Jump to content

Foto

Log do HijackThis

log



Existem 14 respostas neste tópico

#1 Paschoal1994    

Paschoal1994
  • Participante
  • 8 mensagens

Publicado 09 February 2013 - 10:22 PM

Bom toda vez que eu inicio meu PC, aparece " imagem incorreta"
ai está o log
 
 
 
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:13:38, on 9/2/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UPHClean\uphclean.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....0-577C9172623D}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....0-577C9172623D}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazer...ternet.com/q/%s
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 96.104.35.128 www.latinocheats.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Arquivos de programas\PriceGong\2.6.2\PriceGongIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Messenger Plus Live Brazil - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [facemoods] "C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .NPSSView: C:\Arquivos de programas\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{35D34A75-5336-4B22-A299-A7704C5C60F8}: NameServer = 200.220.227.56 200.142.130.202
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDBA33AC-2379-46C6-A830-00D3BF605BA8}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Nokia - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
 
--
End of file - 13262 bytes
 



#2 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65104 mensagens

Publicado 09 February 2013 - 10:27 PM

Desinstale completamente o Spybot, é um Software obsoleto que mais complica que ajuda.
 
Reinicie...

Para o seu Post não ficar muito extenso, saindo a citação do meu post, não use o Responder do post, use o Editor que fica abaixo no tópico ou clique em Editor Completo.

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .
MillionMPV.gif

#3 Paschoal1994    

Paschoal1994
  • Participante
  • 8 mensagens

Publicado 09 February 2013 - 11:43 PM

Fiz o que você me pediu, ai estão os logs.

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.02.09.08
 
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrador :: WINXP [administrador]
 
Proteção: Permitir
 
10/2/2013 00:21:54
mbam-log-2013-02-10 (00-21-54).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  214210
Tempo decorrido: 8 minuto(s), 39 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
 
(fim)
 
 
 
 
 
 
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:37:03, on 10/2/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UPHClean\uphclean.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....0-577C9172623D}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....0-577C9172623D}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazer...ternet.com/q/%s
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 96.104.35.128 www.latinocheats.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Arquivos de programas\PriceGong\2.6.2\PriceGongIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Messenger Plus Live Brazil - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [facemoods] "C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .NPSSView: C:\Arquivos de programas\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDBA33AC-2379-46C6-A830-00D3BF605BA8}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Nokia - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
 
--
End of file - 13548 bytes
 
 
 
 
 
 
 
 


#4 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65104 mensagens

Publicado 10 February 2013 - 07:36 AM

Para o seu Post não ficar muito extenso, saindo a citação do meu post, não use o Responder do post, use o Editor que fica abaixo no tópico ou clique em Editor Completo.

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)
Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.
Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.
Mais informações sobre o Console:
http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.

MillionMPV.gif

#5 Paschoal1994    

Paschoal1994
  • Participante
  • 8 mensagens

Publicado 10 February 2013 - 02:22 PM

Os outros logs.

 

(Obs, eu estou clicando em editor completo, mais está parecendo como resposta....)

 

 

 

 

 

ComboFix 13-02-07.02 - Administrador 10/02/2013  14:52:52.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.55.1046.18.1014.366 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\DealPly
c:\arquivos de programas\DealPly\DealPly.crx
c:\arquivos de programas\DealPly\uninst.exe
c:\arquivos de programas\facemoods.com
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoods.crx
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoods.png
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodsApp.dll
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodsEng.dll
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\uninstall.exe
c:\arquivos de programas\TelevisionFanaticEI
c:\documents and settings\Administrador\Dados de aplicativos\facemoods.com
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\1.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\1.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\13548.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\13642.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\1391.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\2229.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\2355.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\3803.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\4489.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\83.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\a.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\a.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\b.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\b.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\c.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\c.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\d.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\d.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\e.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\e.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\f.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\f.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\g.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\g.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\h.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\h.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\i.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\i.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\j.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\J.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\k.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\k.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\l.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\l.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\m.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\m.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\mru.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\n.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\n.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\o.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\o.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\p.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\p.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\q.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\q.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\r.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\r.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\s.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\s.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\t.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\t.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\u.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\u.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\v.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\v.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\w.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\w.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\wlu.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\x.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\x.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\y.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\y.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\z.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\z.xml
c:\documents and settings\Administrador\Dados de aplicativos\Toolbar4
c:\documents and settings\Administrador\WINDOWS
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
 c:\windows\system32\drivers\psched.sys . . . está faltando!!
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-01-10 to 2013-02-10  ))))))))))))))))))))))))))))
.
.
2013-02-09 05:19 . 2013-01-18 15:17 6991832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Windows Defender\Definition Updates\{3CE44DC8-145F-4AE5-9150-6DB56623D76B}\mpengine.dll
2013-02-08 14:40 . 2013-02-08 14:40 -------- d-----w- c:\windows\system32\NtmsData
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 05:35 . 2012-05-29 17:05 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-09 05:35 . 2011-07-12 21:03 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 04:28 . 2010-04-09 11:30 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-14 19:49 . 2011-02-04 02:04 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 11:02 . 2012-03-27 18:05 85472 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
2011-05-09 09:49 176936 ----a-w- c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]
2011-05-09 09:49 176936 ----a-w- c:\arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{12FC3D37-2A42-4FE3-8489-81296878CBA5}"= "c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll" [2011-05-09 176936]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ccleaner"="c:\arquivos de programas\CCleaner\ccleaner.exe" [2013-01-23 3274008]
"NokiaSuite.exe"="c:\arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" [2007-12-21 1443072]
"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-07-30 273544]
"SweetIM"="c:\arquivos de programas\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Novo valor #1"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Arquivos de programas\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1155:TCP"= 1155:TCP:VSCyber
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"56444:TCP"= 56444:TCP:Pando Media Booster
"56444:UDP"= 56444:UDP:Pando Media Booster
"57542:TCP"= 57542:TCP:Pando Media Booster
"57542:UDP"= 57542:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/1/2009 17:11 717296]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [16/1/2009 17:23 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [16/1/2009 17:23 52224]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21/12/2007 07:21 33800]
R2 ekrn;Eset Service;c:\arquivos de programas\Eset\ESET NOD32 antivírus\ekrn.exe [21/12/2007 07:21 468224]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/2/2013 00:05 398184]
R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [3/2/2011 23:04 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/2/2011 23:04 21104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28/2/2012 13:24 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [28/2/2012 13:24 8576]
S3 npggsvc;nProtect GameGuard Service; [x]
S3 XDva223;XDva223; [x]
S3 XDva224;XDva224; [x]
S3 XDva225;XDva225; [x]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 05:35]
.
2013-02-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
2013-02-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2147129713-725345543-500.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-03-29 13:47]
.
2012-06-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2147129713-725345543-500.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-03-29 13:47]
.
2013-02-09 c:\windows\Tasks\ReclaimerInstall_Administrador.job
- c:\documents and settings\Administrador\Dados de aplicativos\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-02-09 04:03]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}
mStart Page = hxxp://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}
uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s
IE: &Clean Traces
IE: &Download with &DAP
IE: Baixar Link Utiizando Gerenciador Mega...
IE: Download &all with DAP
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: Interfaces\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
TCP: Interfaces\{35D34A75-5336-4B22-A299-A7704C5C60F8}: NameServer = 200.220.227.56 200.142.130.202
TCP: Interfaces\{BDBA33AC-2379-46C6-A830-00D3BF605BA8}: NameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKLM-Run-facemoods - c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
AddRemove-DealPly - c:\arquivos de programas\DealPly\uninst.exe
AddRemove-facemoods - c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-10 15:01
Windows 5.1.2600 Service Pack 2 NTFS
.
Procurando processos ocultos ... 
.
Procurando entradas auto inicializáveis ocultas ... 
.
Procurando ficheiros/arquivos ocultos ... 
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-2147129713-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,61,58,21,db,e9,bd,44,86,f1,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,6f,28,99,7f,e8,db,46,9c,e4,b1,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,89,ee,4d,ad,1c,69,48,b8,ff,f2,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Tempo para conclusão: 2013-02-10  15:05:18
ComboFix-quarantined-files.txt  2013-02-10 18:05
.
Pré-execução: 15 pasta(s) 59.661.770.752 bytes disponíveis
Pós execução: 16 pasta(s) 59.646.300.160 bytes disponíveis
.
- - End Of File - - D388731ED22A935FB8366D7CDCA0EBA0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:17:03, on 10/2/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UPHClean\uphclean.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....0-577C9172623D}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....0-577C9172623D}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazer...ternet.com/q/%s
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Messenger Plus Live Brazil - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .NPSSView: C:\Arquivos de programas\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{35D34A75-5336-4B22-A299-A7704C5C60F8}: NameServer = 200.220.227.56 200.142.130.202
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDBA33AC-2379-46C6-A830-00D3BF605BA8}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Nokia - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
 
--
End of file - 10881 bytes
 
 
 


#6 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65104 mensagens

Publicado 10 February 2013 - 03:09 PM

Para o seu Post não ficar muito extenso, saindo a citação do meu post, não use o "Citar" do post, use o Editor que fica abaixo no tópico ou clique em Editor Completo.

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:
Clique com o botão direito do mousesobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de
JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.
MillionMPV.gif

#7 Paschoal1994    

Paschoal1994
  • Participante
  • 8 mensagens

Publicado 10 February 2013 - 04:36 PM

# AdwCleaner v2.112 - Relatório criado em 10/02/2013 às 17:02:57
# Atualizado em 10/02/2013 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 2 (32 bits)
# Usuário : Administrador - WINXP
# Modo de Boot : Normal
# Executado de : C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe
# Opção [Remover]
 
 
***** [Serviços] *****
 
 
***** [Arquivos/Pastas] *****
 
Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml
Arquivo Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Arquivo Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\searchplugins\Askcom.xml
Arquivo Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\searchplugins\Conduit.xml
Arquivo Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\searchplugins\SweetIm.xml
Arquivo Removido : C:\WINDOWS\system32\conduitEngine.tmp
Pasta Removido : C:\Arquivos de programas\Conduit
Pasta Removido : C:\Arquivos de programas\DVDVideoSoftTB
Pasta Removido : C:\Arquivos de programas\Iminent
Pasta Removido : C:\Arquivos de programas\Messenger_Plus_Live_Brazil
Pasta Removido : C:\Arquivos de programas\PriceGong
Pasta Removido : C:\Arquivos de programas\Softonic_Brasil
Pasta Removido : C:\Arquivos de programas\SweetIM
Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit
Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DVDVideoSoftTB
Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Messenger_Plus_Live_Brazil
Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\OpenCandy
Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Softonic_Brasil
Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\BabylonToolbar
Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\Conduit
Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\ConduitCommon
Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\CT2434161
Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\extensions\{e8bbc502-5e5c-4f42-8ab6-2b6184f2c59a}
Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\OpenCandy
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\SweetIM
Pasta Removido : C:\Documents and Settings\All Users\Menu Iniciar\Programas\PriceGong
Pasta Removido : C:\WINDOWS\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Pasta Removido : C:\WINDOWS\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579}
Pasta Removido : C:\WINDOWS\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Removido Durante o reboot : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Removido Durante o reboot : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\BabylonToolbar
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\DealPly
Chave Removida : HKCU\Software\DVDVideoSoftTB
Chave Removida : HKCU\Software\facemoods.com
Chave Removida : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Removida : HKCU\Software\Iminent
Chave Removida : HKCU\Software\Messenger_Plus_Live_Brazil
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{12FC3D37-2A42-4FE3-8489-81296878CBA5}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A15776E3-2702-473F-87D9-2253B4180E51}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F1B3229-F170-43F9-8AAC-EFA2A2470462}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12FC3D37-2A42-4FE3-8489-81296878CBA5}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A15776E3-2702-473F-87D9-2253B4180E51}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8708903-5A39-4ED3-A6CA-679B54A8D138}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9D0D7B6-CCA4-4FEC-8E19-FB382FBF6C61}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}
Chave Removida : HKCU\Software\Softonic
Chave Removida : HKCU\Software\Softonic_Brasil
Chave Removida : HKCU\Toolbar
Chave Removida : HKLM\Software\Babylon
Chave Removida : HKLM\Software\BabylonToolbar
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Removida : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0F1B3229-F170-43F9-8AAC-EFA2A2470462}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{12FC3D37-2A42-4FE3-8489-81296878CBA5}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A8708903-5A39-4ED3-A6CA-679B54A8D138}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C9D0D7B6-CCA4-4FEC-8E19-FB382FBF6C61}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}
Chave Removida : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Chave Removida : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Chave Removida : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Chave Removida : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Chave Removida : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Chave Removida : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Chave Removida : HKLM\Software\Classes\Installer\Features\16FE85B52F587794795A481CF9295697
Chave Removida : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Chave Removida : HKLM\Software\Classes\Installer\Features\758F5690DAAD39F40845E0E23C8C5C0B
Chave Removida : HKLM\Software\Classes\Installer\Products\16FE85B52F587794795A481CF9295697
Chave Removida : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Chave Removida : HKLM\Software\Classes\Installer\Products\758F5690DAAD39F40845E0E23C8C5C0B
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Chave Removida : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Chave Removida : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Chave Removida : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Chave Removida : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap
Chave Removida : HKLM\SOFTWARE\Classes\sim-packages
Chave Removida : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Chave Removida : HKLM\SOFTWARE\Classes\Toolbar.CT2552374
Chave Removida : HKLM\SOFTWARE\Classes\Toolbar.CT2567694
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Removida : HKLM\Software\Conduit
Chave Removida : HKLM\Software\DealPly
Chave Removida : HKLM\Software\DVDVideoSoftTB
Chave Removida : HKLM\Software\facemoods.com
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\Software\Messenger_Plus_Live_Brazil
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62A9ABDC-40E0-4670-8F76-F56B20BA9EE2}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68011583-96DC-413F-A79B-236A02D3B0E1}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74A2DBA0-F669-41B5-BA72-C54A7F6B436B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C93C54CC-38F5-44F9-A1F3-317A58312DF7}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB8A823D-B3A9-4CC2-ABE5-ED20A374BEE1}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D305C304-8C65-474E-9730-01ECF0D6AF2C}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Messenger_Plus_Live_Brazil Toolbar
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_Brasil Toolbar
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12FC3D37-2A42-4FE3-8489-81296878CBA5}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0F1B3229-F170-43F9-8AAC-EFA2A2470462}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A8708903-5A39-4ED3-A6CA-679B54A8D138}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C9D0D7B6-CCA4-4FEC-8E19-FB382FBF6C61}
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\16FE85B52F587794795A481CF9295697
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\758F5690DAAD39F40845E0E23C8C5C0B
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B58EF61-85F2-4977-97A5-84C19F926579}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger_Plus_Live_Brazil Toolbar
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Brasil Toolbar
Chave Removida : HKLM\Software\Softonic_Brasil
Chave Removida : HKLM\Software\VDownloader\OpenCandy
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{12FC3D37-2A42-4FE3-8489-81296878CBA5}]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{12FC3D37-2A42-4FE3-8489-81296878CBA5}]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valor Removida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{12FC3D37-2A42-4FE3-8489-81296878CBA5}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}]
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
 
***** [Navegadores] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D} --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D} --> hxxp://www.google.com
 
-\\ Mozilla Firefox v13.0 (pt-BR)
 
Arquivo : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\prefs.js
 
Removida : user_pref("CT2434161..clientLogIsEnabled", false);
Removida : user_pref("CT2434161..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Removida : user_pref("CT2434161..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Removida : user_pref("CT2434161.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Removida : user_pref("CT2434161.AppTrackingLastCheckTime", "Tue Aug 16 2011 14:34:15 GMT-0300 (Hora oficial do [...]
Removida : user_pref("CT2434161.CTID", "CT2434161");
Removida : user_pref("CT2434161.CurrentServerDate", "20-8-2011");
Removida : user_pref("CT2434161.DialogsAlignMode", "LTR");
Removida : user_pref("CT2434161.DialogsGetterLastCheckTime", "Thu Aug 18 2011 19:40:40 GMT-0300 (Hora oficial d[...]
Removida : user_pref("CT2434161.DownloadReferralCookieData", "{\"BannerName\":\"Toolbar_Image_cover0\",\"Banner[...]
Removida : user_pref("CT2434161.FeedLastCount129208445307679369", 150);
Removida : user_pref("CT2434161.FeedPollDate129021247721439230", "Wed Dec 01 2010 10:24:16 GMT-0300 (Hora ofici[...]
Removida : user_pref("CT2434161.FeedPollDate129208445308460621", "Tue Aug 02 2011 19:59:09 GMT-0300 (Hora ofici[...]
Removida : user_pref("CT2434161.FeedPollDate129208475470251714", "Tue Aug 02 2011 19:59:09 GMT-0300 (Hora ofici[...]
Removida : user_pref("CT2434161.FeedPollDate129208475470251715", "Tue Aug 02 2011 19:59:09 GMT-0300 (Hora ofici[...]
Removida : user_pref("CT2434161.FeedTTL129208445308460621", 40);
Removida : user_pref("CT2434161.FeedTTL129208475470251714", 40);
Removida : user_pref("CT2434161.FeedTTL129208475470251715", 40);
Removida : user_pref("CT2434161.FirstServerDate", "26-10-2010");
Removida : user_pref("CT2434161.FirstTime", true);
Removida : user_pref("CT2434161.FirstTimeFF3", true);
Removida : user_pref("CT2434161.FirstTimeSettingsDone", true);
Removida : user_pref("CT2434161.FixPageNotFoundErrors", true);
Removida : user_pref("CT2434161.GroupingServerCheckInterval", 1440);
Removida : user_pref("CT2434161.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Removida : user_pref("CT2434161.HasUserGlobalKeys", true);
Removida : user_pref("CT2434161.HomePageProtectorEnabled", false);
Removida : user_pref("CT2434161.Initialize", true);
Removida : user_pref("CT2434161.InitializeCommonPrefs", true);
Removida : user_pref("CT2434161.InstallationAndCookieDataSentCount", 3);
Removida : user_pref("CT2434161.InstalledDate", "Mon Oct 25 2010 21:25:56 GMT-0300 (Hora oficial do Brasil)");
Removida : user_pref("CT2434161.InvalidateCache", false);
Removida : user_pref("CT2434161.IsAlertDBUpdated", true);
Removida : user_pref("CT2434161.IsGrouping", false);
Removida : user_pref("CT2434161.IsMulticommunity", false);
Removida : user_pref("CT2434161.IsOpenThankYouPage", true);
Removida : user_pref("CT2434161.IsOpenUninstallPage", true);
Removida : user_pref("CT2434161.LanguagePackLastCheckTime", "Sat Aug 20 2011 13:00:23 GMT-0300 (Hora oficial do[...]
Removida : user_pref("CT2434161.LanguagePackReloadIntervalMM", 1440);
Removida : user_pref("CT2434161.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Removida : user_pref("CT2434161.LastLogin_2.7.2.0", "Tue Dec 21 2010 23:14:55 GMT-0300 (Hora oficial do Brasil)[...]
Removida : user_pref("CT2434161.LastLogin_3.2.2.0", "Mon Dec 20 2010 19:01:32 GMT-0300 (Hora oficial do Brasil)[...]
Removida : user_pref("CT2434161.LastLogin_3.2.5.2", "Sun May 29 2011 21:13:17 GMT-0300 (Hora oficial do Brasil)[...]
Removida : user_pref("CT2434161.LastLogin_3.3.3.2", "Fri Jun 24 2011 12:37:21 GMT-0300 (Hora oficial do Brasil)[...]
Removida : user_pref("CT2434161.LastLogin_3.5.0.12", "Mon Aug 01 2011 13:27:47 GMT-0300 (Hora oficial do Brasil[...]
Removida : user_pref("CT2434161.LastLogin_3.6.0.10", "Sat Aug 20 2011 13:00:23 GMT-0300 (Hora oficial do Brasil[...]
Removida : user_pref("CT2434161.LatestVersion", "3.5.0.12");
Removida : user_pref("CT2434161.Locale", "pt-br");
Removida : user_pref("CT2434161.LoginCache", 4);
Removida : user_pref("CT2434161.MCDetectTooltipHeight", "83");
Removida : user_pref("CT2434161.MCDetectTooltipShow", false);
Removida : user_pref("CT2434161.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Removida : user_pref("CT2434161.MCDetectTooltipWidth", "295");
Removida : user_pref("CT2434161.MyStuffEnabledAtInstallation", true);
Removida : user_pref("CT2434161.RadioIsPodcast", false);
Removida : user_pref("CT2434161.RadioLastCheckTime", "Sat Aug 20 2011 13:00:23 GMT-0300 (Hora oficial do Brasil[...]
Removida : user_pref("CT2434161.RadioLastUpdateIPServer", "3");
Removida : user_pref("CT2434161.RadioLastUpdateServer", "129013313224400000");
Removida : user_pref("CT2434161.RadioMediaID", "12841918");
Removida : user_pref("CT2434161.RadioMediaType", "Media Player");
Removida : user_pref("CT2434161.RadioMenuSelectedID", "EBRadioMenu_CT243416112841918");
Removida : user_pref("CT2434161.RadioShrinked", "expanded");
Removida : user_pref("CT2434161.RadioStationName", "Irece%20Lider%20FM");
Removida : user_pref("CT2434161.RadioStationURL", "hxxp://ireceliderfm.acessaradios.com.br/ireceliderfm");
Removida : user_pref("CT2434161.SHRINK_TOOLBAR", 0);
Removida : user_pref("CT2434161.SearchBoxWidth", 100);
Removida : user_pref("CT2434161.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM[...]
Removida : user_pref("CT2434161.SearchEngineBeforeUnload", "Ask.com");
Removida : user_pref("CT2434161.SearchFromAddressBarIsInit", true);
Removida : user_pref("CT2434161.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Removida : user_pref("CT2434161.SearchInNewTabEnabled", true);
Removida : user_pref("CT2434161.SearchInNewTabIntervalMM", 1440);
Removida : user_pref("CT2434161.SearchInNewTabLastCheckTime", "Sat Aug 20 2011 13:00:22 GMT-0300 (Hora oficial [...]
Removida : user_pref("CT2434161.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Removida : user_pref("CT2434161.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Removida : user_pref("CT2434161.SearchInNewTabUserEnabled", false);
Removida : user_pref("CT2434161.SearchProtectorEnabled", false);
Removida : user_pref("CT2434161.SearchProtectorToolbarDisabled", true);
Removida : user_pref("CT2434161.ServiceMapLastCheckTime", "Sat Aug 20 2011 13:00:22 GMT-0300 (Hora oficial do B[...]
Removida : user_pref("CT2434161.SettingsCheckIntervalMin", 120);
Removida : user_pref("CT2434161.SettingsLastCheckTime", "Sat Aug 20 2011 15:04:13 GMT-0300 (Hora oficial do Bra[...]
Removida : user_pref("CT2434161.SettingsLastUpdate", "1313504196");
Removida : user_pref("CT2434161.SuggestWindowWidth", "151");
Removida : user_pref("CT2434161.ThirdPartyComponentsInterval", 504);
Removida : user_pref("CT2434161.ThirdPartyComponentsLastCheck", "Wed Aug 03 2011 08:15:27 GMT-0300 (Hora oficia[...]
Removida : user_pref("CT2434161.ThirdPartyComponentsLastUpdate", "1256047550");
Removida : user_pref("CT2434161.ToolbarDisabled", true);
Removida : user_pref("CT2434161.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2434161");
Removida : user_pref("CT2434161.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Removida : user_pref("CT2434161.UserID", "UN19204511711956931");
Removida : user_pref("CT2434161.ValidationData_Search", 2);
Removida : user_pref("CT2434161.ValidationData_Toolbar", 2);
Removida : user_pref("CT2434161.alertChannelId", "828341");
Removida : user_pref("CT2434161.approveUntrustedApps", false);
Removida : user_pref("CT2434161.clientLogIsEnabled", true);
Removida : user_pref("CT2434161.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Removida : user_pref("CT2434161.components.129012578867819033", false);
Removida : user_pref("CT2434161.components.129012586788600463", false);
Removida : user_pref("CT2434161.components.129012600844225132", false);
Removida : user_pref("CT2434161.components.129012624021100433", false);
Removida : user_pref("CT2434161.components.129013245457425516", false);
Removida : user_pref("CT2434161.components.129017849033031572", false);
Removida : user_pref("CT2434161.components.129208445307679369", false);
Removida : user_pref("CT2434161.components.129229499924565247", false);
Removida : user_pref("CT2434161.components.3541163729990983940", false);
Removida : user_pref("CT2434161.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Removida : user_pref("CT2434161.globalFirstTimeInfoLastCheckTime", "Sat Aug 20 2011 13:00:23 GMT-0300 (Hora ofi[...]
Removida : user_pref("CT2434161.homepageProtectorEnableByLogin", true);
Removida : user_pref("CT2434161.initDone", true);
Removida : user_pref("CT2434161.isAppTrackingManagerOn", true);
Removida : user_pref("CT2434161.myStuffEnabled", true);
Removida : user_pref("CT2434161.myStuffPublihserMinWidth", 400);
Removida : user_pref("CT2434161.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Removida : user_pref("CT2434161.myStuffServiceIntervalMM", 1440);
Removida : user_pref("CT2434161.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Removida : user_pref("CT2434161.oldAppsList", "129012570048419074,129012570048575325,111,129012578867819033,129[...]
Removida : user_pref("CT2434161.searchProtectorDialogDelayInSec", 10);
Removida : user_pref("CT2434161.searchProtectorEnableByLogin", true);
Removida : user_pref("CT2434161.testingCtid", "");
Removida : user_pref("CT2434161.toolbarAppMetaDataLastCheckTime", "Sat Aug 20 2011 13:00:23 GMT-0300 (Hora ofic[...]
Removida : user_pref("CT2434161.toolbarContextMenuLastCheckTime", "Sun Aug 07 2011 15:22:28 GMT-0300 (Hora ofic[...]
Removida : user_pref("CT2434161.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Removida : user_pref("CT2434161.usagesFlag", 2);
Removida : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2552374");
Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=1061742&fid=1057446", "\"0\[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=828341&fid=824146", "\"0\""[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/828341/824146/BR", "\"0\"")[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/945276/941054/BR", "\"0\"")[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2434161", [...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2552374", [...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2567694", [...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2434161",[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=9/22/20[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2434161&octid=[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2567694&octid=[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT2434161&octid=CT[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2434161/CT2434161[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2552374/CT2552374[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/equalizer_dea[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/maxi.gif", "\[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/minimize.gif"[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/play.gif", "\[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/play_mini.gif[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/stop.gif", "\[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/vol.gif", "\"[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt", "\"634[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/114628119.xml", "\"f93cfe1b58240a83c4[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/42444781.xml", "\"56a46fd71297187adc2[...]
Removida : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/56901688.xml", "\"635fa13e07655f22124[...]
Removida : user_pref("CommunityToolbar.EngineOwner", "");
Removida : user_pref("CommunityToolbar.EngineOwnerGuid", "{e8bbc502-5e5c-4f42-8ab6-2b6184f2c59a}");
Removida : user_pref("CommunityToolbar.EngineOwnerToolbarId", "salobro");
Removida : user_pref("CommunityToolbar.IsEngineShown", true);
Removida : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Removida : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrador\\Dad[...]
Removida : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Removida : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/ar[...]
Removida : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2434161");
Removida : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{e8bbc502-5e5c-4f42-8ab6-2b6184f2c59a}");
Removida : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "salobro");
Removida : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe[...]
Removida : user_pref("CommunityToolbar.ToolbarsList", "CT2434161");
Removida : user_pref("CommunityToolbar.ToolbarsList2", "CT2434161");
Removida : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 29 2011 21:18:57 GMT-03[...]
Removida : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Removida : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 10:44:10 GMT-0300 (Hora [...]
Removida : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Removida : user_pref("CommunityToolbar.alert.locale", "en");
Removida : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Removida : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 12:37:15 GMT-0300 (Hora ofic[...]
Removida : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Removida : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Removida : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Removida : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Removida : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Removida : user_pref("CommunityToolbar.alert.userId", "d95f2511-a70f-4f42-be4b-d838995073a8");
Removida : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Dec 01 2010 10:39:27 GMT-0300 (Hor[...]
Removida : user_pref("CommunityToolbar.globalUserId", "8ac9eea8-14df-4acd-8d14-78bc717bb982");
Removida : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Removida : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Removida : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2552374");
Removida : user_pref("CommunityToolbar.killedEngine", true);
Removida : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 15 2011 15:15:5[...]
Removida : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Removida : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Aug 20 2011 13:00:31 GMT-030[...]
Removida : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Removida : user_pref("CommunityToolbar.notifications.locale", "en");
Removida : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Removida : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Aug 20 2011 13:00:22 GMT-0300 (H[...]
Removida : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Removida : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Removida : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Removida : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Removida : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Removida : user_pref("CommunityToolbar.notifications.userId", "c4e8da02-d862-4325-8046-b0e111cd815a");
Removida : user_pref("CommunityToolbar.twitter.user_114628119.LastCheckTime", "Tue Aug 02 2011 23:00:11 GMT-030[...]
Removida : user_pref("CommunityToolbar.twitter.user_42444781.LastCheckTime", "Tue Aug 02 2011 23:00:11 GMT-0300[...]
Removida : user_pref("CommunityToolbar.twitter.user_56901688.LastCheckTime", "Tue Aug 02 2011 23:00:11 GMT-0300[...]
Removida : user_pref("CommunityToolbar.undefined", "");
Removida : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Removida : user_pref("browser.search.defaultengine", "Ask.com");
Removida : user_pref("browser.search.defaultenginename", "SweetIM Search");
Removida : user_pref("browser.search.defaultthis.engineName", "Softonic_Brasil Customized Web Search");
Removida : user_pref("browser.search.order.1", "Search the web (Babylon)");
Removida : user_pref("browser.search.selectedEngine", "SweetIM Search");
Removida : user_pref("extensions.BabylonToolbar.bbDpng", 23);
Removida : user_pref("extensions.BabylonToolbar.firstRun", false);
Removida : user_pref("extensions.BabylonToolbar.lastActv", "23");
Removida : user_pref("extensions.BabylonToolbar.lastDP", 23);
Removida : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.22:07:39");
Removida : user_pref("extensions.facemoods.aflt", "_#pcmega");
Removida : user_pref("extensions.facemoods.firstRun", false);
Removida : user_pref("extensions.facemoods.lastActv", "23");
Removida : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Removida : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Facemoods Search");
Removida : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Removida : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Facemoods Search");
Removida : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "www.google.com.br");
Removida : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB[...]
 
-\\ Google Chrome v19.0.1084.56
 
Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences
 
Removida [l.16] : homepage = "hxxp://home.sweetim.com/?barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}",
Removida [l.20] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?barid={E7CB2B8F-CF63-43F3-8B30-57[...]
Removida [l.1749] : homepage = "hxxp://home.sweetim.com/?barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}",
Removida [l.2275] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?barid={E7CB2B8F-CF63-43F3-8B30-577C9[...]
 
*************************
 
AdwCleaner[R1].txt - [57591 octets] - [10/02/2013 17:02:08]
AdwCleaner[S1].txt - [54920 octets] - [10/02/2013 17:02:57]
 
########## EOF - C:\AdwCleaner[S1].txt - [54981 octets] ##########
 
 
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Microsoft Windows XP x86
Ran by Administrador on dom 10/02/2013 at 17:10:52,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\Internet Explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\Internet Explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\325uzxvf.default\prefs.js
 
user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{e8bbc502-5e5c-4f42-8ab6-2b6184f2c59a}:2.7.2.0,{0329E7D6-6F54-462D-93F6-F5C
user_pref("extensions.orkutmanager.EmoticonsList", "{\" :)\":\"hxxp://static1.orkut.com/img/i_smile.gif\",\" ;)\":\"hxxp://static3.orkut.com/img/i_wink.gif\",\"xD\":\"hxxp://sta
user_pref("extensions.orkutmanager.MenuDD", "[\"%3Cb%3EOrkut%20Manager%3C/b%3E|undefined\", \"/Community%3Fcmm%3D90840394|undefined\", \"-|undefined\", \"javascript%3A%3B|unde
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on dom 10/02/2013 at 17:18:22,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 


#8 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65104 mensagens

Publicado 10 February 2013 - 04:45 PM

Como está o PC ?


MillionMPV.gif

#9 Paschoal1994    

Paschoal1994
  • Participante
  • 8 mensagens

Publicado 10 February 2013 - 04:58 PM

Bom ele, ao liga -lo  aparece uma mensagem de erro, dizendo que a imagem está incorreta, tinha outro problema também que quando ligava a tela ficava parada,travada, tendo assim que desliga- lo  e religa- lo novamente, mais isso eu acho que parou, 

Vou tentar tirar uma foto e postar aqui no tópico, se isso ajudar. 



#10 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65104 mensagens

Publicado 10 February 2013 - 05:04 PM

Acredito que o problema esteja ligado a instalação deste Programa RocketDock..Desinstale e veja se continua..


MillionMPV.gif









 




Tópicos com palavra-chave: log