Muitos Adwares, log para analise.

Passei algumas ferramentas básicas para adiantar o procedimento:

Log para analise [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]


# AdwCleaner v3.003 - Relatório criado 10/09/2013 no 16:56:07
# Atualizado 07/09/2013 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : usuario - USUARIO-PC
# Executando de : C:\Users\usuario\Downloads\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletado : dealplylive
[#] Serviço Deletado : dealplylivem
[#] Serviço Deletado : WebCakeUpdater

***** [ Arquivos / Pastas ] *****

Pasta Deletado : C:\ProgramData\Ask
Pasta Deletado : C:\ProgramData\Babylon
Pasta Deletado : C:\ProgramData\boost_interprocess
[!] Pasta Deletado : C:\ProgramData\DealPlyLive
Pasta Deletado : C:\ProgramData\eSafe
Pasta Deletado : C:\ProgramData\Tarma Installer
Pasta Deletado : C:\Program Files\Ask.com
Pasta Deletado : C:\Program Files\DealPly
[!] Pasta Deletado : C:\Program Files\DealPlyLive
Pasta Deletado : C:\Program Files\Movdap
Pasta Deletado : C:\Program Files\Tepfel
Pasta Deletado : C:\Users\usuario\AppData\Local\DealPlyLive
Pasta Deletado : C:\Users\usuario\AppData\Local\lollipop
Pasta Deletado : C:\Users\usuario\AppData\LocalLow\AskToolbar
Pasta Deletado : C:\Users\usuario\AppData\Roaming\Babylon
Pasta Deletado : C:\Users\usuario\AppData\Roaming\DealPly
Pasta Deletado : C:\Users\usuario\AppData\Roaming\eIntaller
Pasta Deletado : C:\Users\usuario\AppData\Roaming\Movdap
Pasta Deletado : C:\Users\usuario\AppData\Roaming\Tepfel
Pasta Deletado : C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Deletado : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\Extensions\plugin@getwebcake.com
Pasta Deletado : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\Extensions\toolbar@ask.com
Pasta Deletado : C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Pasta Deletado : C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
Arquivo Deletado : C:\Windows\system32\roboot.exe
Arquivo Deletado : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\searchplugins\Askcom.xml
Arquivo Deletado : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\searchplugins\ask-search.xml
Arquivo Deletado : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\user.js
Arquivo Deletado : C:\Windows\Tasks\Dealply.job
Arquivo Deletado : C:\Windows\System32\Tasks\Dealply
Arquivo Deletado : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
Arquivo Deletado : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
Arquivo Deletado : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
Arquivo Deletado : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
Arquivo Deletado : C:\Windows\System32\Tasks\LyricXeeker Update
Arquivo Deletado : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Atalho Desinfectada : C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registro ] *****

Chave Deleteda : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Chave Deleteda : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FB66763-9060-4CDE-886F-3FD13163EB16}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FB66763-9060-4CDE-886F-3FD13163EB16}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineCore
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E6BFD5B-D93A-4876-98B6-C9B22F6AB855}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E6BFD5B-D93A-4876-98B6-C9B22F6AB855}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyLiveUpdateTaskMachineUA
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC31741E-B4B3-4289-853B-13EC2A1FFC34}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC31741E-B4B3-4289-853B-13EC2A1FFC34}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricXeeker Update
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A136EB-2599-468F-9F3F-1070B3EF2980}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3A136EB-2599-468F-9F3F-1070B3EF2980}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35FBD3C0-41F8-40CD-9887-172FC71480F7}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35FBD3C0-41F8-40CD-9887-172FC71480F7}
Valor Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Chave Deleteda : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Chave Deleteda : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Chave Deleteda : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Chave Deleteda : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Chave Deleteda : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deleteda : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Chave Deleteda : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Chave Deleteda : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
Chave Deleteda : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Chave Deleteda : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Chave Deleteda : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Chave Deleteda : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deleteda : HKLM\SOFTWARE\5f08c8ab03bea12
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Chave Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Chave Deleteda : HKCU\Software\Ask.com
Chave Deleteda : HKCU\Software\BabSolution
Chave Deleteda : HKCU\Software\BI
Chave Deleteda : HKCU\Software\DataMngr
[#] Chave Deleteda : HKCU\Software\DataMngr_Toolbar
Chave Deleteda : HKCU\Software\DealPly
Chave Deleteda : HKCU\Software\dealplylive
Chave Deleteda : HKCU\Software\InstallCore
Chave Deleteda : HKCU\Software\lollipop
Chave Deleteda : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deleteda : HKCU\Software\AppDataLow\Software\AskToolbar
Chave Deleteda : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deleteda : HKCU\Software\AppDataLow\Software\lyrixeeker
Chave Deleteda : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deleteda : HKLM\Software\AskToolbar
Chave Deleteda : HKLM\Software\DataMngr
Chave Deleteda : HKLM\Software\DealPly
Chave Deleteda : HKLM\Software\dealplylive
Chave Deleteda : HKLM\Software\portaldositesSoftware
Chave Deleteda : HKLM\Software\Tarma Installer
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Produto Deletado : Ask Toolbar

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16660

Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v22.0 (pt-BR)

[ Arquivo : C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\prefs.js ]

Linha deletada : user_pref("extensions.crossrider.bic", "14025a6618390a1dd592e6da686df25e");
Linha deletada : user_pref("extensions.enabledAddons", "toolbar_ATU4-V7%40apn.ask.com:20.52309,%7B97A78363-B868-4B48-AC91-A783A31215AF%7D:2.0.1,plugin%40getwebcake.com:1.00.01,lyrix%40lyrixeeker.co:1.128,%7B972ce4c6-7[...]
Linha deletada : user_pref("extensions.kango.storage.m2_k1", "0");
Linha deletada : user_pref("extensions.kango.storage.m2_k2", "10");
Linha deletada : user_pref("extensions.kango.storage.m2_k3", "1377396981593");
Linha deletada : user_pref("extensions.kango.storage.m2_k4", "0");
Linha deletada : user_pref("extensions.kango.storage.m2_k5", "1377907320393");
Linha deletada : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"AppsHat\",\"description\":\"AppsHat\",\"button\":{\"tooltip\":\"Visit AppsHat.com\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%affi[...]
Linha deletada : user_pref("extensions.kango.storage.nero_options", "\"{\\\"m1\\\":{\\\"ads\\\":{\\\"n1\\\":{\\\"url\\\":\\\"//ulayout.com/nero/hatter/google_post_results_728x90.html?aff_slug=appshat\\\",\\\"width\\\"[...]
Linha deletada : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...]
Linha deletada : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Linha deletada : user_pref("extentions.webcake.installId", "fba4f323-3b38-4222-9c9e-2d30536ba0d8");

-\\ Google Chrome v

[ Arquivo : C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleteda : homepage
Deleteda : icon_url
Deleteda : search_url
Deleteda : keyword
Deleteda : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [24205 octets] - [10/09/2013 16:35:22]
AdwCleaner[S0].txt - [21118 octets] - [10/09/2013 16:56:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21179 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Professional x86
Ran by usuario on 10/09/2013 at 17:10:07,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{17E58097-6CA5-448B-830F-2A19678248FB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3793992859-2972383918-4261860535-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4CCAF978-2EDE-4FA1-9E6D-40571912FDB4}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\usuario\AppData\Roaming\mozilla\firefox\profiles\zpgdud1p.default\extensions\staged
Successfully deleted the following from C:\Users\usuario\AppData\Roaming\mozilla\firefox\profiles\zpgdud1p.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?p2=%5EB1V%5Epfm060%5EYY%5EBR&gct=hp&o=APN10946&apn_ptnrs=%5EB1V&apn_dtid=%5Epfm060%5EYY%5EBR&tpid=ATU4-V7&apn
Emptied folder: C:\Users\usuario\AppData\Roaming\mozilla\firefox\profiles\zpgdud1p.default\minidumps [8 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/09/2013 at 17:16:24,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Boa Tarde! Edvan

|- Execute este script na ferramenta ZHPFix.

script zhpfix
[MD5.2F5252E50745E47DB355B005725DAE05] [SPRF][13/08/2013] (.Somoto Ltd. - AppsHat Mobile Apps.) -- C:\Users\usuario\AppData\Local\Temp\appshat-distribution.exe   [327880]  =>Adware.MegaSearch
[MD5.CBED1C0E05E21DD1B6FD1995F7E50D34] [SPRF][13/08/2013] (.Babylon Ltd. - Babylon Client Setup.) -- C:\Users\usuario\AppData\Local\Temp\BabylonTB.exe   [797608]  =>Toolbar.Babylon
[MD5.0B62417DA5719B3EA1D343DA3431C97F] [SPRF][08/09/2013] (.No owner - Powered by BetterInstaller.) -- C:\Users\usuario\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe   [167544]  =>Adware.MegaSearch
[MD5.0B62417DA5719B3EA1D343DA3431C97F] [SPRF][31/08/2013] (.No owner - Powered by BetterInstaller.) -- C:\Users\usuario\AppData\Local\Temp\run.exe   [167544]  =>Adware.MegaSearch
[MD5.D34B8D330F4884A603D56D7120E25030] [SPRF][13/08/2013] (.Web Cake LLC - Installer.) -- C:\Users\usuario\AppData\Local\Temp\Setup-D2502DD2B71B5.exe   [272616]  =>Adware.WebCake
[MD5.681A102F479ED965D006B5E825884A66] [SPRF][31/07/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\usuario\AppData\Local\Temp\uninst1.exe   [339536]  =>Toolbar.Babylon
[MD5.83087F025194693DFF3A0F22E6A4AE96] [SPRF][13/08/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\usuario\AppData\Local\Temp\UpdateCheckerSetup.exe   [196376]  =>Adware.MegaSearch
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][29/06/2013] (.No owner - Setup/Uninstall.) -- C:\Users\usuario\AppData\Roaming\unins000.exe   [720082]
G1 - GCS: Preference [User Data\Default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Toolbar.Babylon
G2 - GCE: Preference [User Data\Default] [nchpfiddbhbdnagofhkjlaiaejmkdcla] Helper extension v.2.0 (Activé)
SS - | Auto 18/04/2003 8192 |  (KMService) . (...) - C:\Windows\system32\srvany.exe  =>Hijacker.Office 
O4 - HKCU\..\Run: [lollipop_08052349] Chave orfã  =>Adware.Lollipop
O4 - HKUS\S-1-5-21-3793992859-2972383918-4261860535-1000\..\Run: [lollipop_08052349] Chave orfã  =>Adware.Lollipop
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe  =>Hijacker.Office
O45 - LFCP:[MD5.16BFFD800D2F2BD722A882D32E06ACDA] - 08/09/2013 - 12:06:18 ---A- - C:\Windows\Prefetch\WEBPLAYER.EXE-A768C072.pf  =>Adware.SocialSkinz
O45 - LFCP:[MD5.D58158E5FDAAF25AF071923CEF7D39A3] - 08/09/2013 - 12:17:07 ---A- - C:\Windows\Prefetch\BROWSERDEFENDER.EXE-62524200.pf  =>Hijacker.Eazel
O45 - LFCP:[MD5.E09DE5240A08799DC53EDE6E0092C73A] - 10/09/2013 - 16:23:09 ---A- - C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-53F10C90.pf  =>PUP.DealPly
O45 - LFCP:[MD5.ABF5D5F99638BFB4162E779639A57F53] - 10/09/2013 - 16:31:45 ---A- - C:\Windows\Prefetch\DEALPLYLIVE.EXE-7BB1D07F.pf  =>PUP.DealPly
O45 - LFCP:[MD5.7D88D2C5649EC9F2F283D252E6435A42] - 15/08/2013 - 07:42:39 ---A- - C:\Windows\Prefetch\LOLLIPOP_08052349.EXE-3FE03067.pf  =>Adware.Lollipop
O45 - LFCP:[MD5.6DB404037FDF5B53898B7ACC910DA067] - 15/08/2013 - 07:42:46 ---A- - C:\Windows\Prefetch\WEBCAKEDESKTOP.EXE-D11A68F1.pf  =>Adware.WebCake
O45 - LFCP:[MD5.61630CEAFF7F68B59423F60EE2DB3CE2] - 21/08/2013 - 19:04:27 ---A- - C:\Windows\Prefetch\BABMAINT.EXE-1A96D264.pf  =>Hijacker.BabSolution
O45 - LFCP:[MD5.3E1DCE805F3B4ECD9852CCD1E6765F01] - 23/08/2013 - 12:50:02 ---A- - C:\Windows\Prefetch\LOLLIPOP_08231549.EXE-A0758BD4.pf  =>Adware.Lollipop
O45 - LFCP:[MD5.4F5A2EA1025BFB1D68A290C077AEF999] - 08/09/2013 - 12:05:59 ---A- - C:\Windows\Prefetch\TBNOTIFIER.EXE-C54E61E5.pf   
O45 - LFCP:[MD5.CEC158D193D56BF15C13380A369FE265] - 17/08/2013 - 20:23:24 ---A- - C:\Windows\Prefetch\APNMCP.EXE-3B6C9BED.pf
O45 - LFCP:[MD5.3173819A0D896809DA3C71BC9EC76D7E] - 16/08/2013 - 13:10:05 ---A- - C:\Windows\Prefetch\LYRIXTMP.EXE-D723D80E.pf
O45 - LFCP:[MD5.1FA023BECA5D05AA357220F09EDB8264] - 17/08/2013 - 20:22:14 ---A- - C:\Windows\Prefetch\UPDATEMANAGER.EXE-7B0A8410.pf
O45 - LFCP:[MD5.3C1B998EFDDDF1159C24B9446F6CDD66] - 21/08/2013 - 18:56:33 ---A- - C:\Windows\Prefetch\29.0.1547.57_28.0.1500.95_CHR-6120978B.pf
O45 - LFCP:[MD5.57771E1E6743DF1E686FFA755BA05E2D] - 23/08/2013 - 07:07:58 ---A- - C:\Windows\Prefetch\UPDATE~1.EXE-303EA83C.pf
O61 - LFC: 08/09/2013 - 12:17:04 --HA- . (...) -- C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Local State~RFd4e00.TMP   [0]
[MD5.1D6F833E15B6B6249FB978C50E474260] [SPRF][24/08/2013] (...) -- C:\Users\usuario\AppData\Local\Temp\1DECCBBD-E840-4C99-A7C5-7A42C307D37F.dat   [48025]
[MD5.B3FDF6E7B0AECD48CA7E4921773FB606] [SPRF][13/08/2013] (...) -- C:\Users\usuario\AppData\Local\Temp\7z920.exe   [1110476]
[MD5.F2F3EBD5C487C0EF64E0D5B4DA49D37E] [SPRF][16/08/2013] (.No owner - LyricXeeker.) -- C:\Users\usuario\AppData\Local\Temp\LyriXtmp.exe   [606037]
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\usuario\AppData\Local\Temp\Quarantine.exe   [344583]
O87 - FAEL: "{D70EE7AA-121E-4D16-9CA8-EEB8D9FC70E3}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.)
  
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}]   =>Toolbar.AskTBar
[HKLM\SYSTEM\CurrentControlSet\Services\KMService]   =>Hijacker.Office^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:lollipop_08052349   =>Adware.Lollipop^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC}   =>Adware.ShopperReports
C:\Windows\system32\srvany.exe   =>Hijacker.Office^
C:\Windows\Prefetch\WEBPLAYER.EXE-A768C072.pf   =>Adware.SocialSkinz^
C:\Windows\Prefetch\BROWSERDEFENDER.EXE-62524200.pf   =>Hijacker.Eazel^
C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-53F10C90.pf   =>PUP.DealPly^
C:\Windows\Prefetch\DEALPLYLIVE.EXE-7BB1D07F.pf   =>PUP.DealPly^
C:\Windows\Prefetch\LOLLIPOP_08052349.EXE-3FE03067.pf   =>Adware.Lollipop^
C:\Windows\Prefetch\WEBCAKEDESKTOP.EXE-D11A68F1.pf   =>Adware.WebCake^
C:\Windows\Prefetch\BABMAINT.EXE-1A96D264.pf   =>Hijacker.BabSolution^
C:\Windows\Prefetch\LOLLIPOP_08231549.EXE-A0758BD4.pf   =>Adware.Lollipop^
C:\Users\usuario\AppData\Local\Temp\appshat-distribution.exe   =>Adware.MegaSearch^
C:\Users\usuario\AppData\Local\Temp\BabylonTB.exe   =>Toolbar.Babylon^
C:\Users\usuario\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe   =>Adware.MegaSearch^
C:\Users\usuario\AppData\Local\Temp\run.exe   =>Adware.MegaSearch^
C:\Users\usuario\AppData\Local\Temp\Setup-D2502DD2B71B5.exe   =>Adware.WebCake^
C:\Users\usuario\AppData\Local\Temp\uninst1.exe   =>Toolbar.Babylon^
C:\Users\usuario\AppData\Local\Temp\UpdateCheckerSetup.exe   =>Adware.MegaSearch^
emptytemp
emptyflash
emptyclsid
firewallraz

|- Poste o relatório!

A+

Amanhã dou continuidade amigo.

Rapport de ZHPFix 2013.9.9.4 par Nicolas Coolman, Update du 09/09/2013
Fichier d'export Registre : 
Run by usuario at 10/09/2013 18:00:05
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia

========== Processo memória ==========
ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\appshat-distribution.exe
ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\BabylonTB.exe
ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\run.exe
ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\Setup-D2502DD2B71B5.exe
ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\uninst1.exe
ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\UpdateCheckerSetup.exe
ELIMINÉ Memory Process: C:\Users\usuario\AppData\Roaming\unins000.exe
ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\7z920.exe
ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\LyriXtmp.exe
ELIMINÉ Memory Process: C:\Users\usuario\AppData\Local\Temp\Quarantine.exe

========== Chaves do Registo ==========
ELIMINÉ: Service: KMService
ELIMINÉ: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

========== Valores do Registo ==========
ELIMINÉ RunValue: lollipop_08052349
ELIMINÉ {D70EE7AA-121E-4D16-9CA8-EEB8D9FC70E3}
ELIMINÉ [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC}
Ausente Valor Perfil Padrão: FirewallRaz : 
Ausente Valor Perfil Domínio FirewallRaz : 

========== Preferências do navegador ==========
AGORA Chrome File: C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
ELIMINÉ Chrome Site: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ Folder Chrome: C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ File: c:\users\usuario\appdata\local\temp\appshat-distribution.exe
ELIMINÉ *: c:\users\usuario\appdata\local\temp\babylontb.exe
ELIMINÉ File: c:\users\usuario\appdata\local\temp\flvplayerupdate_downloader_by_flvplayerupdate.exe
ELIMINÉ *: c:\users\usuario\appdata\local\temp\run.exe
ELIMINÉ *: c:\users\usuario\appdata\local\temp\setup-d2502dd2b71b5.exe
ELIMINÉ *: c:\users\usuario\appdata\local\temp\uninst1.exe
ELIMINÉ File: c:\users\usuario\appdata\local\temp\updatecheckersetup.exe
ELIMINÉ *: c:\users\usuario\appdata\roaming\unins000.exe
ELIMINÉ File: c:\users\usuario\appdata\local\google\chrome\user data\default\preferences 
ELIMINÉ File: c:\windows\system32\srvany.exe 
ELIMINÉ File: c:\windows\prefetch\webplayer.exe-a768c072.pf 
ELIMINÉ File: c:\windows\prefetch\browserdefender.exe-62524200.pf 
ELIMINÉ File: c:\windows\prefetch\dealplylivehandler.exe-53f10c90.pf 
ELIMINÉ File: c:\windows\prefetch\dealplylive.exe-7bb1d07f.pf 
ELIMINÉ File: c:\windows\prefetch\lollipop_08052349.exe-3fe03067.pf 
ELIMINÉ File: c:\windows\prefetch\webcakedesktop.exe-d11a68f1.pf 
ELIMINÉ File: c:\windows\prefetch\babmaint.exe-1a96d264.pf 
ELIMINÉ File: c:\windows\prefetch\lollipop_08231549.exe-a0758bd4.pf 
ELIMINÉ File: c:\windows\prefetch\tbnotifier.exe-c54e61e5.pf 
ELIMINÉ File: c:\windows\prefetch\apnmcp.exe-3b6c9bed.pf 
ELIMINÉ File: c:\windows\prefetch\lyrixtmp.exe-d723d80e.pf 
ELIMINÉ File: c:\windows\prefetch\updatemanager.exe-7b0a8410.pf 
ELIMINÉ File: c:\windows\prefetch\29.0.1547.57_28.0.1500.95_chr-6120978b.pf 
ELIMINÉ File: c:\windows\prefetch\update~1.exe-303ea83c.pf 
ELIMINÉ File: c:\users\usuario\appdata\local\google\chrome\user data\local state~rfd4e00.tmp 
ELIMINÉ File: C:\Users\usuario\AppData\Local\Temp\1DECCBBD-E840-4C99-A7C5-7A42C307D37F.dat
ELIMINÉ *: c:\users\usuario\appdata\local\temp\1deccbbd-e840-4c99-a7c5-7a42c307d37f.dat
ELIMINÉ File: c:\users\usuario\appdata\local\temp\7z920.exe
ELIMINÉ File: c:\users\usuario\appdata\local\temp\lyrixtmp.exe
ELIMINÉ File: c:\users\usuario\appdata\local\temp\quarantine.exe
ELIMINÉ Temporários windows
ELIMINÉ Flash Cookies


========== Recapitulativo ==========
11 : Processo memória
2 : Chaves do Registo
5 : Valores do Registo
1 : Pastas
32 : Ficheiros
3 : Preferências do navegador


End of clean in 00mn 30s

========== Caminho do ficheiro do relatório ==========
C:\ZHP\ZHPFix[R1].txt - 10/09/2013 18:00:11 [4480]

Boa Noite! Edvan

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )
|- Ou aqui! < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
iedefaults;
ffdefaults;
chrdefaults;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

Zoek.exe Version 4.0.0.4 Updated 11-September-2013
Tool run by usuario on 11/09/2013 at  8:04:33,81.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\usuario\Desktop\zoek\zoek.exe [Script inserted] 

==== System Restore Info ======================

11/09/2013 08:06:50 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\prefs.js:
user_pref("browser.search.selectedEngine", "Ask Search");
user_pref("browser.search.order.1", "Ask Search");

Added to C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default

user.js not found
---- Lines ask.com removed from prefs.js ----


---- Lines ask.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\N360_20.3.1.22\\\\coFFPlgn\",\"mtime\":1377368508459,\"rdfTime\":1377368508459},\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\N360_20.3.1.22\\\\IPSFFPlgn\",\"mtime\":1373930610274,\"rdfTime\":1373930610118}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1372805414743,\"rdfTime\":1372805414253}}},{\"name\":\"winreg-app-user\",\"addons\":{\"{87F8774F-B485-47E2-A755-A40A8A5E886C}\":{\"descriptor\":\"C:\\\\Users\\\\usuario\\\\AppData\\\\Local\\\\GAS Tecnologia\\\\GBBD\\\\bb\\\\sf.xpi\",\"mtime\":1374074310963},\"lyrix@lyrixeeker.co\":{\"descriptor\":\"C:\\\\Program Files\\\\LyriXeeker\\\\128.xpi\",\"mtime\":1376669479024}}},{\"name\":\"app-profile\",\"addons\":{\"plugin@getwebcake.com\":{\"descriptor\":\"C:\\\\Users\\\\usuario\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\zpgdud1p.default\\\\extensions\\\\plugin@getwebcake.com\",\"mtime\":1376443473680,\"rdfTime\":1376083520000},\"toolbar@ask.com\":{\"descriptor\":\"C:\\\\Users\\\\usuario\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\zpgdud1p.default\\\\extensions\\\\toolbar@ask.com\",\"mtime\":1377368314749,\"rdfTime\":1368229532816},\"toolbar_ATU4-V7@apn.ask.com\":{\"descriptor\":\"C:\\\\Users\\\\usuario\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\zpgdud1p.default\\\\extensions\\\\toolbar_ATU4-V7@apn.ask.com.xpi\",\"mtime\":1375021057346},\"{97A78363-B868-4B48-AC91-A783A31215AF}\":{\"descriptor\":\"C:\\\\Users\\\\usuario\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\zpgdud1p.default\\\\extensions\\\\{97A78363-B868-4B48-AC91-A783A31215AF}\",\"mtime\":1376443589909,\"rdfTime\":1376443588421}}}]");

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- Lines browser.startup.page modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs_092013_0813_.backup

==== Deleting Files \ Folders ======================

"C:\Users\usuario\AppData\Roaming\windows.vbs" deleted
"C:\ProgramData\pckt.tmp" deleted
"C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\WebNavigation.crx" deleted
"C:\Users\usuario\Downloads\iLividSetup-r585-n-bc.exe" deleted
"C:\Users\usuario\Desktop\backup luciNa\LUCYANNA\AppData\Local\Temp\oi_{D62D2B8B-FAFB-4DC4-88B3-FB2E916693E0}.exe" deleted
"C:\Windows\System32\searchplugins" deleted
"C:\Windows\System32\Extensions" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default
- LyricXeeker - %ProfilePath%\extensions\128

==== Firefox Plugins ======================

Profilepath: C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\zpgdud1p.default
0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
101700E93EB905992B518256CB441829 - C:\Users\usuario\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
DF75FC32D3EB681B6FE7C092D6FC4695 - C:\Users\usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
4687B6F8CF5F62DDCF21916114142FF7 - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll - Adobe Acrobat
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lkemddiljapcmhicklfpcbpfffahfbja - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\extensions\WebNavigation.crx[]

Web Navigation - usuario - Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja

==== Chrome Fix ======================

C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkemddiljapcmhicklfpcbpfffahfbja deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lkemddiljapcmhicklfpcbpfffahfbja deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\usuario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

==== Empty IE Cache ======================

C:\Users\usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\usuario\AppData\Local\Mozilla\Firefox\Profiles\zpgdud1p.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\usuario\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 11/09/2013 at  8:29:31,96 ======================

Bom Dia! Edvan

|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Estando na página,clique na seta verde para o download. 
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Execute-a!
|- Com as 3 checkbox marcadas! 
|- Clique "Run".
|- Tudo Ok?

At+

tudo ok meu amigo

# DelFix v10.4 - Logfile created 11/09/2013 at 10:32:49
# Updated 19/07/2013 by Xplode
# Username : usuario - USUARIO-PC
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\ZHP
Deleted : C:\Program Files\ZHPDiag
Deleted : C:\Program Files\Hijackthis
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\zoek-results.log
Deleted : C:\Users\usuario\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\usuario\Desktop\JRT.exe
Deleted : C:\Users\usuario\Desktop\JRT.txt
Deleted : C:\Users\usuario\Desktop\ZHPDiag.txt
Deleted : C:\Users\usuario\Desktop\ZHPDiag2.exe
Deleted : C:\Users\usuario\Desktop\ZHPFixReport.txt
Deleted : C:\Users\usuario\Desktop\zoek.zip
Deleted : C:\Users\Public\Desktop\ZHPDiag.lnk
Deleted : C:\Users\Public\Desktop\ZHPFix.lnk
Deleted : C:\Users\usuario\Downloads\adwcleaner.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Cleaning system restore ...

Deleted : RP #30 [Installed Java 7 Update 25 | 07/17/2013 14:54:53]
Deleted : RP #31 [Windows Update | 07/18/2013 11:16:46]
Deleted : RP #32 [Windows Update | 07/19/2013 06:00:18]
Deleted : RP #33 [Windows Update | 07/20/2013 11:07:37]
Deleted : RP #35 [WinZip Registry Optimizer dom, jul 28, 13  11:02 | 07/28/2013 14:02:43]
Deleted : RP #36 [Ponto de Verificação Agendado | 08/13/2013 10:49:37]
Deleted : RP #37 [Windows Update | 08/15/2013 09:46:14]
Deleted : RP #39 [Avira Free Antivirus - 08/09/2013 12:16 | 09/08/2013 15:16:32]
Deleted : RP #40 [Removed Facebook Video Calling 1.2.0.287 | 09/10/2013 19:04:32]
Deleted : RP #41 [Quitado VAFPlayer | 09/10/2013 19:22:13]
Deleted : RP #42 [zoek.exe restore point | 09/11/2013 11:06:20]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

CASO RESOLVIDO!

Necessitando novo auxílio para este computador,basta abrir "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]" e relatar o problema.