Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
Paschoal1994

Log do HijackThis

15 posts neste tópico

Bom toda vez que eu inicio meu PC, aparece " imagem incorreta"

ai está o log

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:13:38, on 9/2/2013

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UPHClean\uphclean.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe

C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe

C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\RocketDock\RocketDock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s

R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll

R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O1 - Hosts: 96.104.35.128 www.latinocheats.com

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll

O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Arquivos de programas\PriceGong\2.6.2\PriceGongIE.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: Messenger Plus Live Brazil - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll

O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [facemoods] "C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe" /md I

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [sweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe -tray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Search the Web - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O12 - Plugin for .NPSSView: C:\Arquivos de programas\Seagate Software\Viewers\ActiveXViewer\NPssView.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{35D34A75-5336-4B22-A299-A7704C5C60F8}: NameServer = 200.220.227.56 200.142.130.202

O17 - HKLM\System\CCS\Services\Tcpip\..\{BDBA33AC-2379-46C6-A830-00D3BF605BA8}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Nokia - (no file)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 13262 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desinstale completamente o Spybot, é um Software obsoleto que mais complica que ajuda.

 

Reinicie...

Para o seu Post não ficar muito extenso, saindo a citação do meu post, não use o Responder do post, use o Editor que fica abaixo no tópico ou clique em Editor Completo.

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz o que você me pediu, ai estão os logs.

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.02.09.08
 
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrador :: WINXP [administrador]
 
Proteção: Permitir
 
10/2/2013 00:21:54
mbam-log-2013-02-10 (00-21-54).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  214210
Tempo decorrido: 8 minuto(s), 39 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
 
(fim)
 
 
 
 
 
 
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:37:03, on 10/2/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UPHClean\uphclean.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 96.104.35.128 www.latinocheats.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Arquivos de programas\PriceGong\2.6.2\PriceGongIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Messenger Plus Live Brazil - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [facemoods] "C:\Arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [sweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .NPSSView: C:\Arquivos de programas\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDBA33AC-2379-46C6-A830-00D3BF605BA8}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Nokia - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
 
--
End of file - 13548 bytes
 
 
 
 
 
 
 
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Para o seu Post não ficar muito extenso, saindo a citação do meu post, não use o Responder do post, use o Editor que fica abaixo no tópico ou clique em Editor Completo.

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Os outros logs.

 

(Obs, eu estou clicando em editor completo, mais está parecendo como resposta....)

 

 

 

 

 

ComboFix 13-02-07.02 - Administrador 10/02/2013  14:52:52.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.55.1046.18.1014.366 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\DealPly
c:\arquivos de programas\DealPly\DealPly.crx
c:\arquivos de programas\DealPly\uninst.exe
c:\arquivos de programas\facemoods.com
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoods.crx
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoods.png
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodsApp.dll
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodsEng.dll
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\uninstall.exe
c:\arquivos de programas\TelevisionFanaticEI
c:\documents and settings\Administrador\Dados de aplicativos\facemoods.com
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\1.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\1.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\13548.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\13642.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\1391.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\2229.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\2355.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\3803.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\4489.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\83.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\a.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\a.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\b.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\b.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\c.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\c.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\d.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\d.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\e.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\e.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\f.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\f.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\g.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\g.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\h.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\h.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\i.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\i.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\j.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\J.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\k.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\k.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\l.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\l.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\m.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\m.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\mru.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\n.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\n.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\o.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\o.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\p.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\p.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\q.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\q.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\r.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\r.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\s.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\s.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\t.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\t.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\u.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\u.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\v.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\v.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\w.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\w.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\wlu.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\x.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\x.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\y.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\y.xml
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\z.txt
c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\z.xml
c:\documents and settings\Administrador\Dados de aplicativos\Toolbar4
c:\documents and settings\Administrador\WINDOWS
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
 c:\windows\system32\drivers\psched.sys . . . está faltando!!
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-01-10 to 2013-02-10  ))))))))))))))))))))))))))))
.
.
2013-02-09 05:19 . 2013-01-18 15:17 6991832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Windows Defender\Definition Updates\{3CE44DC8-145F-4AE5-9150-6DB56623D76B}\mpengine.dll
2013-02-08 14:40 . 2013-02-08 14:40 -------- d-----w- c:\windows\system32\NtmsData
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 05:35 . 2012-05-29 17:05 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-09 05:35 . 2011-07-12 21:03 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 04:28 . 2010-04-09 11:30 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-14 19:49 . 2011-02-04 02:04 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 11:02 . 2012-03-27 18:05 85472 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
2011-05-09 09:49 176936 ----a-w- c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]
2011-05-09 09:49 176936 ----a-w- c:\arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll" [2011-05-09 176936]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{12FC3D37-2A42-4FE3-8489-81296878CBA5}"= "c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll" [2011-05-09 176936]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll" [2011-05-09 176936]
"{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}"= "c:\arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\arquivos de programas\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ccleaner"="c:\arquivos de programas\CCleaner\ccleaner.exe" [2013-01-23 3274008]
"NokiaSuite.exe"="c:\arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" [2007-12-21 1443072]
"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-07-30 273544]
"SweetIM"="c:\arquivos de programas\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Novo valor #1"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Arquivos de programas\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1155:TCP"= 1155:TCP:VSCyber
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"56444:TCP"= 56444:TCP:Pando Media Booster
"56444:UDP"= 56444:UDP:Pando Media Booster
"57542:TCP"= 57542:TCP:Pando Media Booster
"57542:UDP"= 57542:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/1/2009 17:11 717296]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [16/1/2009 17:23 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [16/1/2009 17:23 52224]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21/12/2007 07:21 33800]
R2 ekrn;Eset Service;c:\arquivos de programas\Eset\ESET NOD32 antivírus\ekrn.exe [21/12/2007 07:21 468224]
R2 MBAMScheduler;MBAMScheduler;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/2/2013 00:05 398184]
R2 MBAMService;MBAMService;c:\arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [3/2/2011 23:04 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/2/2011 23:04 21104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28/2/2012 13:24 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [28/2/2012 13:24 8576]
S3 npggsvc;nProtect GameGuard Service; [x]
S3 XDva223;XDva223; [x]
S3 XDva224;XDva224; [x]
S3 XDva225;XDva225; [x]
.
--- =Outros Serviços/Drivers Na Memória ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 05:35]
.
2013-02-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
2013-02-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2147129713-725345543-500.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-03-29 13:47]
.
2012-06-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2147129713-725345543-500.job
- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-03-29 13:47]
.
2013-02-09 c:\windows\Tasks\ReclaimerInstall_Administrador.job
- c:\documents and settings\Administrador\Dados de aplicativos\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2013-02-09 04:03]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}
mStart Page = hxxp://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}
uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s
IE: &Clean Traces
IE: &Download with &DAP
IE: Baixar Link Utiizando Gerenciador Mega...
IE: Download &all with DAP
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: Interfaces\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
TCP: Interfaces\{35D34A75-5336-4B22-A299-A7704C5C60F8}: NameServer = 200.220.227.56 200.142.130.202
TCP: Interfaces\{BDBA33AC-2379-46C6-A830-00D3BF605BA8}: NameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
HKLM-Run-facemoods - c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
AddRemove-DealPly - c:\arquivos de programas\DealPly\uninst.exe
AddRemove-facemoods - c:\arquivos de programas\facemoods.com\facemoods\1.4.17.10\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-10 15:01
Windows 5.1.2600 Service Pack 2 NTFS
.
Procurando processos ocultos ... 
.
Procurando entradas auto inicializáveis ocultas ... 
.
Procurando ficheiros/arquivos ocultos ... 
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-2147129713-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9a,61,58,21,db,e9,bd,44,86,f1,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,6f,28,99,7f,e8,db,46,9c,e4,b1,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,89,ee,4d,ad,1c,69,48,b8,ff,f2,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Tempo para conclusão: 2013-02-10  15:05:18
ComboFix-quarantined-files.txt  2013-02-10 18:05
.
Pré-execução: 15 pasta(s) 59.661.770.752 bytes disponíveis
Pós execução: 16 pasta(s) 59.646.300.160 bytes disponíveis
.
- - End Of File - - D388731ED22A935FB8366D7CDCA0EBA0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:17:03, on 10/2/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\UPHClean\uphclean.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe
C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe
C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Arquivos de programas\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Arquivos de programas\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Messenger Plus Live Brazil - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\prxtbMes0.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Arquivos de programas\DVDVideoSoftTB\prxtbDVD2.dll
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [sweetIM] C:\Arquivos de programas\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Arquivos de programas\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Arquivos de programas\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .NPSSView: C:\Arquivos de programas\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{35D34A75-5336-4B22-A299-A7704C5C60F8}: NameServer = 200.220.227.56 200.142.130.202
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDBA33AC-2379-46C6-A830-00D3BF605BA8}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{18CC7EC7-0FF3-4254-9828-4AD5534D7D58}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Nokia - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
 
--
End of file - 10881 bytes
 
 
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Para o seu Post não ficar muito extenso, saindo a citação do meu post, não use o "Citar" do post, use o Editor que fica abaixo no tópico ou clique em Editor Completo.

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mousesobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v2.112 - Relatório criado em 10/02/2013 às 17:02:57

# Atualizado em 10/02/2013 por Xplode

# Sistema Operacional : Microsoft Windows XP Service Pack 2 (32 bits)

# Usuário : Administrador - WINXP

# Modo de Boot : Normal

# Executado de : C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe

# Opção [Remover]

 

 

***** [serviços] *****

 

 

***** [Arquivos/Pastas] *****

 

Arquivo Removido : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml

Arquivo Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

Arquivo Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\searchplugins\Askcom.xml

Arquivo Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\searchplugins\Conduit.xml

Arquivo Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\searchplugins\SweetIm.xml

Arquivo Removido : C:\WINDOWS\system32\conduitEngine.tmp

Pasta Removido : C:\Arquivos de programas\Conduit

Pasta Removido : C:\Arquivos de programas\DVDVideoSoftTB

Pasta Removido : C:\Arquivos de programas\Iminent

Pasta Removido : C:\Arquivos de programas\Messenger_Plus_Live_Brazil

Pasta Removido : C:\Arquivos de programas\PriceGong

Pasta Removido : C:\Arquivos de programas\Softonic_Brasil

Pasta Removido : C:\Arquivos de programas\SweetIM

Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Babylon

Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit

Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DVDVideoSoftTB

Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Messenger_Plus_Live_Brazil

Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\OpenCandy

Pasta Removido : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Softonic_Brasil

Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon

Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\BabylonToolbar

Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\Conduit

Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\ConduitCommon

Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\CT2434161

Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\extensions\{e8bbc502-5e5c-4f42-8ab6-2b6184f2c59a}

Pasta Removido : C:\Documents and Settings\Administrador\Dados de aplicativos\OpenCandy

Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

Pasta Removido : C:\Documents and Settings\All Users\Dados de aplicativos\SweetIM

Pasta Removido : C:\Documents and Settings\All Users\Menu Iniciar\Programas\PriceGong

Pasta Removido : C:\WINDOWS\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}

Pasta Removido : C:\WINDOWS\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579}

Pasta Removido : C:\WINDOWS\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

Removido Durante o reboot : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Removido Durante o reboot : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

 

***** [Registro] *****

 

Chave Removida : HKCU\Software\BabylonToolbar

Chave Removida : HKCU\Software\Conduit

Chave Removida : HKCU\Software\DealPly

Chave Removida : HKCU\Software\DVDVideoSoftTB

Chave Removida : HKCU\Software\facemoods.com

Chave Removida : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Chave Removida : HKCU\Software\Iminent

Chave Removida : HKCU\Software\Messenger_Plus_Live_Brazil

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{12FC3D37-2A42-4FE3-8489-81296878CBA5}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A15776E3-2702-473F-87D9-2253B4180E51}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F1B3229-F170-43F9-8AAC-EFA2A2470462}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12FC3D37-2A42-4FE3-8489-81296878CBA5}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A15776E3-2702-473F-87D9-2253B4180E51}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8708903-5A39-4ED3-A6CA-679B54A8D138}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9D0D7B6-CCA4-4FEC-8E19-FB382FBF6C61}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}

Chave Removida : HKCU\Software\Softonic

Chave Removida : HKCU\Software\Softonic_Brasil

Chave Removida : HKCU\Toolbar

Chave Removida : HKLM\Software\Babylon

Chave Removida : HKLM\Software\BabylonToolbar

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Chave Removida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Chave Removida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Chave Removida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Chave Removida : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{0F1B3229-F170-43F9-8AAC-EFA2A2470462}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{12FC3D37-2A42-4FE3-8489-81296878CBA5}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{A8708903-5A39-4ED3-A6CA-679B54A8D138}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{C9D0D7B6-CCA4-4FEC-8E19-FB382FBF6C61}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}

Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}

Chave Removida : HKLM\SOFTWARE\Classes\esrv.escrtSrvc

Chave Removida : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1

Chave Removida : HKLM\SOFTWARE\Classes\facemoods.xtrnl

Chave Removida : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1

Chave Removida : HKLM\SOFTWARE\Classes\facemoodsApp.appCore

Chave Removida : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1

Chave Removida : HKLM\Software\Classes\Installer\Features\16FE85B52F587794795A481CF9295697

Chave Removida : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F

Chave Removida : HKLM\Software\Classes\Installer\Features\758F5690DAAD39F40845E0E23C8C5C0B

Chave Removida : HKLM\Software\Classes\Installer\Products\16FE85B52F587794795A481CF9295697

Chave Removida : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F

Chave Removida : HKLM\Software\Classes\Installer\Products\758F5690DAAD39F40845E0E23C8C5C0B

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

Chave Removida : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils

Chave Removida : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1

Chave Removida : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator

Chave Removida : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1

Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap

Chave Removida : HKLM\SOFTWARE\Classes\sim-packages

Chave Removida : HKLM\SOFTWARE\Classes\Toolbar.CT2269050

Chave Removida : HKLM\SOFTWARE\Classes\Toolbar.CT2552374

Chave Removida : HKLM\SOFTWARE\Classes\Toolbar.CT2567694

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Chave Removida : HKLM\Software\Conduit

Chave Removida : HKLM\Software\DealPly

Chave Removida : HKLM\Software\DVDVideoSoftTB

Chave Removida : HKLM\Software\facemoods.com

Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif

Chave Removida : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Chave Removida : HKLM\Software\Iminent

Chave Removida : HKLM\Software\Messenger_Plus_Live_Brazil

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62A9ABDC-40E0-4670-8F76-F56B20BA9EE2}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68011583-96DC-413F-A79B-236A02D3B0E1}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74A2DBA0-F669-41B5-BA72-C54A7F6B436B}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C93C54CC-38F5-44F9-A1F3-317A58312DF7}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB8A823D-B3A9-4CC2-ABE5-ED20A374BEE1}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D305C304-8C65-474E-9730-01ECF0D6AF2C}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Messenger_Plus_Live_Brazil Toolbar

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_Brasil Toolbar

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12FC3D37-2A42-4FE3-8489-81296878CBA5}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0F1B3229-F170-43F9-8AAC-EFA2A2470462}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A8708903-5A39-4ED3-A6CA-679B54A8D138}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C9D0D7B6-CCA4-4FEC-8E19-FB382FBF6C61}

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\16FE85B52F587794795A481CF9295697

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F

Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\758F5690DAAD39F40845E0E23C8C5C0B

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B58EF61-85F2-4977-97A5-84C19F926579}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger_Plus_Live_Brazil Toolbar

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Brasil Toolbar

Chave Removida : HKLM\Software\Softonic_Brasil

Chave Removida : HKLM\Software\VDownloader\OpenCandy

Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{12FC3D37-2A42-4FE3-8489-81296878CBA5}]

Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Valor Removida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}]

Valor Removida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{12FC3D37-2A42-4FE3-8489-81296878CBA5}]

Valor Removida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Valor Removida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}]

Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{12FC3D37-2A42-4FE3-8489-81296878CBA5}]

Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Valor Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}]

Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetIM]

Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetpacks Communicator]

Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]

Valor Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

 

***** [Navegadores] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D} --> hxxp://www.google.com

Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D} --> hxxp://www.google.com

 

-\\ Mozilla Firefox v13.0 (pt-BR)

 

Arquivo : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\325uzxvf.default\prefs.js

 

Removida : user_pref("CT2434161..clientLogIsEnabled", false);

Removida : user_pref("CT2434161..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Removida : user_pref("CT2434161..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Removida : user_pref("CT2434161.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Removida : user_pref("CT2434161.AppTrackingLastCheckTime", "Tue Aug 16 2011 14:34:15 GMT-0300 (Hora oficial do [...]

Removida : user_pref("CT2434161.CTID", "CT2434161");

Removida : user_pref("CT2434161.CurrentServerDate", "20-8-2011");

Removida : user_pref("CT2434161.DialogsAlignMode", "LTR");

Removida : user_pref("CT2434161.DialogsGetterLastCheckTime", "Thu Aug 18 2011 19:40:40 GMT-0300 (Hora oficial d[...]

Removida : user_pref("CT2434161.DownloadReferralCookieData", "{\"BannerName\":\"Toolbar_Image_cover0\",\"Banner[...]

Removida : user_pref("CT2434161.FeedLastCount129208445307679369", 150);

Removida : user_pref("CT2434161.FeedPollDate129021247721439230", "Wed Dec 01 2010 10:24:16 GMT-0300 (Hora ofici[...]

Removida : user_pref("CT2434161.FeedPollDate129208445308460621", "Tue Aug 02 2011 19:59:09 GMT-0300 (Hora ofici[...]

Removida : user_pref("CT2434161.FeedPollDate129208475470251714", "Tue Aug 02 2011 19:59:09 GMT-0300 (Hora ofici[...]

Removida : user_pref("CT2434161.FeedPollDate129208475470251715", "Tue Aug 02 2011 19:59:09 GMT-0300 (Hora ofici[...]

Removida : user_pref("CT2434161.FeedTTL129208445308460621", 40);

Removida : user_pref("CT2434161.FeedTTL129208475470251714", 40);

Removida : user_pref("CT2434161.FeedTTL129208475470251715", 40);

Removida : user_pref("CT2434161.FirstServerDate", "26-10-2010");

Removida : user_pref("CT2434161.FirstTime", true);

Removida : user_pref("CT2434161.FirstTimeFF3", true);

Removida : user_pref("CT2434161.FirstTimeSettingsDone", true);

Removida : user_pref("CT2434161.FixPageNotFoundErrors", true);

Removida : user_pref("CT2434161.GroupingServerCheckInterval", 1440);

Removida : user_pref("CT2434161.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Removida : user_pref("CT2434161.HasUserGlobalKeys", true);

Removida : user_pref("CT2434161.HomePageProtectorEnabled", false);

Removida : user_pref("CT2434161.Initialize", true);

Removida : user_pref("CT2434161.InitializeCommonPrefs", true);

Removida : user_pref("CT2434161.InstallationAndCookieDataSentCount", 3);

Removida : user_pref("CT2434161.InstalledDate", "Mon Oct 25 2010 21:25:56 GMT-0300 (Hora oficial do Brasil)");

Removida : user_pref("CT2434161.InvalidateCache", false);

Removida : user_pref("CT2434161.IsAlertDBUpdated", true);

Removida : user_pref("CT2434161.IsGrouping", false);

Removida : user_pref("CT2434161.IsMulticommunity", false);

Removida : user_pref("CT2434161.IsOpenThankYouPage", true);

Removida : user_pref("CT2434161.IsOpenUninstallPage", true);

Removida : user_pref("CT2434161.LanguagePackLastCheckTime", "Sat Aug 20 2011 13:00:23 GMT-0300 (Hora oficial do[...]

Removida : user_pref("CT2434161.LanguagePackReloadIntervalMM", 1440);

Removida : user_pref("CT2434161.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Removida : user_pref("CT2434161.LastLogin_2.7.2.0", "Tue Dec 21 2010 23:14:55 GMT-0300 (Hora oficial do Brasil)[...]

Removida : user_pref("CT2434161.LastLogin_3.2.2.0", "Mon Dec 20 2010 19:01:32 GMT-0300 (Hora oficial do Brasil)[...]

Removida : user_pref("CT2434161.LastLogin_3.2.5.2", "Sun May 29 2011 21:13:17 GMT-0300 (Hora oficial do Brasil)[...]

Removida : user_pref("CT2434161.LastLogin_3.3.3.2", "Fri Jun 24 2011 12:37:21 GMT-0300 (Hora oficial do Brasil)[...]

Removida : user_pref("CT2434161.LastLogin_3.5.0.12", "Mon Aug 01 2011 13:27:47 GMT-0300 (Hora oficial do Brasil[...]

Removida : user_pref("CT2434161.LastLogin_3.6.0.10", "Sat Aug 20 2011 13:00:23 GMT-0300 (Hora oficial do Brasil[...]

Removida : user_pref("CT2434161.LatestVersion", "3.5.0.12");

Removida : user_pref("CT2434161.Locale", "pt-br");

Removida : user_pref("CT2434161.LoginCache", 4);

Removida : user_pref("CT2434161.MCDetectTooltipHeight", "83");

Removida : user_pref("CT2434161.MCDetectTooltipShow", false);

Removida : user_pref("CT2434161.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Removida : user_pref("CT2434161.MCDetectTooltipWidth", "295");

Removida : user_pref("CT2434161.MyStuffEnabledAtInstallation", true);

Removida : user_pref("CT2434161.RadioIsPodcast", false);

Removida : user_pref("CT2434161.RadioLastCheckTime", "Sat Aug 20 2011 13:00:23 GMT-0300 (Hora oficial do Brasil[...]

Removida : user_pref("CT2434161.RadioLastUpdateIPServer", "3");

Removida : user_pref("CT2434161.RadioLastUpdateServer", "129013313224400000");

Removida : user_pref("CT2434161.RadioMediaID", "12841918");

Removida : user_pref("CT2434161.RadioMediaType", "Media Player");

Removida : user_pref("CT2434161.RadioMenuSelectedID", "EBRadioMenu_CT243416112841918");

Removida : user_pref("CT2434161.RadioShrinked", "expanded");

Removida : user_pref("CT2434161.RadioStationName", "Irece%20Lider%20FM");

Removida : user_pref("CT2434161.RadioStationURL", "hxxp://ireceliderfm.acessaradios.com.br/ireceliderfm");

Removida : user_pref("CT2434161.SHRINK_TOOLBAR", 0);

Removida : user_pref("CT2434161.SearchBoxWidth", 100);

Removida : user_pref("CT2434161.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM[...]

Removida : user_pref("CT2434161.SearchEngineBeforeUnload", "Ask.com");

Removida : user_pref("CT2434161.SearchFromAddressBarIsInit", true);

Removida : user_pref("CT2434161.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]

Removida : user_pref("CT2434161.SearchInNewTabEnabled", true);

Removida : user_pref("CT2434161.SearchInNewTabIntervalMM", 1440);

Removida : user_pref("CT2434161.SearchInNewTabLastCheckTime", "Sat Aug 20 2011 13:00:22 GMT-0300 (Hora oficial [...]

Removida : user_pref("CT2434161.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Removida : user_pref("CT2434161.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Removida : user_pref("CT2434161.SearchInNewTabUserEnabled", false);

Removida : user_pref("CT2434161.SearchProtectorEnabled", false);

Removida : user_pref("CT2434161.SearchProtectorToolbarDisabled", true);

Removida : user_pref("CT2434161.ServiceMapLastCheckTime", "Sat Aug 20 2011 13:00:22 GMT-0300 (Hora oficial do B[...]

Removida : user_pref("CT2434161.SettingsCheckIntervalMin", 120);

Removida : user_pref("CT2434161.SettingsLastCheckTime", "Sat Aug 20 2011 15:04:13 GMT-0300 (Hora oficial do Bra[...]

Removida : user_pref("CT2434161.SettingsLastUpdate", "1313504196");

Removida : user_pref("CT2434161.SuggestWindowWidth", "151");

Removida : user_pref("CT2434161.ThirdPartyComponentsInterval", 504);

Removida : user_pref("CT2434161.ThirdPartyComponentsLastCheck", "Wed Aug 03 2011 08:15:27 GMT-0300 (Hora oficia[...]

Removida : user_pref("CT2434161.ThirdPartyComponentsLastUpdate", "1256047550");

Removida : user_pref("CT2434161.ToolbarDisabled", true);

Removida : user_pref("CT2434161.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2434161");

Removida : user_pref("CT2434161.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Removida : user_pref("CT2434161.UserID", "UN19204511711956931");

Removida : user_pref("CT2434161.ValidationData_Search", 2);

Removida : user_pref("CT2434161.ValidationData_Toolbar", 2);

Removida : user_pref("CT2434161.alertChannelId", "828341");

Removida : user_pref("CT2434161.approveUntrustedApps", false);

Removida : user_pref("CT2434161.clientLogIsEnabled", true);

Removida : user_pref("CT2434161.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Removida : user_pref("CT2434161.components.129012578867819033", false);

Removida : user_pref("CT2434161.components.129012586788600463", false);

Removida : user_pref("CT2434161.components.129012600844225132", false);

Removida : user_pref("CT2434161.components.129012624021100433", false);

Removida : user_pref("CT2434161.components.129013245457425516", false);

Removida : user_pref("CT2434161.components.129017849033031572", false);

Removida : user_pref("CT2434161.components.129208445307679369", false);

Removida : user_pref("CT2434161.components.129229499924565247", false);

Removida : user_pref("CT2434161.components.3541163729990983940", false);

Removida : user_pref("CT2434161.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Removida : user_pref("CT2434161.globalFirstTimeInfoLastCheckTime", "Sat Aug 20 2011 13:00:23 GMT-0300 (Hora ofi[...]

Removida : user_pref("CT2434161.homepageProtectorEnableByLogin", true);

Removida : user_pref("CT2434161.initDone", true);

Removida : user_pref("CT2434161.isAppTrackingManagerOn", true);

Removida : user_pref("CT2434161.myStuffEnabled", true);

Removida : user_pref("CT2434161.myStuffPublihserMinWidth", 400);

Removida : user_pref("CT2434161.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Removida : user_pref("CT2434161.myStuffServiceIntervalMM", 1440);

Removida : user_pref("CT2434161.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Removida : user_pref("CT2434161.oldAppsList", "129012570048419074,129012570048575325,111,129012578867819033,129[...]

Removida : user_pref("CT2434161.searchProtectorDialogDelayInSec", 10);

Removida : user_pref("CT2434161.searchProtectorEnableByLogin", true);

Removida : user_pref("CT2434161.testingCtid", "");

Removida : user_pref("CT2434161.toolbarAppMetaDataLastCheckTime", "Sat Aug 20 2011 13:00:23 GMT-0300 (Hora ofic[...]

Removida : user_pref("CT2434161.toolbarContextMenuLastCheckTime", "Sun Aug 07 2011 15:22:28 GMT-0300 (Hora ofic[...]

Removida : user_pref("CT2434161.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Removida : user_pref("CT2434161.usagesFlag", 2);

Removida : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2552374");

Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=1061742&fid=1057446", "\"0\[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=828341&fid=824146", "\"0\""[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/828341/824146/BR", "\"0\"")[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/945276/941054/BR", "\"0\"")[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2434161", [...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2552374", [...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2567694", [...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2434161",[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=9/22/20[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2434161&octid=[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2567694&octid=[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT2434161&octid=CT[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2434161/CT2434161[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2552374/CT2552374[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/equalizer_dea[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/maxi.gif", "\[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/minimize.gif"[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/play.gif", "\[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/play_mini.gif[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/stop.gif", "\[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Dawn/vol.gif", "\"[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt", "\"634[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/114628119.xml", "\"f93cfe1b58240a83c4[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/42444781.xml", "\"56a46fd71297187adc2[...]

Removida : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/56901688.xml", "\"635fa13e07655f22124[...]

Removida : user_pref("CommunityToolbar.EngineOwner", "");

Removida : user_pref("CommunityToolbar.EngineOwnerGuid", "{e8bbc502-5e5c-4f42-8ab6-2b6184f2c59a}");

Removida : user_pref("CommunityToolbar.EngineOwnerToolbarId", "salobro");

Removida : user_pref("CommunityToolbar.IsEngineShown", true);

Removida : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Removida : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrador\\Dad[...]

Removida : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");

Removida : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/ar[...]

Removida : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2434161");

Removida : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{e8bbc502-5e5c-4f42-8ab6-2b6184f2c59a}");

Removida : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "salobro");

Removida : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe[...]

Removida : user_pref("CommunityToolbar.ToolbarsList", "CT2434161");

Removida : user_pref("CommunityToolbar.ToolbarsList2", "CT2434161");

Removida : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 29 2011 21:18:57 GMT-03[...]

Removida : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Removida : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 10:44:10 GMT-0300 (Hora [...]

Removida : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Removida : user_pref("CommunityToolbar.alert.locale", "en");

Removida : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Removida : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 12:37:15 GMT-0300 (Hora ofic[...]

Removida : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");

Removida : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Removida : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Removida : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Removida : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Removida : user_pref("CommunityToolbar.alert.userId", "d95f2511-a70f-4f42-be4b-d838995073a8");

Removida : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Dec 01 2010 10:39:27 GMT-0300 (Hor[...]

Removida : user_pref("CommunityToolbar.globalUserId", "8ac9eea8-14df-4acd-8d14-78bc717bb982");

Removida : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Removida : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Removida : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2552374");

Removida : user_pref("CommunityToolbar.killedEngine", true);

Removida : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 15 2011 15:15:5[...]

Removida : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Removida : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Aug 20 2011 13:00:31 GMT-030[...]

Removida : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Removida : user_pref("CommunityToolbar.notifications.locale", "en");

Removida : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Removida : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Aug 20 2011 13:00:22 GMT-0300 (H[...]

Removida : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Removida : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Removida : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Removida : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Removida : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Removida : user_pref("CommunityToolbar.notifications.userId", "c4e8da02-d862-4325-8046-b0e111cd815a");

Removida : user_pref("CommunityToolbar.twitter.user_114628119.LastCheckTime", "Tue Aug 02 2011 23:00:11 GMT-030[...]

Removida : user_pref("CommunityToolbar.twitter.user_42444781.LastCheckTime", "Tue Aug 02 2011 23:00:11 GMT-0300[...]

Removida : user_pref("CommunityToolbar.twitter.user_56901688.LastCheckTime", "Tue Aug 02 2011 23:00:11 GMT-0300[...]

Removida : user_pref("CommunityToolbar.undefined", "");

Removida : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Removida : user_pref("browser.search.defaultengine", "Ask.com");

Removida : user_pref("browser.search.defaultenginename", "SweetIM Search");

Removida : user_pref("browser.search.defaultthis.engineName", "Softonic_Brasil Customized Web Search");

Removida : user_pref("browser.search.order.1", "Search the web (Babylon)");

Removida : user_pref("browser.search.selectedEngine", "SweetIM Search");

Removida : user_pref("extensions.BabylonToolbar.bbDpng", 23);

Removida : user_pref("extensions.BabylonToolbar.firstRun", false);

Removida : user_pref("extensions.BabylonToolbar.lastActv", "23");

Removida : user_pref("extensions.BabylonToolbar.lastDP", 23);

Removida : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.22:07:39");

Removida : user_pref("extensions.facemoods.aflt", "_#pcmega");

Removida : user_pref("extensions.facemoods.firstRun", false);

Removida : user_pref("extensions.facemoods.lastActv", "23");

Removida : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

Removida : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Facemoods Search");

Removida : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]

Removida : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Facemoods Search");

Removida : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "www.google.com.br");

Removida : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010006&st=10&barid={E7CB[...]

 

-\\ Google Chrome v19.0.1084.56

 

Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Preferences

 

Removida [l.16] : homepage = "hxxp://home.sweetim.com/?barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}",

Removida [l.20] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?barid={E7CB2B8F-CF63-43F3-8B30-57[...]

Removida [l.1749] : homepage = "hxxp://home.sweetim.com/?barid={E7CB2B8F-CF63-43F3-8B30-577C9172623D}",

Removida [l.2275] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?barid={E7CB2B8F-CF63-43F3-8B30-577C9[...]

 

*************************

 

AdwCleaner[R1].txt - [57591 octets] - [10/02/2013 17:02:08]

AdwCleaner[s1].txt - [54920 octets] - [10/02/2013 17:02:57]

 

########## EOF - C:\AdwCleaner[s1].txt - [54981 octets] ##########

 

 

 

 

 

 

 

 

 

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.2 (02.02.2013:2)

OS: Microsoft Windows XP x86

Ran by Administrador on dom 10/02/2013 at 17:10:52,89

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\Internet Explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\Internet Explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\325uzxvf.default\prefs.js

 

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{e8bbc502-5e5c-4f42-8ab6-2b6184f2c59a}:2.7.2.0,{0329E7D6-6F54-462D-93F6-F5C

user_pref("extensions.orkutmanager.EmoticonsList", "{\" :)\":\"hxxp://static1.orkut.com/img/i_smile.gif\",\" ;)\":\"hxxp://static3.orkut.com/img/i_wink.gif\",\"xD\":\"hxxp://sta

user_pref("extensions.orkutmanager.MenuDD", "[\"%3Cb%3EOrkut%20Manager%3C/b%3E|undefined\", \"/Community%3Fcmm%3D90840394|undefined\", \"-|undefined\", \"javascript%3A%3B|unde

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on dom 10/02/2013 at 17:18:22,32

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom ele, ao liga -lo  aparece uma mensagem de erro, dizendo que a imagem está incorreta, tinha outro problema também que quando ligava a tela ficava parada,travada, tendo assim que desliga- lo  e religa- lo novamente, mais isso eu acho que parou, 

Vou tentar tirar uma foto e postar aqui no tópico, se isso ajudar. 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Infelizmente continua, eu anotei a mensagem de erro, é esta:

 

"Winlogon.exe -Imagem incorreta.

 

 

O aplicativo ou a DLL C;\WINDOWS\system32\KBDUSDLL não é uma imagem válida para o windows. Compare com o disco de instalação. " 

 

...

 

 

 

Bom tem uma mensagem na tela inicial,  que já tinha aparecido agora voltou aparecer é:

 

 

" você pode ter sido vitima de falsificação de software. 

 

Esta copia do windows não passou no teste de validação do windows original."

Compartilhar este post


Link para o post
Compartilhar em outros sites

Veja aqui: Mensagem de erro: Não é possível carregar o Kbdus.dll de arquivo de Layout de teclado

 

http://support.microsoft.com/kb/246187/pt-br

 

Sugiro que você entre em contato com a Microsoft ou com o revendedor autorizado, informando os dados da compra do seu cd, e solicite uma nova mídia, pois este que você tem em mãos está evidentemente com problemas.

Central de Atendimento Microsoft:
0800 761-7454

Atendimento ao Cliente
http://support.microsoft.com/contactus

Boa sorte.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • NOVIDADES DO SITE BABOO

  • Posts

    • Funcionou. Obrigado a todos pelo empenho e dedicação em ajudar.
    • Ola...Eu estou com um video e ele tem um logo ou tarja em fim ele tem um site escrito na tela do video de tal forma que quando cliko em play essa escrita(tarja ou logo ou marca de agua) se movimente de baixo para cima ...ou seja no inicio do video ela começa em baixo e com o video rodando ela vai subindo até chegar na parte superior juntamente com o final d video.Eu sei como remover as marcas de agua (tarja ou logos) fixo mas em moviemento assim ainda nao vi nada igual. Então...? Como remover essa escrita(tarja ou logo ou marca de agua) em moviemnto  da tela do video?
    • Osvaldo, era exatamente isso! Muito preciso. Muito Obrigado pela ajuda!
    • Boa Noite , e obrigado Ciro   Instalei e executei os comandos usando o cmd via adminstrador, a primeira execução apresentou erro e segunda não apresentou erro, fiz o teste com o programa em questão e ainda assim apresenta o mesmo erro. Somente um detalhe fiz a chamado diretamente no diretorio de instalação do programa, pois em outro diretorio ele não "enxergava"  o programa , veja abaixo os detalhes da execução, e mais uma vez obrigado C:\Windows\system32>cd C:\Program Files (x86)\Windows Resource Kits\Tools C:\Program Files (x86)\Windows Resource Kits\Tools>subinacl /subdirectories %SystemDrive% /grant=administrators=f
      LookupAccountName : C:\Program Files (x86)\Windows Resource Kits\Tools:administrators 1337 A estrutura da identificação de segurança é inválida. Current object C:\Program Files (x86)\Windows Resource Kits\Tools will not be processed
      Elapsed Time: 00 00:00:00
      Done:        0, Modified        0, Failed        0, Syntax errors        1
      Last Syntax Error:WARNING : /grant=administrators=f : Error when checking arguments - C:\Program Files (x86)\Windows Resource Kits\Tools C:\Program Files (x86)\Windows Resource Kits\Tools>subinacl /subdirectories %SystemDrive% /grant=system=f
      C:\Program Files (x86)\Windows Resource Kits\Tools : delete Perm. ACE 3 autoridade nt\system
      C:\Program Files (x86)\Windows Resource Kits\Tools : delete Perm. ACE 2 autoridade nt\system
      C:\Program Files (x86)\Windows Resource Kits\Tools : new ace for autoridade nt\system
      C:\Program Files (x86)\Windows Resource Kits\Tools : new ace for autoridade nt\system
      C:\Program Files (x86)\Windows Resource Kits\Tools : 4 change(s)
      Elapsed Time: 00 00:00:00
      Done:        1, Modified        1, Failed        0, Syntax errors        0
      Last Done  : C:\Program Files (x86)\Windows Resource Kits\Tools      
    • Olá! Pode dizer qual o modelo do seu teclado e se ele usa algum driver de fabricante?
    • Atualmente eu tou fugindo de Seagate, no passado foi minha favorita mas estou tendo muita dor de cabeça atualmente. Eu comprei um HD com bom c/b recentemente da WD, que já foi um lixo mas hoje em dia está incrível, estou muito satisfeita com ele, é esse modelo: http://www.kabum.com.br/produto/63735/hd-wd-sata-35-blue-pc-1tb-7200rpm-64mb-cache-sata-6-0gb-s-wd10ezex
    • Olá galera, estou querendo montar um PC bom e comecei pelo processador, achei esse, que segundo oque eu pesquisei, é o mais top da intel, me corrijam se eu tiver errado:  http://www.kabum.com.br/produto/84404/processador-intel-core-i7-7700k-kaby-lake-7a-geracao-cache-8mb-4-2ghz-4-5ghz-max-turbo-lga-1151-intel-hd-graphics-630-bx80677i77700k/?tag=i7 Quero sugestões para compra dessas peças paraq aproveitar o máximo do processador: placa-mãe Memória Ssd gabinete Obs( JÁ TENHO OS SEGUINTES COMPONENTES): hd samsumg 160gb (mas quero trocar porque ouvir dizer que o ssd é muito mais rápido que o hd), já tenho uma fonte real cosair 430w, driver de dvd e uma gt 520( não é grande coisa mas é melhor que o chip onboard)  
    • Ok Muito agradecida!
    • muito bom obrigado.
    • Como está o PC ?
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.