Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

moicanofacul

[Resolvido] &nbspMensagem de erro e coisas estranhas

Recommended Posts

Prezados, ao chegar em casa, deparei-me com a seguinte mensagem de erro no computador (PS: deixo o pc ligado 24h):

http://img845.imageshack.us/img845/4904/errosg.jpg

 

Cliquei em OK e fui utilizar o Mozilla Firefox, porém toda vez que clicava no ícone, o Mozilla não abria e surgia novamente essa mesma mensagem de erro.

 

Reiniciei o computador. A inicialização demorou um pouco: depois de sumir a logo do windows, a tela ficou um tempo grande preta para aí sim surgir a tela de login e senha. Fiquei aguardando o pc terminar de carregar tudo, quando ouvi um som estranho, como se eu tivesse clicado 50 vezes num lugar proibido.

 

Ainda não percebi nenhum problema no pc, mas essa mensagem de erro, a demora na inicialização e o som estranho me deixaram preocupado. Segue log do HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:47:41, on 10/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Users\Pierre Cardoso\Desktop\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=Userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F91A47DD-2831-4021-A2F9-94A55DAB31FD}: NameServer = 200.222.145.84 200.222.123.102

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12397 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! moicanofacul

 

|- Baixe: < adwcleaner_logo.jpg > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

AdwCleaner_Delete.jpg

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

 

|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar ou Executar_Administrador.jpg

|- Copie estas informações que no Code,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{60973e1d-3660-4012-856a-97a92f467003}]
"LastModified"=hex(B)/>/>:b7,94,f1,01,52,26,ca,01
"Description"="Disable Avira PopUp"
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"

:Commands 
[CLEARALLRESTOREPOINTS]
[purity] 
[emptytemp] 
[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

OTL_RunFix.jpg

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Só após passar o OTL, a inicialização se deu normalmente e o som estranho não aconteceu.

 

Quando o AdwCleaner reiniciou o pc, ambos os fatos haviam se repetido.

 

AdwCleaner

# AdwCleaner v2.105 - Logfile created 01/11/2013 at 18:57:18

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Pierre Cardoso - PIERRECARDOSO

# Boot Mode : Normal

# Running from : C:\Users\Pierre Cardoso\Desktop\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files (x86)\Uninstall.exe

Folder Deleted : C:\ProgramData\Trymedia

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\86959c0847998342f5f648c12664ca16

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16457

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v18.0 (pt-BR)

 

File : C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\prefs.js

 

C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\hawbr6lm.default\user.js ... Deleted !

 

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

 

*************************

 

AdwCleaner[s1].txt - [2380 octets] - [11/01/2013 18:57:18]

 

########## EOF - C:\AdwCleaner[s1].txt - [2440 octets] ##########

 

 

OTL

All processes killed

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{60973e1d-3660-4012-856a-97a92f467003}\\"LastModified"|hex(B)/>/>/>:b7,94,f1,01,52,26,ca,01 /E :invalid edit format. Invalid data type.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{60973e1d-3660-4012-856a-97a92f467003}\\"Description"|"Disable Avira PopUp" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{60973e1d-3660-4012-856a-97a92f467003}\\"SaferFlags"|dword:00000000 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{60973e1d-3660-4012-856a-97a92f467003}\\"ItemData"|"C:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe" /E : value set successfully!

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Pierre Cardoso

->Temp folder emptied: 3569039 bytes

->Temporary Internet Files folder emptied: 30471030 bytes

->Java cache emptied: 479339 bytes

->FireFox cache emptied: 71317309 bytes

->Flash cache emptied: 1574 bytes

 

User: Public

 

User: Todos os Usuários

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 33940518 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 133,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 01112013_190611

 

Files\Folders moved on Reboot...

C:\Users\Pierre Cardoso\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! moicanofacul

 

|- Baixe: < 1268r49.png > ( ... de Thisisu )

|- Salve-o no desktop!

|- Para Windows 7,clique direito em JRT.exe e execute-o como Executar_Administrador.jpg

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

 

|- Baixe: < ZHPDiag_Silent.jpg > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como Executar_Administrador.jpg

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

 

ZHPDiag_4cones.jpg

 

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

 

abi6rX9e.jpg

 

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

 

|- Ou acesse: Cjoint_Logo.jpg

 

|- Ou acesse: abmdaZsE.jpg

 

|- Maiores informações: < |Link| >

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows 7 Home Premium x64
Ran by Pierre Cardoso on 11/01/2013 at 23:12:38,14
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Pierre Cardoso\AppData\Roaming\mozilla\firefox\profiles\hawbr6lm.default\invalidprefs.js
Emptied folder: C:\Users\Pierre Cardoso\AppData\Roaming\mozilla\firefox\profiles\hawbr6lm.default\minidumps [258 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/01/2013 at 23:17:52,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Quanto ao link eu postei ele antes do site ficar fora do ar. Porém a minha resposta sumiu.

 

Como faço pra resgatar esse link?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Acho que encontrei! É esse o arquivo? http://cjoint.com/13jv/CAokvH5vTY0.htm

Bom Dia! moicanofacul

 

|- O link de envio está correto!

 

-/-

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_silent_zps532d2db6.jpg

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

 

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com    => Live Search Mozilla
O2 - BHO: (no name) [64Bits] - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Orphean Key
O2 - BHO: (no name) [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key     
O2 - BHO: (no name) [64Bits] - {3049C3E9-B461-4BC5-8870-4C09146192CA} Orphean Key     
O2 - BHO: (no name) [64Bits] - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} Orphean Key     
O2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key     
O2 - BHO: (no name) [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key     
O2 - BHO: (no name) [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} Orphean Key     
O2 - BHO: (no name) [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} Orphean Key     
O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key     
O4 - Global Startup: C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PartyPoker.lnk . (...)  -- C:\Programs\PartyGaming\PartyGaming.exe
[MD5.00000000000000000000000000000000] [APT] [{2FBE8D5E-E4B2-4626-9ECD-DC007CCBCE08}] (...) -- C:\Users\Pierre Cardoso\Desktop\Flash_Disinfector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{97357085-0498-4C3B-8098-347E1CA2C80F}] (...) -- C:\Users\Pierre Cardoso\Desktop\WWParty\RegSetup.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{9EBA07A6-BE43-447E-AC2D-04C1D415A519}] (...) -- J:\MEDICINA\Medicina Battlefield 3 Repack.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{E0AC368C-7111-4909-8529-E489F527DA23}] (...) -- C:\Users\Pierre Cardoso\Downloads\7z465.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{EF7A9B34-053A-4139-89CE-2ABAD9E3300F}] (...) -- C:\Users\Pierre Cardoso\Downloads\ps2pdf995.exe (.not file.)
[MD5.906ADA62693EC894B1439E98E3FD56B6] [SPRF][17/02/2012] (...) -- C:\Program Files (x86)\RarExt.dll   [166912]    => Infection BT (Spyware.OnlineGames)
[MD5.8C458DC9E7DC6EC0DC5F24C999AFA4C7] [SPRF][17/02/2012] (...) -- C:\Program Files (x86)\RarExt64.dll   [193536]    => Infection BT (Spyware.OnlineGames)
O42 - Logiciel: PartyPoker - (.PartyGaming.) [HKLM][64Bits] -- PartyPoker    => Casino.OnlineGames
O43 - CFD: 21/08/2012 - 21:00:48 - [319,999] ----D C:\Users\Pierre Cardoso\AppData\Roaming\thriXXX    => thriXXX Game
O43 - CFD: 01/07/2010 - 22:03:40 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\Dados de aplicativos
O43 - CFD: 11/11/2012 - 17:28:45 - [0,971] ----D C:\Users\Pierre Cardoso\AppData\Local\FullTiltPoker    => FullTiltPoker
O43 - CFD: 01/07/2010 - 22:03:40 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\Histórico
O43 - CFD: 04/11/2011 - 17:57:22 - [3,293] ----D C:\Users\Pierre Cardoso\AppData\Local\PokerStars
O43 - CFD: 28/12/2012 - 00:34:35 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\Programs
O43 - CFD: 11/06/2012 - 17:17:31 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{0091A2E7-0971-482C-A5FC-F07BFE08D1E5}
O43 - CFD: 06/07/2012 - 05:48:11 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{00D2FD21-2A61-428E-BE84-9513691EB032}
O43 - CFD: 16/07/2012 - 17:35:51 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{00DB1D73-A586-421A-91E2-3848A3B0A10C}
O43 - CFD: 12/08/2012 - 10:07:12 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{031905E7-AC97-43F9-AE13-58D206D9498C}
O43 - CFD: 12/07/2012 - 17:44:40 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{04291BC0-BE89-4E4B-83C1-7024BACBC0E1}
O43 - CFD: 08/08/2012 - 09:59:48 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{04C6DD8C-C2DC-4A28-AE25-01FD515D69DE}
O43 - CFD: 02/06/2012 - 17:03:05 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{065910BE-6984-441E-8916-811A7C9869FF}
O43 - CFD: 31/07/2012 - 00:03:59 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{06EDF620-55DE-46EE-8B78-4A929B720CD3}
O43 - CFD: 24/07/2012 - 11:51:52 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{06F614E7-FDEE-451F-9861-A4480A7C3B80}
O43 - CFD: 01/08/2012 - 21:53:48 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{0810AAB6-EE08-4781-960D-630714607BAC}
O43 - CFD: 09/07/2012 - 12:30:38 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{0A0A36D9-FA34-4894-AD04-D52242503CD6}
O43 - CFD: 11/07/2012 - 17:43:05 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{0DECF802-E8DB-4B65-830C-24D84B419E3F}
O43 - CFD: 27/07/2012 - 11:59:36 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{0E2198D5-02E5-4480-94E5-36D646988C21}
O43 - CFD: 04/06/2012 - 05:04:19 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{0E41F5F0-34F9-45A9-8436-B64BFE304396}
O43 - CFD: 07/07/2012 - 18:05:55 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{0F44F495-161A-4AA8-BE76-9A6CD7A3F63D}
O43 - CFD: 15/07/2012 - 05:31:44 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{0F8283DD-4EDF-4199-B0C9-E4BE638A850F}
O43 - CFD: 21/09/2012 - 11:43:04 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{114BF347-EA2A-460D-9521-E2CE29DFE998}
O43 - CFD: 20/07/2012 - 17:43:13 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{12235B16-4096-4BAB-B38B-8588ECEC541B}
O43 - CFD: 06/06/2012 - 05:07:58 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{138D6BD6-B7F8-462A-8744-F3F83794BF69}
O43 - CFD: 12/07/2012 - 05:43:30 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{14ED7352-7BCB-4CCE-9330-A4016A03DB7D}
O43 - CFD: 25/06/2012 - 17:29:43 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{16E04024-ED47-4B8A-99AC-BCAACFD3298E}
O43 - CFD: 03/08/2012 - 21:55:41 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{192D1658-C8C9-4F28-8F08-4A0548E6DB94}
O43 - CFD: 12/08/2012 - 22:09:28 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{1B4AFB0A-4E9F-45B7-B0E8-11ED2378AB38}
O43 - CFD: 07/06/2012 - 05:08:48 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{1D49E668-531D-43B8-8F75-F5A5C6016C18}
O43 - CFD: 20/06/2012 - 17:22:45 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{1F5D0467-DC0D-4B73-8450-256DFC0E3AA5}
O43 - CFD: 10/08/2012 - 10:02:50 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{21372A0D-A342-45B2-9946-9F2EF3D19B8B}
O43 - CFD: 02/08/2012 - 09:54:02 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{24312612-A016-453E-B6B7-7CED956082D7}
O43 - CFD: 10/07/2012 - 00:32:19 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{246EA99D-5AE8-408A-8DCF-F79CE3A1DEC0}
O43 - CFD: 21/07/2012 - 05:43:51 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{2637B2AE-3362-4C35-8755-4EFBE5BAA444}
O43 - CFD: 28/06/2012 - 05:33:32 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{2711A741-4C29-444A-9AAA-DB0DF4052FAA}
O43 - CFD: 04/06/2012 - 17:04:43 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{29076D4F-5E53-4EDA-8346-C970221DFF22}
O43 - CFD: 07/06/2012 - 17:09:13 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{2AA6FA13-B4CE-49B6-8097-157EAAD3B932}
O43 - CFD: 15/07/2012 - 17:33:26 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{2AE11B88-ADB9-48B2-8ADA-B941D44FF599}
O43 - CFD: 30/06/2012 - 05:35:11 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{2B8DFA56-8407-4B8E-B105-82EFACFD37E1}
O43 - CFD: 31/07/2012 - 21:52:13 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{2BCAF29A-26E6-40D1-A82F-4CE5E556F4D8}
O43 - CFD: 14/06/2012 - 05:15:03 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{2D132B2D-07FC-48FA-A6D3-543E8F43B80F}
O43 - CFD: 07/07/2012 - 05:50:16 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{2D431F7F-A2D9-4C3E-9DD0-EA758C030956}
O43 - CFD: 09/06/2012 - 05:11:40 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{31C93A52-6686-4586-BE51-7B3167CEBA14}
O43 - CFD: 06/08/2012 - 21:58:05 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{355C85FB-4E7D-4E67-837B-FD3F0E77F172}
O43 - CFD: 10/07/2012 - 12:32:47 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{35A2806B-DD0C-460F-B415-07242C28C135}
O43 - CFD: 14/06/2012 - 17:15:52 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{3619D39C-EC52-4B66-94B5-184834C40A4B}
O43 - CFD: 30/06/2012 - 17:35:36 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{374FA224-42AC-4A0D-B269-98137D018F89}
O43 - CFD: 31/05/2012 - 05:00:59 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{3844155F-017F-4589-85C8-1AB8955D6C95}
O43 - CFD: 07/08/2012 - 09:58:41 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{39D781CE-2889-48EF-8554-14447A508AA2}
O43 - CFD: 18/07/2012 - 05:39:23 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{3DEFAC8C-1723-4A71-A046-05AF576BB451}
O43 - CFD: 19/07/2012 - 05:41:26 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{3EB99A65-6C71-4CF5-A3C2-A58B150BD778}
O43 - CFD: 17/12/2012 - 19:25:02 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{407637B2-0920-4AD2-9A23-6A3F2D7D0F85}
O43 - CFD: 13/06/2012 - 05:11:20 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{41BAA2ED-7425-4B23-A9D7-70A095EED1C3}
O43 - CFD: 23/07/2012 - 11:50:11 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{4288A642-871B-4C95-9050-1F9B818802B2}
O43 - CFD: 26/07/2012 - 23:57:19 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{42ACF3BE-D540-4017-8610-BA5E78E603ED}
O43 - CFD: 06/06/2012 - 17:08:23 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{45404AF7-28DD-490D-9306-29F58B30A7B2}
O43 - CFD: 25/06/2012 - 17:29:32 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{47078EBE-8B0B-493C-84B4-3462661CF88A}
O43 - CFD: 26/07/2012 - 11:56:32 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{472436CD-EF9B-47B6-A81D-92160F99B303}
O43 - CFD: 10/06/2012 - 17:14:09 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{47E04D9A-9A75-42E4-A1AD-F72AEFDFFDC7}
O43 - CFD: 22/07/2012 - 11:47:23 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{4E315EF5-8B49-484F-B726-9D5E49EDEE4B}
O43 - CFD: 30/05/2012 - 03:50:57 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{524CD6A2-F1CD-48FA-B889-768A421E308D}
O43 - CFD: 18/08/2012 - 10:23:32 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{55A3F59B-A6C5-4A7D-9BBE-408EE5105E52}
O43 - CFD: 11/08/2012 - 22:05:58 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{55B1B23B-EF90-44C6-A52C-8661C0333983}
O43 - CFD: 03/07/2012 - 05:39:40 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{5E3680DB-E3CD-400C-9503-A46673EBCB9D}
O43 - CFD: 28/07/2012 - 12:00:24 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{5F7A3402-F990-4BD8-80D2-40E99BAA18FE}
O43 - CFD: 21/07/2012 - 05:43:40 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{603D695A-5CC2-4C87-B3F8-AC5B6E2DD2AA}
O43 - CFD: 22/06/2012 - 05:24:01 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{61F7EA32-1F6F-45A7-90D4-1CA0B772105F}
O43 - CFD: 05/06/2012 - 17:07:34 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{626924F7-190D-4E17-B309-008359DBD54B}
O43 - CFD: 04/08/2012 - 21:56:29 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{63E6F467-C347-4DC2-8805-61ED5BBF367D}
O43 - CFD: 30/07/2012 - 00:02:02 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{6A2EBB6E-9C49-4860-8134-3E6936FB68A9}
O43 - CFD: 15/08/2012 - 22:17:43 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{6D094BF1-C6EE-4810-829B-F29E8D20561B}
O43 - CFD: 25/07/2012 - 23:56:17 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{6DE0399D-E891-440B-9A52-D85ECCE0EA8C}
O43 - CFD: 22/07/2012 - 23:48:24 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{6F0F9B45-F89D-4825-BA78-DC51BBBE6FAF}
O43 - CFD: 04/07/2012 - 05:41:14 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{6FCB6F0E-5D89-42A9-99A4-01F5222A2E5B}
O43 - CFD: 07/07/2012 - 18:08:01 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{7072B282-F1A3-4532-8D14-4DF357DC88D0}
O43 - CFD: 19/07/2012 - 17:42:04 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{70EC3DDB-BF5D-4CED-9785-97C14949BA6F}
O43 - CFD: 18/07/2012 - 17:39:50 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{726EC6BC-CA7B-402C-AB17-6E8C643BBD2E}
O43 - CFD: 28/07/2012 - 00:00:00 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{72CB1170-1CC9-4272-B599-9A779381A28E}
O43 - CFD: 03/07/2012 - 17:40:05 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{72DDBB59-AA3E-49DF-A2C8-60242184F848}
O43 - CFD: 11/07/2012 - 00:34:22 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{76D94299-3272-40A5-85E7-1E40CF2EB3B7}
O43 - CFD: 22/06/2012 - 17:25:45 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{772D45B2-4BB2-4A5F-8BB0-7FBF3D894D3C}
O43 - CFD: 16/07/2012 - 05:33:54 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{789B4A55-DF4D-4F2C-812C-DCFD09DBEE07}
O43 - CFD: 16/08/2012 - 10:18:14 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{7D320B71-ECDA-4540-9D35-79B4F33C7943}
O43 - CFD: 13/06/2012 - 17:13:12 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{7F1EAFAD-3F53-4136-9959-4D1EC6D43E01}
O43 - CFD: 12/07/2012 - 17:44:29 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8088ECCD-5926-47F9-BFB8-17B46D474E4D}
O43 - CFD: 05/07/2012 - 17:47:47 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8089E3D5-86B0-470F-BC5C-E409FCAB238C}
O43 - CFD: 26/06/2012 - 17:30:44 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8121C2A3-6A04-42D2-BF72-91CC5B9A810B}
O43 - CFD: 20/06/2012 - 05:22:21 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{813A8618-7BB2-427C-B526-3C5031543580}
O43 - CFD: 21/07/2012 - 23:46:34 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8402E4FA-32BB-44B3-81B4-0A37F2F0B3CA}
O43 - CFD: 15/12/2012 - 07:28:44 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{849008DB-391D-4681-B46A-6A193DA03E59}
O43 - CFD: 23/06/2012 - 05:26:11 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{856BE007-BD7D-496C-9D9B-49A7BDCFF02C}
O43 - CFD: 09/08/2012 - 22:01:16 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{85ABED9C-4C68-4CFD-AB36-7D86001AC23F}
O43 - CFD: 29/07/2012 - 00:00:48 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{86F829F9-06BC-4F6C-92AF-149A599EADAD}
O43 - CFD: 06/08/2012 - 21:57:54 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{87490657-330F-40C8-8986-F38C6CC70E7D}
O43 - CFD: 28/06/2012 - 17:33:56 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8A7A6D33-6BA7-4BF0-BE05-0D1F14DFD88F}
O43 - CFD: 30/05/2012 - 03:50:46 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8B183F21-AD27-444A-BEEF-06615E089978}
O43 - CFD: 01/06/2012 - 05:01:50 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8BA2B858-9A25-419E-B988-09F8830D4F18}
O43 - CFD: 14/08/2012 - 10:11:52 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8CD5DA0D-8A37-4B89-9F3D-843D37F51A74}
O43 - CFD: 13/08/2012 - 22:11:26 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8CF52D74-EB33-4D26-B65E-461A24AEF051}
O43 - CFD: 08/06/2012 - 17:11:03 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8CF91913-14E9-4057-AA14-1AF888510F70}
O43 - CFD: 01/08/2012 - 09:52:38 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8D2C7832-35F5-43E3-B89E-46D25C93B564}
O43 - CFD: 01/07/2012 - 05:36:07 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{8F330DAD-9466-4C1B-81CC-0B44E80F189B}
O43 - CFD: 13/07/2012 - 17:29:51 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{91C5DD04-4311-4D3A-9D1D-810E49BA5115}
O43 - CFD: 17/08/2012 - 22:23:08 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{96039A38-15AC-425F-B854-D20437C82746}
O43 - CFD: 11/07/2012 - 00:34:33 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{9697AE7B-6A84-4376-AC40-D949D21BE922}
O43 - CFD: 02/08/2012 - 09:54:13 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{98573A55-5F64-4745-A9A2-F7E1B0150749}
O43 - CFD: 04/08/2012 - 09:56:05 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{994DEA9F-67C8-4411-89CE-D7971FE0E26F}
O43 - CFD: 27/06/2012 - 17:33:09 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{9AEE9B93-0078-4DE4-AB4A-1D518C058451}
O43 - CFD: 19/06/2012 - 17:21:41 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{9B11504D-F7B9-4AE1-9353-4CF0B1D3F1A1}
O43 - CFD: 30/05/2012 - 17:00:07 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{9E470798-D379-4004-AAA2-EF9496D6BB82}
O43 - CFD: 05/08/2012 - 09:56:52 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{9E76F6EF-958E-4457-B693-6C406556B454}
O43 - CFD: 08/06/2012 - 05:10:36 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{A1B06A4C-785F-4FBD-8CB2-184CAFB6E368}
O43 - CFD: 05/08/2012 - 21:57:16 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{A23D03F9-962E-4E33-A5EB-DA8B38E5C2C5}
O43 - CFD: 15/08/2012 - 10:12:30 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{A2CFE8E9-7EE1-45BB-85F3-5B1A1D5D7BCE}
O43 - CFD: 05/07/2012 - 05:45:31 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{A38BA368-19AA-4879-8466-4DC3A822E04C}
O43 - CFD: 19/06/2012 - 05:21:15 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{A58571D7-253A-4DAF-8647-56A8BE316393}
O43 - CFD: 07/08/2012 - 21:59:24 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{A671ABF3-13B7-4DFB-A647-F8E15CE8DB97}
O43 - CFD: 17/07/2012 - 17:37:52 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{A6D6B249-E849-458F-8DE0-703C376B9DDE}
O43 - CFD: 14/07/2012 - 17:31:20 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{A79EE237-FDD6-4A13-BABB-9299382EA5B8}
O43 - CFD: 23/06/2012 - 17:28:04 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{A85D21BF-0623-4C50-B126-F893FE99E226}
O43 - CFD: 09/07/2012 - 00:30:13 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{A9951178-7C16-4EA8-A5AF-B6F2068FC9C5}
O43 - CFD: 14/08/2012 - 22:12:16 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{AACE360C-6E97-4853-BA4F-9B63ADA298C4}
O43 - CFD: 24/07/2012 - 23:53:37 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{AD2E9639-27A3-4F04-8E5A-4A8818F95A46}
O43 - CFD: 09/08/2012 - 10:00:26 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{AD4A4992-8112-490C-94B3-61A34AE9B434}
O43 - CFD: 14/06/2012 - 05:15:14 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{ADA9F19C-320B-4001-9A91-1297BDF98AE6}
O43 - CFD: 20/07/2012 - 05:42:25 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{AF1D5D09-5F9E-4C81-A120-5073DBEB0573}
O43 - CFD: 17/08/2012 - 10:20:42 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{B01980CC-7AE1-40F9-9518-A0CE100EB5F4}
O43 - CFD: 19/07/2012 - 05:41:15 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{B036D42C-9C2C-4372-81DE-7BC15F076CEF}
O43 - CFD: 24/06/2012 - 05:28:29 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{B0B2B69D-4F78-4BA6-B622-F20222816556}
O43 - CFD: 24/06/2012 - 17:28:54 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{B210EA40-65C4-446C-B90F-29436CD79DD6}
O43 - CFD: 10/06/2012 - 05:13:43 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{B26F065B-1491-473C-ABB9-01BE86084171}
O43 - CFD: 02/06/2012 - 05:02:39 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{B277DE6B-022A-499D-96F8-1E5A812EF248}
O43 - CFD: 03/06/2012 - 05:03:30 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{B38FC7A4-C9EB-4EC2-8F8C-77BF99F7369F}
O43 - CFD: 20/07/2012 - 17:43:02 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{B41854B7-F63C-4B9A-A4CB-FDF7243058C8}
O43 - CFD: 08/07/2012 - 12:29:14 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{B66C517F-B3CC-49A4-80C6-73E349FA7DD3}
O43 - CFD: 10/08/2012 - 22:05:09 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{B6F73967-4986-4A48-A26A-7D4C691F06FF}
O43 - CFD: 12/06/2012 - 05:19:40 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{B8840DD6-F134-42F2-AE4C-7D380A6675B9}
O43 - CFD: 25/06/2012 - 05:29:20 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{BA3BD388-7CF8-4034-A0B5-9DDD47B4915C}
O43 - CFD: 26/06/2012 - 05:30:20 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{BD45E266-0520-4D4C-9DC9-4E89798C566C}
O43 - CFD: 21/06/2012 - 05:23:10 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{BD52FAF1-F41B-402F-9A6F-CD4E9BC27E2C}
O43 - CFD: 30/07/2012 - 12:03:35 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{BD7578AC-25A7-460D-83B6-BA6E2B965B1E}
O43 - CFD: 31/07/2012 - 00:03:48 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{BE7A79B1-246F-486D-9B30-6982000791E0}
O43 - CFD: 11/06/2012 - 17:17:42 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{BF0BE878-2663-4AF0-BD6F-1C0DF491FE17}
O43 - CFD: 02/07/2012 - 17:39:16 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{C18CA116-F8B8-45C8-A195-277309DAB1BE}
O43 - CFD: 06/08/2012 - 09:57:41 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{C38D91EA-137B-4FCD-B282-686A22C690EB}
O43 - CFD: 08/07/2012 - 12:29:25 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{C4D2FB53-5E0B-4C00-A5AB-1BB7AC29C566}
O43 - CFD: 09/08/2012 - 10:00:37 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{C6207C3C-ECEA-40FB-A10A-4C593002CA72}
O43 - CFD: 04/07/2012 - 17:43:30 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{C9208414-EB47-436D-814A-A5B029AF884B}
O43 - CFD: 12/09/2012 - 22:46:14 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{CB094908-0662-4C93-8A6F-AE5661F78F52}
O43 - CFD: 29/07/2012 - 12:01:13 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{CC38E41D-A989-4428-9012-79F1500F19C7}
O43 - CFD: 14/07/2012 - 05:30:23 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{CC52CEED-934E-4679-815E-9DAF37608193}
O43 - CFD: 07/10/2012 - 07:14:02 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{CE7C25C5-24EB-4144-9B0A-0A30315D32C8}
O43 - CFD: 03/08/2012 - 09:55:15 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{D2B571CB-2C4F-4E48-A1B4-852E7A246888}
O43 - CFD: 03/06/2012 - 17:03:54 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{D56B58BB-ACF4-4DF6-9E1D-B906362EA08C}
O43 - CFD: 01/07/2012 - 17:38:28 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{DA447542-1692-459F-A9F2-D449775F87D3}
O43 - CFD: 01/06/2012 - 17:02:15 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{DAA843DF-1097-465E-9C08-6361098FBDD0}
O43 - CFD: 02/08/2012 - 21:54:50 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{DCDAA926-B4C3-41DB-B3C1-D50712A1A346}
O43 - CFD: 29/06/2012 - 17:34:45 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{DD8EC048-C5EA-45C8-A56E-6248CFF612C4}
O43 - CFD: 15/08/2012 - 10:12:42 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{DF491C16-9713-4C20-8F01-3F2D5D871BC7}
O43 - CFD: 29/06/2012 - 05:34:21 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{E059214F-C5BD-4D74-A3B5-C5AAC1ACFD86}
O43 - CFD: 16/08/2012 - 22:18:39 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{E07495DF-AA94-483B-91CC-FA64CBC911E5}
O43 - CFD: 07/08/2012 - 09:58:30 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{E3F47DEF-C645-4D68-A1AE-83B1C6E5DFBE}
O43 - CFD: 15/09/2012 - 22:49:29 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{E422C595-3094-4B4F-A5A6-8C996455275A}
O43 - CFD: 21/07/2012 - 23:46:45 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{E59A79FF-F678-4612-AEEC-FEBC5E0D8412}
O43 - CFD: 25/07/2012 - 11:54:02 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{E679F058-00E7-4563-8741-38D82C389C67}
O43 - CFD: 30/05/2012 - 17:00:18 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{E817D1A4-C7DB-4936-AEE9-AF603CD2002C}
O43 - CFD: 17/08/2012 - 10:20:31 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{E9BD9041-9216-4D9C-9CEA-E3AED8E3BB25}
O43 - CFD: 09/06/2012 - 17:12:05 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{EA2F6D64-723B-4AB9-8B5B-3ADD23C7CED2}
O43 - CFD: 11/08/2012 - 10:05:33 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{EAE53AD2-1FCC-4506-A09B-04B205270E95}
O43 - CFD: 27/06/2012 - 05:31:09 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{EC30496F-FC65-446A-A7F8-2D6046911E61}
O43 - CFD: 28/08/2012 - 10:31:25 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{EE7CD037-A8C0-413E-9F19-B5E5D051A97B}
O43 - CFD: 26/07/2012 - 11:56:43 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{EF53420B-59EA-47D5-86DD-5F323D7B17A5}
O43 - CFD: 11/06/2012 - 17:17:08 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{EFF8D0E2-80FB-4CC4-A213-F3C370BD8CE6}
O43 - CFD: 07/07/2012 - 05:50:05 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{F09B08FD-7600-44DE-A7E0-0551C202ADC4}
O43 - CFD: 08/08/2012 - 22:00:12 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{F52603FA-F429-4798-9B84-40D619B47DCC}
O43 - CFD: 08/06/2012 - 17:10:51 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{F55425AB-2F9C-4D88-BD9A-C88EAAA7A71F}
O43 - CFD: 02/07/2012 - 05:38:51 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{F5E22E1B-663A-46C6-92AF-8EFC222F7F26}
O43 - CFD: 17/07/2012 - 05:36:15 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{F6B6BB9F-2F14-4015-940E-81A9BFBCD301}
O43 - CFD: 21/06/2012 - 17:23:34 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{F712DE0A-5D17-4778-B4C1-6ACA1AD7A303}
O43 - CFD: 03/09/2012 - 22:37:44 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{F80E902C-5B5C-4605-B69B-C7AC6F8F5312}
O43 - CFD: 05/06/2012 - 05:05:08 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{F8655DAA-635B-48AE-A4FB-2104BAE6A4ED}
O43 - CFD: 06/07/2012 - 17:49:52 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{FA220960-7617-4A8E-811A-1C2AFF5E8AE6}
O43 - CFD: 13/08/2012 - 10:11:01 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{FA5E805C-AEF6-4D56-9F16-ADD6E9503EC5}
O43 - CFD: 11/06/2012 - 05:14:36 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{FC8C50EE-401E-4806-9912-24A6DA29AFB7}
O43 - CFD: 23/07/2012 - 23:51:10 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{FD18A2B3-D5DF-4FB2-8E9F-550CDD8DC9A3}
O43 - CFD: 31/05/2012 - 17:01:25 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{FD4363C5-641D-4D0F-B948-C691F11797DB}
O43 - CFD: 20/07/2012 - 05:42:36 - [0] ----D C:\Users\Pierre Cardoso\AppData\Local\{FECBEA77-479C-4A6E-A178-A09B2B88D765}

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified     
[HKCU\Software\PartyGaming]    => Casino.OnlineGames
[HKCU\Software\Casino]    => Online Games Casino
[HKCU\Software\Poker 770]    => Infection BT (Adware.Casino)
[HKLM\Software\Wow6432Node\Poker 770]    => Infection BT (Adware.Casino)
[HKLM\Software\Wow6432Node\Trymedia Systems]    => Infection BT (Adware.Trymedia)

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

ZHPDiag_PasteClipboard.jpg

 

|- Clique no menu,"Paste ClipBoard".

 

acerMAbC.jpg

 

|- Clique "GO" -> Oui.

 

ZHPFix_GO.jpg

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

OBS: Durante a execução do ZHPFIX, ele tentou desinstalar o Party Poker, pedindo a minha permissão. Eu cancelei a desinstalação, pois este é um software de poker que utilizo com frequencia.

 

ZHPFIX

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012
Fichier d'export Registre :
Run by Pierre Cardoso at 14/01/2013 20:24:57
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Web site : http://nicolascoolman.skyrock.com/



========== Software ==========
NOT FOUND Uninstall Process: c:\programs\partygaming\partypoker\uninstall\setup.exe

========== Memory Module ==========
DELETED Memory Module: C:\Program Files (x86)\RarExt.dll
DELETE on Reboot Memory Module: C:\Program Files (x86)\RarExt64.dll

========== Registry Key ==========
DELETED [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PartyPoker]
DELETED Key: CLSID BHO: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
DELETED Key: CLSID BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA}
DELETED Key: CLSID BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
DELETED Key: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}
DELETED Key: CLSID BHO: {9FDDE16B-836F-4806-AB1F-1455CBEFF289}
DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}
DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
DELETED Key: HKCU\Software\PartyGaming
DELETED Key: HKCU\Software\Casino
DELETED Key: HKCU\Software\Poker 770
DELETED Key: HKLM\Software\Wow6432Node\Poker 770
DELETED Key: HKLM\Software\Wow6432Node\Trymedia Systems

========== Registry Value ==========
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Standard Profile Register Key FirewallRaz :
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (None) : {4F12DE93-10A8-4515-8618-59A3D0B90BFD}

========== Registry Data Items ==========
REMOVED R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
REPLACED Value NoActiveDesktopChanges : Good (0) - Bad (1)

========== Repertory ==========
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Roaming\thriXXX
NOT FOUND C:\Users\Pierre Cardoso\AppData\Local\Dados de aplicativos
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\FullTiltPoker
NOT FOUND C:\Users\Pierre Cardoso\AppData\Local\Histórico
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\PokerStars
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\Programs
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0091A2E7-0971-482C-A5FC-F07BFE08D1E5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{00D2FD21-2A61-428E-BE84-9513691EB032}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{00DB1D73-A586-421A-91E2-3848A3B0A10C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{031905E7-AC97-43F9-AE13-58D206D9498C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{04291BC0-BE89-4E4B-83C1-7024BACBC0E1}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{04C6DD8C-C2DC-4A28-AE25-01FD515D69DE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{065910BE-6984-441E-8916-811A7C9869FF}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{06EDF620-55DE-46EE-8B78-4A929B720CD3}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{06F614E7-FDEE-451F-9861-A4480A7C3B80}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0810AAB6-EE08-4781-960D-630714607BAC}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0A0A36D9-FA34-4894-AD04-D52242503CD6}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0DECF802-E8DB-4B65-830C-24D84B419E3F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0E2198D5-02E5-4480-94E5-36D646988C21}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0E41F5F0-34F9-45A9-8436-B64BFE304396}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0F44F495-161A-4AA8-BE76-9A6CD7A3F63D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{0F8283DD-4EDF-4199-B0C9-E4BE638A850F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{114BF347-EA2A-460D-9521-E2CE29DFE998}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{12235B16-4096-4BAB-B38B-8588ECEC541B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{138D6BD6-B7F8-462A-8744-F3F83794BF69}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{14ED7352-7BCB-4CCE-9330-A4016A03DB7D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{16E04024-ED47-4B8A-99AC-BCAACFD3298E}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{192D1658-C8C9-4F28-8F08-4A0548E6DB94}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{1B4AFB0A-4E9F-45B7-B0E8-11ED2378AB38}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{1D49E668-531D-43B8-8F75-F5A5C6016C18}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{1F5D0467-DC0D-4B73-8450-256DFC0E3AA5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{21372A0D-A342-45B2-9946-9F2EF3D19B8B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{24312612-A016-453E-B6B7-7CED956082D7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{246EA99D-5AE8-408A-8DCF-F79CE3A1DEC0}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2637B2AE-3362-4C35-8755-4EFBE5BAA444}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2711A741-4C29-444A-9AAA-DB0DF4052FAA}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{29076D4F-5E53-4EDA-8346-C970221DFF22}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2AA6FA13-B4CE-49B6-8097-157EAAD3B932}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2AE11B88-ADB9-48B2-8ADA-B941D44FF599}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2B8DFA56-8407-4B8E-B105-82EFACFD37E1}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2BCAF29A-26E6-40D1-A82F-4CE5E556F4D8}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2D132B2D-07FC-48FA-A6D3-543E8F43B80F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{2D431F7F-A2D9-4C3E-9DD0-EA758C030956}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{31C93A52-6686-4586-BE51-7B3167CEBA14}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{355C85FB-4E7D-4E67-837B-FD3F0E77F172}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{35A2806B-DD0C-460F-B415-07242C28C135}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{3619D39C-EC52-4B66-94B5-184834C40A4B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{374FA224-42AC-4A0D-B269-98137D018F89}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{3844155F-017F-4589-85C8-1AB8955D6C95}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{39D781CE-2889-48EF-8554-14447A508AA2}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{3DEFAC8C-1723-4A71-A046-05AF576BB451}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{3EB99A65-6C71-4CF5-A3C2-A58B150BD778}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{407637B2-0920-4AD2-9A23-6A3F2D7D0F85}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{41BAA2ED-7425-4B23-A9D7-70A095EED1C3}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{4288A642-871B-4C95-9050-1F9B818802B2}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{42ACF3BE-D540-4017-8610-BA5E78E603ED}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{45404AF7-28DD-490D-9306-29F58B30A7B2}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{47078EBE-8B0B-493C-84B4-3462661CF88A}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{472436CD-EF9B-47B6-A81D-92160F99B303}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{47E04D9A-9A75-42E4-A1AD-F72AEFDFFDC7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{4E315EF5-8B49-484F-B726-9D5E49EDEE4B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{524CD6A2-F1CD-48FA-B889-768A421E308D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{55A3F59B-A6C5-4A7D-9BBE-408EE5105E52}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{55B1B23B-EF90-44C6-A52C-8661C0333983}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{5E3680DB-E3CD-400C-9503-A46673EBCB9D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{5F7A3402-F990-4BD8-80D2-40E99BAA18FE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{603D695A-5CC2-4C87-B3F8-AC5B6E2DD2AA}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{61F7EA32-1F6F-45A7-90D4-1CA0B772105F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{626924F7-190D-4E17-B309-008359DBD54B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{63E6F467-C347-4DC2-8805-61ED5BBF367D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{6A2EBB6E-9C49-4860-8134-3E6936FB68A9}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{6D094BF1-C6EE-4810-829B-F29E8D20561B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{6DE0399D-E891-440B-9A52-D85ECCE0EA8C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{6F0F9B45-F89D-4825-BA78-DC51BBBE6FAF}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{6FCB6F0E-5D89-42A9-99A4-01F5222A2E5B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{7072B282-F1A3-4532-8D14-4DF357DC88D0}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{70EC3DDB-BF5D-4CED-9785-97C14949BA6F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{726EC6BC-CA7B-402C-AB17-6E8C643BBD2E}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{72CB1170-1CC9-4272-B599-9A779381A28E}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{72DDBB59-AA3E-49DF-A2C8-60242184F848}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{76D94299-3272-40A5-85E7-1E40CF2EB3B7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{772D45B2-4BB2-4A5F-8BB0-7FBF3D894D3C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{789B4A55-DF4D-4F2C-812C-DCFD09DBEE07}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{7D320B71-ECDA-4540-9D35-79B4F33C7943}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{7F1EAFAD-3F53-4136-9959-4D1EC6D43E01}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8088ECCD-5926-47F9-BFB8-17B46D474E4D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8089E3D5-86B0-470F-BC5C-E409FCAB238C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8121C2A3-6A04-42D2-BF72-91CC5B9A810B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{813A8618-7BB2-427C-B526-3C5031543580}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8402E4FA-32BB-44B3-81B4-0A37F2F0B3CA}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{849008DB-391D-4681-B46A-6A193DA03E59}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{856BE007-BD7D-496C-9D9B-49A7BDCFF02C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{85ABED9C-4C68-4CFD-AB36-7D86001AC23F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{86F829F9-06BC-4F6C-92AF-149A599EADAD}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{87490657-330F-40C8-8986-F38C6CC70E7D}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8A7A6D33-6BA7-4BF0-BE05-0D1F14DFD88F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8B183F21-AD27-444A-BEEF-06615E089978}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8BA2B858-9A25-419E-B988-09F8830D4F18}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8CD5DA0D-8A37-4B89-9F3D-843D37F51A74}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8CF52D74-EB33-4D26-B65E-461A24AEF051}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8CF91913-14E9-4057-AA14-1AF888510F70}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8D2C7832-35F5-43E3-B89E-46D25C93B564}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{8F330DAD-9466-4C1B-81CC-0B44E80F189B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{91C5DD04-4311-4D3A-9D1D-810E49BA5115}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{96039A38-15AC-425F-B854-D20437C82746}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{9697AE7B-6A84-4376-AC40-D949D21BE922}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{98573A55-5F64-4745-A9A2-F7E1B0150749}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{994DEA9F-67C8-4411-89CE-D7971FE0E26F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{9AEE9B93-0078-4DE4-AB4A-1D518C058451}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{9B11504D-F7B9-4AE1-9353-4CF0B1D3F1A1}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{9E470798-D379-4004-AAA2-EF9496D6BB82}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{9E76F6EF-958E-4457-B693-6C406556B454}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A1B06A4C-785F-4FBD-8CB2-184CAFB6E368}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A23D03F9-962E-4E33-A5EB-DA8B38E5C2C5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A2CFE8E9-7EE1-45BB-85F3-5B1A1D5D7BCE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A38BA368-19AA-4879-8466-4DC3A822E04C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A58571D7-253A-4DAF-8647-56A8BE316393}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A671ABF3-13B7-4DFB-A647-F8E15CE8DB97}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A6D6B249-E849-458F-8DE0-703C376B9DDE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A79EE237-FDD6-4A13-BABB-9299382EA5B8}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A85D21BF-0623-4C50-B126-F893FE99E226}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{A9951178-7C16-4EA8-A5AF-B6F2068FC9C5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{AACE360C-6E97-4853-BA4F-9B63ADA298C4}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{AD2E9639-27A3-4F04-8E5A-4A8818F95A46}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{AD4A4992-8112-490C-94B3-61A34AE9B434}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{ADA9F19C-320B-4001-9A91-1297BDF98AE6}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{AF1D5D09-5F9E-4C81-A120-5073DBEB0573}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B01980CC-7AE1-40F9-9518-A0CE100EB5F4}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B036D42C-9C2C-4372-81DE-7BC15F076CEF}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B0B2B69D-4F78-4BA6-B622-F20222816556}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B210EA40-65C4-446C-B90F-29436CD79DD6}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B26F065B-1491-473C-ABB9-01BE86084171}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B277DE6B-022A-499D-96F8-1E5A812EF248}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B38FC7A4-C9EB-4EC2-8F8C-77BF99F7369F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B41854B7-F63C-4B9A-A4CB-FDF7243058C8}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B66C517F-B3CC-49A4-80C6-73E349FA7DD3}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B6F73967-4986-4A48-A26A-7D4C691F06FF}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{B8840DD6-F134-42F2-AE4C-7D380A6675B9}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BA3BD388-7CF8-4034-A0B5-9DDD47B4915C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BD45E266-0520-4D4C-9DC9-4E89798C566C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BD52FAF1-F41B-402F-9A6F-CD4E9BC27E2C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BD7578AC-25A7-460D-83B6-BA6E2B965B1E}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BE7A79B1-246F-486D-9B30-6982000791E0}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{BF0BE878-2663-4AF0-BD6F-1C0DF491FE17}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{C18CA116-F8B8-45C8-A195-277309DAB1BE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{C38D91EA-137B-4FCD-B282-686A22C690EB}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{C4D2FB53-5E0B-4C00-A5AB-1BB7AC29C566}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{C6207C3C-ECEA-40FB-A10A-4C593002CA72}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{C9208414-EB47-436D-814A-A5B029AF884B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{CB094908-0662-4C93-8A6F-AE5661F78F52}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{CC38E41D-A989-4428-9012-79F1500F19C7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{CC52CEED-934E-4679-815E-9DAF37608193}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{CE7C25C5-24EB-4144-9B0A-0A30315D32C8}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{D2B571CB-2C4F-4E48-A1B4-852E7A246888}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{D56B58BB-ACF4-4DF6-9E1D-B906362EA08C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{DA447542-1692-459F-A9F2-D449775F87D3}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{DAA843DF-1097-465E-9C08-6361098FBDD0}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{DCDAA926-B4C3-41DB-B3C1-D50712A1A346}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{DD8EC048-C5EA-45C8-A56E-6248CFF612C4}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{DF491C16-9713-4C20-8F01-3F2D5D871BC7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E059214F-C5BD-4D74-A3B5-C5AAC1ACFD86}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E07495DF-AA94-483B-91CC-FA64CBC911E5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E3F47DEF-C645-4D68-A1AE-83B1C6E5DFBE}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E422C595-3094-4B4F-A5A6-8C996455275A}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E59A79FF-F678-4612-AEEC-FEBC5E0D8412}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E679F058-00E7-4563-8741-38D82C389C67}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E817D1A4-C7DB-4936-AEE9-AF603CD2002C}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{E9BD9041-9216-4D9C-9CEA-E3AED8E3BB25}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EA2F6D64-723B-4AB9-8B5B-3ADD23C7CED2}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EAE53AD2-1FCC-4506-A09B-04B205270E95}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EC30496F-FC65-446A-A7F8-2D6046911E61}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EE7CD037-A8C0-413E-9F19-B5E5D051A97B}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EF53420B-59EA-47D5-86DD-5F323D7B17A5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{EFF8D0E2-80FB-4CC4-A213-F3C370BD8CE6}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F09B08FD-7600-44DE-A7E0-0551C202ADC4}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F52603FA-F429-4798-9B84-40D619B47DCC}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F55425AB-2F9C-4D88-BD9A-C88EAAA7A71F}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F5E22E1B-663A-46C6-92AF-8EFC222F7F26}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F6B6BB9F-2F14-4015-940E-81A9BFBCD301}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F712DE0A-5D17-4778-B4C1-6ACA1AD7A303}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F80E902C-5B5C-4605-B69B-C7AC6F8F5312}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{F8655DAA-635B-48AE-A4FB-2104BAE6A4ED}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FA220960-7617-4A8E-811A-1C2AFF5E8AE6}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FA5E805C-AEF6-4D56-9F16-ADD6E9503EC5}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FC8C50EE-401E-4806-9912-24A6DA29AFB7}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FD18A2B3-D5DF-4FB2-8E9F-550CDD8DC9A3}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FD4363C5-641D-4D0F-B948-C691F11797DB}
DELETED Folder: C:\Users\Pierre Cardoso\AppData\Local\{FECBEA77-479C-4A6E-A178-A09B2B88D765}
DELETED Window Temporary:
DELETED Flash Cookies:

========== File ==========
DELETED File: c:\users\pierre cardoso\appdata\roaming\microsoft\internet explorer\quick launch\partypoker.lnk
DELETED File: c:\programs\partygaming\partygaming.exe
DELETED File: c:\program files (x86)\rarext.dll
DELETED Window Temporary:
DELETED Flash Cookies:

========== Task ==========
DELETED Task: {2FBE8D5E-E4B2-4626-9ECD-DC007CCBCE08}
DELETED Task: {97357085-0498-4C3B-8098-347E1CA2C80F}
DELETED Task: {9EBA07A6-BE43-447E-AC2D-04C1D415A519}
DELETED Task: {E0AC368C-7111-4909-8529-E489F527DA23}
DELETED Task: {EF7A9B34-053A-4139-89CE-2ABAD9E3300F}

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
2 : Memory Module
15 : Registry Key
9 : Registry Value
2 : Registry Data Items
190 : Repertory
5 : File
1 : Software
5 : Task
1 : Restoration


End of clean in 01mn 13s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 14/01/2013 20:24:57 [20567]

Compartilhar este post


Link para o post
Compartilhar em outros sites

OBS: Durante a execução do ZHPFIX, ele tentou desinstalar o Party Poker, pedindo a minha permissão. Eu cancelei a desinstalação, pois este é um software de poker que utilizo com frequencia.

 

Ok! O mesmo ocorreria com o Bitlord,mas o removi do script.

 

-/-

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

|- Seus logs estão limpos!

|- Tudo Ok?

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

O computador inicializou super rápido, em sua velocidade normal.

 

Porém aquele som estranhou tocou de novo. Ele só toca uma única vez, após eu entrar no desktop (após inserir login e senha). Ele toca quando está terminando de processar tudo após a inicialização.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! moicanofacul

|- Baixou,recentemente,o RealPlayer 10.30 ?
|- Desinstale-o e verifique se tudo voltou à normalidade.

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

|- Abra o HijackThis e dê Fix checked nestas entradas.
|- Caso a ferramenta tenha sido desinstalada pela OTL,baixe-a novamente.
|- Marque as entradas que encontrar,onde o ideal é que as remova "uma à uma",mas sempre observando qual entrada ao ser removida,sanou o problema.
|- Ps: Há que observar,que as entradas removidas podem ser restauradas pelo próprio HijackThis indo em “View the list of backup“.
|- Selecione as entradas à serem restauradas!
|- Clique em RESTORE -> Reinicie o computador!

A+

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

O RealPlayer que encontrei é a versão 15.0.6, que foi instalada dia 14/01. Porém eu não fiz essa instalação, deve ser atualização automática.



Devo então desinstalar essa versão e seguir esses passos?

Compartilhar este post


Link para o post
Compartilhar em outros sites

O RealPlayer que encontrei é a versão 15.0.6, que foi instalada dia 14/01. Porém eu não fiz essa instalação, deve ser atualização automática.

 

Devo então desinstalar essa versão e seguir esses passos?

Olá!

 

|- Siga com a desinstalação e,à seguir,com o HijackThis.

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

 

A desinstalação do RealPlayer resolveu o problema. Então não preciso fazer essas coisas no HiJackThis, ok?

Bom Dia! moicanofacul

 

|- Ok! Pode abortar o Fix.

|- Bom trabalho!

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.