Remoção de virus que veio com ARES do Baixaki

Ao instalar o Ares veio esse vírus, sempre abre como pagina inicial, e tornou meu computador super lento e travando.
Podem me ajudar a remover por favor? por favor?

Oi Glaurey.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

# AdwCleaner v4.206 - Relatório criado 19/06/2015 às 19:02:28
# Atualizado 01/06/2015 por Xplode
# Base de dados : 2015-06-17.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x64)
# Usuário : GLAUCE - GLAU-PC
# Executando de : C:\Users\GLAUCE\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Excluído : hola_svc
[#] Serviço Excluído : hola_updater
Serviço Excluído : {723c6d0d-0645-410d-b199-d1311f892d8d}Gw64

***** [ Arquivos / Pastas ] *****

Pasta Excluído : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WindeskWinsearch
Pasta Excluído : C:\Program Files\Hola
Pasta Excluído : C:\Users\GLAUCE\AppData\Local\Hola
Pasta Excluído : C:\Users\GLAUCE\AppData\Local\Windesk_Winsearch
Pasta Excluído : C:\Users\GLAUCE\AppData\Roaming\Hola
Arquivo Excluído : C:\END
Arquivo Excluído : C:\AnySend.lnk
Arquivo Excluído : C:\Users\Public\Desktop\WindeskWinsearch.lnk
Arquivo Excluído : C:\Windows\System32\drivers\{723c6d0d-0645-410d-b199-d1311f892d8d}Gw64.sys

***** [ Tarefas agendadas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Apagado : HKLM\SOFTWARE\Classes\S
Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Dados Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Apagado : HKCU\Software\GAMESDESKTOP
Chave Apagado : HKLM\SOFTWARE\Tutorials
Chave Apagado : HKLM\SOFTWARE\mystartsearchSoftware
Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Dados Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17801

Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v22.0 (pt-BR)


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [3955 bytes] - [19/06/2015 18:59:35]
AdwCleaner[R1].txt - [4014 bytes] - [19/06/2015 19:01:54]
AdwCleaner[S0].txt - [2727 bytes] - [19/06/2015 19:02:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2786 bytes] ##########

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.2 (06.18.2015:1)
OS: Windows 7 Ultimate x64
Ran by GLAUCE on 19/06/2015 at 23:16:30,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E24406C9843D5DA01789E18B95396688



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\GLAUCE\appdata\local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage
Successfully deleted: [File] C:\Users\GLAUCE\appdata\local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal
Successfully deleted: [File] C:\Users\GLAUCE\desktop\continue gamesdesktop uninstaller.lnk



~~~ Folders

Failed to delete: [Folder] C:\users\public\documents\baidu
Successfully deleted: [Folder] C:\users\public\documents\guid
Successfully deleted: [Folder] C:\users\public\documents\pc faster



~~~ Chrome


[C:\Users\GLAUCE\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\GLAUCE\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\GLAUCE\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\GLAUCE\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/06/2015 at 23:19:29,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Salve-o no Desktop (Área de Trabalho).

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by GLAUCE on 21/06/2015 at 15:53:27,68.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\GLAUCE\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21/06/2015 15:58:31 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\CorelDRAW Graphics Suite X7 x64 deleted successfully
C:\PROGRA~3\PEERNET deleted successfully
C:\Users\GLAUCE\AppData\Roaming\Opera Software deleted successfully
C:\Users\GLAUCE\AppData\Local\Opera Software deleted successfully
C:\Users\GLAUCE\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\GLAUCE\AppData\Roaming\Mozilla\Firefox\Profiles\pcjs3g79.default\prefs.js:
user_pref("browser.startup.homepage", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
user_pref("browser.newtab.url", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Added to C:\Users\GLAUCE\AppData\Roaming\Mozilla\Firefox\Profiles\pcjs3g79.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\GLAUCE\AppData\Roaming\Mozilla\Firefox\Profiles\pcjs3g79.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_062015_1609_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\CorelDRAW Graphics Suite X7 x64 not found
C:\hpdkbu.exe deleted
C:\hpuninst.exe deleted
C:\uTorrent.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\GLAUCE\AppData\Local\cache deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\GLAUCE\Ares Galaxy.exe deleted
C:\Users\GLAUCE\aresregular230_installer.exe deleted
C:\Users\GLAUCE\GoogleEarthSetup.exe deleted
C:\Users\GLAUCE\uTorrent.exe deleted
"C:\PROGRA~2\Bonjour\mdnsNSP.dll" deleted
"C:\PROGRA~2\Bonjour\mDNSResponder.exe" deleted
"C:\PROGRA~2\Bonjour" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\GLAUCE\AppData\Roaming\Mozilla\Firefox\Profiles\pcjs3g79.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [27/05/2015 17:34]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.124

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[27/05/2015 17:34]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[27/05/2015 17:34]

Google Slides - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast SafePrice - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
ZenMate Security Privacy Unblock VPN - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme
Google Sheets - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Hotword Shared Module - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Preferences
ocol_str":"quic"}]},"www-fc-opensocial.googleusercontent.com:443":{"network_stats":{"srtt":41339},"supports_spdy":true},"www-gm-opensocial.googleusercontent.com:443":{"supports_spdy":true},"www-gmc-opensocial.googleusercontent.com:443":{"network_stats":{"srtt":206727},"supports_spdy":true},"[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"z","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13079034176035846","lastpingday":"13079343601304611","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"pt_BR","default_locale":"en","description":"E-mail rápido e pesquisável com menos spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"4AD781A353C5453B6649AA759E4232B78915A4E3755B683C376EAF9B176AD7D7"},"default_search_provider":{"keyword":"BA7080B54AC03F7F9207DDA2EA8A62441D77E591AF2D818D9111C555FA0FB9E1","name":"A51DFD455175D34188E8E303EFA44A28846C850795746DFF9E435A15EF9E1908","search_url":"993AC5FAFDE8F69DC898236BA453100A555E5F463F999753CB945595847266F1"},"default_search_provider_data":{"template_url_data":"AD6053619301E7F4CEFFD4D46C8156B6AFD92B22D0084E60C8C34FBB90F0C364"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"506F783C32D4722C921433EA6BE7D7A1D80211ED4DA5853A4F281E8598A4D2E1","ahfgeienlihckogmohjhadlkjgocpleb":"8CFBCB22661C53C66B7C79C5B39A5597A536AD1B323CD64BD13CD2920E6D656E","aohghmighlieiainnegkcijnfilokake":"5E02F1F565D0711B47FEDB88971200C3FFFFB0F2A4D4A703DFC63FD6954EFBB6","apdfllckaahabafndbhieahigkjlhalf":"A9E7C2C3732ABA75400C9D5C4E731DA1755B17DD96AD7388D69BDFBDE99A49A1","bepbmhgboaologfdajaanbcjmnhjmhfn":"EE35830B3B7B898715439E02A6935418431F9F7750E1A772CA92324F1D009238","blpcfgokakmgnkcojhhkbfbldkacnbeo":"4B5B98E4A9AB8ABF0E8DAD37259D661472E0D2E9CF9142211DA4A54CB1840815","coobgpohoikkiipiblmjeljniedjpjpf":"A6B1C80C8440C3F592FEE3404FDC5584CF54BDF3F2F99C189A1E7603588C0F25","eemcgdkfndhakfknompkggombfjjjeno":"5E1F23864F87C2C9818FB2C5CF44AD20213CD41F9476F5B6E3C437A98F79C894","ennkphjdgehloodpbhlhldgbnhmacadg":"D65FFDFEDB36FC2292A85F36B6108ED38372A165B93FCB7C60F6A30F4558A183","eofcbnmajmjmplflapaojjnihcjkigck":"014B6C3BE1752F7496A437AEDFBD7FAC47608E1F355242FC97EAB48DB5F31967","fdcgdnkidjaadafnichfpabhfomcebme":"8BB52260036B9DEAF8EFB2A99FE986C7BE58D0EB24556A206AB6E7BF0CB18946","felcaaldnbdncclmgdcncolpebgiejap":"35A2C4504F49FA9D8E3936877CF66C09DCE68368E667C18B97D84316026C20E4","gfdkimpbcpahaombhbimeihdjnejgicl":"3C355CA53C947884ECAC5DC06DEAA0CA77510E5839084CC40BB2912B4739E672","gomekmidlodglbbmalcneegieacbdmki":"5A6ABE652449224E93C2424CD5956255280772DB3803588B406239D8B17C6579","kmendfapggjehodndflmmgagdbamhnfd":"079DD3E70E08C7D5EB7E6A9DA1FE683136BFB127715B1AB1DF17DC1C9BDA0D6C","lccekmodgklaepjeofjdjpbminllajkg":"8634F8344A6D203537D165A47C9A2498DFA2E347ABB90D33F053CEFFB062A18D","mfehgcgbbipciphmccgaenjidiccnmng":"F240ADB3746B900819D092C49012EC64DF26B88C7F5B0674CA71FE328D24DFC8","mgndgikekgjfcpckkfioiadnlibdjbkf":"72D6A0123361451CC6C64AB8A5132593C820944B66A4D8E187632A9702D9A117","mhjfbmdgcfjbbpaeojofohoefgiehjai":"95A92182A190346D21477EFF6ED19F2EA1F01F03C96461FB6D95A1E0BEA1C15F","nbpagnldghgfoolbancepceaanlmhfmd":"8CFBC4E30990DF5D14C49B6ED8257648A9017AA310769D9E760E3689085B8409","neajdppkdcdipfabeoofebfddakdcjhd":"47759C7D679E4E0910605D85EF0B96A8F8E0457FDD5FA56AAF224EF0889C541C","nkeimhogjdpnpccoofpliimaahmaaome":"1863AF87D6DB716DA832653DEF02531238D4403F8A86E2E961E042B042E6336E","nmmhkkegccagdldgiimedpiccmgmieda":"AC9F585737AF66586DB9F39E0D371254C8610753BFFD52AAAFF13EE5DDBFAF4A","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"6FE2861DB2C9FD8DF8D89686391D1E1CC28382C011229F82CDF603BC08E6A9AB","pjkljhegncpnkpknbcohdijeoejaedia":"816C641BB8062BF5218EC9A08194361591A7FB2DB79FE021044A3AFCD3CBFC60"}},"google":{"services":{"last_username":"D81C7B46072A0DD71D1A84102117FA1D27DB79697AD19ED7545B20206FF67A99","username":"623113A332A0AD9DC546206486C80B05386F38A7B105E080D81A1F77C29E8D85"}},"homepage":"3FB12104AB3990E43C767E413323C47CC8B02BA208984073E3359D16A1988282","homepage_is_newtabpage":"8909974DF1A9DDC766F8944056A08A336C7115FB3B71578934E8D89DE4553CE6","pinned_tabs":"9117CDB20E446B0EC1A3D95DC99FF8B0A598DAE1CA456091BC5653D2E7BEEDD0","prefs":{"preference_reset_time":"EDC5B3BC11318174FEAD91B385E1C54546A0221A059C4BEF4DE30DA0FC15A3F8"},"profile":{"reset_prompt_memento":"8BEE7A0BF0274DA9C816D818A202048DF4A5DFFFBD1F628FB03AF1D3A8674F16"},"safebrowsing":{"incidents_sent":"AD8E8308596590AE4D69C71B5FC3728725CD009B09A7AE8F9934C18474F038EC"},"search_provider_overrides":"12A3F448AFFB391B513A5657686D653A81EA530B2F2E5499EE4172A81A0B413A","session":{"restore_on_startup":"735E47748B3B25332507ED083775955946D2161A6F71CA841443683DBAC6EB80","startup_urls":"1CD956833259CF999E76D8D2C75B96886E4D50DC65032E987EF5E705ACF8CD49"},"software_reporter":{"prompt_reason":"557401FBC49F6C152619F02580263724FA9165278F1A777CB674A6C6EAE7E400","prompt_seed":"B275033A35CEE94E7BFD76951B74474F8D27CED4B6398B8FCE605B0AF5B01E44","prompt_version":"DD9E3398A1525118A5F99C18496CBDA36345B6ED37FBF6F959411EED821C2BE3"},"sync":{"remaining_rollback_tries":"14666223F4F46B31DC7C7DC29C7E0B3CA8C49732D935427A6EA3A595C1861C55"}},"super_mac":"CA924E37249FCE79E0A3EBC7725E269318CA00C4F122F02DA326A443410CDFEB"}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
"Old Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{385C38D3-77CC-463D-987D-7980B27A1DDE} Google Url="https://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\GLAUCE\Desktop\Adobe Photoshop CS3.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Users\GLAUCE\Desktop\µTorrent.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\AutoCAD 2014 - Português - Brasil (Brazilian Portuguese).lnk -
C:\Users\Public\Desktop\Autodesk 360.lnk - C:\Program Files (x86)\Autodesk\Autodesk Sync\AdSync.exe /browseLocal
C:\Users\Public\Desktop\Autodesk ReCap.lnk - C:\Program Files (x86)\Autodesk\Autodesk ReCap\recap.exe
C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk - c:\Windows\Installer\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}\NewShortcut1_68427AB8B2C044C58AA777A4C3F75634.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Public\Desktop\Google SketchUp 8.lnk - C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe
C:\Users\Public\Desktop\HD VDeck.lnk - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Users\Public\Desktop\LayOut 2014.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\LayOut\LayOut.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\PDF Creator Plus 4.0.lnk - C:\Program Files (x86)\PDF Creator Plus 4.0\PNEPUB2.exe
C:\Users\Public\Desktop\SketchUp 2014.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\SketchUp.exe
C:\Users\Public\Desktop\Style Builder 2014.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\Style Builder\Style Builder.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\GLAUCE\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk - C:\Program Files (x86)\Adobe\Adobe Bridge CS3\Bridge.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk - C:\Program Files (x86)\Adobe\Adobe Device Central CS3\DeviceCentral.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk - C:\Program Files (x86)\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk - C:\Program Files (x86)\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk - C:\Program Files (x86)\Hola\app\hola.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk - C:\Windows\System32\fsquirt.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Ares.lnk - C:\Program Files (x86)\Ares\Ares.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Homepage.lnk - C:\Program Files (x86)\Ares\data\Homepage.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Host Chatroom.lnk - C:\Program Files (x86)\Ares\chatServer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Uninstall.lnk - C:\Program Files (x86)\Ares\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk 360.lnk - C:\Program Files (x86)\Autodesk\Autodesk Sync\AdSync.exe /browseLocal
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Uninstall Tool.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\Uninstall Tool\R1\UninstallTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 - Português - Brasil (Brazilian Portuguese)\Anexar assinaturas digitais.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 - Português - Brasil (Brazilian Portuguese)\AutoCAD 2014 - Português - Brasil (Brazilian Portuguese).lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 - Português - Brasil (Brazilian Portuguese)\Gerenciador de referências.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 - Português - Brasil (Brazilian Portuguese)\Restaurar configurações padrão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 - Português - Brasil (Brazilian Portuguese)\Utilitário de transferência de licenças - AutoCAD 2014.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 - Português - Brasil (Brazilian Portuguese)\Verificador de normas em lote.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 - Português - Brasil (Brazilian Portuguese)\Migrar configurações personalizadas\Exportar configurações do AutoCAD 2014.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 - Português - Brasil (Brazilian Portuguese)\Migrar configurações personalizadas\Importar configurações do AutoCAD 2014.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 - Português - Brasil (Brazilian Portuguese)\Migrar configurações personalizadas\Migrar configurações personalizadas.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk ReCap\Autodesk ReCap.lnk - C:\Program Files (x86)\Autodesk\Autodesk ReCap\recap.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Content Service\Content Service - Configuration Console.lnk - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.Admin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Uninstall V-Ray for SketchUp demo.lnk - C:\ProgramData\ASGVIS\Uninstall_VRayForSketchUp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Distributed Rendering\Launch the distributed rendering spawner.lnk - C:\ProgramData\ASGVIS\Common\x86\vc8\Distributed Rendering\XMLDRSpawner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Distributed Rendering 64-bit\Launch the distributed rendering spawner.lnk - C:\ProgramData\ASGVIS\Common\x64\vc10\Distributed Rendering\XMLDRSpawner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group\V-Ray for SketchUp demo\Documentation\V-Ray for SketchUp Online Documentation.lnk - C:\ProgramData\ASGVIS\Documentation\V-Ray for SketchUp 1.5 Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)\Bitstream Font Navigator (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\FontNav64\FontNav.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)\Corel CAPTURE X7 (64-Bit).lnk - c:\Windows\Installer\{2C91CB9D-323D-43E5-A433-229B71CFB773}\NewShortcut8_65BCA6E0337A452DA55C0654EAAD7A0B.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)\Corel CONNECT X7 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Connect64\Connect.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)\Corel PHOTO-PAINT X7 (64-Bit).lnk - c:\Windows\Installer\{C922F325-DD52-4E22-B204-431A06E63E51}\NewShortcut2_EBB51BFEE10948A888CB7ADF96E8EC80.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)\CorelDRAW X7 (64-Bit).lnk - c:\Windows\Installer\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}\NewShortcut1_68427AB8B2C044C58AA777A4C3F75634.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)\Duplexing Wizard (64-Bit).lnk - c:\Windows\Installer\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}\NewShortcut10_BB562587DB944A668ECBA27E6BFD871C.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)\Video Tutorials X7 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\VideoBrowser64\VideoBrowser.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)\Documentation\Macro Programming Guide.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier\Driver Identifier.lnk - C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Desinstalar o Google Earth.lnk - C:\Windows\SysWOW64\msiexec.exe /x {6F545E5E-4595-11E2-93B6-B8AC6F97B88E}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Iniciar Google Earth no modo DirectX.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Iniciar Google Earth no modo OpenGL.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setOGL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8\Google SketchUp.lnk - C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\Codec Settings.lnk - C:\Windows\SysWOW64\C2MP\CodecSettings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\Uninstall.lnk - C:\Windows\System32\C2MP\Uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack\Helpful Resources\How to play unusual files.lnk - C:\Windows\SysWOW64\C2MP\doc_open_with.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Nero ProductSetup.lnk - C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe -ScParameter=8 MODE="update"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Compartilhar\Nero MediaHome.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\dados\Nero BackItUp.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\BackItUp.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\dados\Nero Burning ROM.lnk - C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\dados\Nero Express.lnk - C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe -ScParameter=8 /w
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Etiquetas\Nero CoverDesigner.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Ferramentas\Nero BurnRights.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Ferramentas\Nero CD-DVD Speed.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\CDSpeed.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Ferramentas\Nero DriveSpeed.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Ferramentas\Nero InfoTool.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\InfoTool.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Ferramentas\Nero Scout.lnk - C:\Program Files (x86)\Common Files\Ahead\Lib\NeroScoutOptions.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Foto e Vídeo\Nero PhotoSnap Viewer.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Foto e Vídeo\Nero PhotoSnap.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Foto e Vídeo\Nero Recode.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Foto e Vídeo\Nero Vision.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Recode\NeroRecode_ptb.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero Adobe Premiere Plug-In [Inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero BackItUp [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero Burn Plug-in (for MCE) [Manual em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero Burning ROM [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero CD-DVD Speed [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero CoverDesigner [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero Express [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero Home [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero MediaHome [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero MediaStreaming Plug-in (for MCE) [Manual em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero Mobile [Manual em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero PhotoSnap [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero ShowTime [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero SoundTrax [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero StartSmart [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero Vision [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Manuais\Nero WaveEditor [Ajuda em inglês].lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Tocar\Nero Mobile.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Mobile\SetupNeroMobile.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\Tocar\Nero ShowTime.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero ShowTime\ShowTime.exe -ScParameter=8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\áudio\Nero Burning ROM.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\áudio\Nero Express.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\áudio\Nero SoundTrax.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium\áudio\Nero WaveEditor.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator Plus 4.0\Add another printer.lnk - C:\Program Files (x86)\PDF Creator Plus 4.0\CopyPrinter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator Plus 4.0\Help.lnk - C:\Program Files (x86)\PDF Creator Plus 4.0\PNEPUB2.HLP
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator Plus 4.0\PDF Creator Plus 4.0.lnk - C:\Program Files (x86)\PDF Creator Plus 4.0\PNEPUB2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator Plus 4.0\Quick Start Guide.lnk - C:\Program Files (x86)\PDF Creator Plus 4.0\quickstartguide.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator Plus 4.0\Updates & Support.lnk - C:\Program Files (x86)\PDF Creator Plus 4.0\product.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator Plus 4.0\User Guide.lnk - C:\Program Files (x86)\PDF Creator Plus 4.0\userguide.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator Plus 4.0\Word Add-In Help.lnk - C:\Program Files (x86)\PDF Creator Plus 4.0\PNWORD1.HLP
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014\LayOut.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\LayOut\LayOut.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014\SketchUp.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\SketchUp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014\Style Builder.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2014\Style Builder\Style Builder.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\GLAUCE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GLAUCE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GLAUCE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M09HDZ6P will be deleted at reboot
C:\Users\GLAUCE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUWDY5J1 will be deleted at reboot
C:\Users\GLAUCE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU5656YG will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\GLAUCE\AppData\Local\Mozilla\Firefox\Profiles\pcjs3g79.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\GLAUCE\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=637 folders=255 22507531 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\GLAUCE\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\GLAUCE\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Bonjour" not found
"C:\Users\GLAUCE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M09HDZ6P" not found
"C:\Users\GLAUCE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUWDY5J1" not found
"C:\Users\GLAUCE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SU5656YG" not found

==== EOF on 21/06/2015 at 18:21:01,03 ======================

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para executá-lo corretamente siga as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.

~ ZHPCleaner v2015.6.21.281 by Nicolas Coolman (2015\06\21)
~ Run by GLAUCE (Administrator) (22/06/2015 14:17:52)
~ Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\GLAUCE\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\GLAUCE\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Serviços (1)
PAROU : KMService (Hijacker.Office)


---\\ Navegadores de Internet (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Arquivo hosts (2)
SUBSTITUIDO:
Número de redirecionamentos encontrados 1/22


---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso foi encontrado.


---\\ Explorer ( Arquivos, Pastas) (1)
MOVIDO pasta: C:\Users\GLAUCE\Downloads\OffercastInstaller.exe [Ask.com - Offercast - APN Install Manager] (Toolbar.Ask)


---\\ Registro ( Chaves, Valores, Dados ) (7)
SUPRIMIDO dados: HKCR\AutoCADScriptFile\Shell\Open\Command\\Default [Bad : [scr] C:\Windows\system32\notepad.exe "%1"] (Broken.OpenCommand)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\KMService [C:\Windows\System32\srvany.exe (Not File)] (Hijacker.Office)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] (Toolbar.Ask)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Windesk Winsearch.exe [C:\Program Files (x86)\WindeskWinsearch\Windesk Winsearch.exe (Not File)] (PUP.WindeskWinsearch)
SUPRIMIDO chave: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Windesk Winsearch.exe [C:\Program Files (x86)\WindeskWinsearch\Windesk Winsearch.exe (Not File)] (PUP.WindeskWinsearch)
SUPRIMIDO valor: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E24406C9843D5DA01789E18B95396688 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] (PUP.CrossBrowse)
SUPRIMIDO valor: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windesk Winsearch [C:\Program Files (x86)\WindeskWinsearch\Windesk Winsearch.exe] (PUP.WindeskWinsearch)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 962
~ Items encontrado : 1
~ items cancelados : 0
~ Items réparo : 9


End of clean at 14:18:11
===================
ZHPCleaner-[R]-22062015-14_18_11.txt
ZHPCleaner-[S]-22062015-14_13_55.txt

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Obs: Depois de acessar um destes links acima, clique no botão DOWNLOAD, como mostra a imagem abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Boa tarde!
Parece que o vírus já foi deletado, pois quando abro os programas de busca não vem mais com o "8844".

Preciso fazer o mesmo com o notebook, devo abrir outro tópico ou posso usar os mesmos procedimentos?


Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data da Verificação: 22/06/2015
Hora da Verificação: 15:07:35
Arquivo de Log: Log Malwere.txt
Administrador: Sim

Versão: 2.01.6.1022
Base de Dados de Malware: v2015.06.22.04
Base de Dados de Rootkit: v2015.06.22.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado

SO: Windows 7 Service Pack 1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: GLAUCE

Tipo da Verificação: Verificação Personalizada
Resultado: Terminado
Objetos Verificados: 617900
Tempo Decorrido: 1 hr, 43 min, 18 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de Registro: 0
(Nenhum item malicioso detectado)

Valores de Registro: 1
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_br_002030005, Quarentena, [7c408e2fc4c6ae88080c31dc8d7744bc],

Dados de Registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 12
PUP.Optional.ProductDeals.A, C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{723c6d0d-0645-410d-b199-d1311f892d8d}Gw64.sys.vir, Nenhuma ação do usuário, [9329e3dadeaca5916e7b5a2eff079a66],
RiskWare.Tool.HCK, C:\AutoCad 2014 64bits\Crack\xf-adsk64.7z, Nenhuma ação do usuário, [0daf3f7ef49662d4f66b163c15ed827e],
RiskWare.Tool.HCK, C:\AutoCad 2014 64bits\Crack\xf-adsk64.exe, Nenhuma ação do usuário, [ba025b62b0dacf67e57c9fb3649e639d],
PUP.Riskware.Patcher, C:\Users\GLAUCE\Desktop\SketchUp PRO 2014 14.1.1282 + Patch +v-ray\Patch-MPT\Patch.Sketchup.Pro.2014-MPT.exe, Nenhuma ação do usuário, [289405b85c2e8caaaba40c3926dbc937],
Hacktool.Patcher, C:\Users\GLAUCE\Desktop\SketchUp PRO 2014 14.1.1282 + Patch +v-ray\Patch-MPT\patcher.exe, Nenhuma ação do usuário, [37855865a5e5191db84ad2da0005ea16],
RiskWare.Tool.HCK, C:\Users\GLAUCE\Downloads\auto cad 2014\Crack\xf-adsk64.7z, Nenhuma ação do usuário, [447897265337300686dba4ae27db956b],
PUP.Optional.Solimba, C:\zoek_backup\C_Users_GLAUCE_Ares Galaxy.exe.vir, Nenhuma ação do usuário, [5666f7c66228d95d19d7a0cf2dd504fc],
RiskWare.Tool.HCK, C:\AutoCad 2014 64bits\Crack\xf-adsk32.7z, Quarentena, [3f7d1ca1ec9e57df5e03da7805fd6d93],
PUP.Optional.APNToolBar.A, C:\Users\GLAUCE\AppData\Roaming\ZHP\Quarantine\OffercastInstaller.exe, Quarentena, [09b30fae2862f3436404c99d8a788779],
RiskWare.Tool.HCK, C:\Users\GLAUCE\Downloads\auto cad 2014\Crack\xf-adsk32.7z, Quarentena, [2f8db6075b2fc373b9a8aba7cc36ae52],
RiskWare.Tool.HCK, C:\Users\GLAUCE\Downloads\auto cad 2014\Crack\xf-adsk64\xf-adsk64.exe, Quarentena, [6953417c2b5fae88332e61f16b97a957],
RiskWare.Tool.CK, C:\Windows\KMService.exe, Quarentena, [8933f0cde6a4e74f17250cc0db27f60a],

Setores Físicos: 0
(Nenhum item malicioso detectado)


(end)

Preciso fazer o mesmo com o notebook, devo abrir outro tópico ou posso usar os mesmos procedimentos?

Quanto a limpeza de seu outro notebook, crie um novo tópico para que possamos fazer a limpeza dele separadamente.
________________________________________________

Desative temporariamente seu antivirus para evitar conflitos.

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo.

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
_____________________________________________________________________________

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Clique no botão Parcourir... > Selecione o arquivo do log (relatório) e clique no botão Abrir.

Clique no botão Créer le lien Cjoint

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_______________________________________________________________

 Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

createsrpoint;
emptyalltemp;
emptyfolderscheck;delete
C:\Program Files (x86)\Antivirus;vs
C:\Program Files (x86)\WBN240-64bits.exe;virustotal

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]
_______________________________________________________________

 Selecione e copie todo o texto destacado abaixo (começando em script zhpfix e indo até emptyclsid)

script zhpfix
SysRestore
[MD5.CAAA94D6BE533E86DC47657F15AB0402] - (...) -- C:\Users\GLAUCE\AppData\Roaming\NetService\netservice.exe [173848] [PID.1224]
P2 - FPN: [HKCU] [@hola.org/vlc,version=1.8.328] - (...) -- (.not file.)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]    
O4 - HKLM\..\Run: [hola] C:\Program Files\Hola\app\hola.exe (.not file.)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) . (...) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (.not file.)
O23 - Service: Net.Tcp Service Handler (NetTcpHandler) . (...) - C:\Users\GLAUCE\AppData\Roaming\NetService\netservice.exe
[MD5.F88FA64CB852E7D0233CC612E204FA79] [APT] [{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}] (...) -- C:\Users\GLAUCE\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [1324008]
O39 - APT: {2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} - (...) -- C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job [656]
O39 - APT: {2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} - (...) -- C:\Windows\System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} [656]
[HKCU\Software\Baidu Security]    
[HKLM\Software\Wow6432Node\NetTcpHandler]
[HKLM\Software\Wow6432Node\NtSvcHandler]
O43 - CFD: 17/06/2015 - 12:37:46 - [] ----D C:\Users\GLAUCE\AppData\Roaming\NetService
O43 - CFD: 18/06/2015 - 09:11:54 - [] ----D C:\Users\GLAUCE\AppData\Roaming\RunDir
O43 - CFD: 17/06/2015 - 12:37:56 - [] ----D C:\Users\GLAUCE\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}
O61 - LFC: 17/06/2015 - 16:15:08 ---A- . (...) -- C:\Users\GLAUCE\AppData\Roaming\RunDir\bn1.exe [1231232]
O61 - LFC: 17/06/2015 - 16:15:08 ---A- . (...) -- C:\Users\GLAUCE\AppData\Roaming\RunDir\temp\bn1.exe [1231232]
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]    
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]    
O69 - SBI: SearchScopes [HKCU] {385C38D3-77CC-463D-987D-7980B27A1DDE} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SR - | Auto 12/06/2015 173848 | (NetTcpHandler) . (...) - C:\Users\GLAUCE\AppData\Roaming\NetService\netservice.exe
ShortcutFix
EmptyTemp
EmptyFlash
emptyclsid
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o log do Zoek que estará em C:\zoek-results.txt

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Desculpe não ter postado antes, estive em viagem e o PC em casa!

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by GLAUCE at 09/07/2015 16:30:39
High Elevated Privileges : OK
Windows Vista Ultimate Edition, 64-bit (Build 6000)

Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\GLAUCE\AppData\Roaming\NetService\netservice.exe

========== Chaves do Registo ==========
ELIMINÉ: Mozilla Plugin: @hola.org/vlc,version=1.8.328
ELIMINÉ: Service: Bonjour Service
ELIMINÉ: Service: NetTcpHandler
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\NetTcpHandler
ELIMINÉ: HKLM\Software\Wow6432Node\NtSvcHandler
ELIMINÉ: SearchScopes :{012E1000-F331-11DB-8314-0800200C9A66}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: SearchScopes :{385C38D3-77CC-463D-987D-7980B27A1DDE}

========== Valores do Registo ==========
ELIMINÉ RunValue: hola

========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R1 Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ:* c:\users\glauce\appdata\roaming\netservice\netservice.exe
ELIMINÉ Temporários windows (7) (27.070 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Processo memória
9 : Chaves do Registo
1 : Valores do Registo
3 : Elementos dos dados do Registo
1 : Pastas
3 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 04s

========== Caminho do ficheiro do relatório ==========
C:\Users\GLAUCE\AppData\Roaming\ZHP\ZHPFix[R1].txt - 09/07/2015 16:30:42 [2086]

faltou você postar o relatório do Zoek, poste-o por gentileza.

Faça também uma nova verificação com o ZHPDiag e poste o novo relatório que ele irá criar.