Bom Dia! moicanofacul

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/adwcleaner_logo.jpg&key=e2bde0dd8c13fd52e18ca6fc88e8f2d73040a387059f8bc22a53202f0de6f95f" alt="adwcleaner_logo.jpg" /> > ( ... par Xplode )

|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/AdwCleaner_Delete.jpg&key=75f446191cf36528cf6179827354e5d573f05557fda01df5a7ea91d29f5b7dee" alt="AdwCleaner_Delete.jpg" />

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> > ( ... by OldTimer Tools )

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar ou /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

|- Copie estas informações que no Code,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{60973e1d-3660-4012-856a-97a92f467003}]
"LastModified"=hex(B)/>/>:b7,94,f1,01,52,26,ca,01
"Description"="Disable Avira PopUp"
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"

:Commands
[CLEARALLRESTOREPOINTS]
[purity]
[emptytemp]
[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/OTL_RunFix.jpg&key=09e9249e416710368096f3071f572470adab328652ebc1420e14063af4dbfd77" alt="OTL_RunFix.jpg" />

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

A+

Só após passar o OTL, a inicialização se deu normalmente e o som estranho não aconteceu.

Quando o AdwCleaner reiniciou o pc, ambos os fatos haviam se repetido.

AdwCleaner

AdwCleaner v2.105 - Logfile created 01/11/2013 at 18:57:18

Updated 08/01/2013 by Xplode

Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

User : Pierre Cardoso - PIERRECARDOSO

Boot Mode : Normal

Running from : C:\Users\Pierre Cardoso\Desktop\AdwCleaner.exe

Option [Delete]

*** [services] ***

*** [Files / Folders] ***

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files (x86)\Uninstall.exe

Folder Deleted : C:\ProgramData\Trymedia

*** [Registry] ***

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\86959c0847998342f5f648c12664ca16

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

*** [internet Browsers] ***

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (pt-BR)

File : C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\prefs.js

C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

AdwCleaner[s1].txt - [2380 octets] - [11/01/2013 18:57:18]

########## EOF - C:\AdwCleaner[s1].txt - [2440 octets] ##########

OTL

All processes killed

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{60973e1d-3660-4012-856a-97a92f467003}\\"LastModified"|hex(B)/>/>/>:b7,94,f1,01,52,26,ca,01 /E :invalid edit format. Invalid data type.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{60973e1d-3660-4012-856a-97a92f467003}\\"Description"|"Disable Avira PopUp" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{60973e1d-3660-4012-856a-97a92f467003}\\"SaferFlags"|dword:00000000 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{60973e1d-3660-4012-856a-97a92f467003}\\"ItemData"|"C:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe" /E : value set successfully!

========== COMMANDS ==========

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Pierre Cardoso

->Temp folder emptied: 3569039 bytes

->Temporary Internet Files folder emptied: 30471030 bytes

->Java cache emptied: 479339 bytes

->FireFox cache emptied: 71317309 bytes

->Flash cache emptied: 1574 bytes

User: Public

User: Todos os Usuários

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 33940518 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 133,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01112013_190611

Files\Folders moved on Reboot...

C:\Users\Pierre Cardoso\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Boa Noite! moicanofacul

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i48.tinypic.com/1268r49.png&key=be85c7a026af0cb092d2f868777759c6b4bd667a01f00e36e91558a667424520" alt="1268r49.png" /> > ( ... de Thisisu )

|- Salve-o no desktop!

|- Para Windows 7,clique direito em JRT.exe e execute-o como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Silent.jpg&key=b108c6f3da4b9ebe004c6fc63c6e29fc4f2043056612e16f58c8a6da9600eaea" alt="ZHPDiag_Silent.jpg" /> > ( ... par Nicolas Coolman )

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_4cones.jpg&key=1fa875282159446f710d915aa0f19515c10ea929b8487f1466b6ce34a529ae11" alt="ZHPDiag_4cones.jpg" />

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abi6rX9e.jpg&key=92c78ea35f87f8eb069ae0f2916f89217f86c2317aef892b27e6440e4dd75740" alt="abi6rX9e.jpg" />

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" />

|- Ou acesse: /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abmdaZsE.jpg&key=433ccdd2cd040bd965a0b2bee3887132a2fd78ca8d607165658bf45467e220f0" alt="abmdaZsE.jpg" />

|- Maiores informações: < |Link| >

A+

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows 7 Home Premium x64
Ran by Pierre Cardoso on 11/01/2013 at 23:12:38,14
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\Users\Pierre Cardoso\AppData\Roaming\mozilla\firefox\profiles\hawbr6lm.default\invalidprefs.js
Emptied folder: C:\Users\Pierre Cardoso\AppData\Roaming\mozilla\firefox\profiles\hawbr6lm.default\minidumps [258 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/01/2013 at 23:17:52,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Quanto ao link eu postei ele antes do site ficar fora do ar. Porém a minha resposta sumiu.

Como faço pra resgatar esse link?

Acho que encontrei! É esse o arquivo? http://cjoint.com/13jv/CAokvH5vTY0.htm

Acho que encontrei! É esse o arquivo? http://cjoint.com/13jv/CAokvH5vTY0.htm

Bom Dia! moicanofacul

|- O link de envio está correto!

-/-

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_silent_zps532d2db6.jpg&key=e3bca71d24a0067fad1910903f2d756650c2d526a3a3b4495f41f8a5e073328a" alt="ZHPFix_silent_zps532d2db6.jpg" />

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com => Live Search Mozilla
O2 - BHO: (no name) [64Bits] - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Orphean Key
O2 - BHO: (no name) [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key
O2 - BHO: (no name) [64Bits] - {3049C3E9-B461-4BC5-8870-4C09146192CA} Orphean Key
O2 - BHO: (no name) [64Bits] - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} Orphean Key
O2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key
O2 - BHO: (no name) [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key
O2 - BHO: (no name) [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} Orphean Key
O2 - BHO: (no name) [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} Orphean Key
O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key
O4 - Global Startup: C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk . (...) -- C:\Programs\PartyGaming\PartyGaming.exe
[MD5.00000000000000000000000000000000] [APT] [{2FBE8D5E-E4B2-4626-9ECD-DC007CCBCE08}] (...) -- C:\Users\Pierre Cardoso\Desktop\Flash_Disinfector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{97357085-0498-4C3B-8098-347E1CA2C80F}] (...) -- C:\Users\Pierre Cardoso\Desktop\WWParty\RegSetup.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{9EBA07A6-BE43-447E-AC2D-04C1D415A519}] (...) -- J:\MEDICINA\Medicina Battlefield 3 Repack.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{E0AC368C-7111-4909-8529-E489F527DA23}] (...) -- C:\Users\Pierre Cardoso\Downloads\7z465.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{EF7A9B34-053A-4139-89CE-2ABAD9E3300F}] (...) -- C:\Users\Pierre Cardoso\Downloads\ps2pdf995.exe (.not file.)

[MD5.906ADA62693EC894B1439E98E3FD56B6] [SPRF][17/02/2012] (...) -- C:\Program Files (x86)\RarExt.dll [166912] => Infection BT (Spyware.OnlineGames)
[MD5.8C458DC9E7DC6EC0DC5F24C999AFA4C7] [SPRF][17/02/2012] (...) -- C:\Program Files (x86)\RarExt64.dll [193536] => Infection BT (Spyware.OnlineGames)
O42 - Logiciel: PartyPoker - (.PartyGaming.) [HKLM][64Bits] -- PartyPoker => Casino.OnlineGames
O43 - CFD: 21/08/2012 - 21:00:48 - [319,999] ----D C:\Users\Pierre Cardoso\AppData\Roaming\thriXXX => thriXXX Game

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKCU\Software\PartyGaming] => Casino.OnlineGames
[HKCU\Software\Casino] => Online Games Casino
[HKCU\Software\Poker 770] => Infection BT (Adware.Casino)
[HKLM\Software\Wow6432Node\Poker 770] => Infection BT (Adware.Casino)
[HKLM\Software\Wow6432Node\Trymedia Systems] => Infection BT (Adware.Trymedia)

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />

|- Clique no menu,"Paste ClipBoard".

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acerMAbC.jpg&key=8f6573385f94e5beff1160ce0a8e6778a7b84bd7dbdcfdd2ee7c4058d85bf88a" alt="acerMAbC.jpg" />

|- Clique "GO" -> Oui.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

OBS: Durante a execução do ZHPFIX, ele tentou desinstalar o Party Poker, pedindo a minha permissão. Eu cancelei a desinstalação, pois este é um software de poker que utilizo com frequencia.

ZHPFIX

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012
Fichier d'export Registre :
Run by Pierre Cardoso at 14/01/2013 20:24:57
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Web site : http://nicolascoolman.skyrock.com/

========== Software ==========
NOT FOUND Uninstall Process: c:\programs\partygaming\partypoker\uninstall\setup.exe

========== Memory Module ==========
DELETED Memory Module: C:\Program Files (x86)\RarExt.dll
DELETE on Reboot Memory Module: C:\Program Files (x86)\RarExt64.dll

========== Registry Key ==========
DELETED [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker]
DELETED Key: CLSID BHO: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
DELETED Key: CLSID BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA}
DELETED Key: CLSID BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
DELETED Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}
DELETED Key: CLSID BHO: {9FDDE16B-836F-4806-AB1F-1455CBEFF289}
DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}
DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
DELETED Key: HKCU\Software\PartyGaming
DELETED Key: HKCU\Software\Casino
DELETED Key: HKCU\Software\Poker 770
DELETED Key: HKLM\Software\Wow6432Node\Poker 770
DELETED Key: HKLM\Software\Wow6432Node\Trymedia Systems

========== Registry Value ==========
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (None) : {4F12DE93-10A8-4515-8618-59A3D0B90BFD}

========== Registry Data Items ==========
REMOVED R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
REPLACED Value NoActiveDesktopChanges : Good (0) - Bad (1)

========== Repertory ==========
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Roaming\thriXXX
NOT FOUND C:\Users\Pierre Cardoso\AppData\Local\Dados de aplicativos
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\FullTiltPoker
NOT FOUND C:\Users\Pierre Cardoso\AppData\Local\Histórico
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\PokerStars
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\Programs
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0091A2E7-0971-482C-A5FC-F07BFE08D1E5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{00D2FD21-2A61-428E-BE84-9513691EB032}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{00DB1D73-A586-421A-91E2-3848A3B0A10C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{031905E7-AC97-43F9-AE13-58D206D9498C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{04291BC0-BE89-4E4B-83C1-7024BACBC0E1}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{04C6DD8C-C2DC-4A28-AE25-01FD515D69DE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{065910BE-6984-441E-8916-811A7C9869FF}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{06EDF620-55DE-46EE-8B78-4A929B720CD3}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{06F614E7-FDEE-451F-9861-A4480A7C3B80}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0810AAB6-EE08-4781-960D-630714607BAC}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0A0A36D9-FA34-4894-AD04-D52242503CD6}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0DECF802-E8DB-4B65-830C-24D84B419E3F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0E2198D5-02E5-4480-94E5-36D646988C21}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0E41F5F0-34F9-45A9-8436-B64BFE304396}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0F44F495-161A-4AA8-BE76-9A6CD7A3F63D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0F8283DD-4EDF-4199-B0C9-E4BE638A850F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{114BF347-EA2A-460D-9521-E2CE29DFE998}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{12235B16-4096-4BAB-B38B-8588ECEC541B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{138D6BD6-B7F8-462A-8744-F3F83794BF69}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{14ED7352-7BCB-4CCE-9330-A4016A03DB7D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{16E04024-ED47-4B8A-99AC-BCAACFD3298E}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{192D1658-C8C9-4F28-8F08-4A0548E6DB94}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{1B4AFB0A-4E9F-45B7-B0E8-11ED2378AB38}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{1D49E668-531D-43B8-8F75-F5A5C6016C18}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{1F5D0467-DC0D-4B73-8450-256DFC0E3AA5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{21372A0D-A342-45B2-9946-9F2EF3D19B8B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{24312612-A016-453E-B6B7-7CED956082D7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{246EA99D-5AE8-408A-8DCF-F79CE3A1DEC0}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2637B2AE-3362-4C35-8755-4EFBE5BAA444}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2711A741-4C29-444A-9AAA-DB0DF4052FAA}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{29076D4F-5E53-4EDA-8346-C970221DFF22}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2AA6FA13-B4CE-49B6-8097-157EAAD3B932}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2AE11B88-ADB9-48B2-8ADA-B941D44FF599}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2B8DFA56-8407-4B8E-B105-82EFACFD37E1}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2BCAF29A-26E6-40D1-A82F-4CE5E556F4D8}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2D132B2D-07FC-48FA-A6D3-543E8F43B80F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2D431F7F-A2D9-4C3E-9DD0-EA758C030956}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{31C93A52-6686-4586-BE51-7B3167CEBA14}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{355C85FB-4E7D-4E67-837B-FD3F0E77F172}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{35A2806B-DD0C-460F-B415-07242C28C135}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{3619D39C-EC52-4B66-94B5-184834C40A4B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{374FA224-42AC-4A0D-B269-98137D018F89}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{3844155F-017F-4589-85C8-1AB8955D6C95}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{39D781CE-2889-48EF-8554-14447A508AA2}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{3DEFAC8C-1723-4A71-A046-05AF576BB451}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{3EB99A65-6C71-4CF5-A3C2-A58B150BD778}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{407637B2-0920-4AD2-9A23-6A3F2D7D0F85}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{41BAA2ED-7425-4B23-A9D7-70A095EED1C3}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{4288A642-871B-4C95-9050-1F9B818802B2}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{42ACF3BE-D540-4017-8610-BA5E78E603ED}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{45404AF7-28DD-490D-9306-29F58B30A7B2}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{47078EBE-8B0B-493C-84B4-3462661CF88A}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{472436CD-EF9B-47B6-A81D-92160F99B303}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{47E04D9A-9A75-42E4-A1AD-F72AEFDFFDC7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{4E315EF5-8B49-484F-B726-9D5E49EDEE4B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{524CD6A2-F1CD-48FA-B889-768A421E308D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{55A3F59B-A6C5-4A7D-9BBE-408EE5105E52}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{55B1B23B-EF90-44C6-A52C-8661C0333983}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{5E3680DB-E3CD-400C-9503-A46673EBCB9D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{5F7A3402-F990-4BD8-80D2-40E99BAA18FE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{603D695A-5CC2-4C87-B3F8-AC5B6E2DD2AA}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{61F7EA32-1F6F-45A7-90D4-1CA0B772105F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{626924F7-190D-4E17-B309-008359DBD54B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{63E6F467-C347-4DC2-8805-61ED5BBF367D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{6A2EBB6E-9C49-4860-8134-3E6936FB68A9}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{6D094BF1-C6EE-4810-829B-F29E8D20561B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{6DE0399D-E891-440B-9A52-D85ECCE0EA8C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{6F0F9B45-F89D-4825-BA78-DC51BBBE6FAF}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{6FCB6F0E-5D89-42A9-99A4-01F5222A2E5B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{7072B282-F1A3-4532-8D14-4DF357DC88D0}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{70EC3DDB-BF5D-4CED-9785-97C14949BA6F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{726EC6BC-CA7B-402C-AB17-6E8C643BBD2E}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{72CB1170-1CC9-4272-B599-9A779381A28E}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{72DDBB59-AA3E-49DF-A2C8-60242184F848}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{76D94299-3272-40A5-85E7-1E40CF2EB3B7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{772D45B2-4BB2-4A5F-8BB0-7FBF3D894D3C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{789B4A55-DF4D-4F2C-812C-DCFD09DBEE07}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{7D320B71-ECDA-4540-9D35-79B4F33C7943}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{7F1EAFAD-3F53-4136-9959-4D1EC6D43E01}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8088ECCD-5926-47F9-BFB8-17B46D474E4D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8089E3D5-86B0-470F-BC5C-E409FCAB238C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8121C2A3-6A04-42D2-BF72-91CC5B9A810B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{813A8618-7BB2-427C-B526-3C5031543580}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8402E4FA-32BB-44B3-81B4-0A37F2F0B3CA}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{849008DB-391D-4681-B46A-6A193DA03E59}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{856BE007-BD7D-496C-9D9B-49A7BDCFF02C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{85ABED9C-4C68-4CFD-AB36-7D86001AC23F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{86F829F9-06BC-4F6C-92AF-149A599EADAD}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{87490657-330F-40C8-8986-F38C6CC70E7D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8A7A6D33-6BA7-4BF0-BE05-0D1F14DFD88F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8B183F21-AD27-444A-BEEF-06615E089978}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8BA2B858-9A25-419E-B988-09F8830D4F18}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8CD5DA0D-8A37-4B89-9F3D-843D37F51A74}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8CF52D74-EB33-4D26-B65E-461A24AEF051}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8CF91913-14E9-4057-AA14-1AF888510F70}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8D2C7832-35F5-43E3-B89E-46D25C93B564}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8F330DAD-9466-4C1B-81CC-0B44E80F189B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{91C5DD04-4311-4D3A-9D1D-810E49BA5115}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{96039A38-15AC-425F-B854-D20437C82746}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{9697AE7B-6A84-4376-AC40-D949D21BE922}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{98573A55-5F64-4745-A9A2-F7E1B0150749}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{994DEA9F-67C8-4411-89CE-D7971FE0E26F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{9AEE9B93-0078-4DE4-AB4A-1D518C058451}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{9B11504D-F7B9-4AE1-9353-4CF0B1D3F1A1}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{9E470798-D379-4004-AAA2-EF9496D6BB82}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{9E76F6EF-958E-4457-B693-6C406556B454}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A1B06A4C-785F-4FBD-8CB2-184CAFB6E368}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A23D03F9-962E-4E33-A5EB-DA8B38E5C2C5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A2CFE8E9-7EE1-45BB-85F3-5B1A1D5D7BCE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A38BA368-19AA-4879-8466-4DC3A822E04C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A58571D7-253A-4DAF-8647-56A8BE316393}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A671ABF3-13B7-4DFB-A647-F8E15CE8DB97}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A6D6B249-E849-458F-8DE0-703C376B9DDE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A79EE237-FDD6-4A13-BABB-9299382EA5B8}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A85D21BF-0623-4C50-B126-F893FE99E226}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A9951178-7C16-4EA8-A5AF-B6F2068FC9C5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{AACE360C-6E97-4853-BA4F-9B63ADA298C4}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{AD2E9639-27A3-4F04-8E5A-4A8818F95A46}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{AD4A4992-8112-490C-94B3-61A34AE9B434}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{ADA9F19C-320B-4001-9A91-1297BDF98AE6}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{AF1D5D09-5F9E-4C81-A120-5073DBEB0573}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B01980CC-7AE1-40F9-9518-A0CE100EB5F4}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B036D42C-9C2C-4372-81DE-7BC15F076CEF}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B0B2B69D-4F78-4BA6-B622-F20222816556}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B210EA40-65C4-446C-B90F-29436CD79DD6}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B26F065B-1491-473C-ABB9-01BE86084171}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B277DE6B-022A-499D-96F8-1E5A812EF248}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B38FC7A4-C9EB-4EC2-8F8C-77BF99F7369F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B41854B7-F63C-4B9A-A4CB-FDF7243058C8}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B66C517F-B3CC-49A4-80C6-73E349FA7DD3}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B6F73967-4986-4A48-A26A-7D4C691F06FF}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B8840DD6-F134-42F2-AE4C-7D380A6675B9}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BA3BD388-7CF8-4034-A0B5-9DDD47B4915C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BD45E266-0520-4D4C-9DC9-4E89798C566C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BD52FAF1-F41B-402F-9A6F-CD4E9BC27E2C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BD7578AC-25A7-460D-83B6-BA6E2B965B1E}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BE7A79B1-246F-486D-9B30-6982000791E0}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BF0BE878-2663-4AF0-BD6F-1C0DF491FE17}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{C18CA116-F8B8-45C8-A195-277309DAB1BE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{C38D91EA-137B-4FCD-B282-686A22C690EB}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{C4D2FB53-5E0B-4C00-A5AB-1BB7AC29C566}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{C6207C3C-ECEA-40FB-A10A-4C593002CA72}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{C9208414-EB47-436D-814A-A5B029AF884B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{CB094908-0662-4C93-8A6F-AE5661F78F52}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{CC38E41D-A989-4428-9012-79F1500F19C7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{CC52CEED-934E-4679-815E-9DAF37608193}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{CE7C25C5-24EB-4144-9B0A-0A30315D32C8}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{D2B571CB-2C4F-4E48-A1B4-852E7A246888}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{D56B58BB-ACF4-4DF6-9E1D-B906362EA08C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{DA447542-1692-459F-A9F2-D449775F87D3}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{DAA843DF-1097-465E-9C08-6361098FBDD0}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{DCDAA926-B4C3-41DB-B3C1-D50712A1A346}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{DD8EC048-C5EA-45C8-A56E-6248CFF612C4}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{DF491C16-9713-4C20-8F01-3F2D5D871BC7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E059214F-C5BD-4D74-A3B5-C5AAC1ACFD86}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E07495DF-AA94-483B-91CC-FA64CBC911E5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E3F47DEF-C645-4D68-A1AE-83B1C6E5DFBE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E422C595-3094-4B4F-A5A6-8C996455275A}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E59A79FF-F678-4612-AEEC-FEBC5E0D8412}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E679F058-00E7-4563-8741-38D82C389C67}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E817D1A4-C7DB-4936-AEE9-AF603CD2002C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E9BD9041-9216-4D9C-9CEA-E3AED8E3BB25}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EA2F6D64-723B-4AB9-8B5B-3ADD23C7CED2}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EAE53AD2-1FCC-4506-A09B-04B205270E95}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EC30496F-FC65-446A-A7F8-2D6046911E61}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EE7CD037-A8C0-413E-9F19-B5E5D051A97B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EF53420B-59EA-47D5-86DD-5F323D7B17A5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EFF8D0E2-80FB-4CC4-A213-F3C370BD8CE6}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F09B08FD-7600-44DE-A7E0-0551C202ADC4}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F52603FA-F429-4798-9B84-40D619B47DCC}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F55425AB-2F9C-4D88-BD9A-C88EAAA7A71F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F5E22E1B-663A-46C6-92AF-8EFC222F7F26}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F6B6BB9F-2F14-4015-940E-81A9BFBCD301}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F712DE0A-5D17-4778-B4C1-6ACA1AD7A303}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F80E902C-5B5C-4605-B69B-C7AC6F8F5312}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F8655DAA-635B-48AE-A4FB-2104BAE6A4ED}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FA220960-7617-4A8E-811A-1C2AFF5E8AE6}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FA5E805C-AEF6-4D56-9F16-ADD6E9503EC5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FC8C50EE-401E-4806-9912-24A6DA29AFB7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FD18A2B3-D5DF-4FB2-8E9F-550CDD8DC9A3}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FD4363C5-641D-4D0F-B948-C691F11797DB}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FECBEA77-479C-4A6E-A178-A09B2B88D765}
DELETED Window Temporary:
DELETED Flash Cookies:

========== File ==========
DELETED File: c:\users\pierre cardoso\appdata\roaming\microsoft\internet explorer\quick launch\partypoker.lnk
DELETED File: c:\programs\partygaming\partygaming.exe
DELETED File: c:\program files (x86)\rarext.dll
DELETED Window Temporary:
DELETED Flash Cookies:

========== Task ==========
DELETED Task: {2FBE8D5E-E4B2-4626-9ECD-DC007CCBCE08}
DELETED Task: {97357085-0498-4C3B-8098-347E1CA2C80F}
DELETED Task: {9EBA07A6-BE43-447E-AC2D-04C1D415A519}
DELETED Task: {E0AC368C-7111-4909-8529-E489F527DA23}
DELETED Task: {EF7A9B34-053A-4139-89CE-2ABAD9E3300F}

========== Restoration ==========
Restore System Point created succefully

========== Summary ==========
2 : Memory Module
15 : Registry Key
9 : Registry Value
2 : Registry Data Items
190 : Repertory
5 : File
1 : Software
5 : Task
1 : Restoration

End of clean in 01mn 13s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 14/01/2013 20:24:57 [20567]

OBS: Durante a execução do ZHPFIX, ele tentou desinstalar o Party Poker, pedindo a minha permissão. Eu cancelei a desinstalação, pois este é um software de poker que utilizo com frequencia.

Ok! O mesmo ocorreria com o Bitlord,mas o removi do script.

-/-

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

|- Seus logs estão limpos!

|- Tudo Ok?

A+

O computador inicializou super rápido, em sua velocidade normal.

Porém aquele som estranhou tocou de novo. Ele só toca uma única vez, após eu entrar no desktop (após inserir login e senha). Ele toca quando está terminando de processar tudo após a inicialização.

Bom Dia! moicanofacul

|- Baixou,recentemente,o RealPlayer 10.30 ?
|- Desinstale-o e verifique se tudo voltou à normalidade.

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

|- Abra o HijackThis e dê Fix checked nestas entradas.
|- Caso a ferramenta tenha sido desinstalada pela OTL,baixe-a novamente.
|- Marque as entradas que encontrar,onde o ideal é que as remova "uma à uma",mas sempre observando qual entrada ao ser removida,sanou o problema.
|- Ps: Há que observar,que as entradas removidas podem ser restauradas pelo próprio HijackThis indo em “View the list of backup“.
|- Selecione as entradas à serem restauradas!
|- Clique em RESTORE -> Reinicie o computador!

A+

O RealPlayer que encontrei é a versão 15.0.6, que foi instalada dia 14/01. Porém eu não fiz essa instalação, deve ser atualização automática.

Devo então desinstalar essa versão e seguir esses passos?

>
O RealPlayer que encontrei é a versão 15.0.6, que foi instalada dia 14/01. Porém eu não fiz essa instalação, deve ser atualização automática.

Devo então desinstalar essa versão e seguir esses passos?

Olá!

|- Siga com a desinstalação e,à seguir,com o HijackThis.

A+

A desinstalação do RealPlayer resolveu o problema. Então não preciso fazer essas coisas no HiJackThis, ok?

>

A desinstalação do RealPlayer resolveu o problema. Então não preciso fazer essas coisas no HiJackThis, ok?

Bom Dia! moicanofacul

|- Ok! Pode abortar o Fix.

|- Bom trabalho!

A+

Muito obrigado!

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.