henridesouza

PC lento, teclado também

21 posts neste tópico

Boa tarde, gotaria de uma ajuda.

Teclado demora digitar letra. Pc muito lento acesso windows.

Valeu

Logfile of HijackThis v1.99.1

Scan saved at 12:09:25, on 1/3/2013

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\ARQUIV~1\AVG\AVG2013\avgrsx.exe

C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe

C:\Arquivos de programas\AVG Secure Search\vprot.exe

C:\Arquivos de programas\AVG\AVG2013\avgui.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Java\jre7\bin\jqs.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe

C:\Arquivos de programas\Arquivos comuns\Umbrella\Umbrella.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Henrique\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=Baixaki_pay_hp_01_hao123_br

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=Baixaki_pay_hp_01_hao123_br

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll

O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Arquivos de programas\Iminent\Iminent.WebBooster.InternetExplorer.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Arquivos de programas\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Arquivos de programas\Nikon\Nikon Message Center 2\NkMC2.exe -s

O4 - HKLM\..\Run: [iminent] C:\Arquivos de programas\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"

O4 - HKLM\..\Run: [iminentMessenger] C:\Arquivos de programas\Iminent\Iminent.Messengers.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe

O4 - Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE

O4 - Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.bancoreal.com.br

O15 - Trusted Zone: http://www.bancosantander.com.br

O15 - Trusted Zone: http://www.santander.com.br

O15 - Trusted Zone: http://www.santanderempresarial.com.br

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.santandernet.com.br/mps/plugin/Cab/GbPluginABN.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll (file missing)

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: PCSpeedUp Service (PCSpeedUpService) - Speedchecker - C:\Arquivos de programas\Velocidade Do PC\PCSpeedUpService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SProtection - Iminent - C:\Arquivos de programas\Arquivos comuns\Umbrella\Umbrella.exe

O23 - Service: vToolbarUpdater14.1.7 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe

Editado por henridesouza

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, henridesouza.

Meu nome é Ronaldo e "nickname" Rorro.

Estou analisando o seu caso. Assim que minha resposta for conferida, estarei passando as instruções.

Por favor, observe o seguinte:

  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em segutpld.png (se localiza no canto superior direito do post principal), para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • A análise pode levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia;

1 - Faça o download do AdwCleaner e salve no desktop.

http://general-chang...de/2-adwcleaner

Clique no ícone 1IXHd.png para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em execadmin.png

Clique em izz6eh.png

Será aberto o bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2 - Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta começará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3 - mbamicon.png - Faça o download do Malwarebytes Anti-Malware.

Agora instale-o dando um duplo clique no instalador baixado;

Marque Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em Concluir;

Marque Verificação Completa e depois clique em Verificar;

Quando o scan terminar, clique em Ok e em Mostrar Resultados para ver o log;

Se algo for detectado, veja se tudo está marcado e clique em Remover;

O log é automaticamente gravado e pode ser consultado clicando em Log do menu principal do programa;

Copie e cole o conteúdo desse log na sua próxima resposta;

Qualquer Dúvida leia: Tutorial de instalação e execução.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá fiz o recomendado,

LOG DO ADWCLEAR:

# AdwCleaner v2.113 - Relatório criado em 02/03/2013 às 15:08:59

# Atualizado em 23/02/2013 por Xplode

# Sistema Operacional : Microsoft Windows XP Service Pack 2 (32 bits)

# Usuário : Henrique - HOUSE

# Modo de Boot : Normal

# Executado de : C:\Documents and Settings\Henrique\Meus documentos\adwcleaner.exe

# Opção [Remover]

***** [serviços] *****

Encerrado & Removido : SProtection

***** [Arquivos/Pastas] *****

Arquivo Désinfected : C:\Documents and Settings\Henrique\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\22find.lnk

Arquivo Désinfected : C:\Documents and Settings\Henrique\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk

Arquivo Désinfected : C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk

Arquivo Désinfected : C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Internet Explorer.lnk

Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\defaults\pref\all-iminent.js

Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\avg-secure-search.xml

Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml

Arquivo Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\adapter@babylontc.com.xpi

Arquivo Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\ocr@babylon.com.xpi

Arquivo Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\searchplugins\Conduit.xml

Arquivo Removido : C:\Documents and Settings\Henrique\Desktop\22find.lnk

Arquivo Removido : C:\user.js

Pasta Removido : C:\Arquivos de programas\Advanced System Protector

Pasta Removido : C:\Arquivos de programas\Arquivos comuns\AVG Secure Search

Pasta Removido : C:\Arquivos de programas\Arquivos comuns\Umbrella

Pasta Removido : C:\Arquivos de programas\AVG Secure Search

Pasta Removido : C:\Arquivos de programas\Babylon

Pasta Removido : C:\Arquivos de programas\DealPly

Pasta Removido : C:\Arquivos de programas\Iminent

Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search

Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Iminent

Pasta Removido : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Iminent

Pasta Removido : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\AVG Secure Search

Pasta Removido : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Conduit

Pasta Removido : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\OpenCandy

Pasta Removido : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Zoom_Downloader

Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\AVG Secure Search

Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\DealPly

Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Iminent

Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\ConduitCommon

Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\CT3027459

Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\CT3282722

Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}

Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}

Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\Smartbar

Pasta Removido : C:\Documents and Settings\Henrique\Menu Iniciar\Programas\DealPly

Removido Durante o reboot : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\bllaobobdmgmnafkbkdjnkebbaopjofd

Removido Durante o reboot : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Removido Durante o reboot : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl

***** [Registro] *****

Chave Removida : HKCU\Software\AVG Secure Search

Chave Removida : HKCU\Software\Conduit

Chave Removida : HKCU\Software\DealPly

Chave Removida : HKCU\Software\Google\Chrome\Extensions\bllaobobdmgmnafkbkdjnkebbaopjofd

Chave Removida : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Chave Removida : HKCU\Software\IGearSettings

Chave Removida : HKCU\Software\Iminent

Chave Removida : HKCU\Software\InstallCore

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Chave Removida : HKCU\Software\SmartBar

Chave Removida : HKLM\Software\AVG Secure Search

Chave Removida : HKLM\Software\AVG Security Toolbar

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL

Chave Removida : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Chave Removida : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}

Chave Removida : HKLM\SOFTWARE\Classes\Iminent

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri

Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy

Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1

Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler

Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject

Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1

Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender

Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1

Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler

Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1

Chave Removida : HKLM\Software\Classes\Installer\Features\436DABD223008E24A8404BFC5C60E20B

Chave Removida : HKLM\Software\Classes\Installer\Products\436DABD223008E24A8404BFC5C60E20B

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap

Chave Removida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Chave Removida : HKLM\Software\Conduit

Chave Removida : HKLM\Software\DealPly

Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\bllaobobdmgmnafkbkdjnkebbaopjofd

Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Chave Removida : HKLM\Software\Iminent

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436DABD223008E24A8404BFC5C60E20B

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DBAD634-0032-42E8-8A04-B4CFC5062EB0}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Chave Removida : HKLM\Software\Umbrella

Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}]

Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [iminent]

Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [iminentMessenger]

Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

Valor Removida : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Iminent\Iminent.exe]

Valor Removida : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Iminent\Iminent.Messengers.exe]

***** [Navegadores] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registro está limpo.

-\\ Mozilla Firefox v19.0 (pt-BR)

Arquivo : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\prefs.js

C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\user.js ... Removido !

Removida : user_pref("CT3027459..clientLogIsEnabled", false);

Removida : user_pref("CT3027459..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Removida : user_pref("CT3027459..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Removida : user_pref("CT3027459.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Removida : user_pref("CT3027459.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Removida : user_pref("CT3027459.AppTrackingLastCheckTime", "Tue Dec 11 2012 16:57:32 GMT-0200 (Hora oficial do [...]

Removida : user_pref("CT3027459.BrowserCompStateIsOpen_1000515", true);

Removida : user_pref("CT3027459.BrowserCompStateIsOpen_129683394535752103", true);

Removida : user_pref("CT3027459.CT3027459", "CT3027459");

Removida : user_pref("CT3027459.CurrentServerDate", "2-3-2013");

Removida : user_pref("CT3027459.DSChangedManually", false);

Removida : user_pref("CT3027459.DSInstall", true);

Removida : user_pref("CT3027459.DSProtectChoice", true);

Removida : user_pref("CT3027459.DSProtectCount", 5);

Removida : user_pref("CT3027459.DialogsAlignMode", "LTR");

Removida : user_pref("CT3027459.DialogsGetterLastCheckTime", "Fri Mar 01 2013 18:48:19 GMT-0300 (Hora oficial d[...]

Removida : user_pref("CT3027459.DownloadReferralCookieData", "");

Removida : user_pref("CT3027459.EMailNotifierPollDate", "Wed Dec 12 2012 20:47:06 GMT-0200 (Hora oficial do Bra[...]

Removida : user_pref("CT3027459.FirstServerDate", "11-8-2012");

Removida : user_pref("CT3027459.FirstTime", true);

Removida : user_pref("CT3027459.FirstTimeFF3", true);

Removida : user_pref("CT3027459.FirstTimeHiddenVer", true);

Removida : user_pref("CT3027459.FixPageNotFoundErrors", true);

Removida : user_pref("CT3027459.GroupingServerCheckInterval", 1440);

Removida : user_pref("CT3027459.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Removida : user_pref("CT3027459.HPInstall", true);

Removida : user_pref("CT3027459.HasUserGlobalKeys", true);

Removida : user_pref("CT3027459.HomePageProtectorEnabled", true);

Removida : user_pref("CT3027459.HomepageBeforeUnload", "hxxp://search.conduit.com/?SSPV=FFOB16&ctid=CT3027459&S[...]

Removida : user_pref("CT3027459.Initialize", true);

Removida : user_pref("CT3027459.InitializeCommonPrefs", true);

Removida : user_pref("CT3027459.InstallationAndCookieDataSentCount", 3);

Removida : user_pref("CT3027459.InstallationType", "Unknown");

Removida : user_pref("CT3027459.InstalledDate", "Tue Dec 11 2012 16:57:32 GMT-0200 (Hora oficial do Brasil)");

Removida : user_pref("CT3027459.InvalidateCache", false);

Removida : user_pref("CT3027459.IsAlertDBUpdated", true);

Removida : user_pref("CT3027459.IsGrouping", false);

Removida : user_pref("CT3027459.IsInitSetupIni", true);

Removida : user_pref("CT3027459.IsMulticommunity", false);

Removida : user_pref("CT3027459.IsOpenThankYouPage", true);

Removida : user_pref("CT3027459.IsOpenUninstallPage", true);

Removida : user_pref("CT3027459.IsProtectorsInit", true);

Removida : user_pref("CT3027459.LanguagePackLastCheckTime", "Sat Mar 02 2013 12:42:23 GMT-0300 (Hora oficial do[...]

Removida : user_pref("CT3027459.LanguagePackReloadIntervalMM", 1440);

Removida : user_pref("CT3027459.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Removida : user_pref("CT3027459.LastLogin_3.15.0.503", "Sat Dec 22 2012 12:05:05 GMT-0200");

Removida : user_pref("CT3027459.LastLogin_3.16.0.3", "Sun Feb 10 2013 21:43:59 GMT-0200");

Removida : user_pref("CT3027459.LastLogin_3.18.0.7", "Sat Mar 02 2013 12:42:23 GMT-0300 (Hora oficial do Brasil[...]

Removida : user_pref("CT3027459.LatestVersion", "3.18.0.7");

Removida : user_pref("CT3027459.Locale", "en");

Removida : user_pref("CT3027459.MCDetectTooltipHeight", "83");

Removida : user_pref("CT3027459.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Removida : user_pref("CT3027459.MCDetectTooltipWidth", "295");

Removida : user_pref("CT3027459.MyStuffEnabledAtInstallation", true);

Removida : user_pref("CT3027459.OriginalFirstVersion", "3.15.0.503");

Removida : user_pref("CT3027459.RadioIsPodcast", false);

Removida : user_pref("CT3027459.RadioLastCheckTime", "Wed Dec 12 2012 20:47:35 GMT-0200 (Hora oficial do Brasil[...]

Removida : user_pref("CT3027459.RadioLastUpdateIPServer", "3");

Removida : user_pref("CT3027459.RadioLastUpdateServer", "3");

Removida : user_pref("CT3027459.RadioMediaID", "9962");

Removida : user_pref("CT3027459.RadioMediaType", "Media Player");

Removida : user_pref("CT3027459.RadioMenuSelectedID", "EBRadioMenu_CT30274599962");

Removida : user_pref("CT3027459.RadioShrinkedFromSetup", false);

Removida : user_pref("CT3027459.RadioStationName", "California%20Rock");

Removida : user_pref("CT3027459.RadioStationURL", "hxxp://feedlive.net/california.asx");

Removida : user_pref("CT3027459.SavedHomepage", "www.google.com.br");

Removida : user_pref("CT3027459.SearchCaption", "MakeMeBabies 2.0 Customized Web Search");

Removida : user_pref("CT3027459.SearchEngineBeforeUnload", "MakeMeBabies 2.0 Customized Web Search");

Removida : user_pref("CT3027459.SearchFromAddressBarIsInit", true);

Removida : user_pref("CT3027459.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1[...]

Removida : user_pref("CT3027459.SearchInNewTabEnabled", true);

Removida : user_pref("CT3027459.SearchInNewTabIntervalMM", 1440);

Removida : user_pref("CT3027459.SearchInNewTabLastCheckTime", "Sat Mar 02 2013 12:42:18 GMT-0300 (Hora oficial [...]

Removida : user_pref("CT3027459.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Removida : user_pref("CT3027459.SearchProtectorEnabled", true);

Removida : user_pref("CT3027459.SearchProtectorToolbarDisabled", false);

Removida : user_pref("CT3027459.SendProtectorDataViaLogin", true);

Removida : user_pref("CT3027459.ServiceMapLastCheckTime", "Sat Mar 02 2013 12:42:22 GMT-0300 (Hora oficial do B[...]

Removida : user_pref("CT3027459.SettingsLastCheckTime", "Sat Mar 02 2013 12:42:16 GMT-0300 (Hora oficial do Bra[...]

Removida : user_pref("CT3027459.SettingsLastUpdate", "1362233536");

Removida : user_pref("CT3027459.TBHomePageUrl", "hxxp://search.conduit.com/?SSPV=FFOB16&ctid=CT3027459&SearchSo[...]

Removida : user_pref("CT3027459.ThirdPartyComponentsInterval", 504);

Removida : user_pref("CT3027459.ThirdPartyComponentsLastCheck", "Tue Dec 11 2012 16:57:08 GMT-0200 (Hora oficia[...]

Removida : user_pref("CT3027459.ThirdPartyComponentsLastUpdate", "1331805997");

Removida : user_pref("CT3027459.ToolbarShrinkedFromSetup", false);

Removida : user_pref("CT3027459.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3027459");

Removida : user_pref("CT3027459.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Removida : user_pref("CT3027459.UserID", "UN20631435685586745");

Removida : user_pref("CT3027459.ValidationData_Toolbar", 1);

Removida : user_pref("CT3027459.WeatherNetwork", "");

Removida : user_pref("CT3027459.WeatherPollDate", "Wed Dec 12 2012 20:47:44 GMT-0200 (Hora oficial do Brasil)")[...]

Removida : user_pref("CT3027459.WeatherUnit", "C");

Removida : user_pref("CT3027459.alertChannelId", "1419045");

Removida : user_pref("CT3027459.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e.:2z527", "247E70727330333D4634413E3C3E204B404330783223232[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e06cg5el8:", "6E6D6B70726F6D6F6E71");

Removida : user_pref("CT3027459.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737176787573757477242F4B4947[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e31;cjc<=fbj#ncf'sd", "247E61393F236B25757574752A212C6E414F[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Removida : user_pref("CT3027459.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Removida : user_pref("CT3027459.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Removida : user_pref("CT3027459.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Removida : user_pref("CT3027459.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Removida : user_pref("CT3027459.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Removida : user_pref("CT3027459.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Removida : user_pref("CT3027459.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]

Removida : user_pref("CT3027459.backendstorage./9b-0?3g>d", "673E3E726A6E6E6E7A76477373207A76777925514F53232A21[...]

Removida : user_pref("CT3027459.backendstorage./9b-0?3g@6:5;", "");

Removida : user_pref("CT3027459.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");

Removida : user_pref("CT3027459.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]

Removida : user_pref("CT3027459.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");

Removida : user_pref("CT3027459.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]

Removida : user_pref("CT3027459.backendstorage./9b5ba==9cjag", "6D6B6840423E40427A734674457C48497E7C4C2021");

Removida : user_pref("CT3027459.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B70726F6D6E737571727A");

Removida : user_pref("CT3027459.backendstorage./9b9643g3/9e", "6A");

Removida : user_pref("CT3027459.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");

Removida : user_pref("CT3027459.backendstorage./9b<:222h64<", "393F352F3E");

Removida : user_pref("CT3027459.backendstorage./9b=+03eh8h8j?:", "4443");

Removida : user_pref("CT3027459.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Removida : user_pref("CT3027459.backendstorage./9b?b0d:8aj62<h", "6D");

Removida : user_pref("CT3027459.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Removida : user_pref("CT3027459.backendstorage.cb_user_id_000", "434234313631343433303934395F313336323136353937[...]

Removida : user_pref("CT3027459.backendstorage.cbfirsttime", "467269204D617220303120323031332031363A32363A31332[...]

Removida : user_pref("CT3027459.backendstorage.pg_enable", "74727565");

Removida : user_pref("CT3027459.backendstorage.shoppingapp.gk.exipres", "53756E2044656320313620323031322031363A[...]

Removida : user_pref("CT3027459.backendstorage.shoppingapp.gk.geolocation", "6272617A696C");

Removida : user_pref("CT3027459.backendstorage.url_history0001", "687474703A2F2F7777772E616F63702E636F6D2E62722[...]

Removida : user_pref("CT3027459.components.1000034", true);

Removida : user_pref("CT3027459.components.1000515", true);

Removida : user_pref("CT3027459.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Removida : user_pref("CT3027459.globalFirstTimeInfoLastCheckTime", "Tue Dec 11 2012 16:57:30 GMT-0200 (Hora ofi[...]

Removida : user_pref("CT3027459.homepageProtectorEnableByLogin", true);

Removida : user_pref("CT3027459.initDone", true);

Removida : user_pref("CT3027459.isAppTrackingManagerOn", true);

Removida : user_pref("CT3027459.isFirstRadioInstallation", false);

Removida : user_pref("CT3027459.myStuffEnabled", true);

Removida : user_pref("CT3027459.myStuffPublihserMinWidth", 400);

Removida : user_pref("CT3027459.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Removida : user_pref("CT3027459.myStuffServiceIntervalMM", 1440);

Removida : user_pref("CT3027459.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Removida : user_pref("CT3027459.navigateToUrlOnSearch", false);

Removida : user_pref("CT3027459.revertSettingsEnabled", true);

Removida : user_pref("CT3027459.searchProtectorDialogDelayInSec", 10);

Removida : user_pref("CT3027459.searchProtectorEnableByLogin", true);

Removida : user_pref("CT3027459.testingCtid", "");

Removida : user_pref("CT3027459.toolbarAppMetaDataLastCheckTime", "Sat Mar 02 2013 12:42:23 GMT-0300 (Hora ofic[...]

Removida : user_pref("CT3027459.toolbarContextMenuLastCheckTime", "Tue Dec 11 2012 16:57:31 GMT-0200 (Hora ofic[...]

Removida : user_pref("CT3027459.usagesFlag", 2);

Removida : user_pref("CT3282722.1000082.isPlayDisplay", "true");

Removida : user_pref("CT3282722.1000082.state", "{\"state\":\"stopped\",\"text\":\"Classic R...\",\"description[...]

Removida : user_pref("CT3282722.3282722a130039643157408893000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzYxMj[...]

Removida : user_pref("CT3282722.CT3282722ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyNzkyMjQlMj[...]

Removida : user_pref("CT3282722.CT3282722current_term.enc", "");

Removida : user_pref("CT3282722.CT3282722sdate.enc", "MTk=");

Removida : user_pref("CT3282722.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT3282722.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Removida : user_pref("CT3282722.FF19Solved", "true");

Removida : user_pref("CT3282722.FirstTime", "true");

Removida : user_pref("CT3282722.FirstTimeFF3", "true");

Removida : user_pref("CT3282722.PG_ENABLE", "dHJ1ZQ==");

Removida : user_pref("CT3282722.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpd[...]

Removida : user_pref("CT3282722.RSSapp3282722a130039643157408893000000embeddedVersion.enc", "Mi40LjA=");

Removida : user_pref("CT3282722.RSSapp3282722a130039643157408893000000lastReportTime.enc", "MTM2MTI5Nzg4MTgwNyA[...]

Removida : user_pref("CT3282722.RSSapp3282722a130039643157408893000000newFeeds.enc", "bmV3RmVlZHM=");

Removida : user_pref("CT3282722.UserID", "UN18084734141879064");

Removida : user_pref("CT3282722.addressBarTakeOverEnabledInHidden", "true");

Removida : user_pref("CT3282722.autoDisableScopes", 14);

Removida : user_pref("CT3282722.cbfirsttime.enc", "U3VuIEZlYiAxNyAyMDEzIDE0OjI3OjA3IEdNVC0wMjAw");

Removida : user_pref("CT3282722.defaultSearch", "false");

Removida : user_pref("CT3282722.enableAlerts", "never");

Removida : user_pref("CT3282722.enableFix404ByUser", "FALSE");

Removida : user_pref("CT3282722.enableSearchFromAddressBar", "true");

Removida : user_pref("CT3282722.firstTimeDialogOpened", "true");

Removida : user_pref("CT3282722.fixPageNotFoundError", "true");

Removida : user_pref("CT3282722.fixPageNotFoundErrorByUser", "true");

Removida : user_pref("CT3282722.fixPageNotFoundErrorInHidden", "true");

Removida : user_pref("CT3282722.fixUrls", true);

Removida : user_pref("CT3282722.homepageuserchanged", true);

Removida : user_pref("CT3282722.installDate", "17/2/2013 13:50:02");

Removida : user_pref("CT3282722.installId", "conduitinstaller.exe");

Removida : user_pref("CT3282722.installType", "conduitnsisintegration");

Removida : user_pref("CT3282722.isCheckedStartAsHidden", true);

Removida : user_pref("CT3282722.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT3282722.isFirstTimeToolbarLoading", "false");

Removida : user_pref("CT3282722.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Removida : user_pref("CT3282722.lastVersion", "10.14.350.531");

Removida : user_pref("CT3282722.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Removida : user_pref("CT3282722.migrateAppsAndComponents", true);

Removida : user_pref("CT3282722.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]

Removida : user_pref("CT3282722.openThankYouPage", "false");

Removida : user_pref("CT3282722.openUninstallPage", "true");

Removida : user_pref("CT3282722.price-gong.isManagedApp", "true");

Removida : user_pref("CT3282722.revertSettingsEnabled", "FALSE");

Removida : user_pref("CT3282722.search.searchAppId", "130039643153976796");

Removida : user_pref("CT3282722.search.searchCount", "0");

Removida : user_pref("CT3282722.searchInNewTabEnabledByUser", "false");

Removida : user_pref("CT3282722.searchInNewTabEnabledInHidden", "true");

Removida : user_pref("CT3282722.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT3282722.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Removida : user_pref("CT3282722.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1361296979999");

Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1361296979930");

Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "13612969799[...]

Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1361296979958"[...]

Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-google_lastUpdate", "1361296980001");

Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1361296979988")[...]

Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-time_lastUpdate", "1361296979987");

Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1361296979985");

Removida : user_pref("CT3282722.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361118530653");

Removida : user_pref("CT3282722.serviceLayer_services_appTracking_lastUpdate", "1361118415856");

Removida : user_pref("CT3282722.serviceLayer_services_appsMetadata_lastUpdate", "1361297841975");

Removida : user_pref("CT3282722.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361118530913");

Removida : user_pref("CT3282722.serviceLayer_services_location_lastUpdate", "1361297842020");

Removida : user_pref("CT3282722.serviceLayer_services_login_10.14.350.531_lastUpdate", "1362239066743");

Removida : user_pref("CT3282722.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362137643350");

Removida : user_pref("CT3282722.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361118530958");

Removida : user_pref("CT3282722.serviceLayer_services_searchAPI_lastUpdate", "1361297878555");

Removida : user_pref("CT3282722.serviceLayer_services_serviceMap_lastUpdate", "1362239064261");

Removida : user_pref("CT3282722.serviceLayer_services_setupAPI_lastUpdate", "1361292473094");

Removida : user_pref("CT3282722.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361118530872");

Removida : user_pref("CT3282722.serviceLayer_services_toolbarSettings_lastUpdate", "1362239066801");

Removida : user_pref("CT3282722.serviceLayer_services_translation_lastUpdate", "1362239066647");

Removida : user_pref("CT3282722.settingsINI", true);

Removida : user_pref("CT3282722.shouldFirstTimeDialog", "true");

Removida : user_pref("CT3282722.smartbar.CTID", "CT3282722");

Removida : user_pref("CT3282722.smartbar.Uninstall", "0");

Removida : user_pref("CT3282722.smartbar.toolbarName", "FreeOnlineRadioPlayerRecorder V1 ");

Removida : user_pref("CT3282722.startPage", "false");

Removida : user_pref("CT3282722.toolbarBornServerTime", "17-2-2013");

Removida : user_pref("CT3282722.toolbarCurrentServerTime", "2-3-2013");

Removida : user_pref("CT3282722.url_history0001.enc", "aHR0cDovL2NsaWNrLmluZm9zcGFjZS5jb20vQ2xpY2tIYW5kbGVyLmFz[...]

Removida : user_pref("CT3282722_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Removida : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFOB16&ctid=CT30[...]

Removida : user_pref("CommunityToolbar.ConduitSearchList", "MakeMeBabies 2.0 Customized Web Search");

Removida : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3027459/CT3027459[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1419045/1414701/BR", "\"0\"[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3027459", [...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3027459",[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"b25[...]

Removida : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Henrique\\Dados de[...]

Removida : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.0.503");

Removida : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]

Removida : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?affID=113707&[...]

Removida : user_pref("CommunityToolbar.ToolbarsList", "CT3027459");

Removida : user_pref("CommunityToolbar.ToolbarsList2", "CT3027459");

Removida : user_pref("CommunityToolbar.ToolbarsList4", "CT3027459");

Removida : user_pref("CommunityToolbar.globalUserId", "f123f39e-e615-4a0c-933c-030fb30c1454");

Removida : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Removida : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Removida : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3027459");

Removida : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 11 2012 16:57:1[...]

Removida : user_pref("CommunityToolbar.notifications.alertEnabled", true);

Removida : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Removida : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Dec 11 2012 22:48:57 GMT-020[...]

Removida : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Removida : user_pref("CommunityToolbar.notifications.locale", "en");

Removida : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Removida : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Dec 12 2012 20:47:06 GMT-0200 (H[...]

Removida : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Removida : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Removida : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Removida : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Removida : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Removida : user_pref("CommunityToolbar.notifications.userId", "e3098c78-eed3-4311-87d3-68e2441f7f98");

Removida : user_pref("CommunityToolbar.originalHomepage", "www.google.com.br");

Removida : user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");

Removida : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Removida : user_pref("browser.search.defaultthis.engineName", "MakeMeBabies 2.0 Customized Web Search");

Removida : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB16&ctid=C[...]

Removida : user_pref("extensions.BabylonToolbar.admin", false);

Removida : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Removida : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Removida : user_pref("extensions.BabylonToolbar.babExt", "");

Removida : user_pref("extensions.BabylonToolbar.babTrack", "affID=113707&tl=gkn289389&tt=010712_3");

Removida : user_pref("extensions.BabylonToolbar.bbDpng", 2);

Removida : user_pref("extensions.BabylonToolbar.cntry", "BR");

Removida : user_pref("extensions.BabylonToolbar.dfltLng", "pt");

Removida : user_pref("extensions.BabylonToolbar.dfltSrch", true);

Removida : user_pref("extensions.BabylonToolbar.excTlbr", false);

Removida : user_pref("extensions.BabylonToolbar.hdrMd5", "6F29084E5C760C27F628CD25EA60D9D0");

Removida : user_pref("extensions.BabylonToolbar.hmpg", true);

Removida : user_pref("extensions.BabylonToolbar.id", "0415adfc000000000000001bfc192627");

Removida : user_pref("extensions.BabylonToolbar.instlDay", "15646");

Removida : user_pref("extensions.BabylonToolbar.instlRef", "na");

Removida : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=10588&tl=gcn2015[...]

Removida : user_pref("extensions.BabylonToolbar.lastDP", 2);

Removida : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.3.811:36:45");

Removida : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0");

Removida : user_pref("extensions.BabylonToolbar.newTab", true);

Removida : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?affID=10588&tl=gcn20150[...]

Removida : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Removida : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Removida : user_pref("extensions.BabylonToolbar.propectorlck", 90461455);

Removida : user_pref("extensions.BabylonToolbar.prtkDS", 1);

Removida : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);

Removida : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Removida : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Removida : user_pref("extensions.BabylonToolbar.sg", "azb");

Removida : user_pref("extensions.BabylonToolbar.smplGrp", "azb");

Removida : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Removida : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Removida : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Removida : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");

Removida : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.3.811:36:45");

Removida : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");

Removida : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Removida : user_pref("extensions.BabylonToolbar_i.babExt", "");

Removida : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113707&tl=gkn289389&tt=010712_3");

Removida : user_pref("extensions.BabylonToolbar_i.hardId", "0415adfc000000000000001bfc192627");

Removida : user_pref("extensions.BabylonToolbar_i.id", "0415adfc000000000000001bfc192627");

Removida : user_pref("extensions.BabylonToolbar_i.instlDay", "15529");

Removida : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Removida : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Removida : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Removida : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Removida : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Removida : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Removida : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Removida : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:36:45");

Removida : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Removida : user_pref("extensions.enabledAddons", "adapter%40babylontc.com:1.0.0.1,NPCamfrogWeb%40camfrogweb.com[...]

Removida : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=gppc&f=5");

Removida : user_pref("extensions.facemoods.aflt", "gppc");

Removida : user_pref("extensions.facemoods.dfltSrch", true);

Removida : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");

Removida : user_pref("extensions.facemoods.dnsErr", true);

Removida : user_pref("extensions.facemoods.firstRun", true);

Removida : user_pref("extensions.facemoods.hmpg", true);

Removida : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=gppc");

Removida : user_pref("extensions.facemoods.id", "0415adfc000000000000001bfc192627");

Removida : user_pref("extensions.facemoods.instlDay", "15290");

Removida : user_pref("extensions.facemoods.mntz", "");

Removida : user_pref("extensions.facemoods.newTab", true);

Removida : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=gppc&f=2");

Removida : user_pref("extensions.facemoods.prtnrId", "facemoods.com");

Removida : user_pref("extensions.facemoods.searchProviderAdded", true);

Removida : user_pref("extensions.facemoods.sid", "c96c106baceb4d71ad4a85a450333b44");

Removida : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=gppc&f=3");

Removida : user_pref("extensions.facemoods.vrsn", "1.4.17.11");

Removida : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB16&ctid=CT3027459&Searc[...]

Removida : user_pref("tfp.CT3027459", true);

-\\ Google Chrome v25.0.1364.97

Arquivo : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[s1].txt - [367 octets] - [11/07/2012 23:59:43]

AdwCleaner[s2].txt - [367 octets] - [12/07/2012 01:01:14]

AdwCleaner[s3].txt - [304 octets] - [12/07/2012 12:15:06]

AdwCleaner[s4].txt - [367 octets] - [12/07/2012 12:17:00]

AdwCleaner[s5].txt - [11527 octets] - [12/07/2012 13:28:53]

AdwCleaner[s6].txt - [71325 octets] - [02/03/2013 15:08:59]

########## EOF - C:\AdwCleaner[s6].txt - [71386 octets] ##########

________________________________________________________

LOG DO JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.6 (02.27.2013:1)

OS: Microsoft Windows XP x86

Ran by Henrique on s b 02/03/2013 at 15:20:59,98

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\systweak

Successfully deleted: [Registry Key] hkey_local_machine\software\systweak

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Henrique\Dados de aplicativos\baidu"

Successfully deleted: [Folder] "C:\Documents and Settings\Henrique\Dados de aplicativos\systweak"

Successfully deleted: [Folder] "C:\Arquivos de programas\regclean pro"

~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Henrique\Dados de aplicativos\mozilla\firefox\profiles\73xwieje.default\prefs.js

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor

user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");

user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re

user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");

user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r

user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,pagerage,buzzdock,toprelatedtopics,twittube");

user_pref("extentions.y2layers.installId", "6943b6fc-74ab-4285-bdd8-0fc497dd976a");

user_pref("extentions.y2layers.lastDnsTest", 372017);

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent100", "1359246607107");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1361356172887");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1360101980381");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1362158971348");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent110", "1362170415414");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1362158971357");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1362159015398");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1362158971364");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1361833895078");

user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1341239274922");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent100", "1362158844242");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent101", "1359740460598");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1360101978189");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent105", "1360289670853");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1362158951006");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent110", "1361483557594");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1362158951014");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1362158951753");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1362158951021");

user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent134", "1362186817905");

Emptied folder: C:\Documents and Settings\Henrique\Dados de aplicativos\mozilla\firefox\profiles\73xwieje.default\minidumps [6 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on s b 02/03/2013 at 15:25:13,37

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log do malwarebyt

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Versão da Base de Dados: v2013.03.02.11

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 6.0.2900.2180

Henrique :: HOUSE [administrador]

2/3/2013 15:33:15

mbam-log-2013-03-02 (15-33-15).txt

Tipo de Verificação: Verificação Completa (A:\|C:\|E:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 238148

Tempo decorrido: 28 minuto(s), 53 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 3

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Ruim: (http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXSP0842N_S0DWJDRP440345&ts=1362152555) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Ruim: (http://search.22find.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXSP0842N_S0DWJDRP440345&ts=1362152574) Bom: (http://www.google.com/) -> Enviado para a Quarentena e reparado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|CustomizeSearch (Hijack.SearchPage) -> Ruim: (http://search.22find.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXSP0842N_S0DWJDRP440345&ts=1362152574) Bom: (http://www.google.com/) -> Enviado para a Quarentena e reparado com sucesso.

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 4

C:\Documents and Settings\Henrique\Desktop\Nova pasta\the-gimp-282-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.

C:\Documents and Settings\Henrique\Configurações locais\temp\is701137889\22find_B_cor_br_201319193057.exe (Trojan.Agent.SP) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\Henrique\Desktop\Musicas\Ivete Sangalo – Veveta e Saulinho _ A Casa Amarela.zip.exe (Trojan.Ransom) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\Henrique\Desktop\My Shared Folder\Ivete Sangalo – Veveta e Saulinho _ A Casa Amarela.zip.exe (Trojan.Ransom) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite;

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Feche todas as janelas e execute a ferramenta.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o lado direito do mouse sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%PROGRAMFILES%\*.*

%userprofile%\configurações locais\dados de aplicativos\*.exe

%userprofile%\configurações locais\dados de aplicativos\*.txt

%userprofile%\configurações locais\dados de aplicativos\*.ini

%userprofile%\configurações locais\dados de aplicativos\*.dat /30

%userprofile%\configurações locais\dados de aplicativos\*.dll

%userprofile%\*.exe

%userprofile%\.txt

%userprofile%\.ini

%userprofile%\.dat /30

%userprofile%\.dll

%windir%\tasks\*.* /s

CREATERESTOREPOINT

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

Volte ao programa, clique com o lado direito do mouse em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.

Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

Informe também como está o PC.

:legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTL logfile created on: 4/3/2013 17:54:35 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Henrique\Meus documentos\Downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

959,17 Mb Total Physical Memory | 271,23 Mb Available Physical Memory | 28,28% Memory free

2,26 Gb Paging File | 1,55 Gb Available in Paging File | 68,38% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,52 Gb Total Space | 32,08 Gb Free Space | 43,04% Space Free | Partition Type: NTFS

Drive E: | 93,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HOUSE | User Name: Henrique | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2013/03/04 14:43:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henrique\Meus documentos\Downloads\OTL.exe

PRC - [2013/02/15 21:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/11 02:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgui.exe

PRC - [2012/11/30 10:49:15 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe

PRC - [2012/11/15 22:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe

PRC - [2012/10/30 03:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgrsx.exe

PRC - [2012/10/22 12:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe

PRC - [2012/10/22 12:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe

PRC - [2012/10/22 12:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe

PRC - [2012/10/22 12:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe

PRC - [2012/07/03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

PRC - [2012/02/15 08:37:40 | 000,206,280 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2004/08/04 00:45:40 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\osk.exe

PRC - [2004/08/04 00:45:34 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/08/03 21:45:42 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe

PRC - [2001/10/28 12:07:04 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msswchx.exe

PRC - [1997/01/21 00:00:00 | 000,051,984 | ---- | M] () -- C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE

========== Modules (No Company Name) ==========

MOD - [2013/02/15 21:34:12 | 003,067,288 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\mozjs.dll

MOD - [2012/12/17 07:24:27 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

MOD - [2011/06/19 22:22:04 | 011,485,184 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll

MOD - [2005/10/20 10:36:08 | 000,077,824 | R--- | M] () -- C:\Arquivos de programas\HP\Digital Imaging\bin\crm\xmltok.dll

MOD - [2005/10/20 10:36:08 | 000,065,536 | R--- | M] () -- C:\Arquivos de programas\HP\Digital Imaging\bin\crm\xmlparse.dll

MOD - [2004/08/04 00:45:24 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2001/10/28 12:07:32 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

MOD - [1997/01/21 00:00:00 | 003,774,224 | ---- | M] () -- C:\Arquivos de programas\Microsoft Office\Office\MSO97.DLL

MOD - [1997/01/21 00:00:00 | 000,051,984 | ---- | M] () -- C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe -- (vToolbarUpdater14.1.7)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2013/01/26 14:46:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/11/30 10:49:15 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/11/15 22:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/10/22 12:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2012/02/15 08:37:40 | 000,206,280 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2011/04/29 14:31:58 | 000,037,600 | ---- | M] (Speedchecker) [Auto | Stopped] -- C:\Arquivos de programas\Velocidade Do PC\PCSpeedUpService.exe -- (PCSpeedUpService)

SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004/08/03 21:45:42 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2013/02/10 20:42:48 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)

DRV - [2013/01/17 21:07:36 | 000,064,048 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360SpOEM.sys -- (360SpOEM)

DRV - [2013/01/17 21:07:36 | 000,061,488 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\360HookOem.sys -- (360HookOem)

DRV - [2013/01/17 21:07:36 | 000,029,744 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360RegOem.sys -- (360RegOem)

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/11/15 22:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2012/10/22 12:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)

DRV - [2012/10/15 02:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2012/10/02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2012/09/21 02:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2012/09/21 02:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)

DRV - [2012/09/21 02:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)

DRV - [2012/09/14 02:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2012/03/06 21:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)

DRV - [2012/02/15 08:38:40 | 000,047,304 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)

DRV - [2011/08/06 12:23:29 | 000,013,816 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\WINDOWS\system32\unikey.sys -- (phunter)

DRV - [2006/09/12 01:27:00 | 004,381,184 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)

DRV - [2004/08/13 07:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/08/03 19:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)

DRV - [2004/08/03 19:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)

DRV - [2004/08/03 19:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)

DRV - [2004/08/03 19:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)

DRV - [2004/08/03 19:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)

DRV - [2004/08/03 19:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)

DRV - [2004/08/03 19:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXSP0842N_S0DWJDRP440345&ts=1362152555

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXSP0842N_S0DWJDRP440345&ts=1362152555

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXSP0842N_S0DWJDRP440345&ts=1362152555

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: NPCamfrogWeb%40camfrogweb.com:2%2C0%2C12%2C93

FF - prefs.js..extensions.enabledAddons: %7BB9B0457A-1DA5-4578-B9D3-984A5E9808B0%7D:3.0.0

FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02

FF - prefs.js..extensions.enabledAddons: %7B14323AEE-F6B8-4DC8-BCE3-E62645830585%7D:1.0.1

FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E8873%7D:2.12.0.16.190

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2013/03/01 13:12:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins

[2011/07/05 23:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Extensions

[2013/03/04 17:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions

[2013/03/03 23:49:00 | 000,000,000 | ---D | M] (Guardiao Itau 30 horas) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}

[2013/02/03 21:52:44 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}

[2012/06/29 21:27:55 | 000,000,000 | ---D | M] (Camfrog Web Plugin for Mozilla Firefox) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\NPCamfrogWeb@camfrogweb.com

[2013/03/04 17:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\staged

[2013/02/21 17:20:39 | 000,021,487 | ---- | M] () (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\plugin@yontoo.com.xpi

[2013/03/01 12:42:52 | 000,002,117 | ---- | M] () (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi

[2012/04/19 12:32:15 | 000,008,237 | ---- | M] () (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{B9B0457A-1DA5-4578-B9D3-984A5E9808B0}.xpi

[2013/03/01 13:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2013/02/15 21:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

[2013/03/01 12:42:56 | 000,000,745 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\22find.xml

[2013/02/16 01:40:06 | 000,001,240 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2013/02/16 01:40:06 | 000,001,425 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2013/02/16 01:40:05 | 000,002,086 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml

[2013/02/16 01:40:06 | 000,001,381 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2013/02/16 01:40:06 | 000,001,165 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: 22find (Enabled)

CHR - default_search_provider: search_url = http://search.22find.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXSP0842N_S0DWJDRP440345&ts=1362152574&type=default&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.22find.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXSP0842N_S0DWJDRP440345&ts=1362152495

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Henrique\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Henrique\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\25.0.1364.97\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Henrique\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\25.0.1364.97\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll

CHR - plugin: Picasa (Enabled) = C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\5.0.61118.0\npctrl.dll

CHR - Extension: 22find = C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda\2.0.1_0\

O1 HOSTS File: ([2012/07/12 17:43:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG_UI] C:\Arquivos de programas\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Nikon Message Center 2] C:\Arquivos de programas\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)

O4 - HKLM..\Run: [PSafeTray] "C:\Arquivos de programas\PSafe\PSafeSysTray.exe" File not found

O4 - HKLM..\Run: [PSafeWDS] "C:\Arquivos de programas\PSafe\PSafeWDS.exe" File not found

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe" File not found

O4 - Startup: C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.2.lnk = File not found

O4 - Startup: C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE ()

O4 - Startup: C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 335

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189

O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm File not found

O15 - HKCU\..Trusted Domains: bancoreal.com.br ([www] http in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] http in Sites confiáveis)

O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www2] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: santander.com.br ([www] http in Sites confiáveis)

O15 - HKCU\..Trusted Domains: santanderempresarial.com.br ([www] http in Sites confiáveis)

O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: santandernetibe.com.br ([www] https in Sites confiáveis)

O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] https in Sites confiáveis)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.santandernet.com.br/mps/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD74E95B-B7C6-4F62-ADE9-67C43427E664}: DhcpNameServer = 192.168.254.254

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\ARQUIV~1\GbPlugin\gbiehAbn.dll) - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)

O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O24 - Desktop Components:0 (Minha página inicial atual) - about:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/08/28 11:28:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\ARQUIV~1\AVG\AVG2013\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2013/03/03 19:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\selma

[2013/03/02 15:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware

[2013/03/02 15:32:00 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/03/02 15:32:00 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2013/03/02 15:20:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2013/03/02 15:20:35 | 000,000,000 | ---D | C] -- C:\JRT

[2013/03/02 15:20:17 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Henrique\Desktop\JRT.exe

[2013/03/02 12:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Meus documentos\1412742384

[2013/03/01 12:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\PSafe

[2013/03/01 12:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dados de aplicativos\360Safe

[2013/03/01 12:48:38 | 000,152,880 | R--- | C] (360.cn) -- C:\WINDOWS\System32\drivers\360FileOem.sys

[2013/03/01 12:48:37 | 000,064,048 | R--- | C] (360安全中心) -- C:\WINDOWS\System32\drivers\360SpOEM.sys

[2013/03/01 12:48:35 | 000,029,744 | R--- | C] (360安全中心) -- C:\WINDOWS\System32\drivers\360RegOem.sys

[2013/03/01 12:48:33 | 000,061,488 | R--- | C] (360安全中心) -- C:\WINDOWS\System32\drivers\360HookOem.sys

[2013/03/01 12:47:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Henrique\Recent

[2013/03/01 12:45:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\337

[2013/03/01 12:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\CCleaner

[2013/03/01 12:44:36 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner

[2013/03/01 12:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\PSafe

[2013/03/01 10:10:25 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Henrique\Desktop\HijackThis.exe

[2013/03/01 07:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\AOCP - ASSESSORIA EM ORGANIZAÇÃO DE CONCURSOS PÚBLICOS LTDA - MARINGÁ PR_files

[2013/02/28 12:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Meus documentos\cesumar

[2013/02/20 16:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\revelar selma

[2013/02/20 08:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\105NIKON

[2013/02/20 08:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\104NIKON

[2013/02/19 14:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\Seropédica

[2013/02/17 13:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\Musicas

[2013/02/17 12:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\fotos da camera

[2013/02/17 12:56:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2013/02/17 12:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\BaiduPcFaster

[2013/02/17 12:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu

[2013/02/17 12:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\PCF

[2013/02/17 12:43:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Baidu Security

[2013/02/17 12:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Free iPad Video Converter

[2013/02/17 12:34:22 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll

[2013/02/17 12:34:22 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll

[2013/02/17 12:34:22 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll

[2013/02/17 12:34:22 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll

[2013/02/17 12:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Free iPad Video Converter

[2013/02/17 12:34:21 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll

[2013/02/17 12:34:18 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Free iPad Video Converter

[2013/02/17 08:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\festa

[2013/02/14 18:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\My Shared Folder

[2013/02/14 18:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ares

[2013/02/14 18:55:16 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Ares

[2013/02/14 13:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG

[2013/02/05 20:47:07 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Mozilla Firefox

[2013/01/31 11:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Drive

[2013/01/31 11:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\PhotoScape

[2013/01/31 11:38:18 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\PhotoScape

[2013/01/26 14:59:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR

[2013/01/26 14:53:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US

[2013/01/26 14:53:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft.NET

[2013/01/25 20:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Meus documentos\Japeri

[2013/01/22 00:34:07 | 004,317,808 | ---- | C] (Systweak Inc ) -- C:\Documents and Settings\Henrique\Meus documentos\rcpsetup_adgorithms_728_90_ag_2.exe

[2012/12/28 11:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\MPC

[2012/12/28 11:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\.JxBrowser

[2012/12/28 11:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\.digilabs

[2012/12/28 11:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\My Photo Creations (DATAPHOTO COM DE FOTOGRAFIAS LTDA Edition)

[2012/12/28 11:16:42 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\My Photo Creations (DATAPHOTO COM DE FOTOGRAFIAS LTDA Edition)

[2012/12/28 11:08:54 | 063,862,264 | ---- | C] (Digilabs) -- C:\Documents and Settings\Henrique\Meus documentos\DatabookWin.exe

[2012/12/28 09:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\PII RIO

[2012/12/23 21:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Nikon

[2012/12/23 20:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Nikon

[2012/12/22 21:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Nikon Message Center 2

[2012/12/22 21:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Gems

[2012/12/22 21:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\ViewNX 2

[2012/12/22 21:01:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Nikon

[2012/12/22 21:01:37 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Nikon

[2012/12/22 21:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Guitars

[2012/12/22 21:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Framework

[2012/12/22 21:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Downloaded Installations

[2012/12/22 21:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ultima_T15

[2012/12/22 21:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Pipe Organ

[2012/12/22 21:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\EnterNHelp

[2012/12/22 20:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nikon

[2012/12/22 20:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\ArcSoft Panorama Maker 6

[2012/12/22 20:19:27 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ArcSoft

[2012/12/22 20:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Link to Nikon

[2012/12/22 20:19:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\ArcSoft

[2012/12/22 19:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\ArcSoft

[2012/12/22 11:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\Para imprimir

[2012/12/19 20:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\EurekaLog

[2012/12/14 08:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Systweak

[2012/12/14 07:39:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache

[2012/12/10 19:36:51 | 000,033,112 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys

[2012/12/10 19:33:39 | 000,000,000 | -H-D | C] -- C:\$AVG

[2012/12/10 19:31:38 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\AVG

[2011/06/19 21:34:16 | 003,325,832 | ---- | C] (Ask) -- C:\Arquivos de programas\Arquivos comuns\APNToolbarInstaller.exe

[2011/06/19 21:34:16 | 000,108,424 | ---- | C] (Ask.com) -- C:\Arquivos de programas\Arquivos comuns\APNStub.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Henrique\Meus documentos\*.tmp files -> C:\Documents and Settings\Henrique\Meus documentos\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2013/03/04 17:47:00 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/03/04 17:38:01 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/03/04 17:21:51 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/03/04 17:21:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2013/03/04 17:21:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/03/04 14:52:34 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Henrique\ntuser.dat

[2013/03/04 14:52:34 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\Henrique\ntuser.ini

[2013/03/04 14:07:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003UA.job

[2013/03/04 14:03:01 | 000,001,180 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003UA.job

[2013/03/04 00:45:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/03/03 20:38:32 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Documento.rtf

[2013/03/03 20:07:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003Core.job

[2013/03/02 15:32:01 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/02 15:20:18 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Henrique\Desktop\JRT.exe

[2013/03/02 15:08:34 | 000,594,019 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\adwcleaner.exe

[2013/03/02 12:38:35 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/03/01 22:38:22 | 000,000,355 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Atalho para DSC00281.lnk

[2013/03/01 22:05:18 | 000,465,338 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Decreto_n_425_2012.pdf

[2013/03/01 21:30:41 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/03/01 17:38:56 | 000,014,764 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\edital_abertura_seropedica.pdf.html

[2013/03/01 15:13:07 | 000,465,338 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Decreto_n_425_2012.pdf

[2013/03/01 13:12:47 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2013/03/01 12:44:51 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2013/03/01 12:38:06 | 000,646,008 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\ccleaner-3281913-baixaki-32-bits.exe

[2013/03/01 10:10:26 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Henrique\Desktop\HijackThis.exe

[2013/03/01 10:09:17 | 000,000,533 | ---- | M] () -- C:\WINDOWS\win.ini

[2013/03/01 10:09:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013/03/01 10:09:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2013/03/01 07:33:27 | 000,023,573 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\AOCP - ASSESSORIA EM ORGANIZAÇÃO DE CONCURSOS PÚBLICOS LTDA - MARINGÁ PR.htm

[2013/02/25 15:18:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Rede Labs D'Or.html

[2013/02/24 01:03:04 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003Core.job

[2013/02/22 18:09:08 | 001,340,170 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Anexo_II_do_Edital_de_Deferimento_das_Inscricoes_Pos_Recursos_Ampla_Concorrencia.pdf

[2013/02/21 17:19:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\win.exe

[2013/02/20 16:24:33 | 004,657,103 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\fotos para revelar.zip

[2013/02/19 15:53:51 | 001,302,235 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Anexo_II_do_Edital_de_Deferimento_das_Inscricoes_Ampla_Concorrencia.pdf

[2013/02/19 15:53:42 | 000,240,499 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Pedagogo_AOCP_2010.zip

[2013/02/18 15:13:17 | 000,000,468 | RHS- | M] () -- C:\Documents and Settings\Henrique\ntuser.pol

[2013/02/17 12:34:25 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Free iPad Video Converter.lnk

[2013/02/17 12:21:23 | 000,741,888 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\eloah certo.MSWMM

[2013/02/17 12:20:39 | 000,741,888 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\eloah.MSWMM

[2013/02/14 18:55:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ares.lnk

[2013/02/14 18:52:28 | 000,646,008 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\ares-galaxy-2223047-baixaki-32-bits.exe

[2013/02/10 20:42:48 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys

[2013/02/05 18:21:19 | 000,044,526 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\admissional.pdf

[2013/02/05 18:05:17 | 004,502,908 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\DSCN2079.JPG

[2013/02/05 12:33:37 | 000,004,244 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Bradesco Pessoa Física.html

[2013/02/05 07:22:13 | 000,432,597 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\EDITAL_RESULTADO_PROVA_OBJETIVA_professor _II.pdf

[2013/02/01 18:41:26 | 006,262,402 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\materialdoemaileducaoinfantilpiidecreche.zip

[2013/02/01 16:24:31 | 001,817,569 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\layout.jpg

[2013/02/01 15:27:00 | 000,665,891 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Edital - PMQ - Nível Superior(1).pdf

[2013/01/31 19:01:49 | 006,036,999 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\DSCN2066.JPG

[2013/01/31 11:34:11 | 000,577,912 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\photoscape-363-baixaki-32-bits.exe

[2013/01/30 23:29:13 | 000,109,067 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Orientador Pedagógico - AC.pdf

[2013/01/30 23:28:37 | 000,096,414 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Orientador Educacional - AC.pdf

[2013/01/30 23:26:28 | 001,591,507 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Professor II - AC.pdf

[2013/01/28 18:07:16 | 000,054,629 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\387086_463421090377870_326588953_n.jpg

[2013/01/26 15:20:31 | 000,001,634 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog

[2013/01/26 14:59:01 | 001,118,084 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2013/01/26 14:59:01 | 000,496,004 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2013/01/26 14:59:01 | 000,454,558 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/01/26 14:59:01 | 000,088,000 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2013/01/26 14:59:01 | 000,074,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/01/22 14:32:38 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\listaEfetuados.html

[2013/01/22 14:15:57 | 000,272,999 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Resultado - Prova Escrita.pdf

[2013/01/22 14:10:44 | 000,335,917 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Convocação para Prova Oral.pdf

[2013/01/22 14:09:19 | 000,444,619 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Resultado - 1ª Etapa.pdf

[2013/01/22 00:34:08 | 004,317,808 | ---- | M] (Systweak Inc ) -- C:\Documents and Settings\Henrique\Meus documentos\rcpsetup_adgorithms_728_90_ag_2.exe

[2013/01/17 21:07:36 | 000,152,880 | R--- | M] (360.cn) -- C:\WINDOWS\System32\drivers\360FileOem.sys

[2013/01/17 21:07:36 | 000,064,048 | R--- | M] (360安全中心) -- C:\WINDOWS\System32\drivers\360SpOEM.sys

[2013/01/17 21:07:36 | 000,061,488 | R--- | M] (360安全中心) -- C:\WINDOWS\System32\drivers\360HookOem.sys

[2013/01/17 21:07:36 | 000,029,744 | R--- | M] (360安全中心) -- C:\WINDOWS\System32\drivers\360RegOem.sys

[2013/01/15 19:28:47 | 001,460,152 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Referência Bibliográfica COM FOTOS.pdf

[2012/12/28 11:14:13 | 063,862,264 | ---- | M] (Digilabs) -- C:\Documents and Settings\Henrique\Meus documentos\DatabookWin.exe

[2012/12/23 21:04:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ViewNX2.INI

[2012/12/23 21:01:52 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLev.DAT

[2012/12/23 21:01:09 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLet.DAT

[2012/12/22 21:02:42 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Swirl

[2012/12/22 21:02:42 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Ambience

[2012/12/22 21:02:42 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLes.DAT

[2012/12/22 21:01:26 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Sync

[2012/12/22 21:01:26 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Ambient

[2012/12/22 21:01:25 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Pad

[2012/12/22 21:01:25 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Alerts

[2012/12/22 21:00:45 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLeo.DAT

[2012/12/22 21:00:39 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Automator

[2012/12/22 21:00:38 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Audio Unit Effect

[2012/12/14 20:56:16 | 000,103,786 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Contrato_pos.pdf

[2012/12/14 20:53:56 | 000,090,881 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Regulamento_pos.pdf

[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/12/14 08:03:17 | 000,017,330 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Condomínio Visconde de Mauá.odt

[2012/12/13 08:08:38 | 000,119,001 | ---- | M] () -- C:\WINDOWS\hpoins11.dat

[2012/12/08 06:36:01 | 000,040,102 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\prot.odt

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Henrique\Meus documentos\*.tmp files -> C:\Documents and Settings\Henrique\Meus documentos\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/03 20:38:32 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Documento.rtf

[2013/03/02 15:32:01 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/02 15:08:33 | 000,594,019 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\adwcleaner.exe

[2013/03/01 22:38:22 | 000,000,355 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Atalho para DSC00281.lnk

[2013/03/01 22:05:16 | 000,465,338 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Decreto_n_425_2012.pdf

[2013/03/01 17:38:55 | 000,014,764 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\edital_abertura_seropedica.pdf.html

[2013/03/01 15:13:05 | 000,465,338 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Decreto_n_425_2012.pdf

[2013/03/01 13:12:47 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk

[2013/03/01 13:12:47 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2013/03/01 12:44:51 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2013/03/01 12:38:03 | 000,646,008 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\ccleaner-3281913-baixaki-32-bits.exe

[2013/03/01 10:09:19 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.2.lnk

[2013/03/01 10:09:19 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\Inicialização do Office.lnk

[2013/03/01 10:09:18 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\Localização acelerada da Microsoft.lnk

[2013/03/01 07:33:26 | 000,023,573 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\AOCP - ASSESSORIA EM ORGANIZAÇÃO DE CONCURSOS PÚBLICOS LTDA - MARINGÁ PR.htm

[2013/02/25 15:18:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Rede Labs D'Or.html

[2013/02/22 18:09:06 | 001,340,170 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Anexo_II_do_Edital_de_Deferimento_das_Inscricoes_Pos_Recursos_Ampla_Concorrencia.pdf

[2013/02/21 17:19:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\win.exe

[2013/02/20 16:24:29 | 004,657,103 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\fotos para revelar.zip

[2013/02/19 15:53:50 | 001,302,235 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Anexo_II_do_Edital_de_Deferimento_das_Inscricoes_Ampla_Concorrencia.pdf

[2013/02/19 15:53:38 | 000,240,499 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Pedagogo_AOCP_2010.zip

[2013/02/17 12:56:59 | 000,000,468 | RHS- | C] () -- C:\Documents and Settings\Henrique\ntuser.pol

[2013/02/17 12:34:25 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Free iPad Video Converter.lnk

[2013/02/17 12:34:22 | 000,113,486 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx

[2013/02/17 12:21:21 | 000,741,888 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\eloah certo.MSWMM

[2013/02/17 11:28:13 | 000,741,888 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\eloah.MSWMM

[2013/02/14 18:55:41 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ares.lnk

[2013/02/14 18:52:27 | 000,646,008 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\ares-galaxy-2223047-baixaki-32-bits.exe

[2013/02/05 18:21:17 | 000,044,526 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\admissional.pdf

[2013/02/05 12:33:36 | 000,004,244 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Bradesco Pessoa Física.html

[2013/02/05 07:22:12 | 000,432,597 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\EDITAL_RESULTADO_PROVA_OBJETIVA_professor _II.pdf

[2013/02/01 18:41:04 | 006,262,402 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\materialdoemaileducaoinfantilpiidecreche.zip

[2013/02/01 16:24:27 | 001,817,569 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\layout.jpg

[2013/02/01 15:26:55 | 000,665,891 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Edital - PMQ - Nível Superior(1).pdf

[2013/01/31 19:01:36 | 004,502,908 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\DSCN2079.JPG

[2013/01/31 19:01:23 | 006,036,999 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\DSCN2066.JPG

[2013/01/31 11:34:10 | 000,577,912 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\photoscape-363-baixaki-32-bits.exe

[2013/01/30 23:29:13 | 000,109,067 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Orientador Pedagógico - AC.pdf

[2013/01/30 23:28:36 | 000,096,414 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Orientador Educacional - AC.pdf

[2013/01/30 23:26:26 | 001,591,507 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Professor II - AC.pdf

[2013/01/28 18:07:14 | 000,054,629 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\387086_463421090377870_326588953_n.jpg

[2013/01/26 22:54:04 | 000,145,210 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-S-1-5-21-1844237615-1770027372-682003330-1003-0.dat

[2013/01/26 15:26:14 | 000,145,210 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-System.dat

[2013/01/26 14:46:35 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/01/22 14:32:38 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\listaEfetuados.html

[2013/01/22 14:15:56 | 000,272,999 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Resultado - Prova Escrita.pdf

[2013/01/22 14:10:44 | 000,335,917 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Convocação para Prova Oral.pdf

[2013/01/22 14:09:19 | 000,444,619 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Resultado - 1ª Etapa.pdf

[2013/01/15 19:28:46 | 001,460,152 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Referência Bibliográfica COM FOTOS.pdf

[2012/12/23 21:04:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI

[2012/12/22 21:02:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Swirl

[2012/12/22 21:02:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Ambience

[2012/12/22 21:02:41 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLes.DAT

[2012/12/22 21:01:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Sync

[2012/12/22 21:01:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Ambient

[2012/12/22 21:01:26 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLev.DAT

[2012/12/22 21:01:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Pad

[2012/12/22 21:01:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Alerts

[2012/12/22 21:01:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLet.DAT

[2012/12/22 21:00:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Automator

[2012/12/22 21:00:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Audio Unit Effect

[2012/12/22 21:00:38 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLeo.DAT

[2012/12/14 20:56:15 | 000,103,786 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Contrato_pos.pdf

[2012/12/14 20:53:56 | 000,090,881 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Regulamento_pos.pdf

[2012/12/14 08:03:49 | 000,017,330 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Condomínio Visconde de Mauá.odt

[2012/12/13 07:57:40 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

[2012/12/13 07:26:18 | 000,119,001 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2012/12/08 06:36:00 | 000,040,102 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\prot.odt

[2012/10/10 00:46:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/10/02 19:29:06 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Henrique\ntuser.dat

[2012/09/27 15:33:16 | 000,011,034 | ---- | C] () -- C:\Documents and Settings\Henrique\Mr. holland, resenha.rtf

[2012/09/10 01:18:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/07/13 17:43:36 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2011/08/06 11:38:50 | 000,013,816 | ---- | C] () -- C:\WINDOWS\System32\unikey.sys

[2011/07/05 23:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/06/19 21:55:49 | 000,571,328 | ---- | C] ( ) -- C:\Arquivos de programas\Arquivos comuns\AutoCompleteInstaller-VD.exe

[2011/04/27 07:35:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\{CFF54EBD-994A-46CE-9B7E-7B05FC697182}

[2011/04/23 22:27:11 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\AutoGK.ini

[2011/03/13 23:31:23 | 000,015,158 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2011/01/08 11:22:33 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Henrique\default.pls

[2010/10/10 20:34:17 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\Henrique\.recently-used.xbel

[2010/09/20 19:27:01 | 000,103,936 | ---- | C] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/14 14:55:21 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\fusioncache.dat

[2010/09/14 11:24:16 | 000,020,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2010/08/28 14:05:10 | 000,022,392 | ---- | C] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2010/08/28 13:18:04 | 006,955,196 | -H-- | C] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\IconCache.db

[2010/08/28 11:48:17 | 000,000,210 | -HS- | C] () -- C:\Documents and Settings\Henrique\ntuser.ini

========== ZeroAccess Check ==========

[2010/08/28 17:15:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2004/08/04 00:45:28 | 001,483,264 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/04 00:45:22 | 000,472,064 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:45:28 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/04 21:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software

[2012/11/06 17:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG2013

[2013/02/17 12:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu

[2011/03/16 09:06:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files

[2012/12/22 21:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EnterNHelp

[2012/12/22 21:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Framework

[2011/08/15 20:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\gas

[2012/03/22 11:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2012/12/22 21:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Gems

[2012/05/19 19:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Graboid Inc

[2012/12/22 21:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Guitars

[2011/12/08 07:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Lightcomm

[2013/03/04 18:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

[2012/12/22 22:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nikon

[2011/12/08 07:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Oi

[2012/12/22 21:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Pipe Organ

[2013/03/01 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PSafe

[2012/12/14 08:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Systweak

[2012/04/07 15:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

[2012/12/22 21:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ultima_T15

[2011/04/24 10:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\VideoMach

[2012/04/07 15:09:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012/11/06 19:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\AVG2013

[2013/02/18 17:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\BaiduPcFaster

[2010/08/28 19:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\BrOffice.org

[2011/11/06 22:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Camfrog Web

[2011/02/17 21:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Codemonster

[2012/12/19 20:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\EurekaLog

[2013/02/17 12:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Free iPad Video Converter

[2010/10/10 20:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\gtk-2.0

[2012/12/13 07:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Image Zone Express

[2012/12/28 11:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\MPC

[2012/12/23 21:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Nikon

[2013/02/17 12:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\PCF

[2013/01/31 11:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\PhotoScape

[2012/04/07 15:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\TuneUp Software

[2011/06/22 16:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/07/11 23:59:56 | 000,000,367 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2012/07/12 01:01:31 | 000,000,367 | ---- | M] () -- C:\AdwCleaner[s2].txt

[2012/07/12 12:15:06 | 000,000,304 | ---- | M] () -- C:\AdwCleaner[s3].txt

[2012/07/12 12:17:01 | 000,000,367 | ---- | M] () -- C:\AdwCleaner[s4].txt

[2012/07/12 13:29:09 | 000,011,527 | ---- | M] () -- C:\AdwCleaner[s5].txt

[2013/03/02 15:09:55 | 000,071,456 | ---- | M] () -- C:\AdwCleaner[s6].txt

[2010/08/28 11:28:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2011/03/19 09:49:17 | 000,000,210 | ---- | M] () -- C:\Boot.bak

[2013/03/01 10:09:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2001/10/28 12:06:10 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2004/08/03 23:00:16 | 000,261,856 | RHS- | M] () -- C:\cmldr

[2012/07/12 18:19:56 | 000,014,183 | ---- | M] () -- C:\ComboFix.txt

[2010/08/28 11:28:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2012/01/31 17:15:38 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob

[2011/07/06 12:50:42 | 000,005,359 | -H-- | M] () -- C:\ffastun.ffa

[2011/07/06 12:50:42 | 000,385,024 | -H-- | M] () -- C:\ffastun.ffl

[2011/07/06 12:50:42 | 000,188,416 | -H-- | M] () -- C:\ffastun.ffo

[2011/07/06 12:50:42 | 003,059,712 | -H-- | M] () -- C:\ffastun0.ffx

[2012/07/10 16:51:04 | 000,385,024 | ---- | M] () -- C:\ffastunT.ffl

[2010/08/28 11:28:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/08/28 11:28:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2012/10/30 09:37:06 | 000,251,168 | RHS- | M] () -- C:\ntldr

[2013/03/04 17:21:12 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys

[2011/03/31 23:20:12 | 000,014,127 | ---- | M] () -- C:\SAFEBOOT_REPAIR.TXT

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >

[2013/01/17 21:07:36 | 000,152,880 | R--- | M] (360.cn) -- C:\WINDOWS\system32\drivers\360FileOem.sys

[2013/01/17 21:07:36 | 000,061,488 | R--- | M] (360安全中心) -- C:\WINDOWS\system32\drivers\360HookOem.sys

[2013/01/17 21:07:36 | 000,029,744 | R--- | M] (360安全中心) -- C:\WINDOWS\system32\drivers\360RegOem.sys

[2013/01/17 21:07:36 | 000,064,048 | R--- | M] (360安全中心) -- C:\WINDOWS\system32\drivers\360SpOEM.sys

[2013/02/10 20:42:48 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\system32\drivers\avgtpx86.sys

[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %PROGRAMFILES%\*.* >

< %userprofile%\configurações locais\dados de aplicativos\*.exe >

< %userprofile%\configurações locais\dados de aplicativos\*.txt >

< %userprofile%\configurações locais\dados de aplicativos\*.ini >

[2013/03/01 21:30:41 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\Henrique\configurações locais\dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< %userprofile%\configurações locais\dados de aplicativos\*.dat /30 >

< %userprofile%\configurações locais\dados de aplicativos\*.dll >

< %userprofile%\*.exe >

< %userprofile%\.txt >

< %userprofile%\.ini >

< %userprofile%\.dat /30 >

< %userprofile%\.dll >

< %windir%\tasks\*.* /s >

[2013/03/04 17:38:01 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2001/10/28 12:07:04 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini

[2013/03/03 20:07:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003Core.job

[2013/03/04 14:07:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003UA.job

[2013/03/04 17:21:51 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/03/04 17:47:00 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/24 01:03:04 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003Core.job

[2013/03/04 14:03:01 | 000,001,180 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003UA.job

[2013/03/04 17:21:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >

"DefaultConnectionSettings" = 3C 00 00 00 69 09 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 20 C3 F8 35 70 FE CD 01 01 00 00 00 C0 A8 FE 01 00 00 00 00 00 00 00 00 [binary data]

"SavedLegacySettings" = 3C 00 00 00 64 96 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 20 C3 F8 35 70 FE CD 01 01 00 00 00 C0 A8 FE 01 00 00 00 00 00 00 00 00 [binary data]

"Conexão de banda larga" = 3C 00 00 00 01 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

"Oi" = 3C 00 00 00 01 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

========== Alternate Data Streams ==========

@Alternate Data Stream - 212 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >

Olá amigo!

O PC já está bem melhor do que antes de vir aqui.

Antes nem conseguia digitar, ficava catando milho. Agora melhorou bastante.

Obrigado pelas dicas.

Segue o arquivo no anexo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite henridesouza;

Selecione estas linhas em vermelho, clique com o lado direito do mouse sobre a seleção e escolha a opção copiar:

:OTL

[2011/06/19 21:34:16 | 003,325,832 | ---- | C] (Ask) -- C:\Arquivos de programas\Arquivos comuns\APNToolbarInstaller.exe

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.co...5&ts=1362152555

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.co...5&ts=1362152555

CHR - default_search_provider: 22find (Enabled)

CHR - default_search_provider: search_url = http://search.22find...q={searchTerms}

CHR - homepage: http://www.22find.co...5&ts=1362152495

DRV - [2012/03/06 21:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)

O4 - HKLM..\Run: [PSafeTray] "C:\Arquivos de programas\PSafe\PSafeSysTray.exe" File not found

O4 - HKLM..\Run: [PSafeWDS] "C:\Arquivos de programas\PSafe\PSafeWDS.exe" File not found

[2013/03/01 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PSafe

:commands

[emptytemp]

[Reboot]

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Siga as intruções desta página (http://linhadefensiv...mocao-de-virus/) e peça ajuda em Remoção de Malware (http://linhadefensiv...hp?showforum=11)

Execute o OTL.exe

Clique com o lado direito do mouse em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo não consegui fazer o que você falou. Colo as linhas em vermelho e clico em consertar, então aparece que está inicializando, mas o pc trava e fica um tempão e se clico em qualquer área aparece não está respondendo. Então reinicio o pc pela máquina pq nem o o teclado funciona. O que devo fazer. Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

baixe novamente o OTL e tente realizar o procedimento.

Compartilhar este post


Link para o post
Compartilhar em outros sites

OLÁ AMIGO TENTEI NOVAMENTE POR 3 VEZES ELE ATÉ REINICIOU RAPIDAMENTE EM UMA DAS VEZES MAS QUANDO VOLTOU O WINDOWS AVISOU QUE ELE SE RECUPEROU DE UM ERRO GRAVE E NÃO TEVE LOG.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde henridesouza;

Faça o download do arquivo Fix.txt em anexo abaixo e salve na sua área de trabalho.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Execute o OTL;

Arraste o arquivo Fix como na imagem abaixo em qualquer parte branca, da sessão Exames Personalizados/Correções.

copy.gif

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão fixotl.png

O programa executará o script e reiniciará o seu computador.

Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

Um bloco de notas será aberto, contendo algumas informações.

Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log.

Fix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia henridesouza;

Tente realizar o procedimento em "Modo de Segurança".

Caso não saiba como, veja aqui.

Compartilhar este post


Link para o post
Compartilhar em outros sites

BOA NOITE, FIZ O RECOMENDADO. ELE FUNCIONOU E ABRIU O ARQUIVO OTL. MAS NÃO REINICIOU COMO você FALOU QUE IA ACONTECER. EU REINICIEI MANUALMENTE E NÃO ABRIU O PROGRAMA SOZINHO NÃO. E NA PASTA QUE você MENCIONOU NÃO TINHA NADA DENTRO DOS ARQUIVOS NÚMERICOS.

VOU ANEXAR O ARQUIVO DO BLOCO DE NOTAS QUE SALVEI.

OTL.Txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, boa tarde;

1 -

Destaque e cole o script abaixo, desde a palavra REGEDIT4 até o fim, ou seja, “CustomizeSearch”=-;

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

“Search Bar”=“http://nmd.msn.com”

“Search Page”=“http://home.microsoft.com/intl/br/access/allinone.asp”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”

“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

“(Default)”=http://go.microsoft.com/fwlink/?LinkId=54896

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

“Default_Search_URL”=-

“SearchAssistant”=-

“CustomizeSearch”=-

Agora vá em iniciar -----> executar -----> digite notepad na caixa e dê ok para abrir o bloco de notas;

Clique no vazio com o lado direito do mouse e depois em “colar”;

O script deverá estar escrito ali;

Agora, no bloco de notas, vá em Arquivo -----> salvar como -----> em “nome do arquivo" digite “script.reg(sem aspas) -----> “Salvar como tipo” escolha: “todos os arquivos” e salve na sua área de trabalho.

Agora execute o arquivo, dando dois cliques sobre ele, o qual deverá estar em sua área de trabalho, com o nome script.reg

2 - Agora vamos tentar usar a ferramenta OTM.

Baixe-a ---> aqui <--- e a execute.

Copie o script abaixo (em vermelho) e cole-o na área do programa com esta descrição: “Paste Instructions for Items to be Moved

:Processes

PSafeSysTray.exe

PSafeWDS.exe

:Services

aswKbd

:Files

C:\WINDOWS\System32\drivers\aswKbd.sys

C:\Arquivos de programas\PSafe

C:\Documents and Settings\All Users\Dados de aplicativos\PSafe

:Commands

[emptytemp]

[emptyjava]

[Reboot]

Em seguida clique em “Movelt !” e aguarde o programa eliminar as entradas identificadas.

Após o script ser executado clique em “Results” para ver o resultado. Cole-o aqui.

Compartilhar este post


Link para o post
Compartilhar em outros sites

BOA NOITE,

CONSEGUI FAZER O PROCEDIMENTO UTILIZANDO O MODO DE SEGURANÇA, PORÉM NÃO CONSIGO COPIAR O RESULTADO POIS O PC REINICIA E NÃO DÁ PRA COPIAR. AGUARDO.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok....

Por favor, me informe como está a máquina.

:legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia, a máquina está bem melhor do que quando cheguei aqui. Não está mais travando o teclado e está bem mais ágil. Acho que já tiramos o vírus.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seu log está limpo.

1 - Baixe o programa CCleaner e o execute em seu computador.

Link= http://www.baixaki.c...ad/ccleaner.htm

Para instalar dê um duplo clique em “ccsetup303”; execute o arquivo de instalação; escolha o idioma “Português Brasileiro”; na próxima tela clique em “próximo”; aceite o Contrato clicando em “Eu Concordo”; na próxima tela deixe marcado somente “Adicionar atalho na área de trabalho”; por fim, clique em instalar;

Quando o programa abrir, na aba “Windows” mantenha a configuração original e marque também em “Avançado”, “Dados do prefetch antigos”.

Agora mande "analisar"; em seguida clique em “Executar limpeza”;

Faça o mesmo na aba “Programas”;

Por fim, vá para a aba “Registro”, clique em “Procurar Erros” e por fim em “Corrigir Erros Selecionados”.

Pronto !! você terá executado o CCleaner com sucesso.

Te aconselho a utilizar o CCleaner ao menos uma vez por semana.

2 - Verifique se você tem o Java atualizado.

baixe o JavaRa =

http://sourceforge.n...zip&use_mirror=

Dê um duplo-clique no JavaRa.exe. Depois clique em Search For Updates. Selecione a opção Update Using jucheck.exe.

Clique então no botão Search.Se estiver atualizado, receberá um aviso de que tem a última versão.

Caso contrário, aguarde a nova versão do Java ser baixada e instalada. Depois clique no botão Remove Older Versions para que as versões antigas que existirem no PC sejam desinstaladas.

3 Recomendo que actualize o Service Pack, pois a versão que você possui é a SP2

Caso queira fazê-lo, segue o link:

http://www.baixaki.c...vice-pack-3.htm

4 - Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções.

Link: http://www.linhadefe...proteja-seu-pc/

5 - Recomendo também que visite os links abaixo:

http://www.linhadefe...showtopic=75646

http://www.tecmundo....ontre-nada-.htm

6 - Se não há mais nenhum problema relacionado a malwares, clique no botão "Denunciar" e informe que o seu caso foi resolvido.

:legal:

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO


Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Quem Está Navegando   0 membros estão online

    Nenhum usuário registrado visualizando esta página.