[Resolvido] &nbspSuspeita de note infectado

[keysha 0]

Olá, minha màe tem reclamado de lentidão no notebook e como ela andou baixando muitos programas, resolvi pedir a ajuda de vcs para fazer uma "investigaçao". Agradeço desde já!

 

Segue o log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:54:09, on 28/09/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Users\Particular\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateTutoriaisSlimbaHP.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Tuto4pc\tutoriaisslimba.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Windows\FixCamera.exe

C:\Windows\tsnp325.exe

C:\Windows\vsnp325.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\4shared Desktop\desktop.exe

C:\Program Files\TechSmith\Jing\Jing.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=abnew1&chnl=abnew1&cd=2XzutAtN2Y1L1QzutD0CyCtDyByCyEtD0BtDtDzyzzzztC0EtN0D0TzutBtDtCtBtDyDtBtB&cr=1129022581

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {71aaf484-0509-4b65-83cb-aeb0b93db128} - (no file)

R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: TutorialsBHO - {DDC198F3-88BB-431f-987C-F6E8760C9163} - C:\Program Files\Tuto4pc\TutoriaisSlimbaBHO.dll (file missing)

O2 - BHO: blekko search bar - {f4f99c6d-f390-4fbc-858b-1541f9113fd8} - C:\Program Files\blekkotb_001\blekkotb_019X.dll (file missing)

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll (file missing)

O3 - Toolbar: blekko search bar - {f4f99c6d-f390-4fbc-858b-1541f9113fd8} - C:\Program Files\blekkotb_001\blekkotb_019X.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

O4 - HKLM\..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"

O4 - HKLM\..\Run: [Tutorials] "C:\Program Files\Tuto4pc\tutoriaisslimba.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe

O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe

O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction

O4 - HKLM\..\Run: [tutoriaisup] "C:\Users\Particular\AppData\Local\tutoriaisup\tutoriaisup.exe"

O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [updateTutorialsHP] C:\Users\Particular\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateTutoriaisSlimbaHP.exe -runonce

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize

O4 - HKCU\..\Run: [Google Update] "C:\Users\Particular\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [4shared Desktop] "C:\Program Files\4shared Desktop\desktop.exe" "startup"

O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\jing.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files\4shared Desktop\Desktop.32/D_ALL_LINK

O8 - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files\4shared Desktop\Desktop.32/D_ONE_LINK

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5EFED50B-03B7-4E4E-B7E7-B79D3BCEFBA0}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\..\{6F0B37F8-A177-48D5-89FF-4050DEBAC90C}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS1\Services\Tcpip\..\{5EFED50B-03B7-4E4E-B7E7-B79D3BCEFBA0}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS2\Services\Tcpip\..\{5EFED50B-03B7-4E4E-B7E7-B79D3BCEFBA0}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: majt4pcbrslmba - Unknown owner - C:\Users\Particular\AppData\Local\majt4pcbrslmba\majt4pcbrslmba.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PCSpeedUp Service (PCSpeedUpService) - Speedchecker - C:\Program Files\Velocidade Do PC\PCSpeedUpService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

 

--

End of file - 11566 bytes

[wings 22]

Boa noite keysha

 

 

:seta: Baixe o AdwCleaner (...de Xplode) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Clique [Delete]

 

*Cole o relatório apresentado

 

 

:seta: Baixe o OTL (...de Old_Timer) e salve-o no Desktop (Área de Trabalho)

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

*Selecione:

Verificar All Users

Ignorar Arquivos Microsoft

Verificar Lop

Verificar Purity

 

*Cole as linhas, em marrom, no espaço abaixo de Exames Personalizados/Correções

regedit /e %USERPROFILE%\Desktop\registrybackup.reg /c

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

 

*Clique [Verificar]

 

 

*Ao término, os relatórios OTL.txt e Extras.txt serão criados no Desktop (Área de Trabalho)

 

 

:veja: Acesse este link

 

*Clique [selecionar arquivo]

 

*Localize o arquivo OTL.txt no Desktop (Área de Trabalho) e clique [Abrir]

 

*Clique [Envoyer le fichier]

 

*Cole o link criado abaixo de Fichier envoyé avec succés! Copiez votre lien :

 

*Repita o procedimento para o relatório Extras.txt e cole o link

[keysha 0]

# AdwCleaner v2.003 - Logfile created 09/29/2012 at 22:04:08

# Updated 23/09/2012 by Xplode

# Operating system : Windows 7 Home Premium (32 bits)

# User : Particular - WIN7

# Boot Mode : Normal

# Running from : C:\Users\Particular\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Users\Particular\AppData\Local\funmoods.crx

File Deleted : C:\Users\Particular\AppData\Local\funmoods-speeddial.crx

File Deleted : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\searchplugins\aol-web-search.xml

File Deleted : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\searchplugins\Conduit.xml

File Deleted : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\searchplugins\funmoods.xml

File Deleted : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\searchplugins\MyStart Search.xml

File Deleted : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\searchplugins\search.xml

File Deleted : C:\Windows\system32\conduitEngine.tmp

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\OApps

Folder Deleted : C:\Program Files\Tuto4pc

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\blekko toolbars

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\PARTIC~1\AppData\Local\Temp\{71aaf484-0509-4b65-83cb-aeb0b93db128}

Folder Deleted : C:\Users\PARTIC~1\AppData\Local\Temp\AskSearch

Folder Deleted : C:\Users\PARTIC~1\AppData\Local\Temp\avg@toolbar

Folder Deleted : C:\Users\PARTIC~1\AppData\Local\Temp\CT3032526

Folder Deleted : C:\Users\PARTIC~1\AppData\Local\Temp\Iminent

Folder Deleted : C:\Users\Particular\AppData\Local\APN

Folder Deleted : C:\Users\Particular\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Particular\AppData\Local\Conduit

Folder Deleted : C:\Users\Particular\AppData\Local\OpenCandy

Folder Deleted : C:\Users\Particular\AppData\Local\Tuto4pc

Folder Deleted : C:\Users\Particular\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\Particular\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Particular\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\ConduitCommon

Folder Deleted : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\CT3032526

Folder Deleted : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\extensions\{0e38f85e-eee9-426a-ae1c-60c36b729951}

Folder Deleted : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\extensions\{71aaf484-0509-4b65-83cb-aeb0b93db128}

Folder Deleted : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\WinampToolbarData

Folder Deleted : C:\Users\Particular\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Particular\AppData\Roaming\Tuto4pc

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\EoRezo

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\Iminent

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Tutorials

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\bho_project.bho_object

Key Deleted : HKLM\SOFTWARE\Classes\bho_project.bho_object.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\f

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr

Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3031819

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\EoRezo

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\Software\Tarma Installer

Key Deleted : HKLM\Software\Tuto4PC

Key Deleted : HKLM\Software\Tutorials

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Tutorials]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=abnew1&chnl=abnew1&cd=2XzutAtN2Y1L1QzutD0CyCtDyByCyEtD0BtDtDzyzzzztC0EtN0D0TzutBtDtCtBtDyDtBtB&cr=1129022581 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.iminent.com/?appId=d30228e4-f3ae-433f-8ba2-d9275aea1fb7&ref=homepage --> hxxp://www.google.com

 

-\\ Mozilla Firefox v10.0 (pt-PT)

 

Profile name : default

File : C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\prefs.js

 

C:\Users\Particular\AppData\Roaming\Mozilla\Firefox\Profiles\3krtazr6.default\user.js ... Deleted !

 

Deleted : user_pref("CT3032526..clientLogIsEnabled", false);

Deleted : user_pref("CT3032526..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3032526..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3032526.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3032526.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3032526.BrowserCompStateIsOpen_129525383195987936", true);

Deleted : user_pref("CT3032526.BrowserCompStateIsOpen_129682539436141311", true);

Deleted : user_pref("CT3032526.CT3032526", "CT3032526");

Deleted : user_pref("CT3032526.CurrentServerDate", "22-6-2012");

Deleted : user_pref("CT3032526.DSInstall", true);

Deleted : user_pref("CT3032526.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3032526.DialogsGetterLastCheckTime", "Tue Jun 19 2012 22:51:04 GMT-0300 (Hora oficial d[...]

Deleted : user_pref("CT3032526.DownloadReferralCookieData", "");

Deleted : user_pref("CT3032526.EMailNotifierPollDate", "Fri Apr 20 2012 19:53:31 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT3032526.FirstServerDate", "20-4-2012");

Deleted : user_pref("CT3032526.FirstTime", true);

Deleted : user_pref("CT3032526.FirstTimeFF3", true);

Deleted : user_pref("CT3032526.FixPageNotFoundErrors", true);

Deleted : user_pref("CT3032526.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3032526.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3032526.HPInstall", false);

Deleted : user_pref("CT3032526.HasUserGlobalKeys", true);

Deleted : user_pref("CT3032526.HomePageProtectorEnabled", false);

Deleted : user_pref("CT3032526.HomepageBeforeUnload", "hxxp://search.iminent.com/?appId=d30228e4-f3ae-433f-8ba[...]

Deleted : user_pref("CT3032526.Initialize", true);

Deleted : user_pref("CT3032526.InitializeCommonPrefs", true);

Deleted : user_pref("CT3032526.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT3032526.InstallationType", "Unknown");

Deleted : user_pref("CT3032526.InstalledDate", "Fri Apr 20 2012 17:25:58 GMT-0300 (Hora oficial do Brasil)");

Deleted : user_pref("CT3032526.InvalidateCache", false);

Deleted : user_pref("CT3032526.IsAlertDBUpdated", true);

Deleted : user_pref("CT3032526.IsGrouping", false);

Deleted : user_pref("CT3032526.IsInitSetupIni", true);

Deleted : user_pref("CT3032526.IsMulticommunity", false);

Deleted : user_pref("CT3032526.IsOpenThankYouPage", true);

Deleted : user_pref("CT3032526.IsOpenUninstallPage", true);

Deleted : user_pref("CT3032526.IsProtectorsInit", true);

Deleted : user_pref("CT3032526.LanguagePackLastCheckTime", "Thu Jun 21 2012 22:28:05 GMT-0300 (Hora oficial do[...]

Deleted : user_pref("CT3032526.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3032526.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3032526.LastLogin_3.12.0.7", "Thu Apr 26 2012 10:57:57 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT3032526.LastLogin_3.12.2.3", "Fri Jun 01 2012 18:57:13 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT3032526.LastLogin_3.13.0.6", "Thu Jun 21 2012 22:28:04 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT3032526.LatestVersion", "3.13.0.6");

Deleted : user_pref("CT3032526.Locale", "en");

Deleted : user_pref("CT3032526.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3032526.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3032526.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3032526.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT3032526.OriginalFirstVersion", "3.12.0.7");

Deleted : user_pref("CT3032526.RadioIsPodcast", false);

Deleted : user_pref("CT3032526.RadioLastCheckTime", "Fri Apr 20 2012 17:25:55 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT3032526.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT3032526.RadioLastUpdateServer", "129529753598500000");

Deleted : user_pref("CT3032526.RadioMediaID", "21894569");

Deleted : user_pref("CT3032526.RadioMediaType", "Media Player");

Deleted : user_pref("CT3032526.RadioMenuSelectedID", "EBRadioMenu_CT303252621894569");

Deleted : user_pref("CT3032526.RadioShrinkedFromSetup", false);

Deleted : user_pref("CT3032526.RadioStationName", "California%20Rock%20-%20Rock");

Deleted : user_pref("CT3032526.RadioStationURL", "hxxp://www.feedlive.net/california.asx");

Deleted : user_pref("CT3032526.SearchCaption", "VisualBeeCommunity Customized Web Search");

Deleted : user_pref("CT3032526.SearchEngineBeforeUnload", "VisualBeeCommunity Customized Web Search");

Deleted : user_pref("CT3032526.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3032526.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT303[...]

Deleted : user_pref("CT3032526.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3032526.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3032526.SearchInNewTabLastCheckTime", "Thu Jun 21 2012 22:28:01 GMT-0300 (Hora oficial [...]

Deleted : user_pref("CT3032526.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3032526.SearchProtectorEnabled", true);

Deleted : user_pref("CT3032526.SearchProtectorToolbarDisabled", true);

Deleted : user_pref("CT3032526.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT3032526.ServiceMapLastCheckTime", "Thu Jun 21 2012 22:28:01 GMT-0300 (Hora oficial do B[...]

Deleted : user_pref("CT3032526.SettingsLastCheckTime", "Thu Jun 21 2012 22:27:57 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT3032526.SettingsLastUpdate", "1339926570");

Deleted : user_pref("CT3032526.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3032526&SearchSource=13");

Deleted : user_pref("CT3032526.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT3032526.ThirdPartyComponentsLastCheck", "Fri Apr 20 2012 17:25:54 GMT-0300 (Hora oficia[...]

Deleted : user_pref("CT3032526.ThirdPartyComponentsLastUpdate", "1312887586");

Deleted : user_pref("CT3032526.ToolbarDisabled", true);

Deleted : user_pref("CT3032526.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT3032526.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3032526");

Deleted : user_pref("CT3032526.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3032526.UserID", "UN13231855681300841");

Deleted : user_pref("CT3032526.WeatherNetwork", "");

Deleted : user_pref("CT3032526.WeatherPollDate", "Fri Apr 20 2012 19:38:31 GMT-0300 (Hora oficial do Brasil)")[...]

Deleted : user_pref("CT3032526.WeatherUnit", "C");

Deleted : user_pref("CT3032526.alertChannelId", "1424103");

Deleted : user_pref("CT3032526.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e06cg5el8:", "6E6D6E6E6A6F72717178");

Deleted : user_pref("CT3032526.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473747470757877777E242F4B4947[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Deleted : user_pref("CT3032526.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Deleted : user_pref("CT3032526.backendstorage./9b-0?3g>d", "6D6E713D413E70767A7247454A20767A4B2125207D53242A20[...]

Deleted : user_pref("CT3032526.backendstorage./9b-0?3g@6:5;", "");

Deleted : user_pref("CT3032526.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]

Deleted : user_pref("CT3032526.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");

Deleted : user_pref("CT3032526.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D464[...]

Deleted : user_pref("CT3032526.backendstorage./9b5ba==9cjag", "6F6B716E717271727A7676717B7374794E4B4E4E23");

Deleted : user_pref("CT3032526.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6E6A6F7271716F787579");

Deleted : user_pref("CT3032526.backendstorage./9b9643g3/9e", "6A");

Deleted : user_pref("CT3032526.backendstorage./9b<:222h64<", "393F352F3E");

Deleted : user_pref("CT3032526.backendstorage./9b=+03eh8h8j?:", "4443");

Deleted : user_pref("CT3032526.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Deleted : user_pref("CT3032526.backendstorage./9b?b0d:8aj62<h", "6D");

Deleted : user_pref("CT3032526.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Deleted : user_pref("CT3032526.backendstorage.shoppingapp.gk.exipres", "5765642041707220323520323031322031373A[...]

Deleted : user_pref("CT3032526.backendstorage.shoppingapp.gk.geolocation", "6272617A696C");

Deleted : user_pref("CT3032526.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365");

Deleted : user_pref("CT3032526.components.1000234", true);

Deleted : user_pref("CT3032526.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3032526.globalFirstTimeInfoLastCheckTime", "Fri Apr 20 2012 17:25:56 GMT-0300 (Hora ofi[...]

Deleted : user_pref("CT3032526.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3032526.initDone", true);

Deleted : user_pref("CT3032526.isAppTrackingManagerOn", true);

Deleted : user_pref("CT3032526.isFirstRadioInstallation", false);

Deleted : user_pref("CT3032526.myStuffEnabled", true);

Deleted : user_pref("CT3032526.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3032526.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3032526.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3032526.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3032526.navigateToUrlOnSearch", false);

Deleted : user_pref("CT3032526.revertSettingsEnabled", true);

Deleted : user_pref("CT3032526.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3032526.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3032526.testingCtid", "");

Deleted : user_pref("CT3032526.toolbarAppMetaDataLastCheckTime", "Thu Jun 21 2012 22:28:04 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT3032526.toolbarContextMenuLastCheckTime", "Fri Apr 20 2012 17:25:59 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT3032526.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2233703&Search[...]

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "VisualBeeCommunity Customized Web Search,4shared.co[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2233703/CT2233703[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3032526/CT3032526[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1424103/1419758/BR", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/631527/627389/BR", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2233703", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3032526", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2233703",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3032526",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dfe[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Particular\\AppData\\Roaming\\Mozil[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com//?loc=ff_[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3032526");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3032526");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3032526");

Deleted : user_pref("CommunityToolbar.globalUserId", "fe32822f-9a4a-45eb-a6e1-e2111d60bda8");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2233703");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri May 25 2012 13:54:4[...]

Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun May 27 2012 14:46:05 GMT-030[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun May 27 2012 14:45:54 GMT-0300 (H[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "fb19100f-5536-4d90-89af-d59a8fd23775");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.iminent.com/?appId=d30228e4-f3ae-433f-[...]

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search");

Deleted : user_pref("aol_toolbar.surf.date", "23");

Deleted : user_pref("aol_toolbar.surf.lastDate", "13");

Deleted : user_pref("aol_toolbar.surf.lastMonth", "3");

Deleted : user_pref("aol_toolbar.surf.lastYear", "2011");

Deleted : user_pref("aol_toolbar.surf.month", "23");

Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");

Deleted : user_pref("aol_toolbar.surf.total", "23");

Deleted : user_pref("aol_toolbar.surf.week", "23");

Deleted : user_pref("aol_toolbar.surf.year", "23");

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");

Deleted : user_pref("backup.old.browser.startup.homepage", "hxxp://search.babylon.com/home?affID=108388&tt=140[...]

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=108388&tt=140612_dpl&babsrc=NT_def[...]

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "4shared.com Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&Sea[...]

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=108388&tt=14061[...]

Deleted : user_pref("extensions.funmoods.aflt", "abnew1");

Deleted : user_pref("extensions.funmoods.autoRvrt", false);

Deleted : user_pref("extensions.funmoods.dfltLng", "");

Deleted : user_pref("extensions.funmoods.dfltSrch", true);

Deleted : user_pref("extensions.funmoods.dnsErr", true);

Deleted : user_pref("extensions.funmoods.envrmnt", "production");

Deleted : user_pref("extensions.funmoods.excTlbr", false);

Deleted : user_pref("extensions.funmoods.hmpg", true);

Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=abnew1&chnl=abnew1&cd=2Xz[...]

Deleted : user_pref("extensions.funmoods.id", "ec6b881e0000000000000a607640b009");

Deleted : user_pref("extensions.funmoods.instlDay", "15482");

Deleted : user_pref("extensions.funmoods.instlRef", "abnew1");

Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);

Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=abnew1&chnl=abnew1&cd=2[...]

Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");

Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");

Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Deleted : user_pref("extensions.funmoods_i.newTab", true);

Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2222:54:9");

Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Bf654f698-6056-4dbf-a424-3a8b37d15550[...]

Deleted : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]

Deleted : user_pref("winamp_toolbar.firsttime.showwindow", false);

Deleted : user_pref("winamp_toolbar.guid", "{4EBD4983-244D-9B99-73E0-6942C70152B6}");

Deleted : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.14.1");

Deleted : user_pref("winamp_toolbar.metrics.activestampdate", "13");

Deleted : user_pref("winamp_toolbar.metrics.activestampmonth", "3");

Deleted : user_pref("winamp_toolbar.metrics.activestampyear", "2011");

Deleted : user_pref("winamp_toolbar.metrics.originalDate", "13");

Deleted : user_pref("winamp_toolbar.metrics.originalHours", "15");

Deleted : user_pref("winamp_toolbar.metrics.originalMinutes", "42");

Deleted : user_pref("winamp_toolbar.metrics.originalMonth", "4");

Deleted : user_pref("winamp_toolbar.metrics.originalSeconds", "13");

Deleted : user_pref("winamp_toolbar.metrics.originalYear", "2011");

Deleted : user_pref("winamp_toolbar.remote.publish.xml", "1302709335502");

Deleted : user_pref("winamp_toolbar.search.cid", "13-04-2011");

Deleted : user_pref("winamp_toolbar.search.instd", "20110413143107102");

Deleted : user_pref("winamp_toolbar.search.oid", "13-04-2011");

Deleted : user_pref("winamp_toolbar.search.populateoncomplete", false);

Deleted : user_pref("winamp_toolbar.search.searchtype", "web");

Deleted : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");

Deleted : user_pref("winamp_toolbar.skin.custom", true);

Deleted : user_pref("winamp_toolbar.upgrade.showwindow", false);

Deleted : user_pref("winamp_toolbar.winamp.appversion", "1");

Deleted : user_pref("winamp_toolbar.winamp.artist", "");

Deleted : user_pref("winamp_toolbar.winamp.button.focus", true);

Deleted : user_pref("winamp_toolbar.winamp.button.forward", true);

Deleted : user_pref("winamp_toolbar.winamp.button.open", true);

Deleted : user_pref("winamp_toolbar.winamp.button.pause", true);

Deleted : user_pref("winamp_toolbar.winamp.button.play", true);

Deleted : user_pref("winamp_toolbar.winamp.button.rewind", true);

Deleted : user_pref("winamp_toolbar.winamp.button.stop", false);

Deleted : user_pref("winamp_toolbar.winamp.button.volume", true);

Deleted : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");

Deleted : user_pref("winamp_toolbar.winamp.ticker.show", true);

Deleted : user_pref("winamp_toolbar.winamp.title", "-999999");

Deleted : user_pref("winamp_toolbar.winamp.tracklength", "-999999");

Deleted : user_pref("winamp_toolbar.winamp.tracktime", "-999999");

 

-\\ Google Chrome v22.0.1229.79

 

File : C:\Users\Particular\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://blekko.com/ws/?source=c6125cca&toolbarid=blekkotb_001&u=93EC8E3894E95BB32837774FE294D3E9&tbp=homepage", "hxxp://search.conduit.com/?ctid=CT2233703&SearchSource=48", "hxxp://search.babylon.com/home?affID=108388&tt=140612_dpl" ]

Deleted [l.51] : icon_url = "hxxps://isearch.avg.com/favicon.ico",

Deleted [l.54] : keyword = "isearch.avg.com",

Deleted [l.57] : search_url = "hxxps://isearch.avg.com/search?cid={84677D61-238B-486B-92D7-222ED068C2B8}&mid=6b22f1bbf0ea47d08ee3d156502dacb8-d18d6dbdeaa0af98d334e8fcb943e69270ee9c22〈=pt-br&ds=AVG&pr=fr&d=2012-06-30 01:50:04&v=12.2.5.32&sap=dsp&q={searchTerms}",

Deleted [l.2228] : urls_to_restore_on_startup = [ "hxxp://blekko.com/ws/?source=c6125cca&toolbarid=blekkotb_001&u=93EC8E3894E95BB32837774FE294D3E9&tbp=homepage", "hxxp://search.conduit.com/?ctid=CT2233703&SearchSource=48", "hxxp://search.babylon.com/home?affID=108388&tt=140612_dpl" ]

 

*************************

 

AdwCleaner[R1].txt - [44086 octets] - [29/09/2012 22:03:29]

AdwCleaner[s1].txt - [44900 octets] - [29/09/2012 22:04:08]

 

########## EOF - C:\AdwCleaner[s1].txt - [44961 octets] ##########

 

 

http://mydoc.tk/3/9077OTL.Txt

 

http://mydoc.tk/3/3230Extras.Txt

[wings 22]

:seta: Execute o AdwCleaner, clique [uninstall] > [sim]

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Cole as linhas em azul no espaço abaixo de Exames Personalizados/Correções

 

:OTL

O2 - BHO: (TutorialsBHO Class) - {DDC198F3-88BB-431f-987C-F6E8760C9163} - C:\Program Files\Tuto4pc\TutoriaisSlimbaBHO.dll File not found

O2 - BHO: (blekko search bar) - {f4f99c6d-f390-4fbc-858b-1541f9113fd8} - C:\Program Files\blekkotb_001\blekkotb_019X.dll File not found

O3 - HKLM\..\Toolbar: (blekko search bar) - {f4f99c6d-f390-4fbc-858b-1541f9113fd8} - C:\Program Files\blekkotb_001\blekkotb_019X.dll File not found

O4 - HKLM..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe" File not found

[2012/04/30 11:52:47 | 000,889,968 | ---- | C] (Babylon Ltd.) -- C:\Program Files\Babylon9_setup.exe

 

:Reg

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2AB3F646-0D68-B3C4-F2AF-7EAA366BA98D}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E29CF815-CF25-45B3-8228-388A70AB0AB5}]

 

:Commands

[emptytemp]

 

*Clique [Consertar]

 

 

*Clique [OK] para reiniciar o PC

 

 

*Cole o relatório criado em C:\_OTL\MovedFiles\mêsdiaano_horaminutossegundos.log

 

 

:seta: Instale o MalwareBytes

 

*Aguarde a atualização e o programa será aberto automaticamente

 

*Selecione [Verificação Rápida]

 

 

*Clique [Verificar] e selecione a partição onde o Windows está instalado ( geralmente C:\ )

 

*Clique [Verificar]

 

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

 

*Cole o relatório apresentado

 

 

:seta: Desinstale as versões antigas do Java:

 

Java 6 Update 31

Java 7 Update 6

[keysha 0]

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDC198F3-88BB-431f-987C-F6E8760C9163}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDC198F3-88BB-431f-987C-F6E8760C9163}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4f99c6d-f390-4fbc-858b-1541f9113fd8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4f99c6d-f390-4fbc-858b-1541f9113fd8}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f4f99c6d-f390-4fbc-858b-1541f9113fd8} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4f99c6d-f390-4fbc-858b-1541f9113fd8}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4shared Update deleted successfully.

C:\Program Files\Babylon9_setup.exe moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2AB3F646-0D68-B3C4-F2AF-7EAA366BA98D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AB3F646-0D68-B3C4-F2AF-7EAA366BA98D}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E29CF815-CF25-45B3-8228-388A70AB0AB5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E29CF815-CF25-45B3-8228-388A70AB0AB5}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Particular

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 174561646 bytes

->Java cache emptied: 48167906 bytes

->FireFox cache emptied: 73716626 bytes

->Google Chrome cache emptied: 442383079 bytes

->Flash cache emptied: 3089788 bytes

 

User: Public

 

User: Todos os Usuários

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 48343720 bytes

RecycleBin emptied: 9535587 bytes

 

Total Files Cleaned = 763,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 09302012_115920

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

 

Versão da Base de Dados: v2012.09.30.03

 

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Particular :: WIN7 [administrador]

 

Proteção: Permitir

 

30/09/2012 12:19:55

mbam-log-2012-09-30 (12-19-55).txt

 

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 202279

Tempo decorrido: 18 minuto(s), 8 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 3

C:\Users\Particular\AppData\Local\Temp\21625045.Uninstall\Uninstall.exe (PUP.Adware.Installcore) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Particular\Downloads\VideoConverterSetup.exe (PUP.Adware.Installcore) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Particular\Downloads\Wink.exe (PUP.AdBundler) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

[wings 22]

OK...o PC está limpo.

 

 

:seta: Execute o OTL. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Clique [Limpeza] > [OK]

 

*O PC será reiniciado

 

 

Um abraço.

[keysha 0]

Muito obrigada!

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.