Ir para conteúdo

Foto

PC lento, teclado também


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
20 respostas neste tópico

#1
henridesouza

henridesouza

    Novato

  • Novato
  • Pip
  • 32 posts
Boa tarde, gotaria de uma ajuda.
Teclado demora digitar letra. Pc muito lento acesso windows.
Valeu


Logfile of HijackThis v1.99.1
Scan saved at 12:09:25, on 1/3/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\ARQUIV~1\AVG\AVG2013\avgrsx.exe
C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe
C:\Arquivos de programas\AVG Secure Search\vprot.exe
C:\Arquivos de programas\AVG\AVG2013\avgui.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe
C:\WINDOWS\system32\slserv.exe
C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe
C:\Arquivos de programas\Arquivos comuns\Umbrella\Umbrella.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Henrique\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...hp_01_hao123_br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...hp_01_hao123_br
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Arquivos de programas\Iminent\Iminent.WebBooster.InternetExplorer.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Arquivos de programas\DealPly\DealPlyIE.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Arquivos de programas\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Arquivos de programas\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [Iminent] C:\Arquivos de programas\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Arquivos de programas\Iminent\Iminent.Messengers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O4 - Startup: Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE
O4 - Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bancosantander.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: http://www.santanderempresarial.com.br
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.santand...GbPluginABN.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PCSpeedUp Service (PCSpeedUpService) - Speedchecker - C:\Arquivos de programas\Velocidade Do PC\PCSpeedUpService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SProtection - Iminent - C:\Arquivos de programas\Arquivos comuns\Umbrella\Umbrella.exe
O23 - Service: vToolbarUpdater14.1.7 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe

Editado por henridesouza, 01 março 2013 - 12:09.


#2
rorro

rorro

    Aprendiz Sênior

  • Aprendiz Sênior
  • 1.914 posts
Olá, henridesouza.

Meu nome é Ronaldo e "nickname" Rorro.

Estou analisando o seu caso. Assim que minha resposta for conferida, estarei passando as instruções.

Por favor, observe o seguinte:
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em Imagem Postada (se localiza no canto superior direito do post principal), para que receba notificação por e-mail quando o mesmo for respondido.
    Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • A análise pode levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Por favor, não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Nunca abandone seu Tópico.

Imagem Postada

Linha Defensiva no Twitter!

#3
rorro

rorro

    Aprendiz Sênior

  • Aprendiz Sênior
  • 1.914 posts
Bom dia;


1 - Faça o download do AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Clique no ícone Imagem Postada para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em Imagem Postada

Clique em Imagem Postada

Será aberto o bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.


2 - Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe Imagem Postada e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione Imagem Postada

A ferramenta começará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.


3 - Imagem Postada - Faça o download do Malwarebytes Anti-Malware.


Agora instale-o dando um duplo clique no instalador baixado;

Marque Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em Concluir;

Marque Verificação Completa e depois clique em Verificar;

Quando o scan terminar, clique em Ok e em Mostrar Resultados para ver o log;
Se algo for detectado, veja se tudo está marcado e clique em Remover;
O log é automaticamente gravado e pode ser consultado clicando em Log do menu principal do programa;

Copie e cole o conteúdo desse log na sua próxima resposta;
Qualquer Dúvida leia: Tutorial de instalação e execução.
Nunca abandone seu Tópico.

Imagem Postada

Linha Defensiva no Twitter!

#4
henridesouza

henridesouza

    Novato

  • Novato
  • Pip
  • 32 posts
Olá fiz o recomendado,

LOG DO ADWCLEAR:

# AdwCleaner v2.113 - Relatório criado em 02/03/2013 às 15:08:59
# Atualizado em 23/02/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 2 (32 bits)
# Usuário : Henrique - HOUSE
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\Henrique\Meus documentos\adwcleaner.exe
# Opção [Remover]


***** [Serviços] *****

Encerrado & Removido : SProtection

***** [Arquivos/Pastas] *****

Arquivo Désinfected : C:\Documents and Settings\Henrique\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\22find.lnk
Arquivo Désinfected : C:\Documents and Settings\Henrique\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk
Arquivo Désinfected : C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk
Arquivo Désinfected : C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Internet Explorer.lnk
Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\defaults\pref\all-iminent.js
Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\avg-secure-search.xml
Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml
Arquivo Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\adapter@babylontc.com.xpi
Arquivo Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\ocr@babylon.com.xpi
Arquivo Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\searchplugins\Conduit.xml
Arquivo Removido : C:\Documents and Settings\Henrique\Desktop\22find.lnk
Arquivo Removido : C:\user.js
Pasta Removido : C:\Arquivos de programas\Advanced System Protector
Pasta Removido : C:\Arquivos de programas\Arquivos comuns\AVG Secure Search
Pasta Removido : C:\Arquivos de programas\Arquivos comuns\Umbrella
Pasta Removido : C:\Arquivos de programas\AVG Secure Search
Pasta Removido : C:\Arquivos de programas\Babylon
Pasta Removido : C:\Arquivos de programas\DealPly
Pasta Removido : C:\Arquivos de programas\Iminent
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Iminent
Pasta Removido : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Iminent
Pasta Removido : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\AVG Secure Search
Pasta Removido : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Conduit
Pasta Removido : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\OpenCandy
Pasta Removido : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Zoom_Downloader
Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\AVG Secure Search
Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\DealPly
Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Iminent
Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\ConduitCommon
Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\CT3027459
Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\CT3282722
Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{79b8e308-95a2-4044-932d-80e833a863cc}
Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}
Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Pasta Removido : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\Smartbar
Pasta Removido : C:\Documents and Settings\Henrique\Menu Iniciar\Programas\DealPly
Removido Durante o reboot : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\bllaobobdmgmnafkbkdjnkebbaopjofd
Removido Durante o reboot : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Removido Durante o reboot : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl

***** [Registro] *****

Chave Removida : HKCU\Software\AVG Secure Search
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\Google\Chrome\Extensions\bllaobobdmgmnafkbkdjnkebbaopjofd
Chave Removida : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Removida : HKCU\Software\IGearSettings
Chave Removida : HKCU\Software\Iminent
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKCU\Software\SmartBar
Chave Removida : HKLM\Software\AVG Secure Search
Chave Removida : HKLM\Software\AVG Security Toolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Chave Removida : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Chave Removida : HKLM\SOFTWARE\Classes\Iminent
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Chave Removida : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Chave Removida : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Chave Removida : HKLM\Software\Classes\Installer\Features\436DABD223008E24A8404BFC5C60E20B
Chave Removida : HKLM\Software\Classes\Installer\Products\436DABD223008E24A8404BFC5C60E20B
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\Software\DealPly
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\bllaobobdmgmnafkbkdjnkebbaopjofd
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436DABD223008E24A8404BFC5C60E20B
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DBAD634-0032-42E8-8A04-B4CFC5062EB0}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chave Removida : HKLM\Software\Umbrella
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Valor Removida : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Iminent\Iminent.exe]
Valor Removida : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\Iminent\Iminent.Messengers.exe]

***** [Navegadores] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registro está limpo.

-\\ Mozilla Firefox v19.0 (pt-BR)

Arquivo : C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\prefs.js

C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\user.js ... Removido !

Removida : user_pref("CT3027459..clientLogIsEnabled", false);
Removida : user_pref("CT3027459..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Removida : user_pref("CT3027459..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Removida : user_pref("CT3027459.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Removida : user_pref("CT3027459.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Removida : user_pref("CT3027459.AppTrackingLastCheckTime", "Tue Dec 11 2012 16:57:32 GMT-0200 (Hora oficial do [...]
Removida : user_pref("CT3027459.BrowserCompStateIsOpen_1000515", true);
Removida : user_pref("CT3027459.BrowserCompStateIsOpen_129683394535752103", true);
Removida : user_pref("CT3027459.CT3027459", "CT3027459");
Removida : user_pref("CT3027459.CurrentServerDate", "2-3-2013");
Removida : user_pref("CT3027459.DSChangedManually", false);
Removida : user_pref("CT3027459.DSInstall", true);
Removida : user_pref("CT3027459.DSProtectChoice", true);
Removida : user_pref("CT3027459.DSProtectCount", 5);
Removida : user_pref("CT3027459.DialogsAlignMode", "LTR");
Removida : user_pref("CT3027459.DialogsGetterLastCheckTime", "Fri Mar 01 2013 18:48:19 GMT-0300 (Hora oficial d[...]
Removida : user_pref("CT3027459.DownloadReferralCookieData", "");
Removida : user_pref("CT3027459.EMailNotifierPollDate", "Wed Dec 12 2012 20:47:06 GMT-0200 (Hora oficial do Bra[...]
Removida : user_pref("CT3027459.FirstServerDate", "11-8-2012");
Removida : user_pref("CT3027459.FirstTime", true);
Removida : user_pref("CT3027459.FirstTimeFF3", true);
Removida : user_pref("CT3027459.FirstTimeHiddenVer", true);
Removida : user_pref("CT3027459.FixPageNotFoundErrors", true);
Removida : user_pref("CT3027459.GroupingServerCheckInterval", 1440);
Removida : user_pref("CT3027459.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Removida : user_pref("CT3027459.HPInstall", true);
Removida : user_pref("CT3027459.HasUserGlobalKeys", true);
Removida : user_pref("CT3027459.HomePageProtectorEnabled", true);
Removida : user_pref("CT3027459.HomepageBeforeUnload", "hxxp://search.conduit.com/?SSPV=FFOB16&ctid=CT3027459&S[...]
Removida : user_pref("CT3027459.Initialize", true);
Removida : user_pref("CT3027459.InitializeCommonPrefs", true);
Removida : user_pref("CT3027459.InstallationAndCookieDataSentCount", 3);
Removida : user_pref("CT3027459.InstallationType", "Unknown");
Removida : user_pref("CT3027459.InstalledDate", "Tue Dec 11 2012 16:57:32 GMT-0200 (Hora oficial do Brasil)");
Removida : user_pref("CT3027459.InvalidateCache", false);
Removida : user_pref("CT3027459.IsAlertDBUpdated", true);
Removida : user_pref("CT3027459.IsGrouping", false);
Removida : user_pref("CT3027459.IsInitSetupIni", true);
Removida : user_pref("CT3027459.IsMulticommunity", false);
Removida : user_pref("CT3027459.IsOpenThankYouPage", true);
Removida : user_pref("CT3027459.IsOpenUninstallPage", true);
Removida : user_pref("CT3027459.IsProtectorsInit", true);
Removida : user_pref("CT3027459.LanguagePackLastCheckTime", "Sat Mar 02 2013 12:42:23 GMT-0300 (Hora oficial do[...]
Removida : user_pref("CT3027459.LanguagePackReloadIntervalMM", 1440);
Removida : user_pref("CT3027459.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Removida : user_pref("CT3027459.LastLogin_3.15.0.503", "Sat Dec 22 2012 12:05:05 GMT-0200");
Removida : user_pref("CT3027459.LastLogin_3.16.0.3", "Sun Feb 10 2013 21:43:59 GMT-0200");
Removida : user_pref("CT3027459.LastLogin_3.18.0.7", "Sat Mar 02 2013 12:42:23 GMT-0300 (Hora oficial do Brasil[...]
Removida : user_pref("CT3027459.LatestVersion", "3.18.0.7");
Removida : user_pref("CT3027459.Locale", "en");
Removida : user_pref("CT3027459.MCDetectTooltipHeight", "83");
Removida : user_pref("CT3027459.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Removida : user_pref("CT3027459.MCDetectTooltipWidth", "295");
Removida : user_pref("CT3027459.MyStuffEnabledAtInstallation", true);
Removida : user_pref("CT3027459.OriginalFirstVersion", "3.15.0.503");
Removida : user_pref("CT3027459.RadioIsPodcast", false);
Removida : user_pref("CT3027459.RadioLastCheckTime", "Wed Dec 12 2012 20:47:35 GMT-0200 (Hora oficial do Brasil[...]
Removida : user_pref("CT3027459.RadioLastUpdateIPServer", "3");
Removida : user_pref("CT3027459.RadioLastUpdateServer", "3");
Removida : user_pref("CT3027459.RadioMediaID", "9962");
Removida : user_pref("CT3027459.RadioMediaType", "Media Player");
Removida : user_pref("CT3027459.RadioMenuSelectedID", "EBRadioMenu_CT30274599962");
Removida : user_pref("CT3027459.RadioShrinkedFromSetup", false);
Removida : user_pref("CT3027459.RadioStationName", "California%20Rock");
Removida : user_pref("CT3027459.RadioStationURL", "hxxp://feedlive.net/california.asx");
Removida : user_pref("CT3027459.SavedHomepage", "www.google.com.br");
Removida : user_pref("CT3027459.SearchCaption", "MakeMeBabies 2.0 Customized Web Search");
Removida : user_pref("CT3027459.SearchEngineBeforeUnload", "MakeMeBabies 2.0 Customized Web Search");
Removida : user_pref("CT3027459.SearchFromAddressBarIsInit", true);
Removida : user_pref("CT3027459.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1[...]
Removida : user_pref("CT3027459.SearchInNewTabEnabled", true);
Removida : user_pref("CT3027459.SearchInNewTabIntervalMM", 1440);
Removida : user_pref("CT3027459.SearchInNewTabLastCheckTime", "Sat Mar 02 2013 12:42:18 GMT-0300 (Hora oficial [...]
Removida : user_pref("CT3027459.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Removida : user_pref("CT3027459.SearchProtectorEnabled", true);
Removida : user_pref("CT3027459.SearchProtectorToolbarDisabled", false);
Removida : user_pref("CT3027459.SendProtectorDataViaLogin", true);
Removida : user_pref("CT3027459.ServiceMapLastCheckTime", "Sat Mar 02 2013 12:42:22 GMT-0300 (Hora oficial do B[...]
Removida : user_pref("CT3027459.SettingsLastCheckTime", "Sat Mar 02 2013 12:42:16 GMT-0300 (Hora oficial do Bra[...]
Removida : user_pref("CT3027459.SettingsLastUpdate", "1362233536");
Removida : user_pref("CT3027459.TBHomePageUrl", "hxxp://search.conduit.com/?SSPV=FFOB16&ctid=CT3027459&SearchSo[...]
Removida : user_pref("CT3027459.ThirdPartyComponentsInterval", 504);
Removida : user_pref("CT3027459.ThirdPartyComponentsLastCheck", "Tue Dec 11 2012 16:57:08 GMT-0200 (Hora oficia[...]
Removida : user_pref("CT3027459.ThirdPartyComponentsLastUpdate", "1331805997");
Removida : user_pref("CT3027459.ToolbarShrinkedFromSetup", false);
Removida : user_pref("CT3027459.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3027459");
Removida : user_pref("CT3027459.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Removida : user_pref("CT3027459.UserID", "UN20631435685586745");
Removida : user_pref("CT3027459.ValidationData_Toolbar", 1);
Removida : user_pref("CT3027459.WeatherNetwork", "");
Removida : user_pref("CT3027459.WeatherPollDate", "Wed Dec 12 2012 20:47:44 GMT-0200 (Hora oficial do Brasil)")[...]
Removida : user_pref("CT3027459.WeatherUnit", "C");
Removida : user_pref("CT3027459.alertChannelId", "1419045");
Removida : user_pref("CT3027459.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e.:2z527", "247E70727330333D4634413E3C3E204B404330783223232[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e06cg5el8:", "6E6D6B70726F6D6F6E71");
Removida : user_pref("CT3027459.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737176787573757477242F4B4947[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e31;cjc<=fbj#ncf'sd", "247E61393F236B25757574752A212C6E414F[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Removida : user_pref("CT3027459.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Removida : user_pref("CT3027459.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Removida : user_pref("CT3027459.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Removida : user_pref("CT3027459.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Removida : user_pref("CT3027459.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Removida : user_pref("CT3027459.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Removida : user_pref("CT3027459.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Removida : user_pref("CT3027459.backendstorage./9b-0?3g>d", "673E3E726A6E6E6E7A76477373207A76777925514F53232A21[...]
Removida : user_pref("CT3027459.backendstorage./9b-0?3g@6:5;", "");
Removida : user_pref("CT3027459.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Removida : user_pref("CT3027459.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Removida : user_pref("CT3027459.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Removida : user_pref("CT3027459.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]
Removida : user_pref("CT3027459.backendstorage./9b5ba==9cjag", "6D6B6840423E40427A734674457C48497E7C4C2021");
Removida : user_pref("CT3027459.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B70726F6D6E737571727A");
Removida : user_pref("CT3027459.backendstorage./9b9643g3/9e", "6A");
Removida : user_pref("CT3027459.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Removida : user_pref("CT3027459.backendstorage./9b<:222h64<", "393F352F3E");
Removida : user_pref("CT3027459.backendstorage./9b=+03eh8h8j?:", "4443");
Removida : user_pref("CT3027459.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Removida : user_pref("CT3027459.backendstorage./9b?b0d:8aj62<h", "6D");
Removida : user_pref("CT3027459.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Removida : user_pref("CT3027459.backendstorage.cb_user_id_000", "434234313631343433303934395F313336323136353937[...]
Removida : user_pref("CT3027459.backendstorage.cbfirsttime", "467269204D617220303120323031332031363A32363A31332[...]
Removida : user_pref("CT3027459.backendstorage.pg_enable", "74727565");
Removida : user_pref("CT3027459.backendstorage.shoppingapp.gk.exipres", "53756E2044656320313620323031322031363A[...]
Removida : user_pref("CT3027459.backendstorage.shoppingapp.gk.geolocation", "6272617A696C");
Removida : user_pref("CT3027459.backendstorage.url_history0001", "687474703A2F2F7777772E616F63702E636F6D2E62722[...]
Removida : user_pref("CT3027459.components.1000034", true);
Removida : user_pref("CT3027459.components.1000515", true);
Removida : user_pref("CT3027459.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Removida : user_pref("CT3027459.globalFirstTimeInfoLastCheckTime", "Tue Dec 11 2012 16:57:30 GMT-0200 (Hora ofi[...]
Removida : user_pref("CT3027459.homepageProtectorEnableByLogin", true);
Removida : user_pref("CT3027459.initDone", true);
Removida : user_pref("CT3027459.isAppTrackingManagerOn", true);
Removida : user_pref("CT3027459.isFirstRadioInstallation", false);
Removida : user_pref("CT3027459.myStuffEnabled", true);
Removida : user_pref("CT3027459.myStuffPublihserMinWidth", 400);
Removida : user_pref("CT3027459.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Removida : user_pref("CT3027459.myStuffServiceIntervalMM", 1440);
Removida : user_pref("CT3027459.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Removida : user_pref("CT3027459.navigateToUrlOnSearch", false);
Removida : user_pref("CT3027459.revertSettingsEnabled", true);
Removida : user_pref("CT3027459.searchProtectorDialogDelayInSec", 10);
Removida : user_pref("CT3027459.searchProtectorEnableByLogin", true);
Removida : user_pref("CT3027459.testingCtid", "");
Removida : user_pref("CT3027459.toolbarAppMetaDataLastCheckTime", "Sat Mar 02 2013 12:42:23 GMT-0300 (Hora ofic[...]
Removida : user_pref("CT3027459.toolbarContextMenuLastCheckTime", "Tue Dec 11 2012 16:57:31 GMT-0200 (Hora ofic[...]
Removida : user_pref("CT3027459.usagesFlag", 2);
Removida : user_pref("CT3282722.1000082.isPlayDisplay", "true");
Removida : user_pref("CT3282722.1000082.state", "{\"state\":\"stopped\",\"text\":\"Classic R...\",\"description[...]
Removida : user_pref("CT3282722.3282722a130039643157408893000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzYxMj[...]
Removida : user_pref("CT3282722.CT3282722ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyNzkyMjQlMj[...]
Removida : user_pref("CT3282722.CT3282722current_term.enc", "");
Removida : user_pref("CT3282722.CT3282722sdate.enc", "MTk=");
Removida : user_pref("CT3282722.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT3282722.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Removida : user_pref("CT3282722.FF19Solved", "true");
Removida : user_pref("CT3282722.FirstTime", "true");
Removida : user_pref("CT3282722.FirstTimeFF3", "true");
Removida : user_pref("CT3282722.PG_ENABLE", "dHJ1ZQ==");
Removida : user_pref("CT3282722.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpd[...]
Removida : user_pref("CT3282722.RSSapp3282722a130039643157408893000000embeddedVersion.enc", "Mi40LjA=");
Removida : user_pref("CT3282722.RSSapp3282722a130039643157408893000000lastReportTime.enc", "MTM2MTI5Nzg4MTgwNyA[...]
Removida : user_pref("CT3282722.RSSapp3282722a130039643157408893000000newFeeds.enc", "bmV3RmVlZHM=");
Removida : user_pref("CT3282722.UserID", "UN18084734141879064");
Removida : user_pref("CT3282722.addressBarTakeOverEnabledInHidden", "true");
Removida : user_pref("CT3282722.autoDisableScopes", 14);
Removida : user_pref("CT3282722.cbfirsttime.enc", "U3VuIEZlYiAxNyAyMDEzIDE0OjI3OjA3IEdNVC0wMjAw");
Removida : user_pref("CT3282722.defaultSearch", "false");
Removida : user_pref("CT3282722.enableAlerts", "never");
Removida : user_pref("CT3282722.enableFix404ByUser", "FALSE");
Removida : user_pref("CT3282722.enableSearchFromAddressBar", "true");
Removida : user_pref("CT3282722.firstTimeDialogOpened", "true");
Removida : user_pref("CT3282722.fixPageNotFoundError", "true");
Removida : user_pref("CT3282722.fixPageNotFoundErrorByUser", "true");
Removida : user_pref("CT3282722.fixPageNotFoundErrorInHidden", "true");
Removida : user_pref("CT3282722.fixUrls", true);
Removida : user_pref("CT3282722.homepageuserchanged", true);
Removida : user_pref("CT3282722.installDate", "17/2/2013 13:50:02");
Removida : user_pref("CT3282722.installId", "conduitinstaller.exe");
Removida : user_pref("CT3282722.installType", "conduitnsisintegration");
Removida : user_pref("CT3282722.isCheckedStartAsHidden", true);
Removida : user_pref("CT3282722.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT3282722.isFirstTimeToolbarLoading", "false");
Removida : user_pref("CT3282722.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Removida : user_pref("CT3282722.lastVersion", "10.14.350.531");
Removida : user_pref("CT3282722.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Removida : user_pref("CT3282722.migrateAppsAndComponents", true);
Removida : user_pref("CT3282722.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Removida : user_pref("CT3282722.openThankYouPage", "false");
Removida : user_pref("CT3282722.openUninstallPage", "true");
Removida : user_pref("CT3282722.price-gong.isManagedApp", "true");
Removida : user_pref("CT3282722.revertSettingsEnabled", "FALSE");
Removida : user_pref("CT3282722.search.searchAppId", "130039643153976796");
Removida : user_pref("CT3282722.search.searchCount", "0");
Removida : user_pref("CT3282722.searchInNewTabEnabledByUser", "false");
Removida : user_pref("CT3282722.searchInNewTabEnabledInHidden", "true");
Removida : user_pref("CT3282722.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Removida : user_pref("CT3282722.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Removida : user_pref("CT3282722.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Removida : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1361296979999");
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1361296979930");
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "13612969799[...]
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1361296979958"[...]
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-google_lastUpdate", "1361296980001");
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1361296979988")[...]
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-time_lastUpdate", "1361296979987");
Removida : user_pref("CT3282722.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1361296979985");
Removida : user_pref("CT3282722.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361118530653");
Removida : user_pref("CT3282722.serviceLayer_services_appTracking_lastUpdate", "1361118415856");
Removida : user_pref("CT3282722.serviceLayer_services_appsMetadata_lastUpdate", "1361297841975");
Removida : user_pref("CT3282722.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361118530913");
Removida : user_pref("CT3282722.serviceLayer_services_location_lastUpdate", "1361297842020");
Removida : user_pref("CT3282722.serviceLayer_services_login_10.14.350.531_lastUpdate", "1362239066743");
Removida : user_pref("CT3282722.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362137643350");
Removida : user_pref("CT3282722.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361118530958");
Removida : user_pref("CT3282722.serviceLayer_services_searchAPI_lastUpdate", "1361297878555");
Removida : user_pref("CT3282722.serviceLayer_services_serviceMap_lastUpdate", "1362239064261");
Removida : user_pref("CT3282722.serviceLayer_services_setupAPI_lastUpdate", "1361292473094");
Removida : user_pref("CT3282722.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361118530872");
Removida : user_pref("CT3282722.serviceLayer_services_toolbarSettings_lastUpdate", "1362239066801");
Removida : user_pref("CT3282722.serviceLayer_services_translation_lastUpdate", "1362239066647");
Removida : user_pref("CT3282722.settingsINI", true);
Removida : user_pref("CT3282722.shouldFirstTimeDialog", "true");
Removida : user_pref("CT3282722.smartbar.CTID", "CT3282722");
Removida : user_pref("CT3282722.smartbar.Uninstall", "0");
Removida : user_pref("CT3282722.smartbar.toolbarName", "FreeOnlineRadioPlayerRecorder V1 ");
Removida : user_pref("CT3282722.startPage", "false");
Removida : user_pref("CT3282722.toolbarBornServerTime", "17-2-2013");
Removida : user_pref("CT3282722.toolbarCurrentServerTime", "2-3-2013");
Removida : user_pref("CT3282722.url_history0001.enc", "aHR0cDovL2NsaWNrLmluZm9zcGFjZS5jb20vQ2xpY2tIYW5kbGVyLmFz[...]
Removida : user_pref("CT3282722_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Removida : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFOB16&ctid=CT30[...]
Removida : user_pref("CommunityToolbar.ConduitSearchList", "MakeMeBabies 2.0 Customized Web Search");
Removida : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3027459/CT3027459[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1419045/1414701/BR", "\"0\"[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3027459", [...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3027459",[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"b25[...]
Removida : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Henrique\\Dados de[...]
Removida : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.0.503");
Removida : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Removida : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?affID=113707&[...]
Removida : user_pref("CommunityToolbar.ToolbarsList", "CT3027459");
Removida : user_pref("CommunityToolbar.ToolbarsList2", "CT3027459");
Removida : user_pref("CommunityToolbar.ToolbarsList4", "CT3027459");
Removida : user_pref("CommunityToolbar.globalUserId", "f123f39e-e615-4a0c-933c-030fb30c1454");
Removida : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Removida : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Removida : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3027459");
Removida : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 11 2012 16:57:1[...]
Removida : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Removida : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Removida : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Dec 11 2012 22:48:57 GMT-020[...]
Removida : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Removida : user_pref("CommunityToolbar.notifications.locale", "en");
Removida : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Removida : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Dec 12 2012 20:47:06 GMT-0200 (H[...]
Removida : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Removida : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Removida : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Removida : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Removida : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Removida : user_pref("CommunityToolbar.notifications.userId", "e3098c78-eed3-4311-87d3-68e2441f7f98");
Removida : user_pref("CommunityToolbar.originalHomepage", "www.google.com.br");
Removida : user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");
Removida : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Removida : user_pref("browser.search.defaultthis.engineName", "MakeMeBabies 2.0 Customized Web Search");
Removida : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB16&ctid=C[...]
Removida : user_pref("extensions.BabylonToolbar.admin", false);
Removida : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Removida : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Removida : user_pref("extensions.BabylonToolbar.babExt", "");
Removida : user_pref("extensions.BabylonToolbar.babTrack", "affID=113707&tl=gkn289389&tt=010712_3");
Removida : user_pref("extensions.BabylonToolbar.bbDpng", 2);
Removida : user_pref("extensions.BabylonToolbar.cntry", "BR");
Removida : user_pref("extensions.BabylonToolbar.dfltLng", "pt");
Removida : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Removida : user_pref("extensions.BabylonToolbar.excTlbr", false);
Removida : user_pref("extensions.BabylonToolbar.hdrMd5", "6F29084E5C760C27F628CD25EA60D9D0");
Removida : user_pref("extensions.BabylonToolbar.hmpg", true);
Removida : user_pref("extensions.BabylonToolbar.id", "0415adfc000000000000001bfc192627");
Removida : user_pref("extensions.BabylonToolbar.instlDay", "15646");
Removida : user_pref("extensions.BabylonToolbar.instlRef", "na");
Removida : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=10588&tl=gcn2015[...]
Removida : user_pref("extensions.BabylonToolbar.lastDP", 2);
Removida : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.3.811:36:45");
Removida : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "14.0");
Removida : user_pref("extensions.BabylonToolbar.newTab", true);
Removida : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?affID=10588&tl=gcn20150[...]
Removida : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Removida : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Removida : user_pref("extensions.BabylonToolbar.propectorlck", 90461455);
Removida : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Removida : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Removida : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Removida : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Removida : user_pref("extensions.BabylonToolbar.sg", "azb");
Removida : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Removida : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Removida : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Removida : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Removida : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Removida : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.3.811:36:45");
Removida : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Removida : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Removida : user_pref("extensions.BabylonToolbar_i.babExt", "");
Removida : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113707&tl=gkn289389&tt=010712_3");
Removida : user_pref("extensions.BabylonToolbar_i.hardId", "0415adfc000000000000001bfc192627");
Removida : user_pref("extensions.BabylonToolbar_i.id", "0415adfc000000000000001bfc192627");
Removida : user_pref("extensions.BabylonToolbar_i.instlDay", "15529");
Removida : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Removida : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Removida : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Removida : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Removida : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Removida : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Removida : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Removida : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:36:45");
Removida : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Removida : user_pref("extensions.enabledAddons", "adapter%40babylontc.com:1.0.0.1,NPCamfrogWeb%40camfrogweb.com[...]
Removida : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=gppc&f=5");
Removida : user_pref("extensions.facemoods.aflt", "gppc");
Removida : user_pref("extensions.facemoods.dfltSrch", true);
Removida : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");
Removida : user_pref("extensions.facemoods.dnsErr", true);
Removida : user_pref("extensions.facemoods.firstRun", true);
Removida : user_pref("extensions.facemoods.hmpg", true);
Removida : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=gppc");
Removida : user_pref("extensions.facemoods.id", "0415adfc000000000000001bfc192627");
Removida : user_pref("extensions.facemoods.instlDay", "15290");
Removida : user_pref("extensions.facemoods.mntz", "");
Removida : user_pref("extensions.facemoods.newTab", true);
Removida : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=gppc&f=2");
Removida : user_pref("extensions.facemoods.prtnrId", "facemoods.com");
Removida : user_pref("extensions.facemoods.searchProviderAdded", true);
Removida : user_pref("extensions.facemoods.sid", "c96c106baceb4d71ad4a85a450333b44");
Removida : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=gppc&f=3");
Removida : user_pref("extensions.facemoods.vrsn", "1.4.17.11");
Removida : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB16&ctid=CT3027459&Searc[...]
Removida : user_pref("tfp.CT3027459", true);

-\\ Google Chrome v25.0.1364.97

Arquivo : C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[S1].txt - [367 octets] - [11/07/2012 23:59:43]
AdwCleaner[S2].txt - [367 octets] - [12/07/2012 01:01:14]
AdwCleaner[S3].txt - [304 octets] - [12/07/2012 12:15:06]
AdwCleaner[S4].txt - [367 octets] - [12/07/2012 12:17:00]
AdwCleaner[S5].txt - [11527 octets] - [12/07/2012 13:28:53]
AdwCleaner[S6].txt - [71325 octets] - [02/03/2013 15:08:59]

########## EOF - C:\AdwCleaner[S6].txt - [71386 octets] ##########

________________________________________________________
LOG DO JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Microsoft Windows XP x86
Ran by Henrique on s b 02/03/2013 at 15:20:59,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\systweak
Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Henrique\Dados de aplicativos\baidu"
Successfully deleted: [Folder] "C:\Documents and Settings\Henrique\Dados de aplicativos\systweak"
Successfully deleted: [Folder] "C:\Arquivos de programas\regclean pro"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Henrique\Dados de aplicativos\mozilla\firefox\profiles\73xwieje.default\prefs.js

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor
user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r
user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,pagerage,buzzdock,toprelatedtopics,twittube");
user_pref("extentions.y2layers.installId", "6943b6fc-74ab-4285-bdd8-0fc497dd976a");
user_pref("extentions.y2layers.lastDnsTest", 372017);
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent100", "1359246607107");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1361356172887");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1360101980381");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1362158971348");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent110", "1362170415414");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1362158971357");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1362159015398");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1362158971364");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1361833895078");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1341239274922");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent100", "1362158844242");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent101", "1359740460598");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1360101978189");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent105", "1360289670853");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1362158951006");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent110", "1361483557594");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1362158951014");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1362158951753");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1362158951021");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent134", "1362186817905");
Emptied folder: C:\Documents and Settings\Henrique\Dados de aplicativos\mozilla\firefox\profiles\73xwieje.default\minidumps [6 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on s b 02/03/2013 at 15:25:13,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log do malwarebyt
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Versão da Base de Dados: v2013.03.02.11

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Henrique :: HOUSE [administrador]

2/3/2013 15:33:15
mbam-log-2013-03-02 (15-33-15).txt

Tipo de Verificação: Verificação Completa (A:\|C:\|E:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 238148
Tempo decorrido: 28 minuto(s), 53 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Ruim: (http://www.22find.co...5&ts=1362152555) Bom: (http://www.google.com) -> Enviado para a Quarentena e reparado com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Ruim: (http://search.22find...5&ts=1362152574) Bom: (http://www.google.com/) -> Enviado para a Quarentena e reparado com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|CustomizeSearch (Hijack.SearchPage) -> Ruim: (http://search.22find...5&ts=1362152574) Bom: (http://www.google.com/) -> Enviado para a Quarentena e reparado com sucesso.

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 4
C:\Documents and Settings\Henrique\Desktop\Nova pasta\the-gimp-282-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.
C:\Documents and Settings\Henrique\Configurações locais\temp\is701137889\22find_B_cor_br_201319193057.exe (Trojan.Agent.SP) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\Henrique\Desktop\Musicas\Ivete Sangalo – Veveta e Saulinho _ A Casa Amarela.zip.exe (Trojan.Ransom) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\Henrique\Desktop\My Shared Folder\Ivete Sangalo – Veveta e Saulinho _ A Casa Amarela.zip.exe (Trojan.Ransom) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

#5
rorro

rorro

    Aprendiz Sênior

  • Aprendiz Sênior
  • 1.914 posts
Boa noite;

Baixe OTL by OldTimer, e salve na sua área de trabalho.

Feche todas as janelas e execute a ferramenta.

Onde diz Saída, marque Padrão
Marque também estas opções:
  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity
Selecione estas linhas em vermelho, clique com o lado direito do mouse sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%\*.*
%userprofile%\configurações locais\dados de aplicativos\*.exe
%userprofile%\configurações locais\dados de aplicativos\*.txt
%userprofile%\configurações locais\dados de aplicativos\*.ini
%userprofile%\configurações locais\dados de aplicativos\*.dat /30
%userprofile%\configurações locais\dados de aplicativos\*.dll
%userprofile%\*.exe
%userprofile%\.txt
%userprofile%\.ini
%userprofile%\.dat /30
%userprofile%\.dll
%windir%\tasks\*.* /s
CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments



Volte ao programa, clique com o lado direito do mouse em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Imagem Postada

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.




Informe também como está o PC.

:legal:
Nunca abandone seu Tópico.

Imagem Postada

Linha Defensiva no Twitter!

#6
henridesouza

henridesouza

    Novato

  • Novato
  • Pip
  • 32 posts
OTL logfile created on: 4/3/2013 17:54:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Henrique\Meus documentos\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

959,17 Mb Total Physical Memory | 271,23 Mb Available Physical Memory | 28,28% Memory free
2,26 Gb Paging File | 1,55 Gb Available in Paging File | 68,38% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 74,52 Gb Total Space | 32,08 Gb Free Space | 43,04% Space Free | Partition Type: NTFS
Drive E: | 93,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HOUSE | User Name: Henrique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2013/03/04 14:43:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Henrique\Meus documentos\Downloads\OTL.exe
PRC - [2013/02/15 21:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/11 02:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgui.exe
PRC - [2012/11/30 10:49:15 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe
PRC - [2012/11/15 22:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 03:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 12:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 12:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 12:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 12:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/07/03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
PRC - [2012/02/15 08:37:40 | 000,206,280 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2004/08/04 00:45:40 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\osk.exe
PRC - [2004/08/04 00:45:34 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/03 21:45:42 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2001/10/28 12:07:04 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msswchx.exe
PRC - [1997/01/21 00:00:00 | 000,051,984 | ---- | M] () -- C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE


========== Modules (No Company Name) ==========

MOD - [2013/02/15 21:34:12 | 003,067,288 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\mozjs.dll
MOD - [2012/12/17 07:24:27 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2011/06/19 22:22:04 | 011,485,184 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2005/10/20 10:36:08 | 000,077,824 | R--- | M] () -- C:\Arquivos de programas\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 10:36:08 | 000,065,536 | R--- | M] () -- C:\Arquivos de programas\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2004/08/04 00:45:24 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2001/10/28 12:07:32 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [1997/01/21 00:00:00 | 003,774,224 | ---- | M] () -- C:\Arquivos de programas\Microsoft Office\Office\MSO97.DLL
MOD - [1997/01/21 00:00:00 | 000,051,984 | ---- | M] () -- C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe -- (vToolbarUpdater14.1.7)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/01/26 14:46:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/30 10:49:15 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/15 22:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 12:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/15 08:37:40 | 000,206,280 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2011/04/29 14:31:58 | 000,037,600 | ---- | M] (Speedchecker) [Auto | Stopped] -- C:\Arquivos de programas\Velocidade Do PC\PCSpeedUpService.exe -- (PCSpeedUpService)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/03 21:45:42 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/02/10 20:42:48 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/01/17 21:07:36 | 000,064,048 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360SpOEM.sys -- (360SpOEM)
DRV - [2013/01/17 21:07:36 | 000,061,488 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\360HookOem.sys -- (360HookOem)
DRV - [2013/01/17 21:07:36 | 000,029,744 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\360RegOem.sys -- (360RegOem)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/15 22:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 12:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 02:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 02:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 02:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 02:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 02:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 02:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/03/06 21:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/02/15 08:38:40 | 000,047,304 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)
DRV - [2011/08/06 12:23:29 | 000,013,816 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\WINDOWS\system32\unikey.sys -- (phunter)
DRV - [2006/09/12 01:27:00 | 004,381,184 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2004/08/13 07:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 19:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/03 19:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/03 19:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/03 19:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 19:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/03 19:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2004/08/03 19:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.co...5&ts=1362152555
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.co...5&ts=1362152555
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.co...5&ts=1362152555
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: NPCamfrogWeb%40camfrogweb.com:2%2C0%2C12%2C93
FF - prefs.js..extensions.enabledAddons: %7BB9B0457A-1DA5-4578-B9D3-984A5E9808B0%7D:3.0.0
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7B14323AEE-F6B8-4DC8-BCE3-E62645830585%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E8873%7D:2.12.0.16.190
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2013/03/01 13:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins

[2011/07/05 23:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Extensions
[2013/03/04 17:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions
[2013/03/03 23:49:00 | 000,000,000 | ---D | M] (Guardiao Itau 30 horas) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2013/02/03 21:52:44 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2012/06/29 21:27:55 | 000,000,000 | ---D | M] (Camfrog Web Plugin for Mozilla Firefox) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\NPCamfrogWeb@camfrogweb.com
[2013/03/04 17:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\staged
[2013/02/21 17:20:39 | 000,021,487 | ---- | M] () (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\plugin@yontoo.com.xpi
[2013/03/01 12:42:52 | 000,002,117 | ---- | M] () (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
[2012/04/19 12:32:15 | 000,008,237 | ---- | M] () (No name found) -- C:\Documents and Settings\Henrique\Dados de aplicativos\Mozilla\Firefox\Profiles\73xwieje.default\extensions\{B9B0457A-1DA5-4578-B9D3-984A5E9808B0}.xpi
[2013/03/01 13:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2013/02/15 21:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
[2013/03/01 12:42:56 | 000,000,745 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\22find.xml
[2013/02/16 01:40:06 | 000,001,240 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml
[2013/02/16 01:40:06 | 000,001,425 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml
[2013/02/16 01:40:05 | 000,002,086 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml
[2013/02/16 01:40:06 | 000,001,381 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml
[2013/02/16 01:40:06 | 000,001,165 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: 22find (Enabled)
CHR - default_search_provider: search_url = http://search.22find...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.22find.co...5&ts=1362152495
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Henrique\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Henrique\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Henrique\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: Picasa (Enabled) = C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: 22find = C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda\2.0.1_0\

O1 HOSTS File: ([2012/07/12 17:43:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Arquivos de programas\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Arquivos de programas\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PSafeTray] "C:\Arquivos de programas\PSafe\PSafeSysTray.exe" File not found
O4 - HKLM..\Run: [PSafeWDS] "C:\Arquivos de programas\PSafe\PSafeWDS.exe" File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe" File not found
O4 - Startup: C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.2.lnk = File not found
O4 - Startup: C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\Inicialização do Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 335
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm File not found
O15 - HKCU\..Trusted Domains: bancoreal.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www2] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santander.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santanderempresarial.com.br ([www] http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: santandernetibe.com.br ([www] https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] https in Sites confiáveis)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.santand...GbPluginABN.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD74E95B-B7C6-4F62-ADE9-67C43427E664}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\ARQUIV~1\GbPlugin\gbiehAbn.dll) - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Minha página inicial atual) - about:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/28 11:28:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\ARQUIV~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2013/03/03 19:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\selma
[2013/03/02 15:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware
[2013/03/02 15:32:00 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/03/02 15:32:00 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2013/03/02 15:20:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/03/02 15:20:35 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/02 15:20:17 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Henrique\Desktop\JRT.exe
[2013/03/02 12:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Meus documentos\1412742384
[2013/03/01 12:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\PSafe
[2013/03/01 12:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dados de aplicativos\360Safe
[2013/03/01 12:48:38 | 000,152,880 | R--- | C] (360.cn) -- C:\WINDOWS\System32\drivers\360FileOem.sys
[2013/03/01 12:48:37 | 000,064,048 | R--- | C] (360安全中心) -- C:\WINDOWS\System32\drivers\360SpOEM.sys
[2013/03/01 12:48:35 | 000,029,744 | R--- | C] (360安全中心) -- C:\WINDOWS\System32\drivers\360RegOem.sys
[2013/03/01 12:48:33 | 000,061,488 | R--- | C] (360安全中心) -- C:\WINDOWS\System32\drivers\360HookOem.sys
[2013/03/01 12:47:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Henrique\Recent
[2013/03/01 12:45:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\337
[2013/03/01 12:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\CCleaner
[2013/03/01 12:44:36 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner
[2013/03/01 12:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\PSafe
[2013/03/01 10:10:25 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Henrique\Desktop\HijackThis.exe
[2013/03/01 07:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\AOCP - ASSESSORIA EM ORGANIZAÇÃO DE CONCURSOS PÚBLICOS LTDA - MARINGÁ PR_files
[2013/02/28 12:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Meus documentos\cesumar
[2013/02/20 16:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\revelar selma
[2013/02/20 08:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\105NIKON
[2013/02/20 08:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\104NIKON
[2013/02/19 14:57:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\Seropédica
[2013/02/17 13:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\Musicas
[2013/02/17 12:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\fotos da camera
[2013/02/17 12:56:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/02/17 12:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\BaiduPcFaster
[2013/02/17 12:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu
[2013/02/17 12:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\PCF
[2013/02/17 12:43:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Baidu Security
[2013/02/17 12:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Free iPad Video Converter
[2013/02/17 12:34:22 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2013/02/17 12:34:22 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2013/02/17 12:34:22 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2013/02/17 12:34:22 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2013/02/17 12:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Free iPad Video Converter
[2013/02/17 12:34:21 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2013/02/17 12:34:18 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Free iPad Video Converter
[2013/02/17 08:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\festa
[2013/02/14 18:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\My Shared Folder
[2013/02/14 18:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ares
[2013/02/14 18:55:16 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Ares
[2013/02/14 13:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG
[2013/02/05 20:47:07 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Mozilla Firefox
[2013/01/31 11:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Drive
[2013/01/31 11:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\PhotoScape
[2013/01/31 11:38:18 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\PhotoScape
[2013/01/26 14:59:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2013/01/26 14:53:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2013/01/26 14:53:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft.NET
[2013/01/25 20:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Meus documentos\Japeri
[2013/01/22 00:34:07 | 004,317,808 | ---- | C] (Systweak Inc ) -- C:\Documents and Settings\Henrique\Meus documentos\rcpsetup_adgorithms_728_90_ag_2.exe
[2012/12/28 11:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\MPC
[2012/12/28 11:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\.JxBrowser
[2012/12/28 11:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\.digilabs
[2012/12/28 11:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\My Photo Creations (DATAPHOTO COM DE FOTOGRAFIAS LTDA Edition)
[2012/12/28 11:16:42 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\My Photo Creations (DATAPHOTO COM DE FOTOGRAFIAS LTDA Edition)
[2012/12/28 11:08:54 | 063,862,264 | ---- | C] (Digilabs) -- C:\Documents and Settings\Henrique\Meus documentos\DatabookWin.exe
[2012/12/28 09:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\PII RIO
[2012/12/23 21:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Nikon
[2012/12/23 20:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Nikon
[2012/12/22 21:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Nikon Message Center 2
[2012/12/22 21:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Gems
[2012/12/22 21:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\ViewNX 2
[2012/12/22 21:01:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Nikon
[2012/12/22 21:01:37 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Nikon
[2012/12/22 21:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Guitars
[2012/12/22 21:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Framework
[2012/12/22 21:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\Downloaded Installations
[2012/12/22 21:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ultima_T15
[2012/12/22 21:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Pipe Organ
[2012/12/22 21:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\EnterNHelp
[2012/12/22 20:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nikon
[2012/12/22 20:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\ArcSoft Panorama Maker 6
[2012/12/22 20:19:27 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ArcSoft
[2012/12/22 20:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Link to Nikon
[2012/12/22 20:19:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\ArcSoft
[2012/12/22 19:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\ArcSoft
[2012/12/22 11:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Desktop\Para imprimir
[2012/12/19 20:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Henrique\Dados de aplicativos\EurekaLog
[2012/12/14 08:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Systweak
[2012/12/14 07:39:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012/12/10 19:36:51 | 000,033,112 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/12/10 19:33:39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/12/10 19:31:38 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\AVG
[2011/06/19 21:34:16 | 003,325,832 | ---- | C] (Ask) -- C:\Arquivos de programas\Arquivos comuns\APNToolbarInstaller.exe
[2011/06/19 21:34:16 | 000,108,424 | ---- | C] (Ask.com) -- C:\Arquivos de programas\Arquivos comuns\APNStub.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Henrique\Meus documentos\*.tmp files -> C:\Documents and Settings\Henrique\Meus documentos\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2013/03/04 17:47:00 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/04 17:38:01 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/04 17:21:51 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/04 17:21:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2013/03/04 17:21:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/04 14:52:34 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Henrique\ntuser.dat
[2013/03/04 14:52:34 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\Henrique\ntuser.ini
[2013/03/04 14:07:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003UA.job
[2013/03/04 14:03:01 | 000,001,180 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003UA.job
[2013/03/04 00:45:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/03 20:38:32 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Documento.rtf
[2013/03/03 20:07:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003Core.job
[2013/03/02 15:32:01 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/02 15:20:18 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Henrique\Desktop\JRT.exe
[2013/03/02 15:08:34 | 000,594,019 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\adwcleaner.exe
[2013/03/02 12:38:35 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/01 22:38:22 | 000,000,355 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Atalho para DSC00281.lnk
[2013/03/01 22:05:18 | 000,465,338 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Decreto_n_425_2012.pdf
[2013/03/01 21:30:41 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/01 17:38:56 | 000,014,764 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\edital_abertura_seropedica.pdf.html
[2013/03/01 15:13:07 | 000,465,338 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Decreto_n_425_2012.pdf
[2013/03/01 13:12:47 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/03/01 12:44:51 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/03/01 12:38:06 | 000,646,008 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\ccleaner-3281913-baixaki-32-bits.exe
[2013/03/01 10:10:26 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Henrique\Desktop\HijackThis.exe
[2013/03/01 10:09:17 | 000,000,533 | ---- | M] () -- C:\WINDOWS\win.ini
[2013/03/01 10:09:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/03/01 10:09:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2013/03/01 07:33:27 | 000,023,573 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\AOCP - ASSESSORIA EM ORGANIZAÇÃO DE CONCURSOS PÚBLICOS LTDA - MARINGÁ PR.htm
[2013/02/25 15:18:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Rede Labs D'Or.html
[2013/02/24 01:03:04 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003Core.job
[2013/02/22 18:09:08 | 001,340,170 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Anexo_II_do_Edital_de_Deferimento_das_Inscricoes_Pos_Recursos_Ampla_Concorrencia.pdf
[2013/02/21 17:19:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\win.exe
[2013/02/20 16:24:33 | 004,657,103 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\fotos para revelar.zip
[2013/02/19 15:53:51 | 001,302,235 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Anexo_II_do_Edital_de_Deferimento_das_Inscricoes_Ampla_Concorrencia.pdf
[2013/02/19 15:53:42 | 000,240,499 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Pedagogo_AOCP_2010.zip
[2013/02/18 15:13:17 | 000,000,468 | RHS- | M] () -- C:\Documents and Settings\Henrique\ntuser.pol
[2013/02/17 12:34:25 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\Free iPad Video Converter.lnk
[2013/02/17 12:21:23 | 000,741,888 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\eloah certo.MSWMM
[2013/02/17 12:20:39 | 000,741,888 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\eloah.MSWMM
[2013/02/14 18:55:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ares.lnk
[2013/02/14 18:52:28 | 000,646,008 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\ares-galaxy-2223047-baixaki-32-bits.exe
[2013/02/10 20:42:48 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/02/05 18:21:19 | 000,044,526 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\admissional.pdf
[2013/02/05 18:05:17 | 004,502,908 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\DSCN2079.JPG
[2013/02/05 12:33:37 | 000,004,244 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Bradesco Pessoa Física.html
[2013/02/05 07:22:13 | 000,432,597 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\EDITAL_RESULTADO_PROVA_OBJETIVA_professor _II.pdf
[2013/02/01 18:41:26 | 006,262,402 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\materialdoemaileducaoinfantilpiidecreche.zip
[2013/02/01 16:24:31 | 001,817,569 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\layout.jpg
[2013/02/01 15:27:00 | 000,665,891 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Edital - PMQ - Nível Superior(1).pdf
[2013/01/31 19:01:49 | 006,036,999 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\DSCN2066.JPG
[2013/01/31 11:34:11 | 000,577,912 | ---- | M] () -- C:\Documents and Settings\Henrique\Desktop\photoscape-363-baixaki-32-bits.exe
[2013/01/30 23:29:13 | 000,109,067 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Orientador Pedagógico - AC.pdf
[2013/01/30 23:28:37 | 000,096,414 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Orientador Educacional - AC.pdf
[2013/01/30 23:26:28 | 001,591,507 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Professor II - AC.pdf
[2013/01/28 18:07:16 | 000,054,629 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\387086_463421090377870_326588953_n.jpg
[2013/01/26 15:20:31 | 000,001,634 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/01/26 14:59:01 | 001,118,084 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2013/01/26 14:59:01 | 000,496,004 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2013/01/26 14:59:01 | 000,454,558 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/26 14:59:01 | 000,088,000 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2013/01/26 14:59:01 | 000,074,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/22 14:32:38 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\listaEfetuados.html
[2013/01/22 14:15:57 | 000,272,999 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Resultado - Prova Escrita.pdf
[2013/01/22 14:10:44 | 000,335,917 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Convocação para Prova Oral.pdf
[2013/01/22 14:09:19 | 000,444,619 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Resultado - 1ª Etapa.pdf
[2013/01/22 00:34:08 | 004,317,808 | ---- | M] (Systweak Inc ) -- C:\Documents and Settings\Henrique\Meus documentos\rcpsetup_adgorithms_728_90_ag_2.exe
[2013/01/17 21:07:36 | 000,152,880 | R--- | M] (360.cn) -- C:\WINDOWS\System32\drivers\360FileOem.sys
[2013/01/17 21:07:36 | 000,064,048 | R--- | M] (360安全中心) -- C:\WINDOWS\System32\drivers\360SpOEM.sys
[2013/01/17 21:07:36 | 000,061,488 | R--- | M] (360安全中心) -- C:\WINDOWS\System32\drivers\360HookOem.sys
[2013/01/17 21:07:36 | 000,029,744 | R--- | M] (360安全中心) -- C:\WINDOWS\System32\drivers\360RegOem.sys
[2013/01/15 19:28:47 | 001,460,152 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Referência Bibliográfica COM FOTOS.pdf
[2012/12/28 11:14:13 | 063,862,264 | ---- | M] (Digilabs) -- C:\Documents and Settings\Henrique\Meus documentos\DatabookWin.exe
[2012/12/23 21:04:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ViewNX2.INI
[2012/12/23 21:01:52 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLev.DAT
[2012/12/23 21:01:09 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLet.DAT
[2012/12/22 21:02:42 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Swirl
[2012/12/22 21:02:42 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Ambience
[2012/12/22 21:02:42 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLes.DAT
[2012/12/22 21:01:26 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Sync
[2012/12/22 21:01:26 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Ambient
[2012/12/22 21:01:25 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Pad
[2012/12/22 21:01:25 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Alerts
[2012/12/22 21:00:45 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLeo.DAT
[2012/12/22 21:00:39 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Automator
[2012/12/22 21:00:38 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Audio Unit Effect
[2012/12/14 20:56:16 | 000,103,786 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Contrato_pos.pdf
[2012/12/14 20:53:56 | 000,090,881 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Regulamento_pos.pdf
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/14 08:03:17 | 000,017,330 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\Condomínio Visconde de Mauá.odt
[2012/12/13 08:08:38 | 000,119,001 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2012/12/08 06:36:01 | 000,040,102 | ---- | M] () -- C:\Documents and Settings\Henrique\Meus documentos\prot.odt
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Henrique\Meus documentos\*.tmp files -> C:\Documents and Settings\Henrique\Meus documentos\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/03 20:38:32 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Documento.rtf
[2013/03/02 15:32:01 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/02 15:08:33 | 000,594,019 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\adwcleaner.exe
[2013/03/01 22:38:22 | 000,000,355 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Atalho para DSC00281.lnk
[2013/03/01 22:05:16 | 000,465,338 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Decreto_n_425_2012.pdf
[2013/03/01 17:38:55 | 000,014,764 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\edital_abertura_seropedica.pdf.html
[2013/03/01 15:13:05 | 000,465,338 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Decreto_n_425_2012.pdf
[2013/03/01 13:12:47 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk
[2013/03/01 13:12:47 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/03/01 12:44:51 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/03/01 12:38:03 | 000,646,008 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\ccleaner-3281913-baixaki-32-bits.exe
[2013/03/01 10:09:19 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.2.lnk
[2013/03/01 10:09:19 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\Inicialização do Office.lnk
[2013/03/01 10:09:18 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Henrique\Menu Iniciar\Programas\Inicializar\Localização acelerada da Microsoft.lnk
[2013/03/01 07:33:26 | 000,023,573 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\AOCP - ASSESSORIA EM ORGANIZAÇÃO DE CONCURSOS PÚBLICOS LTDA - MARINGÁ PR.htm
[2013/02/25 15:18:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Rede Labs D'Or.html
[2013/02/22 18:09:06 | 001,340,170 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Anexo_II_do_Edital_de_Deferimento_das_Inscricoes_Pos_Recursos_Ampla_Concorrencia.pdf
[2013/02/21 17:19:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\win.exe
[2013/02/20 16:24:29 | 004,657,103 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\fotos para revelar.zip
[2013/02/19 15:53:50 | 001,302,235 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Anexo_II_do_Edital_de_Deferimento_das_Inscricoes_Ampla_Concorrencia.pdf
[2013/02/19 15:53:38 | 000,240,499 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Pedagogo_AOCP_2010.zip
[2013/02/17 12:56:59 | 000,000,468 | RHS- | C] () -- C:\Documents and Settings\Henrique\ntuser.pol
[2013/02/17 12:34:25 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\Free iPad Video Converter.lnk
[2013/02/17 12:34:22 | 000,113,486 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2013/02/17 12:21:21 | 000,741,888 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\eloah certo.MSWMM
[2013/02/17 11:28:13 | 000,741,888 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\eloah.MSWMM
[2013/02/14 18:55:41 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ares.lnk
[2013/02/14 18:52:27 | 000,646,008 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\ares-galaxy-2223047-baixaki-32-bits.exe
[2013/02/05 18:21:17 | 000,044,526 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\admissional.pdf
[2013/02/05 12:33:36 | 000,004,244 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Bradesco Pessoa Física.html
[2013/02/05 07:22:12 | 000,432,597 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\EDITAL_RESULTADO_PROVA_OBJETIVA_professor _II.pdf
[2013/02/01 18:41:04 | 006,262,402 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\materialdoemaileducaoinfantilpiidecreche.zip
[2013/02/01 16:24:27 | 001,817,569 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\layout.jpg
[2013/02/01 15:26:55 | 000,665,891 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Edital - PMQ - Nível Superior(1).pdf
[2013/01/31 19:01:36 | 004,502,908 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\DSCN2079.JPG
[2013/01/31 19:01:23 | 006,036,999 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\DSCN2066.JPG
[2013/01/31 11:34:10 | 000,577,912 | ---- | C] () -- C:\Documents and Settings\Henrique\Desktop\photoscape-363-baixaki-32-bits.exe
[2013/01/30 23:29:13 | 000,109,067 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Orientador Pedagógico - AC.pdf
[2013/01/30 23:28:36 | 000,096,414 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Orientador Educacional - AC.pdf
[2013/01/30 23:26:26 | 001,591,507 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Professor II - AC.pdf
[2013/01/28 18:07:14 | 000,054,629 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\387086_463421090377870_326588953_n.jpg
[2013/01/26 22:54:04 | 000,145,210 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-S-1-5-21-1844237615-1770027372-682003330-1003-0.dat
[2013/01/26 15:26:14 | 000,145,210 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-System.dat
[2013/01/26 14:46:35 | 000,000,902 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/22 14:32:38 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\listaEfetuados.html
[2013/01/22 14:15:56 | 000,272,999 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Resultado - Prova Escrita.pdf
[2013/01/22 14:10:44 | 000,335,917 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Convocação para Prova Oral.pdf
[2013/01/22 14:09:19 | 000,444,619 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Resultado - 1ª Etapa.pdf
[2013/01/15 19:28:46 | 001,460,152 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Referência Bibliográfica COM FOTOS.pdf
[2012/12/23 21:04:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2012/12/22 21:02:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Swirl
[2012/12/22 21:02:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Ambience
[2012/12/22 21:02:41 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLes.DAT
[2012/12/22 21:01:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Sync
[2012/12/22 21:01:26 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Ambient
[2012/12/22 21:01:26 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLev.DAT
[2012/12/22 21:01:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Analog Pad
[2012/12/22 21:01:25 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Alerts
[2012/12/22 21:01:25 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLet.DAT
[2012/12/22 21:00:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Automator
[2012/12/22 21:00:38 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\Audio Unit Effect
[2012/12/22 21:00:38 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\PKP_DLeo.DAT
[2012/12/14 20:56:15 | 000,103,786 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Contrato_pos.pdf
[2012/12/14 20:53:56 | 000,090,881 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Regulamento_pos.pdf
[2012/12/14 08:03:49 | 000,017,330 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\Condomínio Visconde de Mauá.odt
[2012/12/13 07:57:40 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
[2012/12/13 07:26:18 | 000,119,001 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012/12/08 06:36:00 | 000,040,102 | ---- | C] () -- C:\Documents and Settings\Henrique\Meus documentos\prot.odt
[2012/10/10 00:46:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/02 19:29:06 | 009,961,472 | ---- | C] () -- C:\Documents and Settings\Henrique\ntuser.dat
[2012/09/27 15:33:16 | 000,011,034 | ---- | C] () -- C:\Documents and Settings\Henrique\Mr. holland, resenha.rtf
[2012/09/10 01:18:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/13 17:43:36 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2011/08/06 11:38:50 | 000,013,816 | ---- | C] () -- C:\WINDOWS\System32\unikey.sys
[2011/07/05 23:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/19 21:55:49 | 000,571,328 | ---- | C] ( ) -- C:\Arquivos de programas\Arquivos comuns\AutoCompleteInstaller-VD.exe
[2011/04/27 07:35:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\{CFF54EBD-994A-46CE-9B7E-7B05FC697182}
[2011/04/23 22:27:11 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\Henrique\Dados de aplicativos\AutoGK.ini
[2011/03/13 23:31:23 | 000,015,158 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/01/08 11:22:33 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Henrique\default.pls
[2010/10/10 20:34:17 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\Henrique\.recently-used.xbel
[2010/09/20 19:27:01 | 000,103,936 | ---- | C] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/14 14:55:21 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\fusioncache.dat
[2010/09/14 11:24:16 | 000,020,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2010/08/28 14:05:10 | 000,022,392 | ---- | C] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2010/08/28 13:18:04 | 006,955,196 | -H-- | C] () -- C:\Documents and Settings\Henrique\Configurações locais\Dados de aplicativos\IconCache.db
[2010/08/28 11:48:17 | 000,000,210 | -HS- | C] () -- C:\Documents and Settings\Henrique\ntuser.ini

========== ZeroAccess Check ==========

[2010/08/28 17:15:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2004/08/04 00:45:28 | 001,483,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/04 00:45:22 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:45:28 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/04 21:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software
[2012/11/06 17:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG2013
[2013/02/17 12:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu
[2011/03/16 09:06:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files
[2012/12/22 21:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EnterNHelp
[2012/12/22 21:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Framework
[2011/08/15 20:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\gas
[2012/03/22 11:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2012/12/22 21:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Gems
[2012/05/19 19:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Graboid Inc
[2012/12/22 21:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Guitars
[2011/12/08 07:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Lightcomm
[2013/03/04 18:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData
[2012/12/22 22:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nikon
[2011/12/08 07:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Oi
[2012/12/22 21:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Pipe Organ
[2013/03/01 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PSafe
[2012/12/14 08:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Systweak
[2012/04/07 15:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software
[2012/12/22 21:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ultima_T15
[2011/04/24 10:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\VideoMach
[2012/04/07 15:09:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/11/06 19:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\AVG2013
[2013/02/18 17:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\BaiduPcFaster
[2010/08/28 19:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\BrOffice.org
[2011/11/06 22:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Camfrog Web
[2011/02/17 21:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Codemonster
[2012/12/19 20:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\EurekaLog
[2013/02/17 12:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Free iPad Video Converter
[2010/10/10 20:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\gtk-2.0
[2012/12/13 07:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Image Zone Express
[2012/12/28 11:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\MPC
[2012/12/23 21:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Nikon
[2013/02/17 12:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\PCF
[2013/01/31 11:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\PhotoScape
[2012/04/07 15:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\TuneUp Software
[2011/06/22 16:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Henrique\Dados de aplicativos\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/07/11 23:59:56 | 000,000,367 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012/07/12 01:01:31 | 000,000,367 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2012/07/12 12:15:06 | 000,000,304 | ---- | M] () -- C:\AdwCleaner[S3].txt
[2012/07/12 12:17:01 | 000,000,367 | ---- | M] () -- C:\AdwCleaner[S4].txt
[2012/07/12 13:29:09 | 000,011,527 | ---- | M] () -- C:\AdwCleaner[S5].txt
[2013/03/02 15:09:55 | 000,071,456 | ---- | M] () -- C:\AdwCleaner[S6].txt
[2010/08/28 11:28:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/03/19 09:49:17 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2013/03/01 10:09:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2001/10/28 12:06:10 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004/08/03 23:00:16 | 000,261,856 | RHS- | M] () -- C:\cmldr
[2012/07/12 18:19:56 | 000,014,183 | ---- | M] () -- C:\ComboFix.txt
[2010/08/28 11:28:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/01/31 17:15:38 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob
[2011/07/06 12:50:42 | 000,005,359 | -H-- | M] () -- C:\ffastun.ffa
[2011/07/06 12:50:42 | 000,385,024 | -H-- | M] () -- C:\ffastun.ffl
[2011/07/06 12:50:42 | 000,188,416 | -H-- | M] () -- C:\ffastun.ffo
[2011/07/06 12:50:42 | 003,059,712 | -H-- | M] () -- C:\ffastun0.ffx
[2012/07/10 16:51:04 | 000,385,024 | ---- | M] () -- C:\ffastunT.ffl
[2010/08/28 11:28:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/28 11:28:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2012/10/30 09:37:06 | 000,251,168 | RHS- | M] () -- C:\ntldr
[2013/03/04 17:21:12 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2011/03/31 23:20:12 | 000,014,127 | ---- | M] () -- C:\SAFEBOOT_REPAIR.TXT

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2013/01/17 21:07:36 | 000,152,880 | R--- | M] (360.cn) -- C:\WINDOWS\system32\drivers\360FileOem.sys
[2013/01/17 21:07:36 | 000,061,488 | R--- | M] (360安全中心) -- C:\WINDOWS\system32\drivers\360HookOem.sys
[2013/01/17 21:07:36 | 000,029,744 | R--- | M] (360安全中心) -- C:\WINDOWS\system32\drivers\360RegOem.sys
[2013/01/17 21:07:36 | 000,064,048 | R--- | M] (360安全中心) -- C:\WINDOWS\system32\drivers\360SpOEM.sys
[2013/02/10 20:42:48 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\system32\drivers\avgtpx86.sys
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %PROGRAMFILES%\*.* >

< %userprofile%\configurações locais\dados de aplicativos\*.exe >

< %userprofile%\configurações locais\dados de aplicativos\*.txt >

< %userprofile%\configurações locais\dados de aplicativos\*.ini >
[2013/03/01 21:30:41 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\Henrique\configurações locais\dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< %userprofile%\configurações locais\dados de aplicativos\*.dat /30 >

< %userprofile%\configurações locais\dados de aplicativos\*.dll >

< %userprofile%\*.exe >

< %userprofile%\.txt >

< %userprofile%\.ini >

< %userprofile%\.dat /30 >

< %userprofile%\.dll >

< %windir%\tasks\*.* /s >
[2013/03/04 17:38:01 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2001/10/28 12:07:04 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2013/03/03 20:07:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003Core.job
[2013/03/04 14:07:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003UA.job
[2013/03/04 17:21:51 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/04 17:47:00 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/24 01:03:04 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003Core.job
[2013/03/04 14:03:01 | 000,001,180 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1770027372-682003330-1003UA.job
[2013/03/04 17:21:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 3C 00 00 00 69 09 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 20 C3 F8 35 70 FE CD 01 01 00 00 00 C0 A8 FE 01 00 00 00 00 00 00 00 00 [binary data]
"SavedLegacySettings" = 3C 00 00 00 64 96 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 20 C3 F8 35 70 FE CD 01 01 00 00 00 C0 A8 FE 01 00 00 00 00 00 00 00 00 [binary data]
"Conexão de banda larga" = 3C 00 00 00 01 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Oi" = 3C 00 00 00 01 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >

========== Alternate Data Streams ==========

@Alternate Data Stream - 212 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >

Olá amigo!
O PC já está bem melhor do que antes de vir aqui.
Antes nem conseguia digitar, ficava catando milho. Agora melhorou bastante.
Obrigado pelas dicas.
Segue o arquivo no anexo.

#7
henridesouza

henridesouza

    Novato

  • Novato
  • Pip
  • 32 posts
o anexo

Arquivo(s) anexado(s)



#8
rorro

rorro

    Aprendiz Sênior

  • Aprendiz Sênior
  • 1.914 posts
Boa noite henridesouza;

Selecione estas linhas em vermelho, clique com o lado direito do mouse sobre a seleção e escolha a opção copiar:

:OTL
[2011/06/19 21:34:16 | 003,325,832 | ---- | C] (Ask) -- C:\Arquivos de programas\Arquivos comuns\APNToolbarInstaller.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.co...5&ts=1362152555
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.co...5&ts=1362152555
CHR - default_search_provider: 22find (Enabled)
CHR - default_search_provider: search_url = http://search.22find...q={searchTerms}
CHR - homepage: http://www.22find.co...5&ts=1362152495
DRV - [2012/03/06 21:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
O4 - HKLM..\Run: [PSafeTray] "C:\Arquivos de programas\PSafe\PSafeSysTray.exe" File not found
O4 - HKLM..\Run: [PSafeWDS] "C:\Arquivos de programas\PSafe\PSafeWDS.exe" File not found
[2013/03/01 12:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PSafe
:commands
[emptytemp]
[Reboot]



Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.
Siga as intruções desta página (http://linhadefensiv...mocao-de-virus/) e peça ajuda em Remoção de Malware (http://linhadefensiv...hp?showforum=11)

Execute o OTL.exe

Clique com o lado direito do mouse em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão Imagem Postada

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log
Nunca abandone seu Tópico.

Imagem Postada

Linha Defensiva no Twitter!

#9
henridesouza

henridesouza

    Novato

  • Novato
  • Pip
  • 32 posts
Amigo não consegui fazer o que você falou. Colo as linhas em vermelho e clico em consertar, então aparece que está inicializando, mas o pc trava e fica um tempão e se clico em qualquer área aparece não está respondendo. Então reinicio o pc pela máquina pq nem o o teclado funciona. O que devo fazer. Obrigado.

#10
rorro

rorro

    Aprendiz Sênior

  • Aprendiz Sênior
  • 1.914 posts
baixe novamente o OTL e tente realizar o procedimento.
Nunca abandone seu Tópico.

Imagem Postada

Linha Defensiva no Twitter!

#11
henridesouza

henridesouza

    Novato

  • Novato
  • Pip
  • 32 posts
OLÁ AMIGO TENTEI NOVAMENTE POR 3 VEZES ELE ATÉ REINICIOU RAPIDAMENTE EM UMA DAS VEZES MAS QUANDO VOLTOU O WINDOWS AVISOU QUE ELE SE RECUPEROU DE UM ERRO GRAVE E NÃO TEVE LOG.

#12
rorro

rorro

    Aprendiz Sênior

  • Aprendiz Sênior
  • 1.914 posts
Boa tarde henridesouza;


Faça o download do arquivo Fix.txt em anexo abaixo e salve na sua área de trabalho.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.




Execute o OTL;

Arraste o arquivo Fix como na imagem abaixo em qualquer parte branca, da sessão Exames Personalizados/Correções.


Imagem Postada

Feche TODAS as janelas (exceto o próprio OTL).

Clique no botão Imagem Postada

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log.

Arquivo(s) anexado(s)

  • Arquivo anexado  Fix.txt   1017bytes   3 Downloads

Nunca abandone seu Tópico.

Imagem Postada

Linha Defensiva no Twitter!

#13
henridesouza

henridesouza

    Novato

  • Novato
  • Pip
  • 32 posts
Fiz o recomendado amigo e continua travando.

#14
rorro

rorro

    Aprendiz Sênior

  • Aprendiz Sênior
  • 1.914 posts
Bom dia henridesouza;


Tente realizar o procedimento em "Modo de Segurança".

Caso não saiba como, veja aqui.
Nunca abandone seu Tópico.

Imagem Postada

Linha Defensiva no Twitter!

#15
henridesouza

henridesouza

    Novato

  • Novato
  • Pip
  • 32 posts
BOA NOITE, FIZ O RECOMENDADO. ELE FUNCIONOU E ABRIU O ARQUIVO OTL. MAS NÃO REINICIOU COMO você FALOU QUE IA ACONTECER. EU REINICIEI MANUALMENTE E NÃO ABRIU O PROGRAMA SOZINHO NÃO. E NA PASTA QUE você MENCIONOU NÃO TINHA NADA DENTRO DOS ARQUIVOS NÚMERICOS.
VOU ANEXAR O ARQUIVO DO BLOCO DE NOTAS QUE SALVEI.

Arquivo(s) anexado(s)

  • Arquivo anexado  OTL.Txt   118,05K   1 Downloads


#16
rorro

rorro

    Aprendiz Sênior

  • Aprendiz Sênior
  • 1.914 posts
Olá, boa tarde;


1 -
Destaque e cole o script abaixo, desde a palavra REGEDIT4 até o fim, ou seja, “CustomizeSearch”=-;

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Search Bar”=“http://nmd.msn.com”
“Search Page”=“http://home.microsoft.com/intl/br/access/allinone.asp”
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
“(Default)”=http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
“Default_Search_URL”=-
“SearchAssistant”=-
“CustomizeSearch”=-


Agora vá em iniciar -----> executar -----> digite notepad na caixa e dê ok para abrir o bloco de notas;

Clique no vazio com o lado direito do mouse e depois em “colar”;

O script deverá estar escrito ali;

Agora, no bloco de notas, vá em Arquivo -----> salvar como -----> em “nome do arquivo" digite “script.reg(sem aspas) -----> “Salvar como tipo” escolha: “todos os arquivos” e salve na sua área de trabalho.

Agora execute o arquivo, dando dois cliques sobre ele, o qual deverá estar em sua área de trabalho, com o nome script.reg



2 - Agora vamos tentar usar a ferramenta OTM.

Baixe-a ---> aqui <--- e a execute.


Copie o script abaixo (em vermelho) e cole-o na área do programa com esta descrição: “Paste Instructions for Items to be Moved

:Processes
PSafeSysTray.exe

PSafeWDS.exe
:Services
aswKbd
:Files
C:\WINDOWS\System32\drivers\aswKbd.sys
C:\Arquivos de programas\PSafe
C:\Documents and Settings\All Users\Dados de aplicativos\PSafe
:Commands
[emptytemp]
[emptyjava]
[Reboot]


Em seguida clique em “Movelt !” e aguarde o programa eliminar as entradas identificadas.

Após o script ser executado clique em “Results” para ver o resultado. Cole-o aqui.
Nunca abandone seu Tópico.

Imagem Postada

Linha Defensiva no Twitter!

#17
henridesouza

henridesouza

    Novato

  • Novato
  • Pip
  • 32 posts
BOA NOITE,
CONSEGUI FAZER O PROCEDIMENTO UTILIZANDO O MODO DE SEGURANÇA, PORÉM NÃO CONSIGO COPIAR O RESULTADO POIS O PC REINICIA E NÃO DÁ PRA COPIAR. AGUARDO.

#18
rorro

rorro

    Aprendiz Sênior

  • Aprendiz Sênior
  • 1.914 posts
Ok....


Por favor, me informe como está a máquina.

:legal:
Nunca abandone seu Tópico.

Imagem Postada

Linha Defensiva no Twitter!

#19
henridesouza

henridesouza

    Novato

  • Novato
  • Pip
  • 32 posts
Bom dia, a máquina está bem melhor do que quando cheguei aqui. Não está mais travando o teclado e está bem mais ágil. Acho que já tiramos o vírus.

#20
rorro

rorro

    Aprendiz Sênior

  • Aprendiz Sênior
  • 1.914 posts
Seu log está limpo.

1 - Baixe o programa CCleaner e o execute em seu computador.

Link= http://www.baixaki.c...ad/ccleaner.htm

Para instalar dê um duplo clique em “ccsetup303”; execute o arquivo de instalação; escolha o idioma “Português Brasileiro”; na próxima tela clique em “próximo”; aceite o Contrato clicando em “Eu Concordo”; na próxima tela deixe marcado somente “Adicionar atalho na área de trabalho”; por fim, clique em instalar;

Quando o programa abrir, na aba “Windows” mantenha a configuração original e marque também em “Avançado”, “Dados do prefetch antigos”.

Agora mande "analisar"; em seguida clique em “Executar limpeza”;
Faça o mesmo na aba “Programas”;
Por fim, vá para a aba “Registro”, clique em “Procurar Erros” e por fim em “Corrigir Erros Selecionados”.

Pronto !! você terá executado o CCleaner com sucesso.

Te aconselho a utilizar o CCleaner ao menos uma vez por semana.


2 - Verifique se você tem o Java atualizado.


baixe o JavaRa =
http://sourceforge.n...zip&use_mirror=

Dê um duplo-clique no JavaRa.exe. Depois clique em Search For Updates. Selecione a opção Update Using jucheck.exe.
Clique então no botão Search.Se estiver atualizado, receberá um aviso de que tem a última versão.
Caso contrário, aguarde a nova versão do Java ser baixada e instalada. Depois clique no botão Remove Older Versions para que as versões antigas que existirem no PC sejam desinstaladas.

3 Recomendo que actualize o Service Pack, pois a versão que você possui é a SP2

Caso queira fazê-lo, segue o link:

http://www.baixaki.c...vice-pack-3.htm


4 - Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções.

Link: http://www.linhadefe...proteja-seu-pc/


5 - Recomendo também que visite os links abaixo:

http://www.linhadefe...showtopic=75646

http://www.tecmundo....ontre-nada-.htm


6 - Se não há mais nenhum problema relacionado a malwares, clique no botão "Denunciar" e informe que o seu caso foi resolvido.


:legal:
Nunca abandone seu Tópico.

Imagem Postada

Linha Defensiva no Twitter!