Malware poluindo paginas da internet com anuncios maliciosos.

Boa noite!

Segui as instruções que está em um outro tópico, baixei o adwcleaner.ex , executei como administrado, cliquei em examinar e depois limpar.  Depois de reinicialização abriu no bloco de notas essas informações:

# AdwCleaner v3.308 - Relatório criado 29/08/2014 às 18:49:13
# Atualizado 20/08/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Juliana - JULIANA-PC
# Executando de : C:\Users\Juliana\Desktop\adwcleaner_3.308.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
[#] Serviço Deletada : vulsrsebjh32

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Systweak
Pasta Deletada : C:\ProgramData\Trusted Publisher
Pasta Deletada : C:\ProgramData\NNextCoup
Pasta Deletada : C:\ProgramData\poriccechop
Pasta Deletada : C:\ProgramData\priociechoP
Pasta Deletada : C:\Program Files\Adblocker
Pasta Deletada : C:\Program Files\baidu
Pasta Deletada : C:\Program Files\globalUpdate
Pasta Deletada : C:\Program Files\PC_booster
Pasta Deletada : C:\Program Files\predm
Pasta Deletada : C:\Program Files\NNextCoup
Pasta Deletada : C:\Program Files\poriccechop
Pasta Deletada : C:\Program Files\priociechoP
Pasta Deletada : C:\Program Files\005
Pasta Deletada : C:\Program Files\HC-inemA3
Pasta Deletada : C:\Users\Administrador\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\Juliana\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Juliana\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Juliana\AppData\Local\torch
Pasta Deletada : C:\Users\Juliana\AppData\Roaming\Activeris
Pasta Deletada : C:\Users\Juliana\AppData\Roaming\AppCloudUpdater
Pasta Deletada : C:\Users\Juliana\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Juliana\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Juliana\AppData\Roaming\webssearches
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\emjooaccekkpjfpaffiolbcifbolgpgj
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\emjooaccekkpjfpaffiolbcifbolgpgj
Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\emjooaccekkpjfpaffiolbcifbolgpgj
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhnfgcjbgkdphaillekkkfgenhkipnl
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhnfgcjbgkdphaillekkkfgenhkipnl
Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhnfgcjbgkdphaillekkkfgenhkipnl
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbgiapkkanfppmngbhblfjicncicife
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbgiapkkanfppmngbhblfjicncicife
Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbgiapkkanfppmngbhblfjicncicife
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\jencmnphcibjjpgjfcfgboeoodpepfon
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\jencmnphcibjjpgjfcfgboeoodpepfon
Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jencmnphcibjjpgjfcfgboeoodpepfon
Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mieolhkjkhjbpmaolcojemdlfphcgjfn
Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mieolhkjkhjbpmaolcojemdlfphcgjfn
Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mieolhkjkhjbpmaolcojemdlfphcgjfn
[!] Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\emjooaccekkpjfpaffiolbcifbolgpgj
[!] Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\emjooaccekkpjfpaffiolbcifbolgpgj
[!] Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\emjooaccekkpjfpaffiolbcifbolgpgj
[!] Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhnfgcjbgkdphaillekkkfgenhkipnl
[!] Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhnfgcjbgkdphaillekkkfgenhkipnl
[!] Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhnfgcjbgkdphaillekkkfgenhkipnl
[!] Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbgiapkkanfppmngbhblfjicncicife
[!] Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbgiapkkanfppmngbhblfjicncicife
[!] Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbgiapkkanfppmngbhblfjicncicife
[!] Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\jencmnphcibjjpgjfcfgboeoodpepfon
[!] Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\jencmnphcibjjpgjfcfgboeoodpepfon
[!] Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jencmnphcibjjpgjfcfgboeoodpepfon
[!] Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mieolhkjkhjbpmaolcojemdlfphcgjfn
[!] Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mieolhkjkhjbpmaolcojemdlfphcgjfn
[!] Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mieolhkjkhjbpmaolcojemdlfphcgjfn
[!] Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\emjooaccekkpjfpaffiolbcifbolgpgj
[!] Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\emjooaccekkpjfpaffiolbcifbolgpgj
[!] Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\emjooaccekkpjfpaffiolbcifbolgpgj
[!] Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhnfgcjbgkdphaillekkkfgenhkipnl
[!] Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhnfgcjbgkdphaillekkkfgenhkipnl
[!] Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkhnfgcjbgkdphaillekkkfgenhkipnl
[!] Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbgiapkkanfppmngbhblfjicncicife
[!] Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbgiapkkanfppmngbhblfjicncicife
[!] Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbgiapkkanfppmngbhblfjicncicife
[!] Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\jencmnphcibjjpgjfcfgboeoodpepfon
[!] Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\jencmnphcibjjpgjfcfgboeoodpepfon
[!] Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\jencmnphcibjjpgjfcfgboeoodpepfon
[!] Pasta Deletada : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mieolhkjkhjbpmaolcojemdlfphcgjfn
[!] Pasta Deletada : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mieolhkjkhjbpmaolcojemdlfphcgjfn
[!] Pasta Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mieolhkjkhjbpmaolcojemdlfphcgjfn
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Users\Juliana\AppData\Roaming\LiveSupport.exe_log.txt
Arquivo Deletada : C:\Users\Juliana\AppData\Roaming\regsvr32.exe_log.txt
Arquivo Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : LaunchSignup

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\pricechoop.pricechoop
Chave Deletedo : HKLM\SOFTWARE\Classes\pricechoop.pricechoop.3.9
Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-608891039
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{32148148}
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0061748.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0061748.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0061748.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0061748.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{26BB8F1D-F9A7-09CC-6C3A-166D142F915F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171148}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172248}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175548}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176648}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174448}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26BB8F1D-F9A7-09CC-6C3A-166D142F915F}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171148}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26BB8F1D-F9A7-09CC-6C3A-166D142F915F}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\AppCloudUpdater
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\InstalledBrowserExtensions
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\RegisteredApplicationsEx
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\HC-inemA3
Chave Deletedo : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\SOFTWARE\AllDaySavings
Chave Deletedo : HKLM\SOFTWARE\GlobalUpdate
Chave Deletedo : HKLM\SOFTWARE\InstalledBrowserExtensions
Chave Deletedo : HKLM\SOFTWARE\PC_Booster
Chave Deletedo : HKLM\SOFTWARE\systweak
Chave Deletedo : HKLM\SOFTWARE\Tutorials
Chave Deletedo : HKLM\SOFTWARE\webssearchesSoftware
Chave Deletedo : HKLM\SOFTWARE\HC-inemA3
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\pc_boo~1\assist~1.dll

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17239

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\Juliana\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] 21:36:58&v=11.1.0.7&sap=dsp&q={searchTerms}
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
Deletedo [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deletedo [Extension] : emjooaccekkpjfpaffiolbcifbolgpgj
Deletedo [Extension] : fkhnfgcjbgkdphaillekkkfgenhkipnl
Deletedo [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deletedo [Extension] : hgbgiapkkanfppmngbhblfjicncicife
Deletedo [Extension] : jencmnphcibjjpgjfcfgboeoodpepfon
Deletedo [Extension] : mieolhkjkhjbpmaolcojemdlfphcgjfn
Deletedo [Extension] : mndjnmbcpincgombkciokepgfnhjhada

*************************

AdwCleaner[R0].txt - [21827 octets] - [29/08/2014 18:46:38]
AdwCleaner[S0].txt - [22078 octets] - [29/08/2014 18:49:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22139 octets] ##########





O que eu tenho que fazer? Grata pela atenção

Boa Tarde! Juliana Bischoff

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

|- Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >

A+

Boa noite!

Mandei a log conforme pedido. Segui passo a passo conforme informações citadas acima, espero ter dado certo.
Obrigada.

Juliana Bischoff escreveu:Boa noite!

Mandei a log conforme pedido. Segui passo a passo conforme informações citadas acima, espero ter dado certo.
Obrigada.

Olá!

|- E cadê o link de download,já que realizastes upload.

A+

Seria esse:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Boa Noite! Juliana Bischoff

|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.

Script ZHPFix
Firewallraz
O2 - BHO: AllDaySavings - {fbdff406-2c4c-5d35-8469-34bb67ea3353} . (...) -- C:\Program Files\D20A6820-7C28-4015-945F-09F8551FCE45\kzhxnitccw.dll  =>PUP.AllDaySavings
O4 - HKCU\..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe (.not file.)   
O4 - HKUS\S-1-5-21-1251122091-1759438192-131377665-1000\..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe (.not file.)   
[MD5.00000000000000000000000000000000] [APT] [{436275BB-522F-44F4-AB55-E11F84F0DC83}] (...) -- C:\Users\Juliana\AppData\Roaming\webssearches\UninstallManager.exe (.not file.)   [0]  =>Hijacker.WebsSearches
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-1.job   [1752]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-2.job   [1386]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-3.job   [2758]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-4.job   [2494]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-5.job   [1636]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-6.job   [2140]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-7.job   [2192]  =>PUP.CrossRider
[HKCU\Software\Baidu Security]   
[HKCU\Software\Baidu]   
[HKLM\Software\AllDay Savings]  =>PUP.AllDaySavings
[HKLM\Software\Baidu Security]   
[HKLM\Software\baidu]   
O43 - CFD: 25/08/2014 - 17:23:15 - [] ----D C:\Program Files\Baidu Security   
O43 - CFD: 25/08/2014 - 17:23:15 - [] ----D C:\ProgramData\Baidu Security   
O43 - CFD: 26/07/2014 - 15:39:36 - [] ----D C:\ProgramData\InstallMate  =>PUP.Tarma
O43 - CFD: 25/08/2014 - 17:23:03 - [] ----D C:\Users\Juliana\AppData\Roaming\Baidu Security   
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][02/08/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Juliana\AppData\Roaming\unins000.exe   [720082]
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawlSetup_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawlSetup_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_Setup_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_Setup_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32  =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS  =>PUP.Wajam
[HKCR\CLSID\{E0D8A2CF-5B38-2F7C-C8F8-2960560FDDC7}] (Adblocker)  =>PUP.Adblocker
[HKCR\CLSID\{fbdff406-2c4c-5d35-8469-34bb67ea3353}] (AllDaySavings)  =>PUP.AllDaySavings
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}]   =>PUP.AllDaySavings^
C:\ProgramData\InstallMate   =>PUP.Tarma^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-1.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-2.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-3.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-4.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-5.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-6.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-7.job   =>PUP.CrossRider^
[HKLM\Software\AllDay Savings]   =>PUP.AllDaySavings^
[HKCR\CLSID\{E0D8A2CF-5B38-2F7C-C8F8-2960560FDDC7}] (Adblocker)   =>PUP.Adblocker^
[HKCR\CLSID\{fbdff406-2c4c-5d35-8469-34bb67ea3353}] (AllDaySavings)   =>PUP.AllDaySavings^
O2 - BHO: AllDaySavings - {fbdff406-2c4c-5d35-8469-34bb67ea3353} . (...) -- C:\Program Files\D20A6820-7C28-4015-945F-09F8551FCE45\kzhxnitccw.dll  =>PUP.AllDaySavings
O4 - HKCU\..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe (.not file.)   
O4 - HKUS\S-1-5-21-1251122091-1759438192-131377665-1000\..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe (.not file.)   
[MD5.00000000000000000000000000000000] [APT] [{436275BB-522F-44F4-AB55-E11F84F0DC83}] (...) -- C:\Users\Juliana\AppData\Roaming\webssearches\UninstallManager.exe (.not file.)   [0]  =>Hijacker.WebsSearches
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-1.job   [1752]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-2.job   [1386]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-3.job   [2758]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-4.job   [2494]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-5.job   [1636]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-6.job   [2140]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-7.job   [2192]  =>PUP.CrossRider
[HKCU\Software\Baidu Security]   
[HKCU\Software\Baidu]   
[HKLM\Software\AllDay Savings]  =>PUP.AllDaySavings
[HKLM\Software\Baidu Security]   
[HKLM\Software\baidu]   
O43 - CFD: 25/08/2014 - 17:23:15 - [] ----D C:\Program Files\Baidu Security   
O43 - CFD: 25/08/2014 - 17:23:15 - [] ----D C:\ProgramData\Baidu Security   
O43 - CFD: 26/07/2014 - 15:39:36 - [] ----D C:\ProgramData\InstallMate  =>PUP.Tarma
O43 - CFD: 25/08/2014 - 17:23:03 - [] ----D C:\Users\Juliana\AppData\Roaming\Baidu Security   
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][02/08/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Juliana\AppData\Roaming\unins000.exe   [720082]
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawlSetup_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawlSetup_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_Setup_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_Setup_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32  =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS  =>PUP.Wajam
[HKCR\CLSID\{E0D8A2CF-5B38-2F7C-C8F8-2960560FDDC7}] (Adblocker)  =>PUP.Adblocker
[HKCR\CLSID\{fbdff406-2c4c-5d35-8469-34bb67ea3353}] (AllDaySavings)  =>PUP.AllDaySavings
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}]   =>PUP.AllDaySavings^
C:\ProgramData\InstallMate   =>PUP.Tarma^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-1.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-2.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-3.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-4.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-5.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-6.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-7.job   =>PUP.CrossRider^
[HKLM\Software\AllDay Savings]   =>PUP.AllDaySavings^
[HKCR\CLSID\{E0D8A2CF-5B38-2F7C-C8F8-2960560FDDC7}] (Adblocker)   =>PUP.Adblocker^
[HKCR\CLSID\{fbdff406-2c4c-5d35-8469-34bb67ea3353}] (AllDaySavings)   =>PUP.AllDaySavings^
Emptytemp
Emptyclsid
Emptyprefetch

|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+

Boa noite, Joram!

Estou seguindo os passos conforme indicado acima, porém na hora que cligo go, aparece o texto e bem rapido, some o texto e abre uma tela escrito:

Exemplos:
----------
Script ZHPFix
C:\Program Files\MagniPic
[HKEY_CURRENT_USER\Software\MagniPic]
[HKEY_USER\S-1-5-18\Control MagniPic]
[HKCU\Software\MagniPic]

Boa Noite! Juliana Bischoff

|- O script é colado integralmente no campo da ferramenta?

A+

Boa noite, Joram!

Não da tempo de ver, some o que está escrito, fica vazio e logo abre essa janela que te disse. Abaixo foto da tela.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Bom Dia! Juliana Bischoff

|- Procure verificar,ao colar este script,se não existem informações adicionais que estão indo ao campo da ferramenta,antes de clicar "GO".
|- Caso encontre informações relacionadas ao MagniPic,pode removê-las!
|- Ps: Estou lhe enviando um nôvo script,que vc deve utilizar,em substituição ao primeiro.

#####
C:\Program Files\MagniPic
[HKEY_CURRENT_USER\Software\MagniPic]
[HKEY_USER\S-1-5-18\Control MagniPic]
[HKCU\Software\MagniPic]
#####
|- Estas informações que estão aqui,relacionadas ao Magnipic,não faz parte do script,como pode reparar.
|- Ps: Vc possui este software?

-/-

script zhpfix
firewallraz
[MD5.00000000000000000000000000000000] [APT] [{436275BB-522F-44F4-AB55-E11F84F0DC83}] (...) -- C:\Users\Juliana\AppData\Roaming\webssearches\UninstallManager.exe (.not file.)   [0]  =>Hijacker.WebsSearches
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][02/08/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Juliana\AppData\Roaming\unins000.exe   [720082]
O2 - BHO: AllDaySavings - {fbdff406-2c4c-5d35-8469-34bb67ea3353} . (...) -- C:\Program Files\D20A6820-7C28-4015-945F-09F8551FCE45\kzhxnitccw.dll  =>PUP.AllDaySavings
O4 - HKCU\..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe (.not file.)   
O4 - HKUS\S-1-5-21-1251122091-1759438192-131377665-1000\..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe (.not file.)
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-1.job   [1752]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-2.job   [1386]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-3.job   [2758]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-4.job   [2494]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-5.job   [1636]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-6.job   [2140]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-7.job   [2192]  =>PUP.CrossRider
O41 - Driver:  (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver:  (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver:  (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver:  (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O43 - CFD: 09/08/2014 - 12:41:41 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 25/08/2014 - 17:23:15 - [] ----D C:\Program Files\Baidu Security   
O43 - CFD: 25/08/2014 - 17:23:15 - [] ----D C:\ProgramData\Baidu Security   
O43 - CFD: 26/07/2014 - 15:39:36 - [] ----D C:\ProgramData\InstallMate  =>PUP.Tarma
O43 - CFD: 25/08/2014 - 17:23:03 - [] ----D C:\Users\Juliana\AppData\Roaming\Baidu Security
C:\Users\Juliana\AppData\Roaming\Baidu Security   
C:\Program Files\Baidu Security
C:\ProgramData\Baidu Security
C:\ProgramData\InstallMate   =>PUP.Tarma^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-1.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-2.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-3.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-4.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-5.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-6.job   =>PUP.CrossRider^
C:\Windows\Tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-7.job   =>PUP.CrossRider^
[HKCU\Software\Baidu Security]   
[HKCU\Software\Baidu]
[HKLM\Software\baidu]   
[HKLM\Software\Baidu Security]
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawlSetup_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawlSetup_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_Setup_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_Setup_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS  =>PUP.NetCrawl
HKLM\SOFTWARE\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32  =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS  =>PUP.Wajam
[HKLM\Software\AllDay Savings]   =>PUP.AllDaySavings^
[HKCR\CLSID\{E0D8A2CF-5B38-2F7C-C8F8-2960560FDDC7}] (Adblocker)   =>PUP.Adblocker^
[HKCR\CLSID\{fbdff406-2c4c-5d35-8469-34bb67ea3353}] (AllDaySavings)   =>PUP.AllDaySavings^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBDFF406-2C4C-5D35-8469-34BB67EA3353}]   =>PUP.AllDaySavings^   
ServiceStop:Bfilter 
ServiceStop:Bfmon 
ServiceStop:Bnbase 
ServiceStop:Bndef 
ServiceStop:Bprotect 
Emptytemp
Emptyclsid
Emptyflash
Emptyprefetch

|- Repita a operação com este script!
|- Boa sorte!

Abs!

Bom dia!

Deu certo!

Segue a log:

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre : 
Run by Juliana at 01/09/2014 08:19:56
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (Cancelado pelo utilizador)
Prefetcher vazio

========== Estado dos serviços ==========
Bfilter Parado
Bfmon Parado
Bnbase Parado
Bndef Parado
Bprotect Parado

========== Chaves do Registo ==========
ELIMINÉ: CLSID BHO: {fbdff406-2c4c-5d35-8469-34bb67ea3353}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{fbdff406-2c4c-5d35-8469-34bb67ea3353}]
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\NetCrawlSetup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\NetCrawlSetup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_Setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\NetCrawl_Setup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateNetCrawl_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS
ELIMINÉ: HKLM\Software\AllDay Savings
ELIMINÉ: HKCR\CLSID\{E0D8A2CF-5B38-2F7C-C8F8-2960560FDDC7}

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz : 
Ausente Valor Perfil Domínio FirewallRaz : 
ELIMINÉ RunValue: ALLUpdate

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINÉ: c:\program files\d20a6820-7c28-4015-945f-09f8551fce45\kzhxnitccw.dll
ELIMINÉ: c:\windows\tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-1.job
ELIMINÉ: c:\windows\tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-2.job
ELIMINÉ: c:\windows\tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-3.job
ELIMINÉ: c:\windows\tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-4.job
ELIMINÉ: c:\windows\tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-5.job
ELIMINÉ: c:\windows\tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-6.job
ELIMINÉ: c:\windows\tasks\1120bed7-24dd-4e4e-8e8b-b833c7a6da4b-7.job
ELIMINÉ Temporários windows (4) (3.796 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {436275BB-522F-44F4-AB55-E11F84F0DC83}


========== Recapitulativo ==========
23 : Chaves do Registo
3 : Valores do Registo
2 : Pastas
10 : Ficheiros
5 : Estado dos serviços
1 : Tarefa planificada


End of clean in 00mn 30s

========== Caminho do ficheiro do relatório ==========
C:\Users\Juliana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/09/2014 08:20:04 [2943]

> Bom Dia! Juliana Bischoff <

|- Bom trabalho!  

|- Faça novo scan com a ferramenta ZHPDiag ( Ícone do Pergaminho ),para diagnóstico.
|-Acredito que se for necessário outro script,será bem menor que àquele que executou.
|- Poste o relatório!

Abs!

Bom dia!

Fiz um novo scan com a ferramenta ZHPDiag, fiz o upload do relatório  segue o link:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Abs!

Bom Dia! Juliana Bischoff

script zhpfix

[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][02/08/2014] (.No owner - Setup/Uninstall.) -- C:\Users\Juliana\AppData\Roaming\unins000.exe   [720082]

emptytemp


|- Selecione e copie estas informações,que estão em vermelho.
|- Abra a ferramenta ZHPFix e clique IMPORTAÇÃO >> GO.
|- Ao concluir,poste o relatório!

Abs!

Bom dia, Joram!

Segue o relatório:

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre : 
Run by Juliana at 01/09/2014 09:42:51
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (Cancelado pelo utilizador)

========== Pastas ==========
ELIMINÉ Temporários windows (0)

========== Ficheiros ==========
ELIMINÉ Temporários windows (3) (134 octets)


========== Recapitulativo ==========
1 : Pastas
1 : Ficheiros


End of clean in 00mn 05s

========== Caminho do ficheiro do relatório ==========
C:\Users\Juliana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/09/2014 08:20:04 [3025]
C:\Users\Juliana\AppData\Roaming\ZHP\ZHPFix[R2].txt - 01/09/2014 09:42:56 [669]

Bom Dia! Juliana Bischoff

|- Vc tem o Malwarebytes,ainda,instalado? Se não mais o possui,utilize este removedor e baixe nova versão.
|- Realize a verificação Personalizada e,ao concluir,poste o relatório.

-/-

|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Estando na página,clique em Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Com as caixinhas marcadas,clique Executar!

-/-

Removedor MBAM

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > << Link!

|- Salve-o em local adequado e execute-o como administrador.
|- Aceite o reboot,ao ser solicitado!

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Baixe o Malwarebytes. (MBAM)

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > << Link!

|- Vá a este endereço,e obtenha informações de instalação,atualização e configuração do MBAM.
|- Escolha o "Tipo da Verificação": Verificação Personalizada
|- Poste o relatório,ao concluir!

A+

BOA NOITE Joram!

Segue relatório do delfix_10.8.exe


# DelFix v10.8 - Relatório criado 05/09/2014 às 21:05:21
# Atualizado 29/07/2014 por Xplode
# Usuário : Juliana - JULIANA-PC
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)

~ Ativando UAC ... OK

~ Removendo ferramentas de desinfecção ...

Removido : C:\AdwCleaner
Removido : C:\Users\Juliana\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files\ZHPDiag
Removido : C:\PhysicalDisk0_MBR.bin
Removido : C:\Users\Juliana\Desktop\adwcleaner_3.308.exe
Removido : C:\Users\Juliana\Desktop\ZHPDiag.lnk
Removido : C:\Users\Juliana\Desktop\ZHPFix.lnk
Removido : C:\Users\Juliana\Downloads\ZHPDiag2.exe
Removido : HKLM\SOFTWARE\AdwCleaner
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Criando backup do registro ... OK

~ Limpando pontos da restauração do sistema ...


Novo ponto de restauração criado !

~ Redefinindo configurações do sistema ... OK

########## - EOF - ##########

Boa Noite! Juliana Bischoff

|- Desinstalou a versão antiga do MBAM e executou a nova,na configuração personalizada?

A+

Boa noite!
Segue o relatório  Malwarebytes 




Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 05/09/2014
Hora da Verificação: 21:44:24
Logfile: 1-2-3-4.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.09.05.10
Rootkit Database: v2014.08.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Juliana

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 405687
Tempo Decorrido: 1 hr, 32 min, 13 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 3
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [9e70e8024635e551ff234338828018e8], 
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, , [9e70e8024635e551ff234338828018e8], 
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\32148148, , [b955d713d3a84ee876431ae458aab749], 

Valores de Registro: 0
(No malicious items detected)

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Boa Noite! Juliana Bishoff

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- A MBAM detectou o PUP.Optional.Multiplug.A no registro,mas vc não o removeu...
|- Como está o computador? Tudo OK?

Abs!

Boa noite! Joram

Eu procurei seguir os passos que vc me orientou. Posso colocar em quarentena no que foi detectado no MBAM?

Olá! Juliana Bischoff

Sim! 

A+

olá! Joram

E agora, está tudo certo?

Juliana Bischoff escreveu:olá! Joram

E agora, está tudo certo?

Olá! Juliana Bischoff

|- Se quarantinou...está tudo certo!  
|- Creio que podemos encerrar este caso.
|- Tudo Ok?

A+

Bom dia! Joram


Muito obrigada pelas orientações.

Um abraço! :rindo_atoa: