WishmasterPB

Membro
  • Content count

    247
  • Joined

  • Last visited

Community Reputation

0 Neutral

About WishmasterPB

  • Rank
    Membro Avançado
  • Birthday 10/03/1979

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Sexo
    Masculino
  • Local
    João Pessoa - PB
  • Interesses
    Games, Rock, Computadores, Filmes(ação/suspense).
  1. Olá,, Gostaria de saber como instalar o IPM 1.9.4, pois toda vez que ligo meu notebok esse arquivo tenta instalar, porem, ao clicar em ok ele diz que a pasta de origem nao existe. Agradeço!!!
  2. Olá,, Quando fui fazer o procedimento para desisntalar o AdwCleaner o Avast detectou como uma ameaça e o moveu para quarentena, procurei em desisntalar programas e também no próprio desisntalar programas do CCLEANER que já tenho instalado em meu notebook e não encontrei mais o AdwCleaner. Mas fora isso o problema pelo qual pedi a ajuda já está totalmente resolvido...Agradeço a sua atenção e tempo para me ajudar!!! Obrigado JoseMelo!!!
  3. Olá,,, Optei por desinstalar o Ad-Aware..acabei passando batido e esqueci desses passos Na janela do scan, desmarque a opção Remove found threats Marque a opção Scan archives Fiz sem esses passos e só notei quando ja tinha terminado o scan..deppois fiz novamente com os passos corretos. 1º resultado C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\147244d1-f0bd-4297-bc09-2d3df41b6f6c.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\35d22c3c-00f9-400f-864b-169e308e70b3.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\924d6389-cd3d-47c2-ad41-b00b91c76a09.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\App Lid-bg.exe.vir a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\App Lid-bho.dll.vir a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\App Lid-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\App Lid-buttonutil.dll.vir a variant of Win32/Toolbar.CrossRider.BD potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\App Lid-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.BO potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\App Lid-buttonutil64.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\App Lid-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.AY potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\c48fe4d2-e847-4f6c-a6df-af50db53d192-11.exe.vir a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\c48fe4d2-e847-4f6c-a6df-af50db53d192-2.exe.vir a variant of Win32/Toolbar.CrossRider.AY potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\c48fe4d2-e847-4f6c-a6df-af50db53d192-4.exe.vir a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\c48fe4d2-e847-4f6c-a6df-af50db53d192-5.exe.vir a variant of Win32/Toolbar.CrossRider.AY potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\c48fe4d2-e847-4f6c-a6df-af50db53d192-7.exe.vir a variant of Win32/Toolbar.CrossRider.AY potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\ccc3206c-67fc-4d95-88f7-ba147d84f14f.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\Interop.IWshRuntimeLibrary.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\Newtonsoft.Json.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\SuperSocket.ClientEngine.Common.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\SuperSocket.ClientEngine.Core.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\SuperSocket.ClientEngine.Protocol.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\WebSocket4Net.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Kayner MR\AppData\Roaming\Mozilla\Firefox\Profiles\dc2f0oll.default\Extensions\d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined C:\Program Files (x86)\924d6389-cd3d-47c2-ad41-b00b91c76a09\88239aec-fc38-4e42-88d5-993074b51dcf.dll a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined C:\Users\Kayner MR\AppData\Local\Temp\setup.exe a variant of Win32/LiMo.C potentially unwanted application deleted - quarantined C:\Users\Kayner MR\AppData\Local\Temp\is386526232\60DB85A1_stp.DAT Win32/Somoto.E potentially unwanted application deleted - quarantined 2º resultado C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\bb15f112-afbf-484f-91c5-c02a471aaff2.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\c48fe4d2-e847-4f6c-a6df-af50db53d192.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\App Lid\c48fe4d2-e847-4f6c-a6df-af50db53d192.xpi.vir JS/Toolbar.Crossrider.B potentially unwanted application
  4. Olá JoseMelo.. Tentei enviar o resultado mas aparece uma msg informando que o post está muito grande, sendo assim enviei dessa forma. Não sei se será preciso o "Extras.txt" OTL Extras logfile created on: 19/11/2014 15:28:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kayner MR\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17416) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,90 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 52,83% Memory free 7,90 Gb Paging File | 5,88 Gb Available in Paging File | 74,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,60 Gb Total Space | 392,89 Gb Free Space | 87,19% Space Free | Partition Type: NTFS Computer Name: KAYNER | User Name: Kayner MR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04488AA3-00AE-4D6F-A24E-F0ADFFBB4D35}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{09336B88-1ED0-4DBC-8D77-C3CF449D6D4E}" = rport=445 | protocol=6 | dir=out | app=system | "{0BCFDDDD-18E6-4838-8BF9-A8793BC375E6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3D8EFF50-56B8-483A-A696-43FEA1A4F6EC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{487064BA-C679-4F76-A05A-43A133BC5C09}" = lport=2869 | protocol=6 | dir=in | app=system | "{58FC5D9D-8D49-428F-93EA-A4D8BFAA99A5}" = lport=10243 | protocol=6 | dir=in | app=system | "{5F5F1C94-F118-4A9A-A950-A5AB0C1D71A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{89C8FE28-E77B-4872-B7D9-05825E290AFD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9928E909-340D-4EE8-97EE-1D9197068A8B}" = lport=445 | protocol=6 | dir=in | app=system | "{A3D15491-EA08-4C4E-9EFB-F6B0A7F773E6}" = lport=138 | protocol=17 | dir=in | app=system | "{A4DDD178-E8F5-4B76-842C-269DE0D859FE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A5BD5EDA-783D-40B4-8E4C-1674AFA9B290}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{B0519FBE-05FD-44E3-A999-3C4E536364C1}" = lport=139 | protocol=6 | dir=in | app=system | "{B0788DDF-295E-4E1C-AA31-97656BE5341B}" = rport=137 | protocol=17 | dir=out | app=system | "{B2E84175-4757-485F-9B02-33C01822A7C2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{BAB8777E-1978-4F3C-94A0-6ACB6C832656}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0EA499B-1A91-425B-A71E-345FC7A95B85}" = rport=138 | protocol=17 | dir=out | app=system | "{C1A121DF-BE10-430C-BFFB-EF30E9FD4A48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C6E9CD31-84D0-4265-B245-50D482011F5C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{CF9FF89B-ECF4-424D-A48B-ABD968A9F8CA}" = rport=10243 | protocol=6 | dir=out | app=system | "{DA67DD0A-F172-4D6F-8232-9D83ACC4910F}" = rport=139 | protocol=6 | dir=out | app=system | "{DAAA17EA-5B0D-4906-8059-FAC44C5011DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EC486F5D-BC72-4C6F-A0B5-094D775B7217}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ECCBB99C-374B-4832-97A9-F14A0C005A15}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06E1A9FC-BD17-4C49-BC42-B32D9EB2D62B}" = dir=out | name=@{microsoft.bingtranslator_1.9.0.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtranslator/resources/appname} | "{06FE676D-AA1D-4865-AF8A-231A1FED2719}" = dir=in | name=microsoft minesweeper | "{08EE630F-8564-42DD-A726-A737C817E62B}" = dir=out | name=@{microsoft.zunemusic_2.6.343.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{0B34AE9E-A490-42B1-843E-DFBD83F571E8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0C149E32-F664-47E4-95A3-47C5611E6604}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{10A76105-5906-48CB-9C5F-C7AA2E1F5CC9}" = dir=out | name=@{microsoft.bingfinance_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{15D231F8-287A-42BB-87C4-85D37DF9948F}" = dir=out | name=@{microsoft.zunemusic_2.2.800.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{15FC363C-8F33-4138-A18B-23F706FF6239}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{18915B9D-6D24-4791-A160-8F278593088B}" = dir=out | name=tripadvisor hotels flights restaurants | "{18C7981D-1676-45C1-BD23-7AFAA58EA053}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | "{1AE34B2B-098B-4C07-BF7A-F63C60C3C442}" = dir=out | name=skype wifi | "{1B3BB2F4-8192-4EC2-81C3-D970C7F450F0}" = dir=in | app=c:\program files (x86)\diebold\warsaw\core.exe | "{22816776-FDD1-4996-A1B7-E9742A6618FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{24175DEB-3DBC-418B-AF79-6F820454E8CE}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{2454D8A8-E4F2-45A7-A4BD-24D26E3088FC}" = dir=out | name=@{microsoft.bingtravel_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{24CDF392-5E54-4F25-BC28-171686BC6288}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | "{26DA1C38-5B3C-40F5-BEB7-A0E515A48C15}" = dir=out | name=microsoft solitaire collection | "{276B788B-9275-489B-A326-7EA4A6762CD0}" = dir=out | name=healthvault | "{2A98F88E-953A-40A2-846C-022BF71FD027}" = dir=out | name=@{microsoft.zunevideo_2.6.408.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{2D293C54-8C33-4EF2-A63E-B5A8577CB702}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{2E35CA70-A1C4-4AF6-A6A0-6904309DBFA5}" = dir=out | name=disney the little mermaid undersea treasures | "{2FB7FBF8-588D-4753-B0FF-FB819FD2122D}" = dir=out | name=windows_ie_ac_001 | "{30E4EB49-D80D-4157-8B96-23569F9C298E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{318BD72E-594B-4E06-94C8-4826DCD3F626}" = dir=out | name=@{microsoft.bingnews_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{34BCA29D-DC4E-40C5-933A-E53E1D5EE4BB}" = dir=in | name=microsoft mahjong | "{3D232C38-966F-43B2-A784-4B0A07ED572D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3E64B178-3759-47F5-8AF0-4658E7FA34C6}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{3EAAE06A-3819-4002-BA6D-1F1A51DE32EC}" = dir=out | name=onenote | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{43ECEBB0-88C4-4B4B-8B74-0555B67F8A9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{490D18FA-9D8F-438C-AE32-C3A94703A2FC}" = dir=in | name=onenote | "{4FA41831-3D32-4BA6-999D-2804E605B57E}" = dir=out | name=@{microsoft.zunevideo_2.2.802.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{512F6A52-4201-4EC0-85DC-E5A8F78667CF}" = dir=in | name=microsoft solitaire collection | "{52881231-8313-4D25-AB32-1B850CC1F20D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{56CF1AB3-24D5-47D9-A331-5B64627D45AD}" = dir=out | name=disney the little mermaid undersea treasures | "{56FA1F5D-1862-4E5A-94D6-55BFBC604EF7}" = dir=in | name=onenote | "{582DF09C-59DD-4E75-A885-ECDA553EE4C2}" = dir=out | name=microsoft mahjong | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{67B6AFD4-ECB7-450B-891F-7B51D9481A0B}" = dir=out | name=onenote | "{69075332-4209-4089-8B09-F54D802BD727}" = protocol=6 | dir=out | app=system | "{695555E2-6C62-4F76-BF3A-91526B3680CE}" = dir=out | name=@{microsoft.bingsports_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{6B91C210-E2FE-4461-B2D6-09A1953B0D62}" = dir=in | name=skype | "{6C9DF495-A2B9-4FF8-827F-B9BDB611D2D4}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{71951BEC-5B94-4608-AEDF-7B4737BB4DAE}" = dir=in | name=microsoft mahjong | "{72F7D3C5-7694-42C8-BF2F-2E44E3C80B50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{733D2006-5F60-4CC6-8B89-57B7D1A248D4}" = dir=out | name=endless skater | "{75A0571A-F5D7-4DE2-A809-BF445F0991E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{76522B14-6E88-4ED2-A542-5605948F2DCE}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | "{7666C49C-11CD-4056-B194-D35F9FDA9315}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{791075C5-E3D1-4316-874F-9ECF9A4AA3B3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7AE40DBD-01DD-46F3-A026-9728F7325970}" = dir=out | name=@{microsoft.moviemoments_6.3.9654.20464_x64__8wekyb3d8bbwe?ms-resource://microsoft.moviemoments/resources/app_name/text} | "{7BCC3277-08FB-450F-AA4C-6F6A7E1D4281}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{7D3FB94B-F9DE-4D0B-95D8-7CD2D41B5D57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8024B2A3-6EA4-4E49-840D-261C27C0E070}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{816E83A3-09F0-4C8A-84D8-94420AC43F85}" = dir=out | name=@{microsoft.bingweather_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{87D4D8C0-8A11-4612-A065-42976357BC9C}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{888C6DC7-8372-4B55-BBF1-3BF08F552BCA}" = dir=out | name=microsoft solitaire collection | "{8AD28435-2138-4B3F-84A0-336D9623D93E}" = dir=out | name=skype | "{9045F5B3-8F7C-4000-81B8-930BDF768CBB}" = dir=out | name=adera | "{90742258-BF2D-4261-9D0F-D24D7779FAE4}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{94790D31-4F88-4144-BA22-714CB42A50E2}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{96CEFCAD-1A48-421D-9695-BEA25BAC3E60}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{96DE3CF4-FFB7-4EAB-B798-A9130D374E1A}" = dir=out | name=microsoft mahjong | "{987945A7-0176-49B7-B578-F65DF49D1700}" = dir=out | name=@{microsoft.bingweather_3.0.4.214_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | "{991C721A-C643-42BF-9F0D-410E2E59DC99}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{99B360E8-0C0F-467B-811E-3FC723888945}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{9B0BEE87-A1E0-4299-BBD9-EE126121A7FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9DF95E79-39AB-4CC7-A28E-687852E1E46F}" = dir=out | name=microsoft minesweeper | "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{9F0288FF-A009-41BC-9C44-F9E2D8DF69CF}" = dir=in | name=skype | "{9F084C8D-7C9D-45C4-B147-C09FB5071829}" = dir=out | name=adera | "{A03C7619-BAF3-4971-9EC7-60049779939B}" = dir=out | name=@{microsoft.bingtranslator_1.7.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtranslator/resources/appname} | "{A26E3CE8-0175-4111-B23E-AE2DF80187C7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{A93513ED-8093-468D-87F3-FC2E6FA03524}" = dir=out | name=endless skater | "{AD1D21AA-1E9C-4E65-AB46-BB2549EDFDB8}" = dir=out | name=reckless racing ultimate lite | "{B170E598-EB36-4DC3-A016-837EA415EED2}" = dir=out | name=fresh paint | "{B1A7360B-5CCC-4BC6-958B-F7E3E75D5366}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B45C2800-2122-4532-A446-5E6C97A95D1B}" = dir=out | name=microsoft minesweeper | "{B4E3E0BE-2A87-4AD8-A6A4-C07BF4D86BA7}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | "{B60DFCB5-D3C0-4555-B528-4166E7D72344}" = dir=out | name=skype wifi | "{C02A82EC-1226-49C3-B043-51770BC00119}" = dir=out | name=xbox one smartglass | "{C7F69954-DC60-4245-AF5A-EC3D0D8D3882}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C94541DC-9D91-4973-B696-2ADD2A26DF6E}" = dir=out | name=healthvault | "{CA052CB4-93F6-490F-B317-F0E212C7BC01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CBE010B8-E9B6-4B52-959C-95621B06A9F2}" = dir=in | name=microsoft solitaire collection | "{CD7F55E5-92FF-4627-AC54-ABF366607AD7}" = dir=out | name=@{microsoft.moviemoments_6.3.9654.20464_x64__8wekyb3d8bbwe?ms-resource://microsoft.moviemoments/resources/app_name/text} | "{CE92CA83-2FFB-4D83-AE30-187D0A078F76}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{CEB2315E-FB47-4550-910A-904939E11286}" = dir=out | name=xbox one smartglass | "{CEC3D92E-6286-4AEF-99B8-67A0067B61B6}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | "{D21698D8-C9E3-46FD-BE49-458FFA3FCFDF}" = dir=out | name=fresh paint | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{DC809F0A-F251-45E8-8028-EE0488327AA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E2DBD655-0BE2-44D9-A951-2A5640563570}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe | "{E4C23394-80D4-4D89-8F37-3FAC35BA9392}" = dir=in | name=xbox one smartglass | "{E59B5003-53E7-49E7-A1EC-AE117E4C0577}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{EA8A0C12-D167-4808-AD3A-A9BF81778EED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EAD74E82-6291-492A-86E5-7244227DC32A}" = dir=out | name=@{microsoft.bingfinance_3.0.2.243_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{F04D4ED5-9655-492C-AD79-84BB0AF1F970}" = dir=out | name=tripadvisor hotels flights restaurants | "{F1AE7DD8-33DB-41C4-9E06-5720825E7F59}" = dir=out | name=@{microsoft.bingsports_3.0.4.244_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{F3757DE7-40D6-41A4-A26A-E7B69B07DEEA}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{F4A8FC9E-CC37-4D1A-8B32-C5B1F5BA2F3B}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F665E1EF-9CC0-45C6-8CDB-48FA91F29F33}" = dir=in | name=xbox one smartglass | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "{F855083B-6AFB-414D-B8D7-6719AA0A0EF8}" = dir=in | name=microsoft minesweeper | "{F8DFE746-9A17-4295-9277-0097220FE799}" = dir=out | name=skype | "{F9886433-EAE2-440C-9E4D-B5C765F64FF1}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{F9C2995C-321B-4934-B91E-7F47C45A92F2}" = dir=out | name=reckless racing ultimate lite | "TCP Query User{3FE4A835-409D-4ED3-A1E9-E646D3356F2C}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "UDP Query User{7E485879-E4A3-4470-B250-0D627762D2AE}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}" = AdAwareUpdater "{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater" = Ad-Aware Antivirus "{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}" = Intel® Trusted Connect Service Client "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}" = Driver 1.3.1 "{CC347FC6-C8D7-493A-B70E-1D89E22691A7}" = AntimalwareEngine "{E56846B3-745F-443C-9C17-BC371A0902E0}" = AdAwareInstaller "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "CCleaner" = CCleaner "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform "{03635152-A76A-4A40-B276-73363CDAB2A9}" = Windows Live UX Platform Language Pack "{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media "{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM) "{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery "{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}" = Cisco PEAP Module "{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM) "{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode "{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic "{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common "{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM) "{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1" = Warsaw 1.3.1 "{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21 "{26328768-ACC3-4E7F-A045-E898D4B77D93}" = Photo Common "{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM) "{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform "{52E9FAF6-B202-4002-B182-E5DD7A4DD68D}" = Windows Live Essentials "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM "{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM) "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1" = Guardião - Itaú 30 horas "{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR "{7E60A32D-7AD9-7CF6-1378-2FBCDBB37E71}" = Transformice "{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience) "{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video "{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express "{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM) "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{95E152CF-0EB5-4BFA-B6EE-8FC7F9601BA5}" = Nero 12 "{9DAABC60-A5EF-41FF-B2B9-17329590CD5}" = REALTEK Wireless LAN Driver "{9EE1AE8B-4872-41CA-8C9A-C33D899523E0}" = Galeria de Fotos "{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADF4228-0772-4D43-92EB-B245E3A17B00}" = IPM 1.9.4 "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic "{AF312B06-5C5C-468E-89B3-BE6DE2645722}" = Cisco LEAP Module "{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM) "{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform "{B351A468-173F-43D8-B6E6-5A6E9A0125A8}" = iBrightness 1.0.1 "{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C05F4139-CB6B-4272-A0BF-861FEB667F27}" = Movie Maker "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE "{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 "{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions "{D445A7B9-69A8-4860-95B9-BB957281D9A0}_is1" = KeeP 3D - v1.0 "{D729E451-1F6A-B225-B6BC-C55511C4D807}" = KeeP3D "{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp "{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic "{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM) "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin "Avast" = Avast Free Antivirus "AviSynth" = AviSynth 2.5 "Baidu PC Faster 4.0.0.0" = Baidu PC Faster "Freemake Video Converter_is1" = Freemake Video Converter versão 4.1.5 "Google Chrome" = Google Chrome "KeeP3D" = KeeP3D "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versão 2.0.3.1025 "Mozilla Firefox 33.1 (x86 pt-BR)" = Mozilla Firefox 33.1 (x86 pt-BR) "MozillaMaintenanceService" = Mozilla Maintenance Service "Transformice" = Transformice "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 5.01 (32-bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19/11/2014 10:01:12 | Computer Name = Kayner | Source = Customer Experience Improvement Program | ID = 1008 Description = [ System Events ] Error - 18/11/2014 21:24:27 | Computer Name = Kayner | Source = DCOM | ID = 10010 Description = Error - 18/11/2014 21:24:57 | Computer Name = Kayner | Source = DCOM | ID = 10010 Description = Error - 18/11/2014 21:25:27 | Computer Name = Kayner | Source = DCOM | ID = 10010 Description = Error - 18/11/2014 21:25:57 | Computer Name = Kayner | Source = DCOM | ID = 10010 Description = Error - 18/11/2014 21:26:28 | Computer Name = Kayner | Source = DCOM | ID = 10010 Description = < End of report > OTL.Txt
  5. Olá JoseMelo,, Obrigado pela sua atenção..segue abaixo os resultados.. # AdwCleaner v4.101 - Relatório criado 18/11/2014 às 22:09:48 # Atualizado 09/11/2014 por Xplode # Database : 2014-11-16.1 [Live] # Sistema Operacional : Windows 8.1 Connected (64 bits) # Usuário : Kayner MR - KAYNER # Executando de : C:\Users\Kayner MR\Desktop\AdwCleaner.exe # Opção : Limpar ***** [ Serviços ] ***** ***** [ Arquivos / Pastas ] ***** Pasta Deletada : C:\ProgramData\baidu Pasta Deletada : C:\ProgramData\WindowsMangerProtect Pasta Deletada : C:\Program Files (x86)\globalUpdate Pasta Deletada : C:\Program Files (x86)\App Lid Pasta Deletada : C:\Users\Kayner MR\AppData\Local\globalUpdate Pasta Deletada : C:\Users\Kayner MR\AppData\LocalLow\App Lid Pasta Deletada : C:\Users\Kayner MR\AppData\Roaming\mystartsearch Pasta Deletada : C:\Users\Public\Documents\baidu Pasta Deletada : C:\Users\Kayner MR\AppData\Roaming\Mozilla\Firefox\Profiles\dc2f0oll.default\Extensions\d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.com Arquivo Deletada : C:\Users\KAYNER~1\AppData\Local\Temp\EsgScanner.sys ***** [ Tarefas ] ***** Tarefa Deletedo : c02fc1aa-4336-4248-8e8e-24b59cb66cc0 Tarefa Deletedo : c48fe4d2-e847-4f6c-a6df-af50db53d192-1 Tarefa Deletedo : c48fe4d2-e847-4f6c-a6df-af50db53d192-11 Tarefa Deletedo : c48fe4d2-e847-4f6c-a6df-af50db53d192-2 Tarefa Deletedo : c48fe4d2-e847-4f6c-a6df-af50db53d192-4 Tarefa Deletedo : c48fe4d2-e847-4f6c-a6df-af50db53d192-5 Tarefa Deletedo : c48fe4d2-e847-4f6c-a6df-af50db53d192-5_user Tarefa Deletedo : c48fe4d2-e847-4f6c-a6df-af50db53d192-6 Tarefa Deletedo : c48fe4d2-e847-4f6c-a6df-af50db53d192-7 Tarefa Deletedo : c8cd0282-d27d-4d1a-88f0-6235dbfc8763 ***** [ Atalhos ] ***** ***** [ Registro ] ***** Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572243} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575543} Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576643} Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644574443} Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572243} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575543} Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576643} Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Chave Deletedo : HKCU\Software\GlobalUpdate Chave Deletedo : HKCU\Software\InstallCore Chave Deletedo : HKCU\Software\InstalledBrowserExtensions Chave Deletedo : HKCU\Software\AppDataLow\Software\adawarebp Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider Chave Deletedo : HKCU\Software\AppDataLow\Software\App Lid Chave Deletedo : HKLM\SOFTWARE\GlobalUpdate Chave Deletedo : HKLM\SOFTWARE\InstalledBrowserExtensions Chave Deletedo : HKLM\SOFTWARE\supWindowsMangerProtect Chave Deletedo : HKLM\SOFTWARE\App Lid Chave Deletedo : HKLM\SOFTWARE\mystartsearchSoftware Chave Deletedo : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com ***** [ Navegadores ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v33.1 (x86 pt-BR) [dc2f0oll.default\prefs.js] - Linha deletada : user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_meta.value", "%7B%2219x19.png%22%3A%7B%22id%22%3A853130%2C%22ver%22%3A1%2C%22status%22%3A1%2C%[...] [dc2f0oll.default\prefs.js] - Linha deletada : user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D[...] [dc2f0oll.default\prefs.js] - Linha deletada : user_pref("extensions.crossrider.bic", "149b669e426c6f364c74aa94bde08aa6"); [dc2f0oll.default\prefs.js] - Linha deletada : user_pref("extensions.quick_start.enable_search1", false); [dc2f0oll.default\prefs.js] - Linha deletada : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); [dc2f0oll.default\prefs.js] - Linha deletada : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_frg01_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0BtDtByD0A0AtDtD0DzztBtCtAyByBzytN0D0Tzu0StCtDyDtDtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD[...] [dc2f0oll.default\prefs.js] - Linha deletada : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_frg01_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0BtDtByD0A0AtDtD0DzztBtCtAyByBzytN0D0Tzu0StCtDyDtDtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytD[...] [dc2f0oll.default\prefs.js] - Linha deletada : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_frg01_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0BtDtByD0A0AtDtD0DzztBtCtAyByBzytN0D0Tzu0StCtDyDtDtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzy[...] -\\ Google Chrome v38.0.2125.111 [C:\Users\Kayner MR\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms} [C:\Users\Kayner MR\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_frg01_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0BtDtByD0A0AtDtD0DzztBtCtAyByBzytN0D0Tzu0StCtDyDtDtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyCyEzyyBtCyDzztGyCtCyDtCtG0C0EtDyDtGyDyC0FtCtGtAtB0A0DtAyCzyyCyByEyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzz0DyCzztBtB0CtGtCyByCzztGyEtC0ByDtG0AtCzytBtG0EtByCzz0Dzy0B0E0B0C0CyB2Q&cr=429117364&ir= ************************* AdwCleaner[R0].txt - [11276 octets] - [18/11/2014 22:05:56] AdwCleaner[s0].txt - [10638 octets] - [18/11/2014 22:09:48] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10699 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.9 (11.15.2014:2) OS: Windows 8.1 Connected x64 Ran by Kayner MR on 18/11/2014 at 22:15:06,44 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611571143} ~~~ Files Successfully deleted: [File] "C:\ProgramData\duplicaterecord.js" ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\baidu" Failed to delete: [Folder] "C:\ProgramData\baidu security" Successfully deleted: [Folder] "C:\Users\Kayner MR\AppData\Roaming\baidu security" Failed to delete: [Folder] "C:\Program Files (x86)\baidu security" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\baidu pc faster" Successfully deleted: [Folder] "C:\Users\Kayner MR\AppData\Roaming\microsoft\windows\start menu\programs\baidu pc faster" ~~~ FireFox Successfully deleted the following from C:\Users\Kayner MR\AppData\Roaming\mozilla\firefox\profiles\dc2f0oll.default\prefs.js user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_resource_853130.value", "%22data%3Aimage/png%3Bbase64%2CiVBORw0KGgoAA Emptied folder: C:\Users\Kayner MR\AppData\Roaming\mozilla\firefox\profiles\dc2f0oll.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18/11/2014 at 22:22:07,00 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware www.malwarebytes.org Data da Verificação: 18/11/2014 Hora da Verificação: 22:29:14 Arquivo de Log: mbam.txt Administrador: Sim Versão: 2.00.3.1025 Base de Dados de Malware: v2014.11.18.09 Base de Dados de Rootkit: v2014.11.18.01 Licença: Avaliação Gratuita Proteção de Malware: Habilitado Proteção de Site Malicioso: Habilitado Auto-Proteção: Desabilitado SO: Windows 8.1 Processador: x64 Sistema de Arquivos: NTFS Usuário: Kayner MR Tipo da Verificação: Verificar Ameaça Resultado: Terminado Objetos Verificados: 314265 Tempo Decorrido: 18 min, 8 seg Memória: Habilitado Inicialização: Habilitado Sistema de Arquivos: Habilitado Arquivos Compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado Processos: 0 (Nenhum item malicioso detectado) Módulos: 0 (Nenhum item malicioso detectado) Chaves de Registro: 4 PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\App Lid-nv, Quarentena, [f54ab18cb6c67bbbc338370054af58a8], PUP.Optional.AppLid.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\App Lid, Quarentena, [1c23e9548eee71c5a657e6512ad911ef], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], Valores de Registro: 0 (Nenhum item malicioso detectado) Dados de Registro: 0 (Nenhum item malicioso detectado) Pastas: 1 PUP.Optional.GlobalUpdate.A, C:\Users\Kayner MR\AppData\Local\Temp\comh.233391, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], Arquivos: 15 PUP.Optional.Nova.A, C:\Program Files (x86)\924d6389-cd3d-47c2-ad41-b00b91c76a09\0621304d-f435-47e1-bab1-333a897507bf.dll, Quarentena, [87b88db016669b9bd0d6cd1846bb1ae6], PUP.Optional.Somoto.A, C:\Users\Kayner MR\AppData\Local\Temp\appshat_generic.exe, Quarentena, [ed520637562652e41e43f42e3fc16f91], PUP.Optional.OpenCandy, C:\Users\Kayner MR\AppData\Local\Temp\FreemakeVideoConverterFull.exe, Quarentena, [e05fe657ee8e70c6bfd5d35422df53ad], PUP.Optional.OpenCandy, C:\Users\Kayner MR\Downloads\FreemakeVideoConverterSetup.exe, Quarentena, [81bef34a512b73c340545ccbd0317090], PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633, Quarentena, [a7987ebff5877db9a8d12786fa0ad030], PUP.Optional.GlobalUpdate.A, C:\Users\Kayner MR\AppData\Local\Temp\comh.233391\GoogleCrashHandler.exe, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], PUP.Optional.GlobalUpdate.A, C:\Users\Kayner MR\AppData\Local\Temp\comh.233391\GoogleUpdate.exe, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], PUP.Optional.GlobalUpdate.A, C:\Users\Kayner MR\AppData\Local\Temp\comh.233391\GoogleUpdateBroker.exe, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], PUP.Optional.GlobalUpdate.A, C:\Users\Kayner MR\AppData\Local\Temp\comh.233391\GoogleUpdateHelper.msi, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], PUP.Optional.GlobalUpdate.A, C:\Users\Kayner MR\AppData\Local\Temp\comh.233391\GoogleUpdateOnDemand.exe, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], PUP.Optional.GlobalUpdate.A, C:\Users\Kayner MR\AppData\Local\Temp\comh.233391\goopdate.dll, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], PUP.Optional.GlobalUpdate.A, C:\Users\Kayner MR\AppData\Local\Temp\comh.233391\goopdateres_en.dll, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], PUP.Optional.GlobalUpdate.A, C:\Users\Kayner MR\AppData\Local\Temp\comh.233391\npGoogleUpdate4.dll, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], PUP.Optional.GlobalUpdate.A, C:\Users\Kayner MR\AppData\Local\Temp\comh.233391\psmachine.dll, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], PUP.Optional.GlobalUpdate.A, C:\Users\Kayner MR\AppData\Local\Temp\comh.233391\psuser.dll, Quarentena, [af9094a982fa90a68c7ebb66c43f6e92], Setores Físicos: 0 (Nenhum item malicioso detectado) (end)
  6. Olá,,, Comprei um notebook a uma semana e já quando instalei um programa de gravação de dvd´s foi instalado uns programas que não consigo retirar não sei se é algum tipo de vírus, ad-aware ou spyware..em todos os navegadores aparece um ícone de uma cartola preta ao lado da caixa de pesquisa com o nome "Browser Apps Hat" e acho que além deste deve haver algum outro que eu não saiba.. Desde já agradeço a ajuda!! ZA-Scan.txt MbrScan.log..log FSS.txt
  7. The walking dead,, The bigbang theory,, Games of trhones. :legal:
  8. Sou fa de The walking dead, como a série deu uma parada e só volta em outubro comecei a assistir G.O.T,,e adorei muito massa. A primeira e a segunda temporada assisti práticamente direto ou seja quase 24 horas sem parar.Mas vale a a pena!!!
  9. Boa noite,,, Faz tempo que não passo aqui pelo fórum, muito trabalho...tenho em casa 3 smartphones e já li várias coisas sobre ter ou não antivírus no celular mas as opiniões são as mais variadas. Algumas acham que é só para que as empresas vendas seus produtos outras que eles realmente protegem. Por isso gostaria de saber aqui no fórum se é realmente preciso ter ou não esses antivírus nos meus celulares,, Desde já agradeço a atenção!!!
  10. Um amigo me falou dessa tal deep web fiquei chocado e curioso para conhece-la, mas vi em sites que só o fato de acessa-la já é um crime danado gostaria de saber se é seguro e confiavel navegar nessa internet. ABRAÇOS!!!
  11. Olá a todos,, Comprei um celular da nokia modelo x2 00, usado e estou precisando restaurar as configurações originais dele porém o antigo dono mudou a senha que era 12345 e agora ele não lembra qual é, tem como recuperar essa senha ou algum programa para fazer essa modificação ou só em alguma loja de celular? Abraços!
  12. Ciro-mota,, Eu tenho em meu net o windows xp ainda mas, já atualizei todos os itens mencionados acima. Obrigado,,abraços!!
  13. Ciro-Mota, Depois de realizar o procedimento, testei tanto reiniciando como desligando e ligando de novo e finalmente não está mais com aquele inconveniente da pasta abrindo. Quanto ao keylogger, eu particulamente não gosto de ter em meu netbook mas, é necessário por conta do meu filho pois precisamos saber o que ele anda fazendo pela internet. Mais uma vez agradeço a sua atenção a estes problemas e pelo tempo dedicado para encontrar as soluções. ABRAÇOS!!!
  14. Ciro-Mota,, Positivo, mesmo depois de reinstalar o keylogger ainda continua abrindo a pasta "Meus Documentos" quando ligo ou reinicio.
  15. Poxa Ciro-Mota,, Agradeço a atenção dispensada, sendo assim segue o resultado: obs: eu instalei o keylogger de novo caso apareça algo nesta pesquisa. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=dword:00000001 "DefaultDomainName"="KAYNER" "DefaultUserName"="kayner" "LegalNoticeCaption"="" "LegalNoticeText"="" "PowerdownAfterShutdown"="0" "ReportBootOk"="1" "Shell"="Explorer.exe" "ShutdownWithoutLogon"="0" "System"="" "Userinit"="c:\\windows\\system32\\userinit.exe,userinit.exe,C:\\WINDOWS\\system32\\MPK\\MPK.exe" "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\"" "SfcQuota"=dword:ffffffff "allocatecdroms"="0" "allocatedasd"="0" "allocatefloppies"="0" "cachedlogonscount"="10" "forceunlocklogon"=dword:00000000 "passwordexpirywarning"=dword:0000000e "scremoveoption"="0" "AllowMultipleTSSessions"=dword:00000001 "UIHost"=hex(2):6c,00,6f,00,67,00,6f,00,6e,00,75,00,69,00,2e,00,65,00,78,00,65,\ 00,00,00 "LogonType"=dword:00000001 "Background"="0 0 0" "DebugServerCommand"="no" "SFCDisable"=dword:00000000 "WinStationsDisabled"="0" "HibernationPreviouslyEnabled"=dword:00000001 "ShowLogonOptions"=dword:00000000 "AltDefaultUserName"="kayner" "AltDefaultDomainName"="KAYNER" "DefaultDataInformation"="0x118201" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] @="Cota de disco da Microsoft" "NoMachinePolicy"=dword:00000000 "NoUserPolicy"=dword:00000001 "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "RequiresSuccessfulRegistry"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000000 "DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "ProcessGroupPolicy"="ProcessGroupPolicy" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] @="Internet Explorer Zonemapping" "DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll" "ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap" "NoGPOListChanges"=dword:00000001 "RequiresSucessfulRegistry"=dword:00000001 "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}] @="Internet Explorer User Accelerators" "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll" "NoGPOListChanges"=dword:00000001 "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] "ProcessGroupPolicy"="SceProcessSecurityPolicyGPO" "GenerateGroupPolicy"="SceGenerateGroupPolicy" "ExtensionRsopPlanningDebugLevel"=dword:00000001 "ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx" "ExtensionDebugLevel"=dword:00000001 "DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\ 00,00 @="Security" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "EnableAsynchronousProcessing"=dword:00000001 "MaxNoGPOListChangesInterval"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] "ProcessGroupPolicyEx"="ProcessGroupPolicyEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "ProcessGroupPolicy"="ProcessGroupPolicy" "DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll" @="Internet Explorer Branding" "NoSlowLink"=dword:00000001 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000001 "NoMachinePolicy"=dword:00000001 "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] "ProcessGroupPolicy"="SceProcessEFSRecoveryGPO" "DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\ 00,00 @="EFS recovery" "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] @="802.3 Group Policy" "DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\ 00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00 "ProcessGroupPolicyEx"="ProcessLANPolicyEx" "GenerateGroupPolicy"="GenerateLANPolicy" "DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\ 2e,00,64,00,6c,00,6c,00,00,00 "NoUserPolicy"=dword:00000001 "NoGPOListChanges"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] @="Microsoft Offline Files" "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\ 00,73,00,63,00,75,00,69,00,2e,00,64,00,6c,00,6c,00,00,00 "EnableAsynchronousProcessing"=dword:00000000 "NoBackgroundPolicy"=dword:00000000 "NoGPOListChanges"=dword:00000000 "NoMachinePolicy"=dword:00000000 "NoSlowLink"=dword:00000000 "NoUserPolicy"=dword:00000001 "PerUserLocalSettings"=dword:00000000 "ProcessGroupPolicy"="ProcessGroupPolicy" "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] @="Instala‡Æo de software" "DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx" "GenerateGroupPolicy"="GenerateGroupPolicy" "NoBackgroundPolicy"=dword:00000000 "RequiresSucessfulRegistry"=dword:00000000 "NoSlowLink"=dword:00000001 "PerUserLocalSettings"=dword:00000001 "EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\ 74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\ 00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\ 6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,29,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}] @="Internet Explorer Machine Accelerators" "DisplayName"="@C:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051" "DllName"="C:\\WINDOWS\\system32\\iedkcs32.dll" "NoGPOListChanges"=dword:00000001 "ProcessGroupPolicy"="ProcessGroupPolicyForActivities" "ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx" "RequiresSuccessfulRegistry"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonstartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonstartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] "Asynchronous"=dword:00000001 "DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\ 00,69,00,6d,00,73,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,00,00,00 "Startup"="WlDimsStartup" "Shutdown"="WlDimsShutdown" "Logon"="WlDimsLogon" "Logoff"="WlDimsLogoff" "StartShell"="WlDimsStartShell" "Lock"="WlDimsLock" "Unlock"="WlDimsUnlock" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxdev.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList] "HelpAssistant"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000