Ir para conteúdo

Foto

http://www_getwindowinfo/. no IE. Como faço para removê-lo?


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
7 respostas neste tópico

#1
José Guido Benetti junior

José Guido Benetti junior

    Novato

  • Membro
  • Pip
  • 4 posts
O notebook da minha namorada apresentou este link http://www_getwindowinfo/ no IE, logo após uma amiga dela baixar algumas coisas (músicas segundo ela). Estamos com este problema há um mês. Já tentei remover ele com alguns programas e não consegui. Notei que a versão do "JAVA" era antiga, mas já foi atualizada.

Agradeço desde já.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:31:56, on 03/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Users\Bruna\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Windows\xwizard(1).exe
C:\Windows\xwizard(1).exe
C:\Windows\xwizard(2).exe
C:\Windows\xwizard(2).exe
C:\Windows\xwizard(3).exe
C:\Windows\xwizard(3).exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruna\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minituner.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minituner.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.minituner.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minituner.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minituner.org/q/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Calculator] C:\Windows\xwizard(1).exe
O4 - HKLM\..\Run: [Calculator2] C:\Windows\xwizard(1).exe
O4 - HKLM\..\Run: [WinEx7] C:\Windows\xwizard(2).exe
O4 - HKLM\..\Run: [WinEx72] C:\Windows\xwizard(2).exe
O4 - HKLM\..\Run: [Notepad] C:\Windows\xwizard(3).exe
O4 - HKLM\..\Run: [Notepad2] C:\Windows\xwizard(3).exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [cacaoweb] "C:\Users\Bruna\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Bruna\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bruna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12681 bytes

#2
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Baixe OTL by OldTimer, e salve na sua área de trabalho.

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em Imagem Postada


Feche todas as janelas e execute a ferramenta.
Onde diz Saída, marque Padrão
Marque também estas opções:
  • Usar WhiteList para Nomes de Companhias.
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

drives
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\system32\tasks\*.* /s
%windir%\tasks\*.*
CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
%systemdrive%\$Recycle.Bin|@;true;true;true /fp



Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do Extras.txt e cole na sua resposta.
Anexe o arquivo OTL.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.


:legal:

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#3
José Guido Benetti junior

José Guido Benetti junior

    Novato

  • Membro
  • Pip
  • 4 posts
killer!

Bom dia.

Segue os resultados:

Extras:


OTL Extras logfile created on: 04/10/2012 11:46:58 - Run 1
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Bruna\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,80 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 56,58% Memory free
7,61 Gb Paging File | 5,31 Gb Available in Paging File | 69,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 408,13 Gb Free Space | 87,65% Space Free | Partition Type: NTFS

Computer Name: BRUNA-PC | User Name: Bruna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CDFAE04-2F9C-47B4-AF98-D993C0EBBFA4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3DDC662D-48CA-4A2F-B2A3-93ABCD9DB58A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3EC8940B-EF20-47EF-842E-F9874B7B0898}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{4815CF66-03A5-437A-91F7-27024B65B662}" = lport=2869 | protocol=6 | dir=in | app=system |
"{592DB039-8917-443A-80E9-64943B94B023}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E0421DE-79D8-4F75-958A-11C76C28DE80}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{60789067-3008-45E3-9F77-729D15EE6537}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{61E17450-FA0B-4A68-A5D1-3E947F1CD7E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65D11A0D-F0D8-4F2F-BDB1-0FA0835FE988}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{673DCCD9-D5F0-4A6A-90D5-3A0C79565E1D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76E84681-1116-41F4-AE9F-3E60EF96B8E4}" = lport=139 | protocol=6 | dir=in | app=system |
"{772DF4AA-3412-4DAE-BD2C-666D3E2113AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80BA5958-A6E1-4434-9D66-2388EC0F4A4E}" = lport=137 | protocol=17 | dir=in | app=system |
"{919DB229-A73D-463D-A766-1FC40953DEC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{934D8857-EB0D-4928-B55C-A15D04BC68F8}" = lport=445 | protocol=6 | dir=in | app=system |
"{93CB948F-2FD0-4693-8989-25D1B15E5B22}" = lport=138 | protocol=17 | dir=in | app=system |
"{9BADAFFF-50BA-4C2C-87AD-074B86FBBEA6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A4158E8C-1DB3-49DB-B5E3-8E37A8A2F841}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A416C874-2DDB-455E-B4C7-D41FF339A2E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0710B90-CDCF-4F61-B9BC-371D7A6B7652}" = rport=138 | protocol=17 | dir=out | app=system |
"{BC4078C5-AD53-4B03-A581-B27CE3E8AB31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BCA1DBBD-C677-40FB-ACA8-CDF61FD4C913}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEC57CA7-4206-4DCA-A4D4-BD7BF103A29C}" = rport=139 | protocol=6 | dir=out | app=system |
"{C17AAAB0-D3B0-468B-A00D-B872955141CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C412075C-E222-4D89-9797-389F7F27F8F3}" = rport=137 | protocol=17 | dir=out | app=system |
"{CB973312-D646-4D02-AD6B-57AF738757C7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CFFD1914-EA93-4D53-8939-1214D7C959C3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D49E8FBE-577A-497D-88E8-8295F014B1E2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D72C63A8-E900-4414-9D46-E2FFB7D3032C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D7ED0385-DC73-48EF-A0EA-4DF4B79C7DAB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F1BC82F5-3BE8-47E2-98CB-2C460A1045C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1FD8DA7-E3C1-4BC6-9669-A8656A7B392F}" = rport=445 | protocol=6 | dir=out | app=system |
"{F54AEC6B-0FD2-4730-9B2B-94D5A87A1774}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7BFDD87-AC11-4066-9421-AAD3925F1418}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAC6E5FE-AB87-423D-B49C-BE805E284BDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBAB780B-8F7A-4615-AD2F-8EB245BBB993}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D672AE-75BB-40EB-9014-A219707C131E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{08AEEA42-9114-401D-857F-1A9F7522AEF9}" = protocol=17 | dir=in | app=c:\program files (x86)\megacubo\megacubo.exe |
"{0A06E42C-714C-428C-88A9-A46D2342883F}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{0E907283-E47D-4131-A13E-02EB0DB072AF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{164BDDA5-AE2C-414C-9330-7F1650C325EA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{17E7BEE1-9DA7-444F-977D-4784B7AAFBE7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{1C8E1C90-937D-49DE-AE52-949E4BDE1BFD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1F8F3F71-5CB1-45E3-973C-EB0110473B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{29160462-A386-4F45-9BF0-0AC3037F5A6D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2C6AEF82-BAEA-4FBB-91FF-4B539D519867}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{394CC2EF-D655-4D07-B7E8-5D9D20A89D22}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3A23AFF2-D193-4CA3-85E3-815D2B8A33CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C730F7C-E59C-48C3-915F-6D325CA315CC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{4138B1DE-D9CC-436B-B2D1-BEF8667600E3}" = protocol=6 | dir=in | app=c:\program files (x86)\psafe\psrsync.exe |
"{4509BB7E-AFBC-429A-AEE7-49AF6571D4CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5141497D-FC3D-446F-8089-A1CE01AAAEB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5444AC47-9E9A-4E3B-90AD-3A8007D90C18}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{5C20883E-2014-4049-B491-0492B2E2F502}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{606A161E-5943-4729-AC85-725FDC1E875D}" = protocol=6 | dir=in | app=c:\users\bruna\desktop\facemoods.exe |
"{639B4715-3F4E-478E-B452-CD65C0A5B50D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{6A0F79B3-737E-45DF-B23C-F4408219FE8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{702ADF57-2ED5-4A5C-81CE-EF5E6A8CA3CF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7094CA28-B860-49EF-A77E-B79DC2E28168}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7E03528D-A790-4DD5-9BAA-4BD283CE1B5C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{858EE645-5040-4FDC-98BE-C9B74EC8F384}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{864BB6AA-7B18-41D1-97E1-071EE5939D36}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C8CAC0C-9254-4F1E-9989-9036F240B47A}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{92E27107-78C7-4A6B-AF01-1092318108CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9B3ED190-67C0-4F26-82A0-5DD88F7CB2B3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout™ paradise the ultimate box\burnoutlauncher.exe |
"{9D0265A1-A8E8-4D35-A5E5-EFBDBF7CF15E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0E77983-6046-4E0F-A438-34B7F26CF874}" = protocol=6 | dir=out | app=system |
"{A18CB9B1-DD1B-47F5-A72E-F3F8AF572448}" = protocol=17 | dir=in | app=c:\program files (x86)\psafe\psrsync.exe |
"{A4E2A123-25D5-4244-9C53-BCEE48F2F254}" = protocol=17 | dir=in | app=c:\users\bruna\desktop\facemoods.exe |
"{AE333468-2C14-4C67-B344-61BF93EE93FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF258BE1-5F1F-431F-8FB6-8217519103DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0921DBC-3DB3-4514-8E37-393C990EC9E3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B582355D-150D-426C-B28C-EE0B097DC50C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8BBA02C-EAEC-4440-915E-3946D0AEED4E}" = protocol=6 | dir=in | app=c:\program files (x86)\megacubo\megacubo.exe |
"{BF26D416-4C9D-4D25-BCE5-5A4F87472B22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BFDDD59B-8102-4D79-94FE-3164F71F4ACD}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{C180EF84-F4ED-4502-94EA-E7AE2058A201}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{C1D63179-0A1A-476D-BE07-8C674B655E23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C405CF43-393E-4E67-BC9F-1C098A280A8D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C42B5F8A-38CE-4C6C-ABCD-3E4012F0119D}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{DB6AFCD7-D825-4229-8C50-A303380E5BB9}" = protocol=6 | dir=in | app=c:\users\bruna\downloads\setup-msgplus-501.exe |
"{DD8D4F34-B266-492C-B1BD-885994038C22}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{DDB74049-3972-43CF-A4B0-08F6FFAE3DCF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\burnout™ paradise the ultimate box\burnoutlauncher.exe |
"{DF050E8F-3346-46DA-84C1-F52991A771E6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E7631628-8EBB-486E-ACC7-7A9D07379352}" = protocol=17 | dir=in | app=c:\users\bruna\downloads\setup-msgplus-501.exe |
"{F076CFBA-3DA9-475A-B509-105952472EF4}" = dir=in | app=c:\users\bruna\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F55FDF56-FB06-4074-A2D3-8E0E2593686E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{0CFF2FF2-9D43-41DB-80DB-A5D09C3CC356}C:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe |
"TCP Query User{1CD09BF2-081A-4681-8574-55B0021D819F}C:\program files (x86)\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google sketchup 7\sketchup.exe |
"TCP Query User{48DF5E20-83FA-4998-821C-424848197FD3}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=6 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"TCP Query User{9AB7C71D-A5A8-43CF-9676-848EC82D3AB7}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{A4C872DC-BEE2-42E1-9506-9FA89BAFA97E}C:\users\bruna\desktop\ares\ares.exe" = protocol=6 | dir=in | app=c:\users\bruna\desktop\ares\ares.exe |
"TCP Query User{D262CD16-A61B-4004-9129-1EEEB4EDF67A}C:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe |
"UDP Query User{4407223E-CA29-4A4E-9954-B25B6242E923}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{64FF83AA-937D-471E-8B2C-E6EED9385803}C:\users\bruna\desktop\ares\ares.exe" = protocol=17 | dir=in | app=c:\users\bruna\desktop\ares\ares.exe |
"UDP Query User{668B7660-63EC-4F60-83FE-D2911AB41979}C:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe |
"UDP Query User{6D566DAF-DDF5-4185-8033-027891E547A7}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=17 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"UDP Query User{872A8D67-4B1C-457F-AAA9-040A0BDAC86A}C:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe |
"UDP Query User{FDE10D65-3C26-4598-B048-AC47F52578BF}C:\program files (x86)\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google sketchup 7\sketchup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Software Intel® PROSet/Wireless WiFi
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2F7B0DE8-8265-4173-A6D0-4656C64EC0DF}" = Estudo de melhoria do produto HP Deskjet 1000 J110 series
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Monitor da tecnologia Intel® Turbo Boost
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Software WIDCOMM Bluetooth
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"DW WLAN Card Utility" = DW WLAN Card Utility
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = Arquivo do WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{377F5472-544F-4055-A470-4EDA319BA1F3}" = V-Ray for SketchUp 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FCCD531-1B38-4A94-924C-127F722F1046}" = Nero 8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68E733D9-1E1E-480C-AA30-D90DD6D432F9}" = V-Ray for SketchUp 7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{81CFCED1-5500-4DE0-A73B-CB0CF8AAFEEF}" = Google SketchUp Pro 8
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambições
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1046-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Português
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Ajuda
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HP Photo Creations" = HP Photo Creations
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.65.0.1400
"MSC" = McAfee SecurityCenter
"PhotoScape" = PhotoScape
"PhotoToolkit_is1" = Photo! Editor 1.1
"Podium_is1" = Podium
"RealAlt_is1" = Real Alternative 2.0.2
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = atualizador Ask Toolbar Updater
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/08/2012 14:34:43 | Computer Name = Bruna-PC | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma
versão de componente exigida pelo aplicativo está em conflito com outra versão
de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 29/08/2012 20:24:53 | Computer Name = Bruna-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: svchost.exe_gpsvc, versão: 6.1.7600.16385,
carimbo de hora: 0x4a5bc3c1 Nome do módulo de falhas: unknown, versão: 0.0.0.0,
carimbo de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha:
0x000000007774000a Identificação do processo com falha: 0x3cc Hora de início do aplicativo
com falha: 0x01cd863524cf3494 Caminho do aplicativo com falha: C:\Windows\system32\svchost.exe
FCaminho
do módulo de falhas: unknown Identificação do Relatório: 1db433ba-f239-11e1-ade6-a359b84765cb

Error - 30/08/2012 13:26:43 | Computer Name = Bruna-PC | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma
versão de componente exigida pelo aplicativo está em conflito com outra versão
de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 03/09/2012 14:11:37 | Computer Name = Bruna-PC | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma
versão de componente exigida pelo aplicativo está em conflito com outra versão
de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 04/09/2012 12:53:53 | Computer Name = Bruna-PC | Source = Google Update | ID = 20
Description =

Error - 04/09/2012 16:31:42 | Computer Name = Bruna-PC | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma
versão de componente exigida pelo aplicativo está em conflito com outra versão
de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 04/09/2012 17:09:45 | Computer Name = Bruna-PC | Source = SideBySide | ID = 16842832
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Erro no arquivo de manifesto ou de diretiva "", na linha.
Uma
versão de componente exigida pelo aplicativo está em conflito com outra versão
de componente já ativa. Os componentes conflitantes são:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 05/09/2012 13:07:05 | Computer Name = Bruna-PC | Source = Application Hang | ID = 1002
Description = O programa SketchUp.exe versão 7.0.8657.0 parou de interagir com o
Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,
verifique o histórico de problemas no painel de controle da Central de Ações. ID
de Processo: a20 Hora de Início: 01cd8b86d8e0bc65 Hora de Término: 42 Caminho do Aplicativo:
C:\Program Files (x86)\Google\Google SketchUp 7\SketchUp.exe Id do Relatório: 1b0d16c1-f77c-11e1-8488-f8cda9ae9de2


Error - 05/09/2012 14:12:38 | Computer Name = Bruna-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: SketchUp.exe, versão: 7.0.8657.0, carimbo
de hora: 0x491c67d1 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.17725,
carimbo de hora: 0x4ec49b8f Código de exceção: 0xc0000005 Deslocamento com falha:
0x0004fa9f Identificação do processo com falha: 0xf9c Hora de início do aplicativo
com falha: 0x01cd8b88e4b7dd7b Caminho do aplicativo com falha: C:\Program Files
(x86)\Google\Google SketchUp 7\SketchUp.exe FCaminho do módulo de falhas: C:\Windows\SysWOW64\ntdll.dll
Identificação
do Relatório: 45d63fcc-f785-11e1-8488-f8cda9ae9de2

Error - 05/09/2012 15:22:34 | Computer Name = Bruna-PC | Source = Application Error | ID = 1000
Description = Nome de aplicativo com falha: Explorer.EXE, versão: 6.1.7601.17514,
carimbo de hora: 0x4ce7a144 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.17725,
carimbo de hora: 0x4ec4aa8e Código de exceção: 0xc0000005 Deslocamento com falha:
0x0000000000028359 Identificação do processo com falha: 0x494 Hora de início do aplicativo
com falha: 0x01cd8b7b11188802 Caminho do aplicativo com falha: C:\Windows\Explorer.EXE
FCaminho
do módulo de falhas: C:\Windows\SYSTEM32\ntdll.dll Identificação do Relatório: 0b1a435a-f78f-11e1-8488-f8cda9ae9de2

[ System Events ]
Error - 03/10/2012 18:53:55 | Computer Name = Bruna-PC | Source = Service Control Manager | ID = 7031
Description = O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu
1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar
o serviço.

Error - 03/10/2012 18:54:25 | Computer Name = Bruna-PC | Source = Service Control Manager | ID = 7032
Description = O Gerenciador de controle de serviços tentou executar uma ação corretiva
(Reiniciar o serviço) após a finalização inesperada do serviço Windows Search,
mas essa ação falhou com o seguinte erro: %%1056

Error - 03/10/2012 19:46:01 | Computer Name = Bruna-PC | Source = bowser | ID = 8003
Description =

Error - 03/10/2012 19:54:15 | Computer Name = Bruna-PC | Source = NetBT | ID = 4321
Description = O nome "WORKGROUP :1d" não pôde ser registrado na interface com
o endereço IP 172.16.0.95. O computador de endereço IP 172.16.0.156 não permitiu
que o nome fosse reivindicado por este computador.

Error - 03/10/2012 20:00:02 | Computer Name = Bruna-PC | Source = NetBT | ID = 4321
Description = O nome "WORKGROUP :1d" não pôde ser registrado na interface com
o endereço IP 172.16.0.95. O computador de endereço IP 172.16.0.129 não permitiu
que o nome fosse reivindicado por este computador.

Error - 03/10/2012 22:22:42 | Computer Name = Bruna-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Proteq.SYS foi impedido de carregar devido
a uma incompatibilidade com este sistema. Contate o fornecedor do software para
obter uma versão compatível do driver.

Error - 03/10/2012 22:22:42 | Computer Name = Bruna-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Proteq devido ao seguinte erro:
%%1275

Error - 04/10/2012 10:33:34 | Computer Name = Bruna-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço Proteq devido ao seguinte erro:
%%1275

Error - 04/10/2012 10:33:34 | Computer Name = Bruna-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Proteq.SYS foi impedido de carregar devido
a uma incompatibilidade com este sistema. Contate o fornecedor do software para
obter uma versão compatível do driver.

Error - 04/10/2012 10:33:38 | Computer Name = Bruna-PC | Source = Service Control Manager | ID = 7023
Description = O serviço Publicação de Recursos de Descoberta de Função terminou
com o erro: %%-2147014847


< End of report >

Arquivo(s) anexado(s)

  • Arquivo anexado  OTL.Txt   110,32K   1 Downloads


#4
José Guido Benetti junior

José Guido Benetti junior

    Novato

  • Membro
  • Pip
  • 4 posts
Olá

#5
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts
Olá,

Desculpe a demora.

Vá em Iniciar > Painel de controle > Desinstalar programas e desinstale o Ask Toolbar e o atualizador Ask Toolbar Updater

Selecione estas linhas dentro do Code, clique com o direito sobre a seleção e escolha a opção copiar:

:OTL
MOD - [2012/09/21 20:10:50 | 002,098,200 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/09/21 20:10:50 | 001,701,400 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzytC0C0DyByEzz0FyB0C0DtN0D0Tzu0StByEtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1228558847
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzytC0C0DyByEzz0FyB0C0DtN0D0Tzu0StByEtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1228558847
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.minituner.org/
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0E0CyDyD0FzytC0C0DyByEzz0FyB0C0DtN0D0Tzu0StByEtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1228558847
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=110823&tt=120912_cpc_3812_3&babsrc=HP_ss&mntrId=3818f7cd0000000000000250f2000001
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://search.minituner.org/
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_cpc_3812_3&babsrc=SP_ss&mntrId=3818f7cd0000000000000250f2000001
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/21 20:10:52 | 000,000,000 | ---D | M]
CHR - homepage: http://search.babylon.com/?affID=110823&tt=120912_cpc_3812_3&babsrc=HP_ss&mntrId=3818f7cd0000000000000250f2000001
CHR - homepage: http://search.babylon.com/?affID=110823&tt=120912_cpc_3812_3&babsrc=HP_ss&mntrId=3818f7cd0000000000000250f2000001
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Calculator] C:\Windows\xwizard(1).exe (Microsoft Corporation)
O4 - HKLM..\Run: [Calculator2] C:\Windows\xwizard(1).exe (Microsoft Corporation)
O4 - HKLM..\Run: [Notepad] C:\Windows\xwizard(3).exe (Microsoft Corporation)
O4 - HKLM..\Run: [Notepad2] C:\Windows\xwizard(3).exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinEx7] C:\Windows\xwizard(2).exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinEx72] C:\Windows\xwizard(2).exe (Microsoft Corporation)
O4 - HKCU..\Run: [cacaoweb] "C:\Users\Bruna\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
[2012/09/13 15:46:18 | 027,628,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\xwizard(3).exe
[2012/09/13 15:45:11 | 007,163,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\xwizard(2).exe
[2012/09/13 15:44:48 | 015,409,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\xwizard(1).exe
[2012/09/13 15:48:10 | 010,450,611 | ---- | M] () -- C:\Windows\YW222.zip
[2012/09/13 15:48:09 | 010,873,587 | ---- | M] () -- C:\Windows\WIDEAWAKE3.zip
[2012/09/13 15:48:09 | 007,493,641 | ---- | M] () -- C:\Windows\YW22.zip
[2012/09/13 15:48:09 | 003,637,037 | ---- | M] () -- C:\Windows\YW2.zip
[2012/09/13 15:48:08 | 007,931,386 | ---- | M] () -- C:\Windows\WIDEAWAKE1.zip
[2012/09/13 15:48:08 | 004,067,680 | ---- | M] () -- C:\Windows\WIDEAWAKE2.zip
[2012/09/13 15:48:05 | 069,915,351 | ---- | M] () -- C:\Windows\WRAR.rar
[2012/09/12 03:52:18 | 027,628,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\xwizard(3).exe
[2012/09/12 03:52:16 | 015,409,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\xwizard(1).exe
[2012/09/12 03:52:16 | 007,163,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\xwizard(2).exe
[2012/02/25 20:30:39 | 000,000,000 | ---D | M] -- C:\Users\Bruna\AppData\Roaming\Babylon
[2012/08/28 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\Bruna\AppData\Roaming\cacaoweb

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{0CFF2FF2-9D43-41DB-80DB-A5D09C3CC356}C:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe" =-
"{606A161E-5943-4729-AC85-725FDC1E875D}" =-
"{A18CB9B1-DD1B-47F5-A72E-F3F8AF572448}" =-
"UDP Query User{668B7660-63EC-4F60-83FE-D2911AB41979}C:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe" =-

:Files
c:\users\bruna\desktop\facemoods.exe
C:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe

:Commands
[CREATERESTOREPOINT]
[REBOOT]

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.
Siga as intruções desta página e peça ajuda em Remoção de Malware


Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL) e clique no botão Imagem Postada

O programa executará o script e reiniciará o seu computador.

Poste o novo log na próxima resposta.

Obs: Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

:legal:

- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#6
José Guido Benetti junior

José Guido Benetti junior

    Novato

  • Membro
  • Pip
  • 4 posts
Olá killer.

Meu problema foi resolvido!! O IE parou de ficar reabrindo ao ser fechado.

Segue o .txt:


========== OTL ==========
Releasing module c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll moved successfully.
Releasing module C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
File move failed. C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe scheduled to be moved on reboot.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\BrowserMngr Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b64982b1-d112-42b5-b1e4-d3867c4533f8}\ not found.
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content folder moved successfully.
C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension scheduled to be moved on reboot.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files (x86)\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Calculator deleted successfully.
C:\Windows\xwizard(1).exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Calculator2 deleted successfully.
File C:\Windows\xwizard(1).exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Notepad deleted successfully.
C:\Windows\xwizard(3).exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Notepad2 deleted successfully.
File C:\Windows\xwizard(3).exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinEx7 deleted successfully.
C:\Windows\xwizard(2).exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinEx72 deleted successfully.
File C:\Windows\xwizard(2).exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cacaoweb deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll deleted successfully.
File c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll not found.
File C:\Windows\xwizard(3).exe not found.
File C:\Windows\xwizard(2).exe not found.
File C:\Windows\xwizard(1).exe not found.
C:\Windows\YW222.zip moved successfully.
C:\Windows\WIDEAWAKE3.zip moved successfully.
C:\Windows\YW22.zip moved successfully.
C:\Windows\YW2.zip moved successfully.
C:\Windows\WIDEAWAKE1.zip moved successfully.
C:\Windows\WIDEAWAKE2.zip moved successfully.
C:\Windows\WRAR.rar moved successfully.
File C:\Windows\xwizard(3).exe not found.
File C:\Windows\xwizard(1).exe not found.
File C:\Windows\xwizard(2).exe not found.
C:\Users\Bruna\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Bruna\AppData\Roaming\cacaoweb folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0CFF2FF2-9D43-41DB-80DB-A5D09C3CC356}C:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{606A161E-5943-4729-AC85-725FDC1E875D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{606A161E-5943-4729-AC85-725FDC1E875D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A18CB9B1-DD1B-47F5-A72E-F3F8AF572448} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A18CB9B1-DD1B-47F5-A72E-F3F8AF572448}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{668B7660-63EC-4F60-83FE-D2911AB41979}C:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe deleted successfully.
========== FILES ==========
File\Folder c:\users\bruna\desktop\facemoods.exe not found.
File\Folder C:\users\bruna\appdata\roaming\cacaoweb\cacaoweb.exe not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.70.2 log created on 10112012_015028

Files\Folders moved on Reboot...
File move failed. C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




Mais algum procedimento?

Fico muito grato, killer!!

#7
killer

killer

    Assistente Emérito

  • Emérito
  • 11.382 posts

Execute novamente o OTL.exe Imagem Postada

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em Imagem Postada Executar como administrador


Clique no botão Imagem Postada

Aguarde o OTL terminar a verificação e ao final post o log gerado (OTL.txt)


- Linha Defensiva no FaceBook
Twitter Linha Defensiva Khan Academy

st-cs.jpg
Não abandone o seu tópico, alguém dedicou parte do seu tempo para ajudá-lo!


#8
Felipe-rj

Felipe-rj

    Moderador

  • Moderador
  • 837 posts
Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um moderador ou assistente com um link para este tópico e justifique porque você precisa dele reaberto.