtFzztFtCtBy
user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"259\",\"lastVrsn\":\"259\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=1543n&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AyEtD0E0A0BtB0ByCyEyDtN0D0Tzu0CyBtCtCtN1L2XzutBtFtBtFzztFtCt
user_pref("extensions.funmoods.vrsn", "1.8.20.0");
user_pref("extensions.funmoods.vrsni", "1.8.20.0");
user_pref("extensions.funmoods_i.hmpg", true);
user_pref("extensions.funmoods_i.newTab", false);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.8.20.015:29:13");
Emptied folder: C:\Users\Marineide\AppData\Roaming\mozilla\firefox\profiles\5kjvvgjb.default\minidumps [7 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Marineide\appdata\local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Successfully deleted: [Folder] C:\Users\Marineide\appdata\local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/05/2014 at 11:24:46,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tente agora fazer a limpeza com o AdwCleaner e veja se é possível. Se ele continuar lento você me fala que a gente busca outras alternativas.

Do mesmo jeito, vai imagem para visualização.

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Marineide on 04/05/2014 at 11:36:43,38.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marineide\Desktop\zoek.pif [Scan all users] [Script inserted]

==== System Restore Info ======================

04/05/2014 11:37:38 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wpm deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update BeatTool deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update BeatTool deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com.br/");
user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
user_pref("keyword.URL", "");

Added to C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default

user.js not found
---- Lines funmoods removed from prefs.js ----
user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"259\",\"lastVrsn\":\"259\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\
---- FireFox user.js and prefs.js backups ----

prefs_052014_1150_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

==== Deleting Files \ Folders ======================

C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml deleted
C:\Program Files\SupTab deleted
C:\Users\Marineide\AppData\Roaming\SupTab deleted
C:\Users\Marineide\AppData\Roaming\webssearches deleted
C:\PROGRA~2\IePluginService deleted
C:\PROGRA~2\WPM deleted
C:\Users\Marineide\AppData\Local\BIT7D1.tmp deleted
C:\Users\Marineide\AppData\Local\SaveSenseLive deleted
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx deleted
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense deleted
C:\Windows\tasks\SaveSense.job deleted
C:\Windows\system32\tasks\Funmoods deleted
C:\Windows\system32\tasks\Baidu PC Faster Update deleted
"C:\Users\Marineide\AppData\Local\{713EA690-8B2A-45C7-94C8-B9AB199C2E42}" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"quick_start@gmail.com"="C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\extensions\quick_start@gmail.com" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [13/01/2013 12:50]

==== Firefox Extensions ======================

ProfilePath: C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default
- Advanced SystemCare Surfing Protection - C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\extensions\ascsurfingprotection@iobit.com
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- Funmoods - %ProfilePath%\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Marineide\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
F833DD5D8F959819F44BC98F47B1B6BB - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
65D09D8BC91D74C8800725EB33D1EE1B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
11B27E47D0217C20BFF2490AB657BE67 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll - Silverlight Plug-In
D19E6B87675A40D252EB8669F68403C5 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrlui.dll - Microsoft (R) Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx[22/04/2013 19:01]
pelmeidfhdlhlbjimpabfcbnnojbboma - C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx[]

Google Docs - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Plus-HD-2.2 - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Advanced SystemCare Surfing Protection - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Google Wallet - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo deleted successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0.localstorage deleted successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0.localstorage-journal deleted successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kfakeonomonapccoamcmdgpoaicnpnoo_0 deleted successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kfakeonomonapccoamcmdgpoaicnpnoo deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://istart.webssearches.com/?type=hp&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457"
"Start Page Restore"="http://www.msn.com/"
"Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://istart.webssearches.com/web/?type=ds&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457&q={searchTerms}"
"Default_Page_URL"="http://istart.webssearches.com/?type=hp&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457"
"Start Page"="http://istart.webssearches.com/?type=hp&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457"
"Search Page"="http://istart.webssearches.com/web/?type=ds&ts=1397826610&from=pcm&uid=SAMSUNGXHN-M500MBB_S2TAJ56BA45457&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Start Page Restore"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?FORM=MSNTLB&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{95ffef7e-d5b7-4afb-9b49-da6f9ee962d0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95ffef7e-d5b7-4afb-9b49-da6f9ee962d0} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\quick_start@gmail.com deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Marineide\Desktop\Microsoft Office PowerPoint 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Marineide\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Marineide\Desktop\mateus mc`s\Brasfoot 2013.lnk - C:\Brasfoot2013\bf2013.exe
C:\Users\Marineide\Desktop\mateus mc`s\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced SystemCare 6.lnk - C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP ePrinterCenter.lnk - C:\Program Files\HP\Digital Imaging\AppStudio\hpzsip.url
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe
C:\Users\Public\Desktop\SpywareBlaster.lnk - C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Users\Public\Desktop\Uninstaller.lnk - C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH

==== shortcuts in Users Start Menu ======================

C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brasfoot 2014\Manual do Brasfoot 2014.lnk - C:\Brasfoot2014\Manual_Brasfoot_2014.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brasfoot2014\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully

==== Empty IE Cache ======================

C:\Users\Marineide\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marineide\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Marineide\AppData\Local\Mozilla\Firefox\Profiles\5kjvvgjb.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=361 folders=85 8491458 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Marineide\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\MARINE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 04/05/2014 at 11:58:10,01 ======================

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 04/05/2014
Hora da Verificação: 13:06:43
Logfile: LOG.txt
Administrador: Sim

Versão: 2.00.1.1004
Malware Database: v2014.05.04.06
Rootkit Database: v2014.03.27.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Chameleon: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Marineide

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 325803
Tempo Decorrido: 46 min, 38 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 46
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [7ceaef5eec8f8caa776d62bed82ab14f],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [7ceaef5eec8f8caa776d62bed82ab14f],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [7ceaef5eec8f8caa776d62bed82ab14f],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, Quarantined, [7ceaef5eec8f8caa776d62bed82ab14f],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}, Quarantined, [491df35a15661a1c4ff085ccfd0543bd],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}, Quarantined, [491df35a15661a1c4ff085ccfd0543bd],
PUP.Optional.SaveSense, HKU\S-1-5-21-3294059013-1081372751-996367163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}, Quarantined, [8cdae7666a11f3435a2f67f01fe316ea],
PUP.Optional.SaveSense, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}, Quarantined, [8cdae7666a11f3435a2f67f01fe316ea],
PUP.Optional.Funmoods.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}, Quarantined, [6ef824296516c96d52ec6ae7a85a22de],
PUP.Optional.BeatTool.A, HKLM\SOFTWARE\BeatTool, Quarantined, [f76f62ebea916acc04d41868af5321df],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\SaveSense, Quarantined, [b1b580cd047765d16bd5c2f0768d748c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\SaveSenseLive, Quarantined, [fc6a1736651645f18eb3664c36cd58a8],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\webssearchesSoftware, Quarantined, [02642726fb802115b56f047c7a8844bc],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [97cf71dc1a6192a47ebe7b37a06321df],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine, Quarantined, [3036de6f95e64ee8ca72f2c003007c84],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [96d0a3aa512ad0665ede545ed42f54ac],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [f96d76d7e9921a1c9f9d0ca69271f40c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync, Quarantined, [0561410c75063105211bcfe305fe14ec],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [5313024ba3d8c571e953cfe3d231768a],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass, Quarantined, [8cda8bc2e596a19576c6565c0af97789],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, Quarantined, [590d60ed5d1e63d30339b3ff36cd09f7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass, Quarantined, [70f63d107dfe42f4320aa50d847f7a86],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [2c3ab09de992ae8848f4664ccf34857b],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine, Quarantined, [1551b8953f3c7cba50ecc5ed3fc4a35d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [3234490492e98da9ae8e4e649c67649c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine, Quarantined, [86e0e16ce992989e56e6664ca261ae52],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [79edaca12754181e74c8634f996ae719],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [8adc97b6b1ca4fe77ebe278b1fe4f40c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [dd893e0f5c1fdf57b884179b37cc1be5],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher, Quarantined, [194da0ad3e3d2c0ae557456d20e327d9],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [b1b573dac0bb7cbad5676a481fe4bb45],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [20460f3e0b70c07625179f13f1123dc3],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, Quarantined, [f27451fc4f2cb1850438585aea190ef2],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine, Quarantined, [3f27fb521c5f082efe3ee1d1f60d36ca],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [2b3bfa53bcbf2b0bdb610fa3b152ad53],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback, Quarantined, [6bfb0746cdaeb68064d8941eb44fd42c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [a5c1e06de893270fa894c9e943c06e92],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, Quarantined, [da8cd578b9c20b2b5ae24a68e320be42],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, Quarantined, [3b2bc38a601b77bf65d75161a65d59a7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exe, Quarantined, [e383fc515229b284d3689e145ca78d73],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=3, Quarantined, [eb7b53fa502b171fd16ecce6b74caf51],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@tools.updaterss.com/SaveSenseLive Update;version=9, Quarantined, [ed7962eb93e80333251aded42ed5b848],
PUP.Optional.BeatTool.A, HKU\S-1-5-21-3294059013-1081372751-996367163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BeatTool, Quarantined, [b2b46ae33348c96db02778085ba746ba],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-3294059013-1081372751-996367163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\funmoodsToolbar, Quarantined, [98ce51fc6b105ed8c53f1197847f16ea],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-3294059013-1081372751-996367163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSense, Quarantined, [83e3a9a4bbc01323aa93cee449ba57a9],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-3294059013-1081372751-996367163-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLive, Quarantined, [93d3a4a9c3b89e980836a210e81be719],

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[cc9a97b62754b581fdba8faa55afee12]

Pastas: 0
(No malicious items detected)

Arquivos: 6
PUP.Optional.InstalleRex, C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\File System\018\t\00\00000000, Quarantined, [6afcaba2215aaa8cc04d412c10f16f91],
PUP.Optional.Spigot.A, C:\Users\Marineide\Downloads\191-aTubeCatcher.exe, Quarantined, [b6b0410c7605b0864eb3a47e0af75ca4],
PUP.Optional.Somoto.A, C:\Users\Marineide\Local Settings\Application Data\Bundled software uninstaller\biclient.exe, Quarantined, [481e58f542395bdb8b8c8b8a8081c937],
PUP.Optional.IePluginService.A, C:\zoek_backup\C_PROGRA~2_IePluginService\PluginService.exe, Quarantined, [3135ba93641770c6a60280d3b34e07f9],
PUP.Optional.WpManager, C:\zoek_backup\C_PROGRA~2_WPM\wprotectmanager.exe, Quarantined, [a3c34607ccaf72c4d7263e1f6d94a957],
PUP.Optional.SupTab.A, C:\zoek_backup\C_Users_Marineide_AppData_Roaming_SupTab\SupTab.dll, Quarantined, [d6905eef5f1c0f27e66723121de3837d],

Physical Sectors: 0
(No malicious items detected)


(end)

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Não sei o que ta havendo o ZHP deu problema veja nas duas imagens.

Você pode tentar fazer assim: vá no painel de controle e desinstale o Zhp. Depois vá na pasta dele em Program Filles (ou Arquivos de programas) e delete a pasta dele. Depois baixe-o no link que te passei dele e reinstale-o e depois poste o log dele.

Se mesmo assim não for possível me avise.

Mesmo problema, interessante ele na instalação não ta em português.

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

segue os logs

Nesse tempo de espera resolvi rodar o adwcleaner então como deu certo vai o log,

# AdwCleaner v3.206 - Relatório criado 04/05/2014 às 15:02:50
# Atualizado 04/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Marineide - MARINEIDE-PC
# Executando de : C:\Users\Marineide\Desktop\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
Arquivo Deletada : C:\Windows\Tasks\Funmoods.job

***** [ Atalhos ] *****


***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AEA210B-A0B7-47B5-B5CB-CD8D26C7A0B7}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AEA210B-A0B7-47B5-B5CB-CD8D26C7A0B7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\supTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\MOVIES~1\SAFETY~1\SAFETY~2.DLL
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\5kjvvgjb.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

*************************

AdwCleaner[R0].txt - [18061 octets] - [04/05/2014 10:38:45]
AdwCleaner[R1].txt - [18061 octets] - [04/05/2014 11:06:00]
AdwCleaner[R2].txt - [12245 octets] - [04/05/2014 11:27:25]
AdwCleaner[R3].txt - [4052 octets] - [04/05/2014 15:02:14]
AdwCleaner[S0].txt - [3914 octets] - [04/05/2014 15:02:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3974 octets] ##########

Boa notícia. Estava no almoço, mas agora vou verificar os outros logs.

Seria bom você executar novamente o Farbar e postar novos logs dele para vermos como está depois do Adwcleaner.

Seguem.

 Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:04-05-2014
Ran by Marineide at 2014-05-04 16:13:03 Run:1
Running from C:\Users\Marineide\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-3294059013-1081372751-996367163-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-3294059013-1081372751-996367163-1000\...\MountPoints2: {8897e703-cdfa-11e1-8bc6-e81132a9c57e} - F:\AutoRun.exe
SearchScopes: HKLM - DefaultScope value is missing.
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S1 Bnbase; System32\drivers\bnbasex.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil.sys [X]
2014-04-19 08:57 - 2013-10-18 20:22 - 00000000 ____D () C:\Program Files\Baidu Security
2014-04-18 10:16 - 2013-10-18 20:27 - 00000000 ____D () C:\Users\Todos os Usuários\Baidu Security
2014-04-18 10:16 - 2013-10-18 20:27 - 00000000 ____D () C:\ProgramData\Baidu Security
BeatTool (HKLM\...\BeatTool) (Version: 2014.04.17.224819 - BeatTool)
QuickShare (HKLM\...\{49CA0203-1447-4444-8C29-2185CFEFD3A1}) (Version: 10.159.1.12889 - Linkury Inc.) <==== ATTENTION
webssearches uninstaller (HKLM\...\webssearches uninstaller) (Version: - webssearches) <==== ATTENTION
Task: {374DB01A-05FC-4BA9-B430-55793639809A} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {82B97EDC-1D8A-424A-8571-4EC1B371D066} - \Baidu PC Faster Update No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:373E1720
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:5C321E34
end
*****************

HKU\S-1-5-21-3294059013-1081372751-996367163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3294059013-1081372751-996367163-1000 => Key not found.
HKU\S-1-5-21-3294059013-1081372751-996367163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8897e703-cdfa-11e1-8bc6-e81132a9c57e} => Key deleted successfully.
HKCR\CLSID\{8897e703-cdfa-11e1-8bc6-e81132a9c57e} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
Bfilter => Service deleted successfully.
Bfmon => Service deleted successfully.
Bhbase => Service deleted successfully.
BHipsEx => Service deleted successfully.
Bnbase => Service deleted successfully.
Bndef => Service deleted successfully.
Bprotect => Service deleted successfully.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
C:\Program Files\Baidu Security => Moved successfully.
C:\Users\Todos os Usuários\Baidu Security => Moved successfully.
"C:\ProgramData\Baidu Security" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{374DB01A-05FC-4BA9-B430-55793639809A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{374DB01A-05FC-4BA9-B430-55793639809A} => Key deleted successfully.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82B97EDC-1D8A-424A-8571-4EC1B371D066} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82B97EDC-1D8A-424A-8571-4EC1B371D066} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update => Key deleted successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"C:\Users\Todos os Usuários\TEMP" => ":373E1720" ADS not found.
"C:\Users\Todos os Usuários\TEMP" => ":5C321E34" ADS not found.

==== End of Fixlog ====