RunDLL: houve um problema na inicialização do ...

Olá!

Estou com um probleminha no notebook, toda vez que o sistema inicia aparece a notificação do RunDLL houve um problema na inicialização do c:\programafiles\hometab\TBUpdaterr.dll
O que fazer?
Desde já agradeço e fico no aguardo.
Ingrid

Olá ingrid***

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Salve qualquer trabalho aberto e feche o seu navegador

*Execute-o, clique [Examinar] e aguarde o término

*Clique [Limpar] e aguarde o término

*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.

*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt

Olá Boa Noite!

Como faço para colar o relatório?

ingrid*** escreveu:Olá Boa Noite!

Como faço para colar o relatório?

Boa noite

Abra o arquivo C:\AdwCleaner\AdwCleaner[S0].txt

Selecione tudo (aperte as teclas Ctrl+A)

Copie (aperte as teclas Ctrl+C)

Cole (aperte as teclas Ctrl+V) na sua próxima resposta

Olá, segue Relatório;

AdwCleaner[R0].txt
# AdwCleaner v3.003 - Relatório criado 09/09/2013 no 18:20:03
# Atualizado 07/09/2013 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : KIRSTEN INGRID - KIRSTENINGRID
# Executando de : C:\Users\KIRSTEN INGRID\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletado : C:\ProgramData\apn
Pasta Deletado : C:\ProgramData\baidu
Pasta Deletado : C:\ProgramData\boost_interprocess
Pasta Deletado : C:\ProgramData\eSafe
Pasta Deletado : C:\ProgramData\SweetIM
Pasta Deletado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeTab
Pasta Deletado : C:\Program Files\Iminent
Pasta Deletado : C:\Program Files\SweetIM
Pasta Deletado : C:\Program Files\sweetpacks bundle uninstaller
Pasta Deletado : C:\Program Files\Common Files\337
Pasta Deletado : C:\Windows\system32\ARFC
Pasta Deletado : C:\Windows\system32\jmdp
Pasta Deletado : C:\Windows\system32\WNLT
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\Local\FilesFrog Update Checker
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\Local\lollipop
Pasta Deletado : C:\Users\KIRSTE~1\AppData\Local\Temp\apn
Pasta Deletado : C:\Users\KIRSTE~1\AppData\Local\Temp\Desk365
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\LocalLow\HomeTab
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\LocalLow\SimplyTech
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\LocalLow\SweetIM
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\baidu
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\eIntaller
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\HomeTab
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\pdfforge
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\SimplyTech
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Pasta Deletado : C:\Users\KIRSTEN INGRID\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Arquivo Deletado : C:\Windows\system32\ImhxxpComm.dll
Arquivo Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\f7chhz8g.default\searchplugins\ask-search.xml
Arquivo Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_244017\searchplugins\ask-search.xml
Arquivo Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\f7chhz8g.default\searchplugins\Web Search.xml
Arquivo Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_244017\searchplugins\Web Search.xml
Arquivo Deletado : C:\Program Files\Mozilla Firefox\searchplugins\Web Search.xml
Arquivo Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\f7chhz8g.default\user.js
Arquivo Deletado : C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_244017\user.js
Arquivo Deletado : C:\Users\KIRSTEN INGRID\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletado : C:\Windows\System32\Tasks\Browser Updater

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Chave Deleteda : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Chave Deleteda : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Chave Deleteda : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Chave Deleteda : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Chave Deleteda : HKLM\SOFTWARE\Classes\sim-packages
Chave Deleteda : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Chave Deleteda : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Chave Deleteda : HKLM\SOFTWARE\Classes\wtb.Band
Chave Deleteda : HKLM\SOFTWARE\Classes\wtb.Band.1
Chave Deleteda : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Chave Deleteda : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Chave Deleteda : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Chave Deleteda : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Chave Deleteda : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Chave Deleteda : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Chave Deleteda : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{19A395C9-823B-4700-B817-396FC84FFB16}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19A395C9-823B-4700-B817-396FC84FFB16}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19A395C9-823B-4700-B817-396FC84FFB16}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{19A395C9-823B-4700-B817-396FC84FFB16}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Chave Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{19A395C9-823B-4700-B817-396FC84FFB16}]
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deleteda : HKCU\Software\BI
Chave Deleteda : HKCU\Software\HomeTab
Chave Deleteda : HKCU\Software\IM
Chave Deleteda : HKCU\Software\ImInstaller
Chave Deleteda : HKCU\Software\lollipop
Chave Deleteda : HKCU\Software\powerpack
Chave Deleteda : HKCU\Software\simplytech
Chave Deleteda : HKCU\Software\SmartBar
Chave Deleteda : HKCU\Software\Softonic
Chave Deleteda : HKCU\Software\Somoto
Chave Deleteda : HKCU\Software\WNLT
Chave Deleteda : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deleteda : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deleteda : HKCU\Software\AppDataLow\Software\LyricsContainer
Chave Deleteda : HKCU\Software\AppDataLow\Software\simplytech
Chave Deleteda : HKLM\Software\Desksvc
Chave Deleteda : HKLM\Software\eSafeSecControl
Chave Deleteda : HKLM\Software\Iminent
Chave Deleteda : HKLM\Software\portaldositesSoftware
Chave Deleteda : HKLM\Software\Tarma Installer
Chave Deleteda : HKLM\Software\V9
Chave Deleteda : HKLM\Software\WNLT
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Produto Deletado : SweetIM for Messenger 3.7

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16660

Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Configurações Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Configurações Restaurado : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Configurações Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Mozilla Firefox v23.0.1 (pt-BR)

[ Arquivo : C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\f7chhz8g.default\prefs.js ]

Linha deletada : user_pref("CT2851643.FF19Solved", "true");
Linha deletada : user_pref("CT2851643.UserID", "UN39461287341242353");
Linha deletada : user_pref("CT2851643.installDate", "16/7/2013 1:21:41");
Linha deletada : user_pref("CT2851643.installSessionId", "-1");
Linha deletada : user_pref("CT2851643.installSp", "FALSE");
Linha deletada : user_pref("CT2851643.installerVersion", "1.4.2.3");
Linha deletada : user_pref("CT2851643.searchRevert", "FALSE");
Linha deletada : user_pref("CT2851643.searchUserMode", "1");
Linha deletada : user_pref("CT2851643.versionFromInstaller", "10.16.2.9");
Linha deletada : user_pref("extensions.crossrider.bic", "140c5d0d805736cc05337f4bd715c979");

[ Arquivo : C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_244017\prefs.js ]

Linha deletada : user_pref("CT2851643.FF19Solved", "true");
Linha deletada : user_pref("CT2851643.UserID", "UN39461287341242353");
Linha deletada : user_pref("CT2851643.installDate", "16/7/2013 1:21:41");
Linha deletada : user_pref("CT2851643.installSessionId", "-1");
Linha deletada : user_pref("CT2851643.installSp", "FALSE");
Linha deletada : user_pref("CT2851643.installerVersion", "1.4.2.3");
Linha deletada : user_pref("CT2851643.searchRevert", "FALSE");
Linha deletada : user_pref("CT2851643.searchUserMode", "1");
Linha deletada : user_pref("CT2851643.versionFromInstaller", "10.16.2.9");
Linha deletada : user_pref("extensions.crossrider.bic", "140c5d0d805736cc05337f4bd715c979");

-\\ Google Chrome v29.0.1547.66

[ Arquivo : C:\Users\KIRSTEN INGRID\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleteda : search_url
Deleteda : keyword

*************************

AdwCleaner[R0].txt - [19249 octets] - [09/09/2013 18:12:48]
AdwCleaner[S0].txt - [17305 octets] - [09/09/2013 18:20:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17366 octets] ##########

Boa Noite!

Problema resolvido! Não persiste mais, creio que foi removido, porém ao reiniciar não mais apareceu a notificação RunDLL o problema na inicialização do C:\programfiles\hometab\tbupdaterr.dll.
Muuito Obrigada por sua ajuda.
Valeu!!!!

Apareceu outro probleminha!!!!!
Se poder me ajudar, ficaria agradecida
Algumas pastas e arquivos estão em formato de cópias e quando coloco para exibir aparece: O local não está disponível. C:\Arquivos de Programas não está acessível. Acesso negado. O que eu faço??????

Agradeço desde já e fico no aguardo.

Código:

C:\Users\KIRSTEN INGRID\Downloads\AdwCleaner.exe

Preste bem atenção aonde for salvar as ferramentas. Eu solicitei para salvar no Desktop (Área de Trabalho).

O fato acima não tem relação entre o local onde vc salvou e o atual problema. É uma questão de organização, pois assim saberei onde estão as ferramentas usadas....OK?

Possivelmente este problema seja uma consequência de outra contaminação.

Vamos lá...


Execute o AdwCleaner, clique [Desinstalar] > [Sim]


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Farbar) e salve-o no Desktop

*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Aceite o contrato e clique [Scan] e ao término clique [OK] > [OK]

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt


Acesse [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique [Selecionar arquivo...], localize o relatório FRST.txt criado no Desktop e clique [Abrir]

*Selecione 4 jours e clique [Créer le lien Cjoint]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Cole o link criado ao lado de Le lien a été créé:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Repita o procedimento para o relatório Addition.txt e cole o link.

Bom dia!

Segue Link Relatórios;

FRST.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Addition.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Bom dia


Baixe este arquivo[/url] e salve-o no Desktop

*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Fix] e cole o relatório apresentado


Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de RubbeR DuckY)

*Antes de concluir a instalação, desmarque a opção Ativar trial gratuito do Malwarebytes Anti-Malware PRO

*Aguarde o término da atualização, selecione [Verificação Rápida], clique [Verificar]

*Ao término, clique [OK] > [Ver Resultados]

*Selecione todos os resultados e clique [Remover Selecionados]

*Cole o relatório apresentado

Olá

Tem algum problema, não estou conseguindo Executar o Malware, quando clico em executar não aparece mais nada

OK...


Cole o relatório(fixlog.txt localizado no Desktop) do FRST que solicitei.


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Smeenk) e salve-o no Desktop (Área de Trabalho)

*Clique com o botão direito do mouse no Zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Cole as linhas em marrom no espaço

startupall;
autoclean;
emptyalltemp;
uninstall-list;

*Feche o seu navegador e clique [Run Script]

*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

*Caso a reinicialização do PC seja solicitada, clique [OK]


Acesse [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique [Selecionar arquivo...], localize o relatório C:\zoek-results.txt e clique [Abrir]

*Selecione 4 jours e clique [Créer le lien Cjoint]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Cole o link criado ao lado de Le lien a été créé:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Segue Relatório

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-09-2013 01
Ran by KIRSTEN INGRID at 2013-09-10 12:26:29 Run:1
Running from C:\Users\KIRSTEN INGRID\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - DefaultScope value is missing.
FF HKCU\...\Firefox\Extensions: [{7aca4912-f9f2-4dfc-90d2-9fd87d62af55}] C:\Program Files\LyricsArt\130.xpi
HKCU\...\Winlogon: [Shell] C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe [115888 2009-12-10] (Oceanis) <==== ATTENTION
C:\Users\KIRSTE~1\AppData\Local\Temp\tn-sft_sc_hao123_br_hao123inst-brazil.exe
SearchScopes: HKCU - {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} URL =
Task: {0B2DF0FA-2CA5-4BBD-895D-E3ED1D25FC12} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe
Task: {8D426091-35B4-4C2E-8E56-8CDD848C141F} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\HomeTab\ProtectedSearch.exe
C:\Program Files\Desk 365

*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{7aca4912-f9f2-4dfc-90d2-9fd87d62af55} => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\KIRSTE~1\AppData\Local\Temp\tn-sft_sc_hao123_br_hao123inst-brazil.exe => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B2DF0FA-2CA5-4BBD-895D-E3ED1D25FC12} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B2DF0FA-2CA5-4BBD-895D-E3ED1D25FC12} => Key deleted successfully.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D426091-35B4-4C2E-8E56-8CDD848C141F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D426091-35B4-4C2E-8E56-8CDD848C141F} => Key deleted successfully.
C:\Windows\System32\Tasks\ProtectedSearch\Protected Search => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search => Key deleted successfully.
"C:\Program Files\Desk 365" => File/Directory not found.

==== End of Fixlog ====

 Olá Ingrid!

Faltou você postar o relatório do Zoek que está em C:\zoek-results.txt

Olá, boa tarde!

Segue Link Relatório;

zoek-results.log

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Zoek.exe Version 4.0.0.4 Updated 07-September-2013
Tool run by KIRSTEN INGRID on 10/09/2013 at 14:23:19,94.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\KIRSTEN INGRID\Downloads\zoek.exe [Script inserted]

==== System Restore Info ======================

10/09/2013 14:34:48 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_092013_1450.zip ======================

Process firefox.exe killed
Copied file C:\Users\KIRSTEN INGRID\AppData\Roaming\unins000.exe to sample\unins000.exe
sample\unins000.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6

C:\Users\Public\Desktop\sample_092013_1450.zip created successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\f7chhz8g.default

user.js not found
---- Lines imbooster removed from prefs.js ----

user_pref("id_imbooster4web_v6.Var1", "0");
user_pref("id_imbooster4web_v6.Var10", "0");
user_pref("id_imbooster4web_v6.Var2", "0");
user_pref("id_imbooster4web_v6.Var3", "0");
user_pref("id_imbooster4web_v6.Var4", "0");
user_pref("id_imbooster4web_v6.Var5", "0");
user_pref("id_imbooster4web_v6.Var6", "0");
user_pref("id_imbooster4web_v6.Var7", "0");
user_pref("id_imbooster4web_v6.Var8", "0");
user_pref("id_imbooster4web_v6.Var9", "0");
user_pref("id_imbooster4web_v6.cache.tbs_include_xml_006938", "13/16/1/6/113");
user_pref("id_imbooster4web_v6.firstlaunch", "0");
user_pref("id_imbooster4web_v6.guid", "%7B31C364A8-6C89-37AD-AD8F-B2A79AE127E6%7D");
user_pref("id_imbooster4web_v6.userId", "%12");
user_pref("id_imbooster4web_v6_installed_version", "1.0.1018.0");

---- Lines imbooster modified from prefs.js ----


---- Lines SpeedAnalysis removed from prefs.js ----

user_pref("extensions.speedanalysis04@SpeedAnalysis.com.id", "\"a125d4ab-a38a-2f85-a140-c572196997ab\"");
user_pref("extensions.speedanalysis04@SpeedAnalysis.com.mzID", "83");
user_pref("extensions.speedanalysis04@SpeedAnalysis.com.uuid", "\"f152d237-edb5-11e2-ab57-0025900b3c98\"");

---- Lines SpeedAnalysis modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs_092013_1452_.backup

ProfilePath: C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_244017

user.js not found
---- Lines imbooster removed from prefs.js ----

user_pref("id_imbooster4web_v6.Var1", "0");
user_pref("id_imbooster4web_v6.Var10", "0");
user_pref("id_imbooster4web_v6.Var2", "0");
user_pref("id_imbooster4web_v6.Var3", "0");
user_pref("id_imbooster4web_v6.Var4", "0");
user_pref("id_imbooster4web_v6.Var5", "0");
user_pref("id_imbooster4web_v6.Var6", "0");
user_pref("id_imbooster4web_v6.Var7", "0");
user_pref("id_imbooster4web_v6.Var8", "0");
user_pref("id_imbooster4web_v6.Var9", "0");
user_pref("id_imbooster4web_v6.cache.tbs_include_xml_006938", "13/16/1/6/113");
user_pref("id_imbooster4web_v6.firstlaunch", "0");
user_pref("id_imbooster4web_v6.guid", "%7B31C364A8-6C89-37AD-AD8F-B2A79AE127E6%7D");
user_pref("id_imbooster4web_v6.userId", "%12");
user_pref("id_imbooster4web_v6_installed_version", "1.0.1018.0");

---- Lines imbooster modified from prefs.js ----


---- Lines SpeedAnalysis removed from prefs.js ----

user_pref("extensions.speedanalysis04@SpeedAnalysis.com.id", "\"a125d4ab-a38a-2f85-a140-c572196997ab\"");
user_pref("extensions.speedanalysis04@SpeedAnalysis.com.mzID", "83");
user_pref("extensions.speedanalysis04@SpeedAnalysis.com.uuid", "\"f152d237-edb5-11e2-ab57-0025900b3c98\"");

---- Lines SpeedAnalysis modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

prefs_092013_1452_.backup

ProfilePath: C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_725742

prefs.js not found
user.js not found
---- Lines imbooster removed from prefs.js ----


---- Lines imbooster modified from prefs.js ----


---- Lines SpeedAnalysis removed from prefs.js ----


---- Lines SpeedAnalysis modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----


==== Deleting Files \ Folders ======================

"C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Windows\SendTo\Desk 365.lnk" deleted
"C:\Windows\isRS-000.tmp" deleted
"C:\Windows\Launcher.exe" deleted
"C:\Users\KIRSTEN INGRID\AppData\Roaming\unins000.exe" deleted
"C:\SoloApp" deleted
"C:\Users\KIRSTEN INGRID\AppData\Roaming\SpeedAnalysis4" deleted
"C:\Windows\System32\Tasks\Browser Updater" deleted
"C:\Users\KIRSTEN INGRID\AppData\LocalLow\SimplyTech" deleted
"C:\Windows\system32\tasks\ProtectedSearch" deleted
"C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" deleted

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BTMTrayAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BTMTrayAgent"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\Program Files\\Motorola\\Bluetooth\\btmshell.dll\",TrayApp"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CECAPLF]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CECAPLF"
"hkey"="HKLM"
"command"="C:\\Program Files\\ChiconyCam\\CECAPLF.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\KIRSTEN INGRID\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LanguageShortcut"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSC"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OfficeSyncProcess"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Office\\Office14\\MSOSYNC.EXE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pokki]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pokki"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\rundll32.exe \"%LOCALAPPDATA%\\Pokki\\Engine\\LaunchDeskband.dll\",RunLaunchDeskband"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power2GoExpress]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Power2GoExpress"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RemoteControl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Synaptics\\SynTP\\SynTPEnh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdatePDRShortCut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdatePDRShortCut"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\DVD Suite\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\DVD Suite\" UpdateWithCreateOnce \"Software\\CyberLink\\PowerStarter\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hotkey.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Hotkey.lnk"
"backup"="C:\\Windows\\pss\\Hotkey.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\Hotkey\\Hotkey.exe "
"item"="Hotkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^KIRSTEN INGRID^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
"path"="C:\\Users\\KIRSTEN INGRID\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Screen Clipper and Launcher.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2010 Screen Clipper and Launcher.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\MIF5BA~1\\Office14\\ONENOTEM.EXE /tsr"
"item"="OneNote 2010 Screen Clipper and Launcher"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [20/08/2013 19:45]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2671904842-801794768-3730877820-1001Core.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2671904842-801794768-3730877820-1001UA.job --a------ C:\Users\KIRSTEN INGRID\AppData\Local\Facebook\Update\FacebookUpdate.exe [29/07/2013 20:18]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18/06/2013 17:49]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [18/06/2013 17:49]

==== Firefox Extensions ======================

ProfilePath: C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\f7chhz8g.default
- DoNotTrackMe - %ProfilePath%\extensions\donottrackplus@abine.com
- HomeTab - %ProfilePath%\extensions\{65145f6e-3049-4f26-9782-88518b8d82c5}

ProfilePath: C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_244017
- DoNotTrackMe - C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\f7chhz8g.default\extensions\donottrackplus@abine.com
- HomeTab - C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\f7chhz8g.default\extensions\{65145f6e-3049-4f26-9782-88518b8d82c5}
- DoNotTrackMe - %ProfilePath%\extensions\donottrackplus@abine.com
- HomeTab - %ProfilePath%\extensions\{65145f6e-3049-4f26-9782-88518b8d82c5}

ProfilePath: C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_725742
- Undetermined - %ProfilePath%\extensions\donottrackplus@abine.com

==== Firefox Plugins ======================

Profilepath: C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\f7chhz8g.default
7F83E9B61DCC1B2436C3D6AA935710DA - C:\Users\KIRSTEN INGRID\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
260488E2BC07C276D1EDD54CCA086809 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
3A523765D795DB006C010B915C3A840A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
42A9B216A7A288512CE2F9A6BCCE96BC - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\KIRSTEN INGRID\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight

Profilepath: C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_244017
7F83E9B61DCC1B2436C3D6AA935710DA - C:\Users\KIRSTEN INGRID\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
260488E2BC07C276D1EDD54CCA086809 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash
101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update
7550FC1ADE982582D5920BEA6430E3D4 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
3A523765D795DB006C010B915C3A840A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
42A9B216A7A288512CE2F9A6BCCE96BC - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\KIRSTEN INGRID\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


==== Deleting Files \ Folders ======================

"C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\f7chhz8g.default\extensions\{65145f6e-3049-4f26-9782-88518b8d82c5}" deleted
"C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\f7chhz8g.default\extensions\{65145f6e-3049-4f26-9782-88518b8d82c5}" deleted
"C:\Users\KIRSTEN INGRID\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_244017\extensions\{65145f6e-3049-4f26-9782-88518b8d82c5}" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cpcimcpneglaogklgcfniikmjipcgheg - C:\Program Files\HomeTab\chrome\HomeTab.crx[]
mmgeplgnfdghgoenlonfmbbpddnleffa - C:\Program Files\LyricsArt\130.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\KIRSTEN INGRID\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[09/09/2013 13:41]

GBBD Banco do Brasil - KIRSTEN INGRID - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certified-toolbar.com?si=43168&tid=4003&ver=4.6&ts=1372706777570.000001&tguid=43168-4003-1372706681136-3BE0A90E942B79E77D8688A1D5DE477F&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=43168&tid=4003&ver=4.6&ts=1372706777570.000001&tguid=43168-4003-1372706681136-3BE0A90E942B79E77D8688A1D5DE477F&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=43168&tid=4003&ver=4.6&ts=1372706777570.000001&tguid=43168-4003-1372706681136-3BE0A90E942B79E77D8688A1D5DE477F&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=43168&st=bs&tid=4003&ver=4.6&ts=1372706777570.000001&tguid=43168-4003-1372706681136-3BE0A90E942B79E77D8688A1D5DE477F&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certified-toolbar.com?si=43168&st=bs&tid=4003&ver=4.6&ts=1372706777570.000001&tguid=43168-4003-1372706681136-3BE0A90E942B79E77D8688A1D5DE477F&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=43168&st=bs&tid=4003&ver=4.6&ts=1372706777570.000001&tguid=43168-4003-1372706681136-3BE0A90E942B79E77D8688A1D5DE477F&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
"Default"="http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=BR&userid=3f726908-ffea-9bbf-7608-02853cbd3586&searchtype=ds&q={searchTerms}&installDate=28/08/2013"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certified-toolbar.com?si=43168&st=bs&tid=4003&ver=4.6&ts=1372706777570.000001&tguid=43168-4003-1372706681136-3BE0A90E942B79E77D8688A1D5DE477F&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
"Default"="http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=BR&userid=3f726908-ffea-9bbf-7608-02853cbd3586&searchtype=ds&q={searchTerms}&installDate=28/08/2013"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certified-toolbar.com?si=43168&tid=4003&ver=4.6&ts=1372706777570.000001&tguid=43168-4003-1372706681136-3BE0A90E942B79E77D8688A1D5DE477F&st=chrome&q="
"Search Bar"="http://search.certified-toolbar.com?si=43168&tid=4003&ver=4.6&ts=1372706777570.000001&tguid=43168-4003-1372706681136-3BE0A90E942B79E77D8688A1D5DE477F&st=chrome&q="
"Search Page"="http://search.certified-toolbar.com?si=43168&tid=4003&ver=4.6&ts=1372706777570.000001&tguid=43168-4003-1372706681136-3BE0A90E942B79E77D8688A1D5DE477F&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Bar"="http://www.google.com"
"Search Page"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2671904842-801794768-3730877820-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{da2e16d5-254c-4e11-8fed-2a1b201de379} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{da2e16d5-254c-4e11-8fed-2a1b201de379} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da2e16d5-254c-4e11-8fed-2a1b201de379} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{da2e16d5-254c-4e11-8fed-2a1b201de379} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Default\Desktop\CyberLink DVD Suite.lnk - C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\Default User\Desktop\CyberLink DVD Suite.lnk - C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\USURIO~1\Desktop\CyberLink DVD Suite.lnk - C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ajuda.lnk - C:\SW_UTIL\Ajuda.htm
C:\Users\Public\Desktop\aTube Catcher.lnk - E:\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\BEM-VINDO.LNK - C:\SW_UTIL\WELCOME.EXE
C:\Users\Public\Desktop\Camtasia Studio 8.lnk - E:\CamtasiaStudio.exe
C:\Users\Public\Desktop\Manual.lnk - C:\SW_UTIL\manual.chm
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Public\Desktop\Video Search.lnk - E:\aTube Catcher 2.0\yct.exe /VIDEOSEARCH
C:\Users\Public\Desktop\WebCam Installer 4.00.lnk - C:\Program Files\WebCam\WebCam.exe

==== shortcuts in Users Start Menu ======================

C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Ajuda do PowerDVD.lnk - C:\Program Files\CyberLink\PowerDVD\Language\Ptb\PowerDVD.CHM
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\CyberLink PowerDVD.lnk - C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Desinstalar o PowerDVD.lnk - C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe -uninstall
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Leia-me.lnk - C:\Program Files\CyberLink\PowerDVD\Language\Ptb\Readme.htm
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDVD\Registo online.lnk - C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRSubmission.exe /LANG:Ptb
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki\Relaunch Pokki.lnk - C:\Users\KIRSTEN INGRID\AppData\Local\Pokki\Engine\pokki.exe /RELAUNCH

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - E:\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Recorder 8.lnk - C:\Windows\Installer\{BFA04EE0-8240-4667-8D53-45496A901C33}\CamtasiaIcons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Studio 8.lnk - C:\Windows\Installer\{BFA04EE0-8240-4667-8D53-45496A901C33}\CamtasiaIcons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CyberLink DVD Suite.lnk - C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TeamViewer 8.lnk - C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

==== Uninstall List x86 ======================

Adobe AIR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A0087DDE-69D0-11E2-AD57-43CA6188709B}]
Adobe AIR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR]
Adobe Flash Player 11 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Flash Player 11 Plugin [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Reader XI (11.0.03) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}]
AMD APP SDK Runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A25FF1C0-80B6-4B8B-A551-DC525697A408}]
AMD Fuel [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D2C00942-22FB-B60E-2AE0-352A52C2B39C}]
AMD Media Foundation Decoders [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5C15DB8F-48CC-41EE-51BC-920A0D35B26F}]
AMD VISION Engine Control Center [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1273F8E0-AD9E-CFE7-B451-0734B1CDBF72}]
ATI Catalyst Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6CC221A1-33DC-5E1D-0951-2550460FE8FC}]
aTube Catcher [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\aTube Catcher]
Bing Bar [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E461E45A-2B48-42FA-90E1-6F36D85DF101}]
BisonCam [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}]
Camtasia Studio 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BFA04EE0-8240-4667-8D53-45496A901C33}]
Catalyst Control Center InstallProxy [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{91A968B4-82AF-F65F-56B5-904D90DB555A}]
Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2C146D4-814E-C5A6-FF46-1068A577C5AD}]
Catalyst Control Center Profiles Mobile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F3C77B06-69E9-C37B-F5DD-05E65DD33526}]
ccc-utility [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FA83CE04-5F34-24B8-48FF-67E41BEC4090}]
CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2B90D3F-244E-8647-4184-9EA554768658}]
CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4C1D5B50-4A95-55D9-785F-3871FD99678F}]
CCC Help Czech [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5D3B07FA-65AA-1C13-F919-438D9A2AD980}]
CCC Help Danish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{10E74E55-280E-38BC-E03D-632415116746}]
CCC Help Dutch [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0C5C6AD2-2146-3FCC-02FF-4A2049C00C1C}]
CCC Help English [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B4B9BEC-B528-DF3F-6E94-07FE8484527A}]
CCC Help Finnish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D8170A3E-396C-76D3-03B8-31DD185FC9D2}]
CCC Help French [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{34B55919-9613-E4D6-F728-8BAAEDC3CB8C}]
CCC Help German [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3C36A5B5-1E30-A2A9-05B4-5718663E4A68}]
CCC Help Greek [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95297371-4617-FB43-5A93-96CF41A6225E}]
CCC Help Hungarian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A2CE33B-3EE5-3E8A-5A46-72660277D79B}]
CCC Help Italian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12174E6F-09F7-5F3B-ED6E-B70D1552C305}]
CCC Help Japanese [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3B8F0F0E-E03F-2E77-5D7E-834A4DC5CE6C}]
CCC Help Korean [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{830D8D0E-31C7-1721-ACEF-75CA479AC964}]
CCC Help Norwegian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4ED9A3C4-CA15-BF29-80BA-8B712CD34D9E}]
CCC Help Polish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{395B8BEC-FEC4-169F-9CC4-AE945E0A47EF}]
CCC Help Portuguese [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{221259C3-3A88-F42E-C551-8FA2C6CEF7DB}]
CCC Help Russian [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{53346569-B633-A904-19E3-4BB5F1EE07A1}]
CCC Help Spanish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F19947DB-79FC-C138-7896-826DE655155B}]
CCC Help Swedish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8FFE159A-A9F4-C60D-0B0B-5A2F47353B9E}]
CCC Help Thai [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E341AF3A-860D-F257-9CE3-384A8FE88168}]
CCC Help Turkish [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA7750E7-93D6-54F3-F255-84F185F7C0E1}]
ChiconyCam [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2201542-DA80-457F-8BD9-6C9C90196481}]
Cisco EAP-FAST Module [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}]
Cisco LEAP Module [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51C7AD07-C3F6-4635-8E8A-231306D810FE}]
Cisco PEAP Module [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}]
Controle ActiveX do Windows Live Mesh para Conexäes Remotas [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}]
CyberLink DVD Suite [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}]
CyberLink DVD Suite [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}]
CyberLink Power2Go [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}]
D3DX10 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
Facebook Video Calling 1.2.0.287 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Drive [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}]
Google Earth Plug-in [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Hotkey 3.3020 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{164714B6-46BC-4649-9A30-A6ED32F03B5A}]
Hotkey 3.3020 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}]
Java 7 Update 25 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217025FF}]
Java Auto Updater [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}]
JMicron Ethernet Adapter NDIS Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}]
JMicron Flash Media Controller Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26604C7E-A313-4D12-867F-7C6E7820BE4C}]
Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}]
Malwarebytes Anti-Malware versÆo 1.75.0.1300 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1]
Mesh Runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}]
Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
Microsoft .NET Framework 4 Client Profile PTB Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20A15757-4AE4-3C82-9711-863C84AFE6AA}]
Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0A0CADCF-78DA-33C4-A350-CD51849B9702}]
Microsoft .NET Framework 4 Extended PTB Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{98ADF875-648F-3E73-8F3B-010C2464C948}]
Microsoft Antimalware [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{774088D4-0777-4D78-904D-E435B318F5D2}]
Microsoft Antimalware Service PT-BR Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D40C0608-033D-43A7-B4D7-B0EE493F938C}]
Microsoft Mathematics [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D090F70-6F08-4B60-9357-A1DFD4458F09}]
Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS]
Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3CA0E14C-3490-4C88-B290-22606B2EF83A}]
Microsoft Security Client PT-BR Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{50779A29-834E-4E36-BBEB-B7CABC67A825}]
Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}]
M¢dulo de Seguran‡a - Banco do Brasil [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1]
Motorola Bluetooth [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1]
Mozilla Firefox 23.0.1 (x86 pt-BR) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 23.0.1 (x86 pt-BR)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
MSVCRT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
Oceanis Change Background Windows 7 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Oceanis Change Background Windows 7_is1]
PDFCreator [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}]
Pokki [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki]
PowerDVD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}]
Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
REALTEK Wireless LAN Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9D3D8C60-A55F-4123-B2B9-173F09590E16}]
SkypeT 6.6 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}]
Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey]
TeamViewer 8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TeamViewer 8]
VLC media player 2.0.8 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player]
WebCam Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2A14D7BC-1876-4B38-830B-18856C27F550}]
WebCam Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{43B43577-2514-4CE0-B14A-7E85C17C0453}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]
Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{65CD9858-1F02-46C8-80DA-62B29D2BA176}]
Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F53D678E-238F-4A71-9742-08BB6774E9DC}]
Windows Live Galeria de Fotos [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F7A46527-DF1F-4B0F-9637-98547E189442}]
Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{61AD15B2-50DB-4686-A739-14FE180D4429}]
Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9DA3F03B-2CEE-4344-838E-117861E61FAF}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{644063FA-ABA3-42AC-A8AC-3EDC0706018B}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DECDCB7C-58CC-4865-91AF-627F9798FE48}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D54A52A8-DF24-4CE8-850B-074CA47DFA74}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}]
Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AF844339-2F8A-4593-81B3-9F4C54038C4E}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B33B61FE-701F-425F-98AB-2B85725CBF68}]
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}]
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}]
Windows Live Remote Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{19A4A990-5343-4FF7-B3B5-6F046C091EDF}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{41B72CAF-036B-4E0A-8D22-F5DF7C970434}]
Windows Live Remote Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E6617B44-D556-49AC-B2A3-01451E115043}]
Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}]
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}]
Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF71ABBB-B834-41C0-BB58-80B0545D754C}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B3BE54A4-8DFE-4593-8E66-56AB7133B812}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}]
WinRAR 4.20 (32-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cpcimcpneglaogklgcfniikmjipcgheg deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mmgeplgnfdghgoenlonfmbbpddnleffa deleted successfully

==== Empty IE Cache ======================

C:\Users\KIRSTEN INGRID\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KIRSTEN INGRID\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\KIRSTEN INGRID\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\KIRSTEN INGRID\AppData\Local\Mozilla\Firefox\Profiles\f7chhz8g.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\KIRSTEN INGRID\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\KIRSTE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 10/09/2013 at 15:07:14,82 ======================

bom!, se me perguntarem como foi que executei zoek! não sei como foi, estava como o mesmo probleminha do malware, eu só cliquei na pasta do downloads em zoek com o direito do mouse, executar administrador, processou normalmente, o relatório apareceu, mas não executar o normal dele e nem salva no notebook. ?????
As pasta e os arquivos continuam do mesmo jeito.....

Bom...até agora posso dizer que o que foi removido tem pouca relação com seu problema.


Delete o Zoek, seu relatório C:\zoek-results.txt e o arquivo sample_092013_1450.zip localizado no Desktop


Delete o FRST, seus relatórios e a pasta C:\FRST


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Grinler) e salve-o no Desktop (Área de Trabalho)

*Feche o seu navegador

*Execute-o e cole o relatório apresentado

segue Relatório;

Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Windows Version: Windows 7 Starter Service Pack 1
Program started at: 09/10/2013 04:12:23 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\KIRSTEN INGRID\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\KIRSTEN INGRID\Desktop


0 bad shortcuts found.

Program finished at: 09/10/2013 04:12:25 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)

OK...

Pelos relatórios sua conta não tem privilégios administrativos. Talvez este seja o motivo de vc tentar abrir algumas pastas e receber a mensagem:

O local não está disponível. C:\Arquivos de Programas não está acessível. Acesso negado.

Isso é normal.

Se estas pastas possuem um cadeado, este é o motivo.

Delete o sc-cleaner e seu relatório

Os nomes dos arquivos estão repetidamente e no lado esquerdo com uma seta para cima como estivesse copiadas e as pastas um pouco invisível, com o amarelo claro e não tem cadeado.

São pastas do sistema.

Não devem ser mexidas.

Vc não tem direitos administrativos para abrir.

Se puder colar uma screen da tela, poderia te informar melhor.

já tentei, mas não conseguir...

ingrid*** escreveu:já tentei, mas não conseguir...

Para mostrar alguma tela no seu PC é só pressionar a tecla Prt Sc SysRq (Print Screen) para capturar uma foto da tela > aí vá em um editor de imagens (como o Paint, Gimp, Photoshop ou outro que você tenha) e cole-o (Ctrl + v) no seu editor de imagens e salve este arquivo > depois é só vir aqui no fórum e pressionar esta tecla que é mostrada na imagem abaixo para hospedar a imagem aqui no fórum:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Aí depois que clicar no botão mostrado na imagem acima, marque a opção Arquivo > selecione o arquivo com a imagem da tela que você salvou e clique em Abrir > depois é só clicar em Enviar  aí aparecerão três links e é só copiar o último link e postar ele aqui na próxima resposta.

 Olá!

Resolvido!!!
O problema porque estava desmarcado - ocultar arquivos protegidos do sistema operacional (recomendado), ufaaaa!! Valeu
Muuito obrigada pela atenção e dedicação.
Você e o fórum estão de parabéns!!!

CASO RESOLVIDO

Caso o(a) autor(a) do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.