pc lento e travando

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:48:02, on 10/03/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17229)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\Sergio\Desktop\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O16 - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} (SurveillanceCtrl Control) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WiredTools - WiredTools Ltd. - C:\Program Files (x86)\WiredTools\WiredTools.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11431 bytes

Olá smurf já estou analisando o log

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
_____________________________________________________________________________

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir.

Clique no botão Créer le lien Cjoint

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v3.301 - Relatório criado 28/07/2014 às 15:32:06
# Atualizado 28/07/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Sergio - BOLZAN
# Executando de : C:\Users\Sergio\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : be0fb33b

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\WindowsMangerProtect
Pasta Deletada : C:\ProgramData\cosstminn
Pasta Deletada : C:\Program Files (x86)\supporter
Pasta Deletada : C:\Program Files (x86)\YourFileDownloader Updater
Pasta Deletada : C:\Program Files (x86)\cosstminn
Pasta Deletada : C:\Users\Administrador\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\Sergio\AppData\Local\Chromatic Browser
Pasta Deletada : C:\Users\Sergio\AppData\Local\torch
Pasta Deletada : C:\Users\Sergio\AppData\Roaming\337Games
Pasta Deletada : C:\Users\Sergio\AppData\Roaming\webssearches
Pasta Deletada : C:\Users\Sergio\AppData\Roaming\YourFileDownloader
Pasta Deletada : C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\aaywiser.default\Extensions\faststartff@gmail.com
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml

***** [ Tarefas ] *****

Tarefa Deletedo : YourFile DownloaderUpdate

***** [ Atalhos ] *****

Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Atalho Desinfectada : C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Sergio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Atalho Desinfectada : C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Chave Deletedo : HKCU\Software\RegisteredApplicationsEx
Chave Deletedo : HKCU\Software\SupHpUISoft
Chave Deletedo : HKCU\Software\YourFileDownloader
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWindowsMangerProtect
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\webssearchesSoftware
Chave Deletedo : HKLM\Software\YourFileDownloader
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE681A67-9477-CBE6-EB9D-FE534875F98D}
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.17028

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (pt-BR)

[ Arquivo : C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\aaywiser.default\prefs.js ]

Linha deletada : user_pref("extensions.mOuJiFC.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]

[ Arquivo : C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\g3dn05dw.default\prefs.js ]


[ Arquivo : C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\xlvuoc0k.default-1383174806577\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [8770 octets] - [28/07/2014 15:30:14]
AdwCleaner[S0].txt - [6300 octets] - [28/07/2014 15:32:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6360 octets] ##########
# AdwCleaner v4.112 - Logfile created 11/03/2015 at 12:29:59
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Basic Service Pack 1 (x64)
# Username : Sergio - BOLZAN
# Running from : C:\Users\Sergio\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Positive Finds
Folder Deleted : C:\Program Files (x86)\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
Folder Deleted : C:\Program Files\FileViewPro
Folder Deleted : C:\Users\Sergio\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Sergio\AppData\Local\BoBrowser
Folder Deleted : C:\Users\Sergio\AppData\Local\Network_Me_07272334
Folder Deleted : C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\g3dn05dw.default\Extensions\ascsurfingprotection@iobit.com
Folder Deleted : C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\xlvuoc0k.default-1383174806577\Extensions\ascsurfingprotection@iobit.com
File Deleted : C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\aaywiser.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi
File Deleted : C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\g3dn05dw.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi
File Deleted : C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\xlvuoc0k.default-1383174806577\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi

***** [ Scheduled tasks ] *****

Task Deleted : Dealply
Task Deleted : DealPlyUpdate
Task Deleted : Express FilesUpdate
Task Deleted : Funmoods
Task Deleted : MySearchDial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\UpToDown
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17229


-\\ Mozilla Firefox v36.0.1 (x86 pt-BR)

[aaywiser.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[aaywiser.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v35.0.1916.114

[C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Comodo Dragon v

[C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Chrome Canary v

[C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [13740 bytes] - [28/07/2014 15:30:14]
AdwCleaner[S0].txt - [11621 bytes] - [28/07/2014 15:32:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11681 bytes] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 10-March-2015
Tool run by Sergio on 11/03/2015 at 12:41:31,81.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sergio\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-28-185048.log 23859 bytes

==== System Restore Info ======================

11/03/2015 12:42:27 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Baixar Musicas Gratis deleted successfully
C:\PROGRA~2\DriverDoc deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\RBM deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\Users\Sergio\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Sergio\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Sergio\AppData\Roaming\SU Movie Editor deleted successfully
C:\Users\Sergio\AppData\Roaming\Tenorshare iPhone Data Recovery deleted successfully
C:\Users\Sergio\AppData\Roaming\TP deleted successfully
C:\Users\Sergio\AppData\Local\CrashDumps deleted successfully
C:\Users\Sergio\AppData\Local\VeriSign deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\aaywiser.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\aaywiser.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\g3dn05dw.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\g3dn05dw.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\xlvuoc0k.default-1383174806577\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\xlvuoc0k.default-1383174806577\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\aaywiser.default

user.js not found
---- Lines BrowseSmart removed from prefs.js ----
user_pref("extensions.BrowseSmart.aul", "1386335876992");
user_pref("extensions.BrowseSmart.irl", true);
user_pref("extensions.BrowseSmart.is", "isgiwhbr");
user_pref("extensions.BrowseSmart.ug", "C409DD69-9942-4CAD-B273-457172331FD9");
---- Lines Mega Browse removed from prefs.js ----
user_pref("extensions.Mega Browse.aul", "1395014467634");
user_pref("extensions.Mega Browse.irl", true);
user_pref("extensions.Mega Browse.is", "isgiwhBR");
user_pref("extensions.Mega Browse.ug", "FFBEF56C-E0F9-426B-8AA2-0AFA57F9061A");
---- Lines melondrea removed from prefs.js ----
user_pref("extensions.melondrea.asul", "1396569989015");
user_pref("extensions.melondrea.aul", "1396569963284");
user_pref("extensions.melondrea.irl", true);
user_pref("extensions.melondrea.is", "grbgobr");
user_pref("extensions.melondrea.ug", "6D452D6E-68F4-4838-8C74-2AF3CE325454");
---- Lines nspdl removed from prefs.js ----
user_pref("extensions.nspdl.aflt", "1543n");
user_pref("extensions.nspdl.cd", "2XzuyEtN2Y1L1QzuzztD0CtCyC0E0AzzyBzy0DzztCyCyBtDtN0D0Tzu0CyBtDtBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1CzutCyDyEtA1G");
user_pref("extensions.nspdl.cr", "42412003");
user_pref("extensions.nspdl.data.activeDate", "20131205");
user_pref("extensions.nspdl.data.aliveDate", "20131205");
user_pref("extensions.nspdl.data.cc", "br");
user_pref("extensions.nspdl.data.configDate", "20131205");
user_pref("extensions.nspdl.data.instlDate", "20131202");
user_pref("extensions.nspdl.general.content", "favorites-38c6f45886f2174724f9414dac4fefd4");
user_pref("extensions.nspdl.general.firstRun", false);
user_pref("extensions.nspdl.general.guid", "60219694-b59f-41b8-9df0-1784c94b61b4");
user_pref("extensions.nspdl.general.version", "9.5.3");
---- Lines irspeeddial removed from prefs.js ----
user_pref("extensions.irspeeddial.aflt", "1543n");
user_pref("extensions.irspeeddial.cd", "2XzuyEtN2Y1L1QzuzztD0CtCyC0E0AzzyBzy0DzztCyCyBtDtN0D0Tzu0CyBtDtBtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1CzutCyDyEtA1G
user_pref("extensions.irspeeddial.cr", "42412003");
user_pref("extensions.irspeeddial.instlRef", "");
---- FireFox user.js and prefs.js backups ----

prefs_032015_1252_.backup

ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\g3dn05dw.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_032015_1252_.backup

ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\xlvuoc0k.default-1383174806577

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_032015_1252_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Baixar Musicas Gratis not found
C:\PROGRA~2\DriverDoc not found
C:\PROGRA~2\RBM not found
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~3\DPyMuGph deleted
C:\PROGRA~2\Mozilla Firefox\vitruvian-autoenable.cfg deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\Users\Sergio\AppData\Roaming\Wondershare deleted
C:\Users\Sergio\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\windows\SysNative\drivers\hlnfd.sys deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\Sergio\Desktop\loader GxDownloader_III_V2.009.exe deleted
C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\aaywiser.default\nspdl deleted
"C:\Users\Sergio\AppData\Roaming\CB" deleted
"C:\Users\Sergio\AppData\Roaming\INNIRC" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\aaywiser.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\g3dn05dw.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\xlvuoc0k.default-1383174806577
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"VIP3X@verisign.com"="C:\Program Files (x86)\Symantec\VIP Access Client" [10/03/2015 12:26]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\g3dn05dw.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF

ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\xlvuoc0k.default-1383174806577
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF

ExtDir: C:\Users\Sergio\AppData\Roaming\Mozilla\Extensions
- Monitor - %ExtDir%\{12477a84-2e51-4281-acac-68f2ca244f23}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\aaywiser.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
2BF85B6162528E0635DD8D632EB975C8 - C:\Users\Sergio\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop
21025F3A113559BF3D7BBE162BDA626D - C:\Users\Sergio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Sergio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

Profilepath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\xlvuoc0k.default-1383174806577
2BF85B6162528E0635DD8D632EB975C8 - C:\Users\Sergio\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll - Facebook Desktop
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Sergio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrador\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Convidado\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Sergio\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Sergio\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Google Chrome Version: 35.0.1916.114 (Possible outdated, latest Stable version: 41.0.2272.89)


Save to 4shared - Sergio\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie
Downloads - Sergio\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\dcagnhpbnggmbihndfkkhfjojgbaaedo
Proxy - Sergio\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\hpofinfdicogoakggciidggcikhgklcj
Google Wallet - Sergio\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Branding - Sergio\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\oocjgdbfocddoflggljlfmpapfiiccak
Google Wallet - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Sergio\Desktop\SIM.lnk - C:\Users\Sergio\AppData\Roaming\Microsoft\Installer\{795DBE6F-834A-45AD-AAE1-4114D8B476E0}\_63CF8375C7ED8801425BF5.exe Run as administrator
C:\Users\Sergio\Desktop\UsbFix.lnk - C:\UsbFix\UsbFix.exe
C:\Users\Sergio\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\Sergio\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\SIM.lnk - C:\Users\Sergio\AppData\Roaming\Microsoft\Installer\{795DBE6F-834A-45AD-AAE1-4114D8B476E0}\_63CF8375C7ED8801425BF5.exe Run as administrator
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SIM.lnk - C:\Users\Sergio\AppData\Roaming\Microsoft\Installer\{795DBE6F-834A-45AD-AAE1-4114D8B476E0}\_63CF8375C7ED8801425BF5.exe Run as administrator
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Sergio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sergio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Sergio\AppData\Local\Mozilla\Firefox\Profiles\aaywiser.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Sergio\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Cache emptied successfully
C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=220 folders=78 55216396 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Sergio\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Sergio\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 11/03/2015 at 13:40:03,66 ======================

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para executá-lo corretamente siga as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.

~ ZHPCleaner v2015.3.10.116 by Nicolas Coolman (09/03/2015)
~ Run by Sergio (Administrator) (11/03/2015 17:20:21)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Sergio\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Sergio\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Services (0)
~ No malicious items found.


---\\ Browser internet (2)
REPLACED Proxy: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 ( 1 )
REPLACED Proxy: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 ( 1 )


---\\ Hosts file (2)
REPLACED:
Number of found redirections 1/22


---\\ Scheduled automatic tasks. (0)
~ No malicious items found.


---\\ Explorer ( File, Folder) (0)
~ No malicious items found.


---\\ Registry ( Key, Value, Data) (3)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection [Advanced SystemCare Browser Protection] (Hijacker.Eazel)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Mega Browse [] (PUP.MegaBrowse)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Mega Browse [] (PUP.MegaBrowse)



---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 79371
~ Items found : 1
~ Items repaired : 2


End of clean at 17:26:38
===================
ZHPCleaner-[R]-11032015-17_26_38.txt

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Basic x64
Ran by Sergio on 11/03/2015 at 17:34:42,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\baidu security"



~~~ FireFox

Emptied folder: C:\Users\Sergio\AppData\Roaming\mozilla\firefox\profiles\aaywiser.default\minidumps [140 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/03/2015 at 17:37:36,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Veja se você tem a mais nova versão do Malwarebytes. Se você estiver com a antiga, desinstale-o e faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]


Protection, 11/03/2015 18:28:57, SYSTEM, BOLZAN, Protection, Malware Protection, Starting,
Protection, 11/03/2015 18:28:57, SYSTEM, BOLZAN, Protection, Malware Protection, Started,
Protection, 11/03/2015 18:28:57, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Starting,
Protection, 11/03/2015 18:28:58, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Started,
Update, 11/03/2015 18:29:18, SYSTEM, BOLZAN, Manual, Remediation Database, 2013.10.16.1, 2015.3.9.1,
Update, 11/03/2015 18:29:18, SYSTEM, BOLZAN, Manual, Rootkit Database, 2014.11.18.1, 2015.2.25.1,
Update, 11/03/2015 18:29:40, SYSTEM, BOLZAN, Manual, Malware Database, 2014.11.20.6, 2015.3.11.5,
Protection, 11/03/2015 18:29:40, SYSTEM, BOLZAN, Protection, Refresh, Starting,
Protection, 11/03/2015 18:29:40, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Stopping,
Protection, 11/03/2015 18:29:41, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Stopped,
Protection, 11/03/2015 18:29:45, SYSTEM, BOLZAN, Protection, Refresh, Success,
Protection, 11/03/2015 18:29:45, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Starting,
Protection, 11/03/2015 18:29:45, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Started,
Protection, 11/03/2015 18:31:55, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Stopping,
Protection, 11/03/2015 18:31:55, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Stopped,
Protection, 11/03/2015 18:31:55, SYSTEM, BOLZAN, Protection, Malware Protection, Stopping,
Protection, 11/03/2015 18:31:56, SYSTEM, BOLZAN, Protection, Malware Protection, Stopped,
Protection, 11/03/2015 18:32:14, SYSTEM, BOLZAN, Protection, Malware Protection, Starting,
Protection, 11/03/2015 18:32:14, SYSTEM, BOLZAN, Protection, Malware Protection, Started,
Protection, 11/03/2015 18:32:14, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Starting,
Protection, 11/03/2015 18:32:15, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Started,
Update, 11/03/2015 18:32:31, SYSTEM, BOLZAN, Manual, Remediation Database, 2013.10.16.1, 2015.3.9.1,
Update, 11/03/2015 18:32:32, SYSTEM, BOLZAN, Manual, Rootkit Database, 2014.11.18.1, 2015.2.25.1,
Update, 11/03/2015 18:33:18, SYSTEM, BOLZAN, Manual, Malware Database, 2014.11.20.6, 2015.3.11.5,
Protection, 11/03/2015 18:33:18, SYSTEM, BOLZAN, Protection, Refresh, Starting,
Protection, 11/03/2015 18:33:18, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Stopping,
Protection, 11/03/2015 18:33:18, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Stopped,
Protection, 11/03/2015 18:33:22, SYSTEM, BOLZAN, Protection, Refresh, Success,
Protection, 11/03/2015 18:33:22, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Starting,
Protection, 11/03/2015 18:33:23, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Started,
Scan, 11/03/2015 20:04:49, SYSTEM, BOLZAN, Manual, Start:11/03/2015 18:33:18, Duration:1 hr 28 min 54 sec, Verificação Personalizada, Terminado, 0 Malware Detections, 6 Non-Malware Detections,
Protection, 11/03/2015 20:06:54, SYSTEM, BOLZAN, Protection, Malware Protection, Starting,
Protection, 11/03/2015 20:06:54, SYSTEM, BOLZAN, Protection, Malware Protection, Started,
Protection, 11/03/2015 20:06:54, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Starting,
Protection, 11/03/2015 20:07:00, SYSTEM, BOLZAN, Protection, Malicious Website Protection, Started,

(end)

Você postou o log de proteção, mas o que precisamos é do log de verificação.

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data da Verificação: 11/03/2015
Hora da Verificação: 18:33:18
Arquivo de Log: log verifi..txt
Administrador: Sim

Versão: 2.00.4.1028
Base de Dados de Malware: v2015.03.11.05
Base de Dados de Rootkit: v2015.02.25.01
Licença: Avaliação Gratuita
Proteção de Malware: Habilitado
Proteção de Site Malicioso: Habilitado
Auto-Proteção: Desabilitado

SO: Windows 7 Service Pack 1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: Sergio

Tipo da Verificação: Verificação Personalizada
Resultado: Terminado
Objetos Verificados: 559238
Tempo Decorrido: 1 hr, 28 min, 54 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de Registro: 1
PUP.Optional.DealPly.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPly, Quarentena, [9d0c0e144a404aec5cca308c9e654fb1],

Valores de Registro: 0
(Nenhum item malicioso detectado)

Dados de Registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 5
PUP.Optional.MultiPlug, C:\AdwCleaner\Quarantine\C\Program Files (x86)\cosstminn\DYIps.dll.vir, Quarentena, [b3f63de590fac96d745bc7f24cb50ef2],
PUP.Optional.Preload, C:\AdwCleaner\Quarantine\C\Program Files (x86)\cosstminn\DYIps.x64.dll.vir, Quarentena, [9019f131f29803331de7dae58a777d83],
PUP.Optional.YFDownloader, C:\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloader Updater\uninstall.exe.vir, Quarentena, [2683fc26c2c846f008e2992ede230af6],
PUP.Optional.MultiPlug, C:\AdwCleaner\Quarantine\C\ProgramData\cosstminn\Cd3UjK.exe.vir, Quarentena, [61485dc5acde38fef067c3fad52cf50b],
PUP.Optional.WPM.A, C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir, Quarentena, [08a17da5b5d537ff599ae2d2d42d4db3],

Setores Físicos: 0
(Nenhum item malicioso detectado)


(end)

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "COMPLETA" e aguarde a conclusão:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
_______________________________________________

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir.

Clique no botão Créer le lien Cjoint

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

Obs: como estou acessando pelo celular, amanhã te passo o próximo procedimento, OK?

Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000Core] (.Facebook Inc..) -- C:\Users\Sergio\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000UA] (.Facebook Inc..) -- C:\Users\Sergio\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000Core.job [910]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000Core [910]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000UA.job [932]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000UA [932]
[HKLM\Software\48891SKYPE]
O43 - CFD: 14/11/2014 - 21:45:03 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 06/06/2013 - 21:39:34 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\200113
O43 - CFD: 17/07/2014 - 20:45:20 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hao123-Brazil
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ShortcutFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Rapport de ZHPFix 2015.2.17.3 par Nicolas Coolman, Update du 17/02/2015
Fichier d'export Registre :
Run by Sergio at 12/03/2015 12:24:59
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 36s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ:* HKLM\Software\48891SKYPE
ELIMINÉ: SearchScopes :{012E1000-F331-11DB-8314-0800200C9A66}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (108) (3.236.857 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000Core
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-1190544074-2727672657-2929601756-1000UA

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
3 : Chaves do Registo
1 : Pastas
2 : Ficheiros
2 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 10s

========== Caminho do ficheiro do relatório ==========
C:\Users\Sergio\AppData\Roaming\ZHP\ZHPFix[R1].txt - 12/03/2015 12:25:36 [1243]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "COMPLETA" e aguarde a conclusão:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
_______________________________________________

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir.

Clique no botão Créer le lien Cjoint

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

Obs: como estou acessando pelo celular, amanhã te passo o próximo procedimento, OK?

Acesse estas pastas destacadas em vermelho abaixo e veja se há algum(s) arquivo(s) suspeitos nelas:

C:\Users\Sergio\AppData\Local\11111
C:\Users\Sergio\AppData\Local\_

Se houver arquivo(s) suspeito(s), envie para análise no site Virus Total:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

E depois nos diga o resultado.
___________________________________________________

 Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
[HKCU\Software\Baixar Musicas Gratis Company]
ShortcutFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está o PC depois disto.

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

ALYac 20150313
AVG 20150313
AVware 20150313
Ad-Aware 20150313
AegisLab 20150313
Agnitum 20150312
AhnLab-V3 20150313
Alibaba 20150313
Antiy-AVL 20150313
Avast 20150313
Avira 20150313
Baidu-International 20150313
BitDefender 20150313
Bkav 20150313
ByteHero 20150313
CAT-QuickHeal 20150313
CMC 20150313
ClamAV 20150313
Comodo 20150313
Cyren 20150313
DrWeb 20150313
ESET-NOD32 20150313
Emsisoft 20150313
F-Prot 20150313
F-Secure 20150313
Fortinet 20150313
GData 20150313
Ikarus 20150313
Jiangmin 20150313
K7AntiVirus 20150313
K7GW 20150313
Kaspersky 20150313
Kingsoft 20150313
Malwarebytes 20150313
McAfee 20150313
McAfee-GW-Edition 20150313
MicroWorld-eScan 20150313
Microsoft 20150313
NANO-Antivirus 20150313
Norman 20150313
Panda 20150311
Qihoo-360 20150313
Rising 20150313
SUPERAntiSpyware 20150313
Sophos 20150313
Symantec 20150313
Tencent 20150313
TheHacker 20150313
TotalDefense 20150313
TrendMicro 20150313
TrendMicro-HouseCall 20150313
VBA32 20150312
VIPRE 20150313
ViRobot 20150313
Zillya 20150312
Zoner 20150313
nProtect 20150313

Rapport de ZHPFix 2015.2.17.3 par Nicolas Coolman, Update du 17/02/2015
Fichier d'export Registre :
Run by Sergio at 13/03/2015 12:12:21
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 19s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\Baixar Musicas Gratis Company

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (3) (64.702 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 01mn 10s

========== Caminho do ficheiro do relatório ==========
C:\Users\Sergio\AppData\Roaming\ZHP\ZHPFix[R1].txt - 12/03/2015 12:25:36 [1324]
C:\Users\Sergio\AppData\Roaming\ZHP\ZHPFix[R2].txt - 13/03/2015 12:12:41 [979]