[Arquivado] Regedit / Gerenciador de Tarefas abrindo e fechando

[AllanSN 0]

Venho tendo esse problema há algum tempo, assim que eu abro o Regedit ou o Gerenciador de Tarefas, eles fecham, impossibilitando qualquer possibilidade de opera-los

Aqui está o log do Hijack

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:34:58, on 10/04/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Downloads\HijackThis.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2851643

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll

R3 - URLSearchHook: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll

R3 - URLSearchHook: {5D09B1CA-EFDE-36C6-A789-0C0B73031865} - - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: uTorrentBar_PT - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll

O3 - Toolbar: uTorrentBar_PT Toolbar - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll

O3 - Toolbar: GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll

O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [qubnfe] C:\Program Files (x86)\qubnfe\qubnfe.exe /auto

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe

O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [NvidiaHostStart] C:\Users\Nitrix Suporte\AppData\Local\NVIDIA Corporation\nvsync.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

O4 - Global Startup: PrivateTunnel.lnk = C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll

O20 - AppInit_DLLs: c:\progra~2\gadget~1\sprote~1.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Firewall do AVG (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: OpenVPN Access Client (OpenVPNAccessClient) - Unknown owner - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater15.0.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

[DigRam 144]

Bom Dia! AllanSN

|- Desinstale:

< uTorrentBar_PT > << Requisita o Conduit como motor de busca!
< AVG2013 > << Atrapalha a execução de ferramentas,protegendo adwares.

-/-

|- Baixe: < http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_1796.exe'>avgremover >
|- Clique direto no arquivo,e execute-o como administrador.
|- Siga as instruções da ferramenta,para que sejam removidos resquícios do AVG.

-/-

|- Baixe: < http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/28-adwcleaner'> > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como
|- Ps: Dê início ao scan,clicando em "Remover". < http://imgbox.com/abpXmu2U'> >

http://imgbox.com/acuDr4Nb'>

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

-/-

|- Baixe: < http://thisisudax.org/downloads/JRT.exe'> > ( ... de Thisisu )
|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o como
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

A+

[AllanSN 0]

Pulei a parte do desinstalador do AVG, pois ele não queria abrir

{Registro do ADW:}

# AdwCleaner v2.200 - Relatório criado em 14/04/2013 às 19:30:36

# Atualizado em 02/04/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)

# Usuário : Nitrix Suporte - NITRIXSUPORTE

# Modo de Boot : Normal

# Executado de : C:\Users\Nitrix Suporte\Desktop\adwcleaner.exe

# Opção [Remover]

***** [serviços] *****

***** [Arquivos/Pastas] *****

Pasta Removido : C:\Program Files (x86)\AVG Secure Search

Pasta Removido : C:\Program Files (x86)\Claro

Pasta Removido : C:\Program Files (x86)\Conduit

Pasta Removido : C:\ProgramData\AVG Secure Search

Pasta Removido : C:\ProgramData\Download and Sa

Pasta Removido : C:\ProgramData\InstallMate

Pasta Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download and Sa

Pasta Removido : C:\Users\Nitrix Suporte\AppData\Local\AVG Secure Search

Pasta Removido : C:\Users\Nitrix Suporte\AppData\Local\Conduit

Pasta Removido : C:\Users\Nitrix Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda

Pasta Removido : C:\Users\Nitrix Suporte\AppData\LocalLow\AVG Secure Search

Pasta Removido : C:\Users\Nitrix Suporte\AppData\LocalLow\Conduit

Pasta Removido : C:\Users\Nitrix Suporte\AppData\LocalLow\PriceGong

Pasta Removido : C:\Users\Nitrix Suporte\AppData\Roaming\Claro

Pasta Removido : C:\Users\Nitrix Suporte\AppData\Roaming\Mozilla\Firefox\Profiles\3qp4uy34.default\CT2851643

Pasta Removido : C:\Users\Nitrix Suporte\AppData\Roaming\Mozilla\Firefox\Profiles\3qp4uy34.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}

Pasta Removido : C:\Users\Nitrix Suporte\AppData\Roaming\Mozilla\Firefox\Profiles\3qp4uy34.default\Smartbar

Removido Durante o reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

Removido Durante o reboot : C:\ProgramData\Premium

Removido Durante o reboot : C:\Users\Nitrix Suporte\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda

***** [Registro] *****

Chave Removida : HKCU\Software\AppDataLow\Software\Conduit

Chave Removida : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Chave Removida : HKCU\Software\AppDataLow\Software\PriceGong

Chave Removida : HKCU\Software\AppDataLow\Software\SmartBar

Chave Removida : HKCU\Software\AppDataLow\SProtector

Chave Removida : HKCU\Software\AVG Secure Search

Chave Removida : HKCU\Software\Conduit

Chave Removida : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda

Chave Removida : HKCU\Software\Iminent

Chave Removida : HKCU\Software\InstallCore

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Chave Removida : HKCU\Software\Softonic

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Chave Removida : HKLM\Software\AVG Secure Search

Chave Removida : HKLM\Software\AVG Security Toolbar

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Chave Removida : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Chave Removida : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Chave Removida : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Chave Removida : HKLM\SOFTWARE\Classes\Toolbar.CT2851643

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Chave Removida : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Chave Removida : HKLM\Software\Conduit

Chave Removida : HKLM\Software\Iminent

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Chave Removida : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Chave Removida : HKLM\Software\SP Global

Chave Removida : HKLM\Software\SProtector

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20E7BC40-33F6-4A81-9D52-B58349326206}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Valor Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Navegadores] *****

-\\ Internet Explorer v8.0.7601.17514

Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851643 --> hxxp://www.google.com

Substituído : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.gboxapp.com/ --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (pt-BR)

Arquivo : C:\Users\Nitrix Suporte\AppData\Roaming\Mozilla\Firefox\Profiles\3qp4uy34.default\prefs.js

Removida : user_pref("CT2851643.1000234.TWC_TMP_city", "RIO DE JANEIRO");

Removida : user_pref("CT2851643.1000234.TWC_TMP_country", "BR");

Removida : user_pref("CT2851643.1000234.TWC_locId", "BRXX0201");

Removida : user_pref("CT2851643.1000234.TWC_location", "Rio de Janeiro, Brasil");

Removida : user_pref("CT2851643.1000234.TWC_region", "BR");

Removida : user_pref("CT2851643.1000234.TWC_temp_dis", "c");

Removida : user_pref("CT2851643.1000234.TWC_wind_dis", "kmh");

Removida : user_pref("CT2851643.1000234.weatherData", "{\"icon\":\"30.png\",\"temperature\":\"28°C\",\"temperat[...]

Removida : user_pref("CT2851643.CBOpenMAMSettings.enc", "MA==");

Removida : user_pref("CT2851643.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Removida : user_pref("CT2851643.FirstTime", "true");

Removida : user_pref("CT2851643.FirstTimeFF3", "true");

Removida : user_pref("CT2851643.LoginRevertSettingsEnabled", true);

Removida : user_pref("CT2851643.PairingKey.enc", "NUM2QkJFOTYxMDExQzgxN0ZENjVGQjQxQzVGMkQyRjEzOUU4ODYzQw==");

Removida : user_pref("CT2851643.RevertSettingsEnabled", true);

Removida : user_pref("CT2851643.SearchAppState.enc", "Mw==");

Removida : user_pref("CT2851643.SearchAppTracking.enc", "c2VudA==");

Removida : user_pref("CT2851643.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]

Removida : user_pref("CT2851643.UserID", "UN19139595725975941");

Removida : user_pref("CT2851643.addressBarTakeOverEnabledInHidden", "true");

Removida : user_pref("CT2851643.autoDisableScopes", -1);

Removida : user_pref("CT2851643.browser.search.defaultthis.engineName", true);

Removida : user_pref("CT2851643.cbcountry_001.enc", "QlI=");

Removida : user_pref("CT2851643.cbfirsttime.enc", "VGh1IE9jdCAxOCAyMDEyIDE4OjE5OjQyIEdNVC0wMzAwIChIb3JhIG9maWNp[...]

Removida : user_pref("CT2851643.embeddedsData", "[{\"appId\":\"129351530870900444\",\"apiPermissions\":{\"cross[...]

Removida : user_pref("CT2851643.enableAlerts", "always");

Removida : user_pref("CT2851643.enableFix404ByUser", "FALSE");

Removida : user_pref("CT2851643.enableSearchFromAddressBar", "true");

Removida : user_pref("CT2851643.firstTimeDialogOpened", "true");

Removida : user_pref("CT2851643.fixPageNotFoundError", "true");

Removida : user_pref("CT2851643.fixPageNotFoundErrorByUser", "true");

Removida : user_pref("CT2851643.fixPageNotFoundErrorInHidden", "true");

Removida : user_pref("CT2851643.fixUrls", true);

Removida : user_pref("CT2851643.installId", "fftD7A9.tmp.exe");

Removida : user_pref("CT2851643.installType", "XPE");

Removida : user_pref("CT2851643.isCheckedStartAsHidden", true);

Removida : user_pref("CT2851643.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.isFirstTimeToolbarLoading", "false");

Removida : user_pref("CT2851643.isNewTabEnabled", true);

Removida : user_pref("CT2851643.isPerformedSmartBarTransition", "true");

Removida : user_pref("CT2851643.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Removida : user_pref("CT2851643.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.keyword", true);

Removida : user_pref("CT2851643.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]

Removida : user_pref("CT2851643.lastVersion", "10.14.42.7");

Removida : user_pref("CT2851643.migrateAppsAndComponents", true);

Removida : user_pref("CT2851643.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Ffileice.net%2Fdo[...]

Removida : user_pref("CT2851643.openThankYouPage", "true");

Removida : user_pref("CT2851643.openUninstallPage", "FALSE");

Removida : user_pref("CT2851643.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");

Removida : user_pref("CT2851643.search.searchAppId", "129351530870900444");

Removida : user_pref("CT2851643.search.searchCount", "0");

Removida : user_pref("CT2851643.searchInNewTabEnabledByUser", "true");

Removida : user_pref("CT2851643.searchInNewTabEnabledInHidden", "true");

Removida : user_pref("CT2851643.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Removida : user_pref("CT2851643.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Removida : user_pref("CT2851643.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Removida : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Removida : user_pref("CT2851643.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Removida : user_pref("CT2851643.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1360078470372");

Removida : user_pref("CT2851643.serviceLayer_services_appsMetadata_lastUpdate", "1360176734452");

Removida : user_pref("CT2851643.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1359010963226");

Removida : user_pref("CT2851643.serviceLayer_services_login_10.10.27.6_lastUpdate", "1355949731254");

Removida : user_pref("CT2851643.serviceLayer_services_login_10.13.40.15_lastUpdate", "1360176734696");

Removida : user_pref("CT2851643.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1359010963255");

Removida : user_pref("CT2851643.serviceLayer_services_searchAPI_lastUpdate", "1360176734734");

Removida : user_pref("CT2851643.serviceLayer_services_serviceMap_lastUpdate", "1360176734142");

Removida : user_pref("CT2851643.serviceLayer_services_toolbarContextMenu_lastUpdate", "1359010963195");

Removida : user_pref("CT2851643.serviceLayer_services_toolbarSettings_lastUpdate", "1360176734578");

Removida : user_pref("CT2851643.serviceLayer_services_translation_lastUpdate", "1360176734587");

Removida : user_pref("CT2851643.settingsINI", true);

Removida : user_pref("CT2851643.shouldFirstTimeDialog", "false");

Removida : user_pref("CT2851643.smartbar.CTID", "CT2851643");

Removida : user_pref("CT2851643.smartbar.Uninstall", "0");

Removida : user_pref("CT2851643.smartbar.homepage", true);

Removida : user_pref("CT2851643.smartbar.toolbarName", "uTorrentBar_PT ");

Removida : user_pref("CT2851643.toolbarBornServerTime", "19-10-2012");

Removida : user_pref("CT2851643.toolbarCurrentServerTime", "6-2-2013");

Removida : user_pref("CT2851643.uTTorrents.enc", "eyJidWlsZCI6Mjg3MDUsImxhYmVsIjpbXSwidG9ycmVudHMiOltbIjlEQTg1Q[...]

Removida : user_pref("CT2851643.upgradeFromClearSBVersion", true);

Removida : user_pref("CT2851643.url_history0001.enc", "aHR0cDovL3d3dy50dW1ibHIuY29tL2Rhc2hib2FyZDo6OmNsaWNraGFu[...]

Removida : user_pref("CT2851643_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Removida : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2851643&SearchSource=1[...]

Removida : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentBar_PT Customized Web Search");

Removida : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643[...]

Removida : user_pref("Smartbar.keywordURLSelectedCTID", "CT2851643");

Removida : user_pref("aol_toolbar.default.homepage.check", false);

Removida : user_pref("aol_toolbar.default.search.check", false);

Removida : user_pref("browser.search.defaulturl", "hxxp://search.gboxapp.com/?q=");

Removida : user_pref("browser.search.selectedEngine", "uTorrentBar_PT Customized Web Search");

Removida : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2851643&SearchSource=13");

Removida : user_pref("extensions.5080c07b6bef4.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Removida : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Removida : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Removida : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&SearchSource=2&CU[...]

Removida : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2851643&SearchSource=13[...]

Removida : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Removida : user_pref("smartbar.originalHomepage", "hxxp://search.gboxapp.com/");

Removida : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.gboxapp.com/?q=");

Removida : user_pref("smartbar.originalSearchEngine", "GadgetBox");

Removida : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Removida : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Removida : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Removida : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Removida : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Removida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Removida : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Removida : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v26.0.1410.64

Arquivo : C:\Users\Nitrix Suporte\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[s1].txt - [26813 octets] - [14/04/2013 19:30:36]

########## EOF - C:\AdwCleaner[s1].txt - [26874 octets] ##########

-----------------------------------------------------------------------------------------------

{Registro do JRT:}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.3 (04.05.2013:1)

OS: Windows 7 Ultimate x64

Ran by Nitrix Suporte on 14/04/2013 at 19:38:46,26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

~~~ Registry Keys

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "E:\Program Files (x86)\claro"

Successfully deleted: [Folder] "E:\Program Files (x86)\conduit"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Nitrix Suporte\AppData\Roaming\mozilla\firefox\profiles\3qp4uy34.default\extensions\5080c07b6be49@5080c07b6be82.com

Emptied folder: C:\Users\Nitrix Suporte\AppData\Roaming\mozilla\firefox\profiles\3qp4uy34.default\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 14/04/2013 at 19:44:15,39

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[DigRam 144]

Bom Dia! AllanSN

|- Baixe: | ftp://zebulon.fr/ZHPDiag2.exe'>ZHPDiag2 | *ºº* < > *ºº* ( ... de Nicolas Coolman )

|- Salve-o no desktop!

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

|- Clique no ícone do pergaminho. ( ZHPScript )

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

|- Clique em All.

|- Desmarque,à seguir,as caixinhas de n° O45,O61,O62,O65,O82.

|-

|- Clique em "Calendar" e escolha 30 dias!

|- Clique no botão UAC,para desabilitar essa proteção.

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Salve-o em um local conveniente! ( ZHPDiag.txt )

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Envie-o à http://forum.imasters.com.br/topic/452207-pjjointmalekal-hospedagem-inteligente/'>Pjjoint.malekal,clicando na seta azul! < >

|- Ou acesse: http://cjoint.com/'>

|- Ou acesse: http://imgbox.com/abmdaZsE'>

|- Maiores informações: < |http://forum.imasters.com.br/topic/452911-myfiletk-cjoint/'>Link| >

A+

[AllanSN 0]

http://myfile.tk/3/1018ZHPDiag.txt

Muito obrigado pela ajuda cara, pensei que ninguém ia ver o post xD

[DigRam 144]

Bom Dia! AllanSN

|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.



|- Dê um duplo clique em ZHPFix.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
SR - | Auto 990896 | (vToolbarUpdater15.0.0) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
R3 - URLSearchHook: (no name) [64Bits] - {e0301295-ab3e-4af3-979f-3d453c5f9f48} . (.Microsoft Corporation - Navegador da Internet.) (No version) -- (.not file.)
[MD5.E2CA898E105C3F2B62DB130F28C73322] - (.Unknown owner - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896] [PID.2016]
[MD5.73406FA9287B36CA4163797C73A2CD04] [sPRF][16/07/2012] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\Nitrix Suporte\AppData\Local\Temp\tbuTor.dll [4451144]
[MD5.CA52AB39FC6EB75C519C77CE07104C6F] - (.Unknown owner - Updater.) -- C:\ProgramData\Premium\GadgetBox Updater\GadgetBox Updater.exe [233472] [PID.1784]
[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\Nitrix Suporte\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0]
[MD5.CA52AB39FC6EB75C519C77CE07104C6F] [APT] [GadgetBox UpdaterUpdaterTask{B867BA72-448A-456D-B86F-09D858EB4E84}] (...) -- C:\ProgramData\Premium\GadgetBox Updater\GadgetBox Updater.exe [233472]
[MD5.00000000000000000000000000000000] [APT] [OptimizerPro1UpdaterTask{B201498C-2E29-4F66-8BF9-A673A11C4218}] (...) -- C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe (.not file.) [0]
M3 - MFPP: Plugins - [Nitrix Suporte] -- C:\Users\Nitrix Suporte\AppData\Roaming\Mozilla\Firefox\Profiles\3qp4uy34.default\searchplugins\GadgetBox.xml
R3 - URLSearchHook: GagetBox [64Bits] - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} . (.GadgetBox - GadgetBox Toolbar For Internet Explorer.) (1.0.0.0) -- C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll
O4 - HKLM\..\Wow6432Node\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe (.not file.)
O4 - HKCU\..\Run: [Pando Media Booster] . (.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-21-2462238835-3221274296-2784800311-1000\..\Run: [Pando Media Booster] . (.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O23 - Service: (vToolbarUpdater15.0.0) . (.Unknown owner - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\OptimizerPro1UpdaterTask{B201498C-2E29-4F66-8BF9-A673A11C4218}.job [430]
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O43 - CFD: 14/04/2013 - 19:30:49 - [0,945] ----D C:\Program Files (x86)\Common Files\AVG Secure Search
O43 - CFD: 10/11/2012 - 16:25:18 - [0,049] ----D C:\Users\Nitrix Suporte\AppData\Roaming\teamspeak2
O43 - CFD: 05/04/2013 - 00:06:11 - [0,001] ----D C:\ProgramData\PMB Files
O43 - CFD: 14/04/2013 - 19:33:15 - [0,223] ----D C:\ProgramData\Premium
O43 - CFD: 22/11/2012 - 13:41:29 - [0] ----D C:\Users\Nitrix Suporte\AppData\Local\ESN
O43 - CFD: 17/10/2012 - 18:27:16 - [0] ----D C:\Users\Nitrix Suporte\AppData\Local\Histórico
O43 - CFD: 14/04/2013 - 20:03:40 - [0,168] ----D C:\Users\Nitrix Suporte\AppData\Local\PMB Files
O43 - CFD: 02/12/2012 - 20:01:24 - [7,234] ----D C:\Program Files (x86)\Pando Networks
O44 - LFC:[MD5.5543EB6298CA4B775F72AEF154BF2DAC] - 14/04/2013 - 19:30:57 ---A- . (...) -- C:\AdwCleaner[s1].txt [26844]
O44 - LFC:[MD5.C0D046A713E6044E1381C1B785EABE9D] - 10/04/2013 - 15:59:19 ---A- . (...) -- C:\Windows\DirectX.log [17589]
O51 - MPSK:{f7c0f2a8-8b03-11e2-80b3-6c626df9ae60}\AutoRun\command. (...) -- H:\MotorolaDeviceManagerSetup.exe (.not file.)
O51 - MPSK:{2a6c3705-192a-11e2-8b59-f8a3ec079e8e}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{2a6c371a-192a-11e2-8b59-f8a3ec079e8e}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{71436e6e-22ea-11e2-b53f-6c626df9ae60}\AutoRun\command. (...) -- H:\autorun.exe (.not file.)
O69 - SBI: SearchScopes [HKCU] %SearchDefender_IESearchEngineGuid% - (GadgetBox) - http://search.gboxapp.com
O87 - FAEL: "{CA318AD6-A509-4106-9254-037BE5C36421}" | In - Domain - P6 - TRUE | .(.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{56C05DEF-886F-4903-86F0-BA84842DCF32}" | In - Domain - P17 - TRUE | .(.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{5FF40457-160D-45C9-815D-BCDC82FB5363}" | In - Private - P6 - TRUE | .(.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{F59F0B20-EA3C-442D-90F3-7BAA6E45FA05}" | In - Private - P17 - TRUE | .(.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{29F9B364-2D51-4874-BAED-D4FB337F3180}" | In - None - P17 - TRUE | .(.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Setup_RASMANCS]
[HKCU\Software\Pando Networks]
[HKLM\Software\Wow6432Node\Pando Networks]

C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\Nitrix Suporte\AppData\Local\Temp\tbuTor.dll

proxyfix
emptytemp
emptyclsid
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.



|- Clique no menu,"Paste ClipBoard".
|- Clique "GO" -> Oui.



|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

A+

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.