Ir para conteúdo

Foto

Problema com o programa Iminent


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
13 respostas neste tópico

#1
Jumbo19

Jumbo19

    Novato

  • Novato
  • Pip
  • 7 posts

Galera fui vítima do programa Iminent que deixou rastros nos meus navegadores..Primeiro eu tentei instalar um programa e acidentalmente este Iminent veio junto, alterou minha homepage e não consigo muda-la novamente além de deixar várias marcações variadas em palavras de qualquer site que ao passar o mouse sobe um pop-up muito esquisito e chato de ser fechado. Possuo AdBlcok, já tentei passar anti spyware e meu antivírus o Kaspersky, mas nada funcionou por isso venho aqui pedir a ajuda de vocês, entendedores do assunto.

 

Galera, não consigo upar os 3 arquivos devido ao limite de Upload imposto aqui no forum, então o log do MbrScan estarei colando aqui.

 

MBRScan v1.1.1
 
OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT           : Normal Boot
DATE           : 2013/09/16 (ISO 8601) at 01:40:46
________________________________________________________________________________
 
DISK           : Device\Harddisk0\DR0 __WDC WD5000AAKX-003CA0 (15.01H15)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
 
Device\Harddisk0\DR0 465.8 Go  [Fixed] ==> 7 MBR Code
 
MBR_MD5   : 552A733B94ED3BE44E334512664AA124
MBR_SHA1  : 8A7FD5B1B2B9334E6E217709F8859D2B4DE53514
 
Device\Harddisk0\Partition1 100.0 Mo   0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 97.56 Go   0x07 NTFS / HPFS
Device\Harddisk0\Partition3 368.1 Go   0x07 NTFS / HPFS
________________________________________________________________________________
 
############################### Additional scan ################################
 
DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x0300C000
SIZE    : 292.0 Ko
 
DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B9C000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00CAC000
SIZE    : 316.0 Ko
 
DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00D0F000
SIZE    : 376.0 Ko
 
DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00E02000
SIZE    : 768.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00EC2000
SIZE    : 776.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F84000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F94000
SIZE    : 348.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FEB000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00FF4000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00D6D000
SIZE    : 204.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00DA0000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\kl1.sys => Invisible on the disk
ADDRESS : 0x0100A000
SIZE    : 7.37 Mo
 
DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x01768000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x0177D000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x01792000
SIZE    : 368.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\pciide.sys => Invisible on the disk
ADDRESS : 0x017EE000
SIZE    : 28.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x00DAD000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00DBD000
SIZE    : 104.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x017F5000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 168.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x00C2A000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x00C35000
SIZE    : 304.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x00C81000
SIZE    : 80.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0181E000
SIZE    : 1.63 Mo
 
DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01AC8000
SIZE    : 376.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01B26000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x01B41000
SIZE    : 456.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x01BB3000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x01BC4000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01C78000
SIZE    : 968.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01D6A000
SIZE    : 384.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01DCA000
SIZE    : 168.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01E00000
SIZE    : 2.00 Mo
 
DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01C00000
SIZE    : 292.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk
ADDRESS : 0x01C49000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01A00000
SIZE    : 304.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01C59000
SIZE    : 32.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01A4C000
SIZE    : 232.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01C61000
SIZE    : 72.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01DF4000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01A86000
SIZE    : 232.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01BCE000
SIZE    : 88.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x019C0000
SIZE    : 192.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\dtsoftbus01.sys => Invisible on the disk
ADDRESS : 0x032AE000
SIZE    : 292.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x032F7000
SIZE    : 168.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\klif.sys => Invisible on the disk
ADDRESS : 0x03321000
SIZE    : 660.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\klflt.sys => Invisible on the disk
ADDRESS : 0x033C6000
SIZE    : 132.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x033E7000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x033F0000
SIZE    : 28.0 Ko
 
DRIVER  : C:\Windows\system32\Drivers\MtiCtwl.sys => Invisible on the disk
ADDRESS : 0x033F7000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x03200000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x0320E000
SIZE    : 148.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x03233000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x03243000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x0324C000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x03255000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x0325E000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x03269000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x0327A000
SIZE    : 136.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x0329C000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\kltdi.sys => Invisible on the disk
ADDRESS : 0x00C95000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x06E82000
SIZE    : 548.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x06F0B000
SIZE    : 276.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x06F50000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x06F5B000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x06F64000
SIZE    : 152.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\klim6.sys => Invisible on the disk
ADDRESS : 0x06F8A000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x06F94000
SIZE    : 88.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x06FAA000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\serial.sys => Invisible on the disk
ADDRESS : 0x06FB9000
SIZE    : 116.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x06FD6000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
ADDRESS : 0x06E00000
SIZE    : 80.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x06E14000
SIZE    : 324.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x06E65000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
ADDRESS : 0x06E71000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\kneps.sys => Invisible on the disk
ADDRESS : 0x070B2000
SIZE    : 180.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x070DF000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0x070EE000
SIZE    : 524.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x07171000
SIZE    : 120.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x0718F000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x071A0000
SIZE    : 152.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the disk
ADDRESS : 0x07000000
SIZE    : 592.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\atikmdag.sys => Invisible on the disk
ADDRESS : 0x07869000
SIZE    : 11.45 Mo
 
DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x0723B000
SIZE    : 976.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x0732F000
SIZE    : 280.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x07375000
SIZE    : 144.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x07399000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x073AA000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x07800000
SIZE    : 344.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x074C2000
SIZE    : 840.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\parport.sys => Invisible on the disk
ADDRESS : 0x07594000
SIZE    : 116.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\serenum.sys => Invisible on the disk
ADDRESS : 0x075B1000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x075BD000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x075C6000
SIZE    : 88.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x075DC000
SIZE    : 64.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x07400000
SIZE    : 88.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x07416000
SIZE    : 144.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x0743A000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x07446000
SIZE    : 188.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x07475000
SIZE    : 108.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x07490000
SIZE    : 132.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x073BB000
SIZE    : 104.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\hamachi.sys => Invisible on the disk
ADDRESS : 0x074B1000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rdpbus.sys => Invisible on the disk
ADDRESS : 0x075EC000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
ADDRESS : 0x073D5000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x073E4000
SIZE    : 60.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
ADDRESS : 0x075F7000
SIZE    : 8.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x086FE000
SIZE    : 268.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x08741000
SIZE    : 72.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x08753000
SIZE    : 360.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x087AD000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\AtihdW76.sys => Invisible on the disk
ADDRESS : 0x087C2000
SIZE    : 112.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x08600000
SIZE    : 244.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x0863D000
SIZE    : 136.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x0865F000
SIZE    : 24.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x0943D000
SIZE    : 3.22 Mo
 
DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x09775000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
ADDRESS : 0x09783000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0x0978F000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x09798000
SIZE    : 76.0 Ko
 
DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x000A0000
SIZE    : 3.09 Mo
 
DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x097AB000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x097B7000
SIZE    : 116.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x097D4000
SIZE    : 8.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\usbscan.sys => Invisible on the disk
ADDRESS : 0x097D6000
SIZE    : 68.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\usbprint.sys => Invisible on the disk
ADDRESS : 0x097E7000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x09400000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x004F0000
SIZE    : 40.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x0940E000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x0941C000
SIZE    : 100.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x097F3000
SIZE    : 36.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\kbdhid.sys => Invisible on the disk
ADDRESS : 0x08665000
SIZE    : 56.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\klkbdflt.sys => Invisible on the disk
ADDRESS : 0x08673000
SIZE    : 44.0 Ko
 
DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00730000
SIZE    : 156.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x0867E000
SIZE    : 52.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\klmouflt.sys => Invisible on the disk
ADDRESS : 0x0868B000
SIZE    : 48.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x08697000
SIZE    : 140.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x086BA000
SIZE    : 84.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x03EA6000
SIZE    : 332.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x03EF9000
SIZE    : 76.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x03F0C000
SIZE    : 96.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x03F24000
SIZE    : 804.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x03E00000
SIZE    : 120.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x03E1E000
SIZE    : 96.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x03E36000
SIZE    : 180.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x09879000
SIZE    : 312.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x098C7000
SIZE    : 144.0 Ko
 
DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x098EB000
SIZE    : 664.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x09991000
SIZE    : 196.0 Ko
 
DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x099C2000
SIZE    : 72.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x09800000
SIZE    : 420.0 Ko
 
DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x09E54000
SIZE    : 608.0 Ko
 
DRIVER  : C:\Windows\system32\DRIVERS\cdfs.sys => Invisible on the disk
ADDRESS : 0x09EEC000
SIZE    : 116.0 Ko
 
DRIVER  : C:\Users\Pedro\AppData\Local\Temp\tmpEA8C.tmp => Invisible on the disk
ADDRESS : 0x09F09000
SIZE    : 28.0 Ko
 
DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x478E0000
SIZE    : 128.0 Ko
 
BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
 
SystemStartOptions :  NOEXECUTE=OPTIN
 
________________________________________________________________________________
 
_______MBR   \Device\Harddisk0\DR0  
 
0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 48 A3 06 18 00 00 80 20   em...c{.H£..... 
0x000001C0   21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF   !..ß....... ...ß
0x000001D0   14 0C 07 FE FF FF 00 28 03 00 00 D8 31 0C 00 FE   ...þ...(...Ø1..þ
0x000001E0   FF FF 07 FE FF FF 00 00 35 0C 00 58 03 2E 00 00   ...þ....5..X....
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Arquivo(s) anexado(s)



#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.370 posts

Olá  Jumbo19,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito.
    http://www.linhadefe...egras-do-forum/
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Se em algum momento da análise ficar constatado que trata-se de um PC de empresa, o tópico será sumariamente fechado e sem possibilidade de reabertura.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Execute os procedimentos abaixo:

 

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.
 
NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://www.majorgeek..._malware,1.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554


[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#3
Jumbo19

Jumbo19

    Novato

  • Novato
  • Pip
  • 7 posts

Como foi solicitado aqui está:

 

# AdwCleaner v3.004 - Report created 16/09/2013 at 10:26:12
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Pedro - PEDRO-PC
# Running from : C:\Users\Pedro\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : BCUService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Browse2Save
Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files (x86)\FindLyrics
Folder Deleted : C:\Program Files (x86)\Plus-HD-2.2
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Users\Pedro\AppData\Local\Conduit
Folder Deleted : C:\Users\Pedro\AppData\Local\cre
Folder Deleted : C:\Users\Pedro\AppData\LocalLow\Browse2Save
Folder Deleted : C:\Users\Pedro\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pedro\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\Pedro\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\181zs9uo.default\jetpack
Folder Deleted : C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\181zs9uo.default\Smartbar
Folder Deleted : C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\181zs9uo.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
Folder Deleted : C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\181zs9uo.default\Extensions\plugin@getwebcake.com
Folder Deleted : C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\181zs9uo.default\Extensions\511b1f4f4c38b@511b1f4f4c3c4.com
Folder Deleted : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Folder Deleted : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda
File Deleted : C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\181zs9uo.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\181zs9uo.default\user.js
File Deleted : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-chromeinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-codedownloader
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-enabler.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-enabler
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-firefoxinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-updater.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_google-play-apk_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_google-play-apk_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311301136}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344304436}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311301136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsFinder
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\dlQUE
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Plus-HD-2.2
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\181zs9uo.default\prefs.js ]
 
Line Deleted : user_pref("CT2851643.1000234.TWC_TMP_city", "SAO PAULO");
Line Deleted : user_pref("CT2851643.1000234.TWC_TMP_country", "BR");
Line Deleted : user_pref("CT2851643.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851643.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851643.FirstTime", "true");
Line Deleted : user_pref("CT2851643.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2851643.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&SearchSource=2&q=");
Line Deleted : user_pref("CT2851643.UserID", "UN04410686273904052");
Line Deleted : user_pref("CT2851643.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2851643.autoDisableScopes", -1);
Line Deleted : user_pref("CT2851643.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT2851643.cbfirsttime", "Mon Nov 05 2012 21:28:49 GMT-0200");
Line Deleted : user_pref("CT2851643.embeddedsData", "[{\"appId\":\"129351530870900444\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2851643.enableAlerts", "always");
Line Deleted : user_pref("CT2851643.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2851643.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2851643.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2851643.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2851643.fixUrls", true);
Line Deleted : user_pref("CT2851643.installId", "fft1C78.tmp.exe");
Line Deleted : user_pref("CT2851643.installType", "XPE");
Line Deleted : user_pref("CT2851643.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851643.isNewTabEnabled", true);
Line Deleted : user_pref("CT2851643.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2851643.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2851643.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851643.keyword", true);
Line Deleted : user_pref("CT2851643.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://uTorrentBarPT.OurToolbar.com/\",\"EB_T[...]
Line Deleted : user_pref("CT2851643.openThankYouPage", "true");
Line Deleted : user_pref("CT2851643.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT2851643.scriptSource", "hxxp://127.0.0.1:10000/gui/");
Line Deleted : user_pref("CT2851643.search.searchAppId", "129351530870900444");
Line Deleted : user_pref("CT2851643.search.searchCount", "0");
Line Deleted : user_pref("CT2851643.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2851643.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851643.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851643.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Line Deleted : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851643\"}");
Line Deleted : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentBarPT.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_PT\"}");
Line Deleted : user_pref("CT2851643.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851643.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2851643.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352158127029");
Line Deleted : user_pref("CT2851643.serviceLayer_services_appsMetadata_lastUpdate", "1352158126777");
Line Deleted : user_pref("CT2851643.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352158127303");
Line Deleted : user_pref("CT2851643.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352158127885");
Line Deleted : user_pref("CT2851643.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352158127274");
Line Deleted : user_pref("CT2851643.serviceLayer_services_searchAPI_lastUpdate", "1352158126141");
Line Deleted : user_pref("CT2851643.serviceLayer_services_serviceMap_lastUpdate", "1352158125376");
Line Deleted : user_pref("CT2851643.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352158127250");
Line Deleted : user_pref("CT2851643.serviceLayer_services_toolbarSettings_lastUpdate", "1352158126143");
Line Deleted : user_pref("CT2851643.serviceLayer_services_translation_lastUpdate", "1352158126854");
Line Deleted : user_pref("CT2851643.settingsINI", true);
Line Deleted : user_pref("CT2851643.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2851643.smartbar.CTID", "CT2851643");
Line Deleted : user_pref("CT2851643.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2851643.smartbar.homepage", true);
Line Deleted : user_pref("CT2851643.smartbar.toolbarName", "uTorrentBar_PT ");
Line Deleted : user_pref("CT2851643.startPage", "TRUE");
Line Deleted : user_pref("CT2851643.toolbarBornServerTime", "6-11-2012");
Line Deleted : user_pref("CT2851643.toolbarCurrentServerTime", "6-11-2012");
Line Deleted : user_pref("CT2851643.toolbarDisabled", "true");
Line Deleted : user_pref("CT2851643.url_history0001", "hxxps://www.google.com:::clickhandler:::1352158202831");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2851643&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentBar_PT Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&SearchSource=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2851643");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("extensions.511b1f4f4c41d.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]
Line Deleted : user_pref("extensions.crossrider.bic", "141250dcbe0a0b0fdbdb20fdaef0bb07");
Line Deleted : user_pref("extensions.helperbar.Country", "Brazil");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.UserID", "cbd6cc43-c34c-4e16-99dc-4dba82123a24");
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.plugin@getwebcake.com.install-event-fired", true);
Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "64fa0e91-706c-49f3-a2d0-ee44181d0111");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [24033 octets] - [16/09/2013 10:25:31]
AdwCleaner[S0].txt - [24002 octets] - [16/09/2013 10:26:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24063 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Ultimate x64
Ran by Pedro on 16/09/2013 at 10:33:40,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3178170416-2942281213-3406256638-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFinderUpdater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFinderUpdater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsFinderUpdater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsFinderUpdater_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\firstrowsportapp.com"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Pedro\AppData\Roaming\mozilla\firefox\profiles\181zs9uo.default\prefs.js
 
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
Emptied folder: C:\Users\Pedro\AppData\Roaming\mozilla\firefox\profiles\181zs9uo.default\minidumps [906 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/09/2013 at 10:38:47,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
O Malwarebytes criou dois logs, segue:
 
2013/09/16 10:41:01 -0300 PEDRO-PC Pedro MESSAGE Starting protection
2013/09/16 10:41:01 -0300 PEDRO-PC Pedro MESSAGE Protection started successfully
2013/09/16 10:41:01 -0300 PEDRO-PC Pedro MESSAGE Starting IP protection
2013/09/16 10:41:15 -0300 PEDRO-PC Pedro MESSAGE IP Protection started successfully
2013/09/16 10:41:35 -0300 PEDRO-PC Pedro MESSAGE Starting database refresh
2013/09/16 10:41:35 -0300 PEDRO-PC Pedro MESSAGE Stopping IP protection
2013/09/16 10:41:38 -0300 PEDRO-PC Pedro MESSAGE IP Protection stopped successfully
2013/09/16 10:41:40 -0300 PEDRO-PC Pedro MESSAGE Database refreshed successfully
2013/09/16 10:41:40 -0300 PEDRO-PC Pedro MESSAGE Starting IP protection
2013/09/16 10:41:42 -0300 PEDRO-PC Pedro MESSAGE IP Protection started successfully
2013/09/16 10:48:15 -0300 PEDRO-PC Pedro MESSAGE Starting protection
2013/09/16 10:48:15 -0300 PEDRO-PC Pedro MESSAGE Protection started successfully
2013/09/16 10:48:15 -0300 PEDRO-PC Pedro MESSAGE Starting IP protection
2013/09/16 10:48:18 -0300 PEDRO-PC Pedro MESSAGE IP Protection started successfully
2013/09/16 10:50:09 -0300 PEDRO-PC Pedro IP-BLOCK 59.34.20.235 (Type: outgoing, Port: 45682, Process: utorrent.exe)
2013/09/16 10:51:05 -0300 PEDRO-PC Pedro IP-BLOCK 218.7.16.59 (Type: outgoing, Port: 45682, Process: utorrent.exe)
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.09.16.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Pedro :: PEDRO-PC [administrador]
 
Proteção: Permitir
 
16/09/2013 10:41:47
mbam-log-2013-09-16 (10-41-47).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  226739
Tempo decorrido: 3 minuto(s), 22 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 11
C:\Users\Pedro\Downloads\chew-wga v0.9.exe (PUP.Optional.4Squared) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Pedro\Downloads\chew-wga v0.9.rar (Hacktool.ChewWGA) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Pedro\Downloads\DownloadManager.exe (PUP.Optional.Installex) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Pedro\Downloads\DriverEasy_4.5.3.32495__Crack.zip (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Pedro\Downloads\FirstRowSportApp_setup(18_4).exe (PUP.Optional.Coolmirage) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Pedro\Downloads\opendns-52-build-122-32-bits (1).exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Pedro\Downloads\opendns-52-build-122-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Pedro\Downloads\SoftonicDownloader_para_google-play-apk.exe (PUP.Optional.Softonic) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Pedro\Downloads\speedfan-449-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows\System32\helper.dll (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows\SysWOW64\helper.dll (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.
 
(fim)
 
 


#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.370 posts

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%PROGRAMFILES%(x86)\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%appdata%\*.*
%programdata%\*.*
%programdata%\*.exe /s
%programdata%\*.dll /s
%PROGRAMFILES%\Internet Explorer\*.*
C:\windows\system32\Tasks\*.* /64
%windir%\tasks\*.* /s

CREATERESTOREPOINT
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads

%systemdrive%\$Recycle.Bin|@;true;true;true /fp
Net User /c
/md5start
services.*
/md5stop

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.


[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#5
Jumbo19

Jumbo19

    Novato

  • Novato
  • Pip
  • 7 posts
OTL Extras logfile created on: 16/09/2013 15:43:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pedro\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,98 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 46,22% Memory free
7,96 Gb Paging File | 4,85 Gb Available in Paging File | 60,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 47,79 Gb Free Space | 48,99% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 107,31 Gb Free Space | 29,15% Space Free | Partition Type: NTFS
Drive F: | 5,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PEDRO-PC | User Name: Pedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017B4FB7-F56E-4DAD-9D4E-96CE192A513B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{0553EA40-0D59-4193-BB40-4D4848156940}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0F628834-CA44-4909-92E1-7F02019ACEE7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{151B34E1-9417-4456-978C-DBB077EB516D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E4CBF1A-7ACB-44ED-98E4-F7AA8C6FB47A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{27E92967-D1FC-47B1-B6D7-0D0104B753D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30C86B83-C8A5-4E0B-9CE8-95D4FC568471}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3101003F-8551-49E2-B63F-12BBC48751AC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{38A7E73E-6C1F-4F87-B188-A1776D723BD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4247120B-CE50-4AC6-A0B0-8CA8FDE1EEA8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4EED23A5-F161-4C29-A84E-30D59A23B2B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59A30CDB-AA32-471B-8031-FED79E551BD3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{64E985AF-F808-498D-841E-384996321DD2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6D135857-419F-42BB-8DE6-4D0DA2D42B62}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86459B77-E69C-417A-A200-0542F7A96C89}" = rport=445 | protocol=6 | dir=out | app=system | 
"{89A4E351-23ED-4ADF-9DE6-748B59C67884}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{89EF9936-413F-45DA-950D-056A4D27E7D9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C23C829D-6422-49C5-BEB0-5D437AB6F689}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CF21FE5D-897C-4C96-988C-79346678D003}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D88ADE80-CFD9-4F4D-9E41-CC2AF6443028}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E430DE51-AEFF-4AB9-B3FB-18D5FCC3D3D3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E4F55C7F-039A-473D-8467-43DD3688558C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EFE4F33D-A491-4130-9326-07244DA09A36}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F6DBEF85-D304-4159-A0C4-0ED570E7561D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012BFA5C-FFF9-4269-859C-24A360F1868A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{01C64F15-F4B3-4657-8CE8-CDF11BE187D1}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{06D6383A-7DA8-421A-9941-D5F88253A358}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{0C53048E-6D2F-4ECB-8461-3BB83A645758}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0F9D578B-47CD-457F-A21B-F92D962F8D84}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0FD39CEE-7DE1-4D6B-80F4-5F387ED27DEE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{0FDE9134-ADDF-467B-9470-2DD0D22B8917}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{1120CE74-88AB-4ECE-A77D-AACB44B4925C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{156479FD-191A-49F6-9BAC-FE8691E5AFED}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{15C89E48-1541-4072-847D-FD15BEE9FFEB}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{199A78E6-309C-4A88-B528-46C6D72DFF7E}" = protocol=17 | dir=in | app=d:\games\capcom\street fighter x tekken\sftk.exe | 
"{19DB499D-CC92-4B3A-B15E-361FB14C162F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1AD58F4D-6F99-4A9F-9B99-253F4441A9E4}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{1BD274A3-8799-4D9D-AB5F-9BD0B563EFFE}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\war thunder\launcher.exe | 
"{1EA5C86C-4D30-4AF3-B2C1-2ADE46430D48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1F56C53E-5F25-4A4C-A22D-832F9B5184F8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{21E1A5E2-1A13-4294-85D6-05DFC75A50C4}" = protocol=17 | dir=in | app=d:\games\origin\fifa 13\game\fifa13.exe | 
"{236468DF-FF4A-4116-ACCC-DFD1E389E68D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe | 
"{26BFC1E0-0DB4-4173-AD14-0CE2CF79F84C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A92347B-4BD2-49E5-AF03-613AAA5298B8}" = protocol=6 | dir=in | app=d:\arquivos de programas\utorrent.exe | 
"{2D349045-53CA-4552-99E6-82FC58E8FFC3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{31DD4BEB-BFB0-4F4D-8113-5281F910F840}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{3386DD41-25B7-4087-AE58-9F99A2379490}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{34760675-2A5A-4486-885A-E342676F217A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\terraria\terraria.exe | 
"{391B4BD1-9981-41FF-9152-683512D3BCF4}" = protocol=17 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"{3A4B9B5C-A993-43E4-8656-DB20215D2842}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40CA9CEC-ED9B-4E95-B2EA-5D0394C39F22}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{450B02F0-790A-4DD1-B6E3-B2D8D4F2297D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{46AABDF4-DF55-4952-861E-89A24B4CFBAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4E575F94-559F-4901-97F8-B2E0891F6315}" = protocol=6 | dir=in | app=d:\games\origin\fifa 13\game\fifa13.exe | 
"{50863708-401A-4305-B9E9-2A1C3CDE3F3D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe | 
"{50B79921-6417-406E-958E-BEAC201CDEB3}" = protocol=6 | dir=in | app=d:\games\origin\battlefield 3\bf3.exe | 
"{54A567F4-8B18-415D-BF4A-8A0FB8D5E211}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{54E3370D-B78C-47DE-BCC0-0A7CAB361A19}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{55893D80-89DD-4D61-91FB-9C45BB981EEE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{55FDE991-53D0-41DD-AB30-3AABF154EB3F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{5862BE1E-3FF0-44EF-9976-664359DB2E65}" = dir=in | app=c:\users\pedro\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{5C7D0377-10AC-4A1B-A54F-8586213B18FE}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\terraria\terraria.exe | 
"{5CDD0E2A-4AA9-4A4B-80C1-963D86EDD248}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{61483CCF-6AA6-44A6-AE00-661DCD027A29}" = dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{68057C45-2C5D-4A59-80A8-1E332737722B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{68701158-935A-4BFE-8F4A-CF51426FC7C1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6A130BC1-0240-4565-9F74-0A68810C40A6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{79D06754-6EFD-4A58-8FFE-F5FDC69AC91B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7B7E793E-C47E-4455-B880-43A20E3DF7E0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{803FFBC4-3630-48E5-8970-11E6290A72F8}" = protocol=6 | dir=out | app=system | 
"{809E8631-C51C-4609-803E-30AA41CE67E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{84EC5642-396B-41C6-B3C1-CFA1F5469D2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{891C1EE7-8470-4BD2-AD5F-7D55C9F4B267}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{8BAB8BED-7CE4-4EA5-97D5-15A2A19FB6A1}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{8C8FC513-E262-4DED-B5F6-67DB80C47CFC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8EE27537-2B47-490F-A9AC-81BE1900FEF7}" = protocol=6 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"{902313A8-E6C2-4471-93F3-CC25DF3FBB05}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{90D85922-F364-4DA6-9B17-8D8721443865}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{94F4DB8E-82A4-4842-B534-C091D2F8E743}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\war thunder\launcher.exe | 
"{9835B2ED-31FA-4794-8F12-0223643ADDC8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{99A46E93-B3E6-4794-B251-E59A5E1A1787}" = protocol=17 | dir=in | app=d:\arquivos de programas\utorrent.exe | 
"{9D221D10-88FF-4C16-9D61-21024E9B7B55}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A3F65F77-96FE-4BBF-9469-9AC84784DE2C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A8C65DC9-47CC-4ADB-8877-2EF96155FF7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AAB6FF49-4626-4836-A9AE-A5746CB74E68}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B227D68D-D07F-41DF-9449-8C1697ED8485}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B30FF37D-E001-4848-867F-5421E43ED7B8}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{B7E8F913-9284-4B3A-B75F-2B318D922B08}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{B8C45136-29F1-460E-9937-CB4682AA979C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BB170F62-1DBE-4192-BE6E-530E253307E0}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{BB682382-C8BE-491B-83F1-33BCA2914F45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BC527F21-5785-4E7B-856A-E5F2AC3D371B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BC8EA247-AACC-41E9-B213-FB93096963E0}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{C115E3F3-1DB7-4B5E-B92F-8A9AF87A704B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{CD6B7D2D-F50B-455F-9AAF-D7B85A2383F0}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{D3F7606F-5623-4AB1-AA29-84E6FE89659D}" = protocol=17 | dir=in | app=c:\program files (x86)\droidcam\droidcamapp.exe | 
"{D47B79C6-2053-40F0-AE12-E00E09363E64}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{D6A13CAA-2F72-4BA3-A759-71659CDF678A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DB34CA4A-96B9-4AD2-912F-F93FD9499797}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DBB1ECB5-8F49-4BA3-B2B9-02AD76B01FFE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DBDF6EA1-4DC9-41F2-A14F-1C8EA4C9C2BE}" = protocol=17 | dir=in | app=d:\games\origin\battlefield 3\bf3.exe | 
"{E5091569-9B3D-4E8A-AFDB-E33A97EDE50F}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{EC1AA85D-ECDC-4F5A-AC59-55B707CFF633}" = protocol=6 | dir=in | app=d:\games\capcom\street fighter x tekken\sftk.exe | 
"{F01FC3C2-C0CE-4F72-8F74-08BA8F3672AA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F0ABF494-DC4C-429F-A854-9B6DA22FDD73}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F1A93FEF-E88A-4B93-BE9B-B1AC00D1BF7B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{F2AD4AE2-12B6-4F1C-B856-96A79AB578EF}" = protocol=58 | dir=in | app=system | 
"{F7C1C446-C902-4B54-B67D-AB740102B955}" = protocol=6 | dir=in | app=c:\program files (x86)\droidcam\droidcamapp.exe | 
"{FFBB2850-6EB5-48BE-90C8-CBE2C2EFD78A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{3FEF95F8-8770-4226-B76D-04D90295188A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{40F0230B-4C15-4627-8497-96159016BC1B}D:\games\steam\steam.exe" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"TCP Query User{4F3EA8BA-AFF9-4347-B85B-EE87D426839F}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{695E7120-61AA-4015-894F-3EB1FBCD9B99}C:\users\pedro\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"TCP Query User{C9A883AB-B98F-4738-913D-CBF343C86DA2}D:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{D1B898A0-05C4-4C1A-A435-FA65ED9F6B9C}C:\users\pedro\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"TCP Query User{D4A7DC4D-63CC-423A-ABB8-F3AC090642B3}D:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe" = protocol=6 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"UDP Query User{08F96B3D-7589-4077-B891-E6DB41DE44C8}D:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{49261EA0-4BE2-49D0-B7AA-0165943C3E82}C:\users\pedro\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"UDP Query User{51FA3187-6FED-4068-81FA-116B608B2544}D:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe" = protocol=17 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"UDP Query User{7A32D6EC-3615-4C99-A5D7-5C3AB1795ACC}C:\users\pedro\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"UDP Query User{B2889EE2-6E16-4029-AD7D-9A7EE9DD8BC7}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{BA13E7CC-2700-47A3-8448-49145701D9F7}D:\games\steam\steam.exe" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"UDP Query User{E99F5FA7-99E5-4E8A-B1D3-FAE29C308900}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{115C101B-99FC-B3D0-753B-3FF6AF5A1859}" = AMD Drag and Drop Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2DCBB45E-AA03-4089-87E7-EC17E606D738}" = HP Deskjet 2050 J510 series Software básico do dispositivo
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55B348BE-A3BE-9AE7-58BD-BE45B9A28F82}" = AMD Media Foundation Decoders
"{5B73E1AA-CA9D-E76A-2F2D-E0EFB41CE087}" = AMD Accelerated Video Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF6C901-8C9D-C663-F997-EC95A2CCA228}" = AMD AVIVO64 Codecs
"{8D71EFB0-B1EF-4478-92D2-A65DB23AC460}" = HP Deskjet 2050 J510 series Estudo de aprimoramento de produtos
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Assistente de Conexão do Windows Live ID
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{C8807716-1F6F-5C43-3C32-7295A45CF060}" = AMD Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E54A949B-C4AE-28B6-EC97-FCB9E402D338}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DriverEasy_is1" = DriverEasy 4.5.3
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.4.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04BDADD5-B981-49DB-90F0-DE11F19C50B4}_is1" = Football Manager 2013 versão 13.3.3
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{11F2C5EC-35AA-7237-B62B-A4F041859C2A}" = CCC Help Spanish
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{229EDE35-4677-BDE6-70ED-A5A4C711DDC3}" = CCC Help Norwegian
"{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27B56E28-94B2-BDF8-D209-EC8D2FF4838E}" = Catalyst Control Center Graphics Previews Common
"{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.83
"{33D4FA83-02C0-93B3-08ED-5D7378930CFA}" = CCC Help Turkish
"{37D0F3C2-8FFD-134D-FBDF-2D711E169D78}" = Catalyst Control Center
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{42FECCEF-63CD-DF98-D6BC-DDBB27E4A580}" = CCC Help Japanese
"{43430FA5-AF68-4A2D-A7D4-891000008200}" = Street Fighter X Tekken
"{46594DA4-2D0A-B2D4-C0E0-A5CCA3260025}" = CCC Help Hungarian
"{485B8152-C59F-8569-15BC-46BDA2A1E4A9}" = CCC Help Polish
"{490F47E6-585C-531A-1BF8-4DE44ED9AED7}" = CCC Help Russian
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{50F87176-7DB3-4C75-D9DC-25CB4561D0F8}" = CCC Help Danish
"{52E706AA-B4E9-423A-1651-62E61E06DF9A}" = CCC Help Greek
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5FB51C12-62AE-0990-E419-C6F62B776E5C}" = CCC Help Portuguese
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66B46617-A156-F25B-3CC0-5E46343AEA95}" = CCC Help Thai
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Ajuda
"{81543139-18AE-703B-D3B1-F6B3A0CB2EAC}" = CCC Help English
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8FA20FAC-719F-7CCD-5790-6B59D691C370}" = CCC Help Chinese Traditional
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{940B28E7-320B-5AC8-0A8A-32D6A7B404A1}" = CCC Help Swedish
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C382AB-CA1D-8577-66D3-AA850DB5FD00}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A68C4D16-8046-5333-CB64-5E622C795785}" = CCC Help Dutch
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Português
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{BE0B654E-FC60-40AE-F60B-06526508B5FD}" = CCC Help Italian
"{BE0E1491-B2DC-6447-217C-342D8F7100EA}" = CCC Help Czech
"{C5EADF55-3B49-B545-E16F-402B443DDC77}" = CCC Help German
"{CBDFF724-E925-2964-E647-0A83D2F9165C}" = CCC Help French
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5341564-7B93-ADAC-E737-C24AA85CC5FF}" = CCC Help Chinese Standard
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D82BEF61-A0DA-4B2F-B53C-038310FB32EB}" = HydraVision
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAA18A0D-A57C-4611-B135-46EA06990E7D}" = XSplit
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3FB1E5A-1C24-D581-6BC8-6F8AC2D343AD}" = CCC Help Finnish
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E79BE5-20F5-82F4-6579-2A91AED3F066}" = Catalyst Control Center Localization All
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.70
"aTube Catcher" = aTube Catcher
"AVI ReComp" = AVI ReComp 1.5.5
"Avisynth" = AviSynth 2.5
"BSPlayerf" = BS.Player FREE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"F1 2012_is1" = F1 2012
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NoIPDUC" = No-IP DUC
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Open Broadcaster Software" = Open Broadcaster Software
"Origin" = Origin
"Pangya" = Pangya (Ntreev USA)
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.95
"Rogue Legacy_is1" = Rogue Legacy version 0.0.0.9
"Simple Port Forwarding" = Simple Port Forwarding
"Steam App 10" = Counter-Strike
"Steam App 105600" = Terraria
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 236390" = War Thunder
"Steam App 55230" = Saints Row: The Third
"uTorrent" = µTorrent
"VobSub" = VobSub 2.23
"WinAVI Video Converter" = WinAVI Video Converter
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16/09/2013 09:47:58 | Computer Name = Pedro-PC | Source = Software Protection Platform Service | ID = 8198
Description = Falha da Ativação de Licença (slui.exe) com o seguinte código de erro:
0x800401F9
 
Error - 16/09/2013 09:47:58 | Computer Name = Pedro-PC | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x00000000.
 
Error - 16/09/2013 09:48:30 | Computer Name = Pedro-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16/09/2013 10:27:42 | Computer Name = Pedro-PC | Source = SideBySide | ID = 16842815
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Erro no arquivo de manifesto ou de
 diretiva C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",
 na linha 3.  O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 do atributo version no elemento assemblyIdentity é inválido.
 
Error - 16/09/2013 14:30:45 | Computer Name = Pedro-PC | Source = Software Protection Platform Service | ID = 8198
Description = Falha da Ativação de Licença (slui.exe) com o seguinte código de erro:
0x800401F9
 
Error - 16/09/2013 14:30:45 | Computer Name = Pedro-PC | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x00000000.
 
Error - 16/09/2013 14:32:41 | Computer Name = Pedro-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16/09/2013 09:49:50 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço WinRing0_1_2_0 devido ao seguinte
 erro:   %%2
 
Error - 16/09/2013 14:30:05 | Computer Name = Pedro-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 15:28:30 às ?16/?09/?2013 não
 era esperado.
 
Error - 16/09/2013 14:33:01 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço WinRing0_1_2_0 devido ao seguinte
 erro:   %%2
 
 
< End of report >
OTL Extras logfile created on: 16/09/2013 15:43:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pedro\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,98 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 46,22% Memory free
7,96 Gb Paging File | 4,85 Gb Available in Paging File | 60,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 47,79 Gb Free Space | 48,99% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 107,31 Gb Free Space | 29,15% Space Free | Partition Type: NTFS
Drive F: | 5,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PEDRO-PC | User Name: Pedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017B4FB7-F56E-4DAD-9D4E-96CE192A513B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{0553EA40-0D59-4193-BB40-4D4848156940}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0F628834-CA44-4909-92E1-7F02019ACEE7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{151B34E1-9417-4456-978C-DBB077EB516D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E4CBF1A-7ACB-44ED-98E4-F7AA8C6FB47A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{27E92967-D1FC-47B1-B6D7-0D0104B753D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30C86B83-C8A5-4E0B-9CE8-95D4FC568471}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3101003F-8551-49E2-B63F-12BBC48751AC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{38A7E73E-6C1F-4F87-B188-A1776D723BD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4247120B-CE50-4AC6-A0B0-8CA8FDE1EEA8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4EED23A5-F161-4C29-A84E-30D59A23B2B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59A30CDB-AA32-471B-8031-FED79E551BD3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{64E985AF-F808-498D-841E-384996321DD2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6D135857-419F-42BB-8DE6-4D0DA2D42B62}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86459B77-E69C-417A-A200-0542F7A96C89}" = rport=445 | protocol=6 | dir=out | app=system | 
"{89A4E351-23ED-4ADF-9DE6-748B59C67884}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{89EF9936-413F-45DA-950D-056A4D27E7D9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C23C829D-6422-49C5-BEB0-5D437AB6F689}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CF21FE5D-897C-4C96-988C-79346678D003}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D88ADE80-CFD9-4F4D-9E41-CC2AF6443028}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E430DE51-AEFF-4AB9-B3FB-18D5FCC3D3D3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E4F55C7F-039A-473D-8467-43DD3688558C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EFE4F33D-A491-4130-9326-07244DA09A36}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F6DBEF85-D304-4159-A0C4-0ED570E7561D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012BFA5C-FFF9-4269-859C-24A360F1868A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{01C64F15-F4B3-4657-8CE8-CDF11BE187D1}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{06D6383A-7DA8-421A-9941-D5F88253A358}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{0C53048E-6D2F-4ECB-8461-3BB83A645758}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0F9D578B-47CD-457F-A21B-F92D962F8D84}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0FD39CEE-7DE1-4D6B-80F4-5F387ED27DEE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{0FDE9134-ADDF-467B-9470-2DD0D22B8917}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{1120CE74-88AB-4ECE-A77D-AACB44B4925C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{156479FD-191A-49F6-9BAC-FE8691E5AFED}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{15C89E48-1541-4072-847D-FD15BEE9FFEB}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{199A78E6-309C-4A88-B528-46C6D72DFF7E}" = protocol=17 | dir=in | app=d:\games\capcom\street fighter x tekken\sftk.exe | 
"{19DB499D-CC92-4B3A-B15E-361FB14C162F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1AD58F4D-6F99-4A9F-9B99-253F4441A9E4}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{1BD274A3-8799-4D9D-AB5F-9BD0B563EFFE}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\war thunder\launcher.exe | 
"{1EA5C86C-4D30-4AF3-B2C1-2ADE46430D48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1F56C53E-5F25-4A4C-A22D-832F9B5184F8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{21E1A5E2-1A13-4294-85D6-05DFC75A50C4}" = protocol=17 | dir=in | app=d:\games\origin\fifa 13\game\fifa13.exe | 
"{236468DF-FF4A-4116-ACCC-DFD1E389E68D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe | 
"{26BFC1E0-0DB4-4173-AD14-0CE2CF79F84C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A92347B-4BD2-49E5-AF03-613AAA5298B8}" = protocol=6 | dir=in | app=d:\arquivos de programas\utorrent.exe | 
"{2D349045-53CA-4552-99E6-82FC58E8FFC3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{31DD4BEB-BFB0-4F4D-8113-5281F910F840}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{3386DD41-25B7-4087-AE58-9F99A2379490}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{34760675-2A5A-4486-885A-E342676F217A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\terraria\terraria.exe | 
"{391B4BD1-9981-41FF-9152-683512D3BCF4}" = protocol=17 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"{3A4B9B5C-A993-43E4-8656-DB20215D2842}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40CA9CEC-ED9B-4E95-B2EA-5D0394C39F22}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{450B02F0-790A-4DD1-B6E3-B2D8D4F2297D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{46AABDF4-DF55-4952-861E-89A24B4CFBAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4E575F94-559F-4901-97F8-B2E0891F6315}" = protocol=6 | dir=in | app=d:\games\origin\fifa 13\game\fifa13.exe | 
"{50863708-401A-4305-B9E9-2A1C3CDE3F3D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe | 
"{50B79921-6417-406E-958E-BEAC201CDEB3}" = protocol=6 | dir=in | app=d:\games\origin\battlefield 3\bf3.exe | 
"{54A567F4-8B18-415D-BF4A-8A0FB8D5E211}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{54E3370D-B78C-47DE-BCC0-0A7CAB361A19}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{55893D80-89DD-4D61-91FB-9C45BB981EEE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{55FDE991-53D0-41DD-AB30-3AABF154EB3F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{5862BE1E-3FF0-44EF-9976-664359DB2E65}" = dir=in | app=c:\users\pedro\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{5C7D0377-10AC-4A1B-A54F-8586213B18FE}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\terraria\terraria.exe | 
"{5CDD0E2A-4AA9-4A4B-80C1-963D86EDD248}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{61483CCF-6AA6-44A6-AE00-661DCD027A29}" = dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{68057C45-2C5D-4A59-80A8-1E332737722B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{68701158-935A-4BFE-8F4A-CF51426FC7C1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6A130BC1-0240-4565-9F74-0A68810C40A6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{79D06754-6EFD-4A58-8FFE-F5FDC69AC91B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7B7E793E-C47E-4455-B880-43A20E3DF7E0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{803FFBC4-3630-48E5-8970-11E6290A72F8}" = protocol=6 | dir=out | app=system | 
"{809E8631-C51C-4609-803E-30AA41CE67E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{84EC5642-396B-41C6-B3C1-CFA1F5469D2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{891C1EE7-8470-4BD2-AD5F-7D55C9F4B267}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{8BAB8BED-7CE4-4EA5-97D5-15A2A19FB6A1}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{8C8FC513-E262-4DED-B5F6-67DB80C47CFC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8EE27537-2B47-490F-A9AC-81BE1900FEF7}" = protocol=6 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"{902313A8-E6C2-4471-93F3-CC25DF3FBB05}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{90D85922-F364-4DA6-9B17-8D8721443865}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{94F4DB8E-82A4-4842-B534-C091D2F8E743}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\war thunder\launcher.exe | 
"{9835B2ED-31FA-4794-8F12-0223643ADDC8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{99A46E93-B3E6-4794-B251-E59A5E1A1787}" = protocol=17 | dir=in | app=d:\arquivos de programas\utorrent.exe | 
"{9D221D10-88FF-4C16-9D61-21024E9B7B55}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A3F65F77-96FE-4BBF-9469-9AC84784DE2C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A8C65DC9-47CC-4ADB-8877-2EF96155FF7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AAB6FF49-4626-4836-A9AE-A5746CB74E68}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B227D68D-D07F-41DF-9449-8C1697ED8485}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B30FF37D-E001-4848-867F-5421E43ED7B8}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{B7E8F913-9284-4B3A-B75F-2B318D922B08}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{B8C45136-29F1-460E-9937-CB4682AA979C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BB170F62-1DBE-4192-BE6E-530E253307E0}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{BB682382-C8BE-491B-83F1-33BCA2914F45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BC527F21-5785-4E7B-856A-E5F2AC3D371B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BC8EA247-AACC-41E9-B213-FB93096963E0}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{C115E3F3-1DB7-4B5E-B92F-8A9AF87A704B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{CD6B7D2D-F50B-455F-9AAF-D7B85A2383F0}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{D3F7606F-5623-4AB1-AA29-84E6FE89659D}" = protocol=17 | dir=in | app=c:\program files (x86)\droidcam\droidcamapp.exe | 
"{D47B79C6-2053-40F0-AE12-E00E09363E64}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{D6A13CAA-2F72-4BA3-A759-71659CDF678A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DB34CA4A-96B9-4AD2-912F-F93FD9499797}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DBB1ECB5-8F49-4BA3-B2B9-02AD76B01FFE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DBDF6EA1-4DC9-41F2-A14F-1C8EA4C9C2BE}" = protocol=17 | dir=in | app=d:\games\origin\battlefield 3\bf3.exe | 
"{E5091569-9B3D-4E8A-AFDB-E33A97EDE50F}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{EC1AA85D-ECDC-4F5A-AC59-55B707CFF633}" = protocol=6 | dir=in | app=d:\games\capcom\street fighter x tekken\sftk.exe | 
"{F01FC3C2-C0CE-4F72-8F74-08BA8F3672AA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F0ABF494-DC4C-429F-A854-9B6DA22FDD73}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F1A93FEF-E88A-4B93-BE9B-B1AC00D1BF7B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{F2AD4AE2-12B6-4F1C-B856-96A79AB578EF}" = protocol=58 | dir=in | app=system | 
"{F7C1C446-C902-4B54-B67D-AB740102B955}" = protocol=6 | dir=in | app=c:\program files (x86)\droidcam\droidcamapp.exe | 
"{FFBB2850-6EB5-48BE-90C8-CBE2C2EFD78A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{3FEF95F8-8770-4226-B76D-04D90295188A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{40F0230B-4C15-4627-8497-96159016BC1B}D:\games\steam\steam.exe" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"TCP Query User{4F3EA8BA-AFF9-4347-B85B-EE87D426839F}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{695E7120-61AA-4015-894F-3EB1FBCD9B99}C:\users\pedro\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"TCP Query User{C9A883AB-B98F-4738-913D-CBF343C86DA2}D:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{D1B898A0-05C4-4C1A-A435-FA65ED9F6B9C}C:\users\pedro\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"TCP Query User{D4A7DC4D-63CC-423A-ABB8-F3AC090642B3}D:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe" = protocol=6 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"UDP Query User{08F96B3D-7589-4077-B891-E6DB41DE44C8}D:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{49261EA0-4BE2-49D0-B7AA-0165943C3E82}C:\users\pedro\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"UDP Query User{51FA3187-6FED-4068-81FA-116B608B2544}D:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe" = protocol=17 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"UDP Query User{7A32D6EC-3615-4C99-A5D7-5C3AB1795ACC}C:\users\pedro\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"UDP Query User{B2889EE2-6E16-4029-AD7D-9A7EE9DD8BC7}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{BA13E7CC-2700-47A3-8448-49145701D9F7}D:\games\steam\steam.exe" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"UDP Query User{E99F5FA7-99E5-4E8A-B1D3-FAE29C308900}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{115C101B-99FC-B3D0-753B-3FF6AF5A1859}" = AMD Drag and Drop Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2DCBB45E-AA03-4089-87E7-EC17E606D738}" = HP Deskjet 2050 J510 series Software básico do dispositivo
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55B348BE-A3BE-9AE7-58BD-BE45B9A28F82}" = AMD Media Foundation Decoders
"{5B73E1AA-CA9D-E76A-2F2D-E0EFB41CE087}" = AMD Accelerated Video Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF6C901-8C9D-C663-F997-EC95A2CCA228}" = AMD AVIVO64 Codecs
"{8D71EFB0-B1EF-4478-92D2-A65DB23AC460}" = HP Deskjet 2050 J510 series Estudo de aprimoramento de produtos
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Assistente de Conexão do Windows Live ID
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{C8807716-1F6F-5C43-3C32-7295A45CF060}" = AMD Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E54A949B-C4AE-28B6-EC97-FCB9E402D338}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DriverEasy_is1" = DriverEasy 4.5.3
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.4.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04BDADD5-B981-49DB-90F0-DE11F19C50B4}_is1" = Football Manager 2013 versão 13.3.3
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{11F2C5EC-35AA-7237-B62B-A4F041859C2A}" = CCC Help Spanish
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{229EDE35-4677-BDE6-70ED-A5A4C711DDC3}" = CCC Help Norwegian
"{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27B56E28-94B2-BDF8-D209-EC8D2FF4838E}" = Catalyst Control Center Graphics Previews Common
"{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.83
"{33D4FA83-02C0-93B3-08ED-5D7378930CFA}" = CCC Help Turkish
"{37D0F3C2-8FFD-134D-FBDF-2D711E169D78}" = Catalyst Control Center
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{42FECCEF-63CD-DF98-D6BC-DDBB27E4A580}" = CCC Help Japanese
"{43430FA5-AF68-4A2D-A7D4-891000008200}" = Street Fighter X Tekken
"{46594DA4-2D0A-B2D4-C0E0-A5CCA3260025}" = CCC Help Hungarian
"{485B8152-C59F-8569-15BC-46BDA2A1E4A9}" = CCC Help Polish
"{490F47E6-585C-531A-1BF8-4DE44ED9AED7}" = CCC Help Russian
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{50F87176-7DB3-4C75-D9DC-25CB4561D0F8}" = CCC Help Danish
"{52E706AA-B4E9-423A-1651-62E61E06DF9A}" = CCC Help Greek
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5FB51C12-62AE-0990-E419-C6F62B776E5C}" = CCC Help Portuguese
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66B46617-A156-F25B-3CC0-5E46343AEA95}" = CCC Help Thai
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Ajuda
"{81543139-18AE-703B-D3B1-F6B3A0CB2EAC}" = CCC Help English
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8FA20FAC-719F-7CCD-5790-6B59D691C370}" = CCC Help Chinese Traditional
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{940B28E7-320B-5AC8-0A8A-32D6A7B404A1}" = CCC Help Swedish
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C382AB-CA1D-8577-66D3-AA850DB5FD00}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A68C4D16-8046-5333-CB64-5E622C795785}" = CCC Help Dutch
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Português
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{BE0B654E-FC60-40AE-F60B-06526508B5FD}" = CCC Help Italian
"{BE0E1491-B2DC-6447-217C-342D8F7100EA}" = CCC Help Czech
"{C5EADF55-3B49-B545-E16F-402B443DDC77}" = CCC Help German
"{CBDFF724-E925-2964-E647-0A83D2F9165C}" = CCC Help French
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5341564-7B93-ADAC-E737-C24AA85CC5FF}" = CCC Help Chinese Standard
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D82BEF61-A0DA-4B2F-B53C-038310FB32EB}" = HydraVision
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAA18A0D-A57C-4611-B135-46EA06990E7D}" = XSplit
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3FB1E5A-1C24-D581-6BC8-6F8AC2D343AD}" = CCC Help Finnish
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E79BE5-20F5-82F4-6579-2A91AED3F066}" = Catalyst Control Center Localization All
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.70
"aTube Catcher" = aTube Catcher
"AVI ReComp" = AVI ReComp 1.5.5
"Avisynth" = AviSynth 2.5
"BSPlayerf" = BS.Player FREE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"F1 2012_is1" = F1 2012
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NoIPDUC" = No-IP DUC
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Open Broadcaster Software" = Open Broadcaster Software
"Origin" = Origin
"Pangya" = Pangya (Ntreev USA)
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.95
"Rogue Legacy_is1" = Rogue Legacy version 0.0.0.9
"Simple Port Forwarding" = Simple Port Forwarding
"Steam App 10" = Counter-Strike
"Steam App 105600" = Terraria
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 236390" = War Thunder
"Steam App 55230" = Saints Row: The Third
"uTorrent" = µTorrent
"VobSub" = VobSub 2.23
"WinAVI Video Converter" = WinAVI Video Converter
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16/09/2013 09:47:58 | Computer Name = Pedro-PC | Source = Software Protection Platform Service | ID = 8198
Description = Falha da Ativação de Licença (slui.exe) com o seguinte código de erro:
0x800401F9
 
Error - 16/09/2013 09:47:58 | Computer Name = Pedro-PC | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x00000000.
 
Error - 16/09/2013 09:48:30 | Computer Name = Pedro-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16/09/2013 10:27:42 | Computer Name = Pedro-PC | Source = SideBySide | ID = 16842815
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Erro no arquivo de manifesto ou de
 diretiva C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",
 na linha 3.  O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 do atributo version no elemento assemblyIdentity é inválido.
 
Error - 16/09/2013 14:30:45 | Computer Name = Pedro-PC | Source = Software Protection Platform Service | ID = 8198
Description = Falha da Ativação de Licença (slui.exe) com o seguinte código de erro:
0x800401F9
 
Error - 16/09/2013 14:30:45 | Computer Name = Pedro-PC | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x00000000.
 
Error - 16/09/2013 14:32:41 | Computer Name = Pedro-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16/09/2013 09:49:50 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço WinRing0_1_2_0 devido ao seguinte
 erro:   %%2
 
Error - 16/09/2013 14:30:05 | Computer Name = Pedro-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 15:28:30 às ?16/?09/?2013 não
 era esperado.
 
Error - 16/09/2013 14:33:01 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço WinRing0_1_2_0 devido ao seguinte
 erro:   %%2
 
 
< End of report >
 

Amigo não consegui anexar meu arquivo, segui o tutorial mas não encontrei, então segue o Extra:

 

OTL Extras logfile created on: 16/09/2013 15:43:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pedro\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,98 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 46,22% Memory free
7,96 Gb Paging File | 4,85 Gb Available in Paging File | 60,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 47,79 Gb Free Space | 48,99% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 107,31 Gb Free Space | 29,15% Space Free | Partition Type: NTFS
Drive F: | 5,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PEDRO-PC | User Name: Pedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017B4FB7-F56E-4DAD-9D4E-96CE192A513B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{0553EA40-0D59-4193-BB40-4D4848156940}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0F628834-CA44-4909-92E1-7F02019ACEE7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{151B34E1-9417-4456-978C-DBB077EB516D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E4CBF1A-7ACB-44ED-98E4-F7AA8C6FB47A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{27E92967-D1FC-47B1-B6D7-0D0104B753D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30C86B83-C8A5-4E0B-9CE8-95D4FC568471}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3101003F-8551-49E2-B63F-12BBC48751AC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{38A7E73E-6C1F-4F87-B188-A1776D723BD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4247120B-CE50-4AC6-A0B0-8CA8FDE1EEA8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4EED23A5-F161-4C29-A84E-30D59A23B2B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59A30CDB-AA32-471B-8031-FED79E551BD3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{64E985AF-F808-498D-841E-384996321DD2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6D135857-419F-42BB-8DE6-4D0DA2D42B62}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86459B77-E69C-417A-A200-0542F7A96C89}" = rport=445 | protocol=6 | dir=out | app=system | 
"{89A4E351-23ED-4ADF-9DE6-748B59C67884}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{89EF9936-413F-45DA-950D-056A4D27E7D9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C23C829D-6422-49C5-BEB0-5D437AB6F689}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CF21FE5D-897C-4C96-988C-79346678D003}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D88ADE80-CFD9-4F4D-9E41-CC2AF6443028}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E430DE51-AEFF-4AB9-B3FB-18D5FCC3D3D3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E4F55C7F-039A-473D-8467-43DD3688558C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EFE4F33D-A491-4130-9326-07244DA09A36}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F6DBEF85-D304-4159-A0C4-0ED570E7561D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012BFA5C-FFF9-4269-859C-24A360F1868A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{01C64F15-F4B3-4657-8CE8-CDF11BE187D1}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{06D6383A-7DA8-421A-9941-D5F88253A358}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{0C53048E-6D2F-4ECB-8461-3BB83A645758}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0F9D578B-47CD-457F-A21B-F92D962F8D84}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0FD39CEE-7DE1-4D6B-80F4-5F387ED27DEE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{0FDE9134-ADDF-467B-9470-2DD0D22B8917}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{1120CE74-88AB-4ECE-A77D-AACB44B4925C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{156479FD-191A-49F6-9BAC-FE8691E5AFED}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{15C89E48-1541-4072-847D-FD15BEE9FFEB}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{199A78E6-309C-4A88-B528-46C6D72DFF7E}" = protocol=17 | dir=in | app=d:\games\capcom\street fighter x tekken\sftk.exe | 
"{19DB499D-CC92-4B3A-B15E-361FB14C162F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1AD58F4D-6F99-4A9F-9B99-253F4441A9E4}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{1BD274A3-8799-4D9D-AB5F-9BD0B563EFFE}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\war thunder\launcher.exe | 
"{1EA5C86C-4D30-4AF3-B2C1-2ADE46430D48}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1F56C53E-5F25-4A4C-A22D-832F9B5184F8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{21E1A5E2-1A13-4294-85D6-05DFC75A50C4}" = protocol=17 | dir=in | app=d:\games\origin\fifa 13\game\fifa13.exe | 
"{236468DF-FF4A-4116-ACCC-DFD1E389E68D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe | 
"{26BFC1E0-0DB4-4173-AD14-0CE2CF79F84C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A92347B-4BD2-49E5-AF03-613AAA5298B8}" = protocol=6 | dir=in | app=d:\arquivos de programas\utorrent.exe | 
"{2D349045-53CA-4552-99E6-82FC58E8FFC3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{31DD4BEB-BFB0-4F4D-8113-5281F910F840}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{3386DD41-25B7-4087-AE58-9F99A2379490}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{34760675-2A5A-4486-885A-E342676F217A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\terraria\terraria.exe | 
"{391B4BD1-9981-41FF-9152-683512D3BCF4}" = protocol=17 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"{3A4B9B5C-A993-43E4-8656-DB20215D2842}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40CA9CEC-ED9B-4E95-B2EA-5D0394C39F22}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{450B02F0-790A-4DD1-B6E3-B2D8D4F2297D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{46AABDF4-DF55-4952-861E-89A24B4CFBAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4E575F94-559F-4901-97F8-B2E0891F6315}" = protocol=6 | dir=in | app=d:\games\origin\fifa 13\game\fifa13.exe | 
"{50863708-401A-4305-B9E9-2A1C3CDE3F3D}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\half-life\hl.exe | 
"{50B79921-6417-406E-958E-BEAC201CDEB3}" = protocol=6 | dir=in | app=d:\games\origin\battlefield 3\bf3.exe | 
"{54A567F4-8B18-415D-BF4A-8A0FB8D5E211}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{54E3370D-B78C-47DE-BCC0-0A7CAB361A19}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{55893D80-89DD-4D61-91FB-9C45BB981EEE}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{55FDE991-53D0-41DD-AB30-3AABF154EB3F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{5862BE1E-3FF0-44EF-9976-664359DB2E65}" = dir=in | app=c:\users\pedro\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{5C7D0377-10AC-4A1B-A54F-8586213B18FE}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\terraria\terraria.exe | 
"{5CDD0E2A-4AA9-4A4B-80C1-963D86EDD248}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{61483CCF-6AA6-44A6-AE00-661DCD027A29}" = dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{68057C45-2C5D-4A59-80A8-1E332737722B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{68701158-935A-4BFE-8F4A-CF51426FC7C1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6A130BC1-0240-4565-9F74-0A68810C40A6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{79D06754-6EFD-4A58-8FFE-F5FDC69AC91B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7B7E793E-C47E-4455-B880-43A20E3DF7E0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{803FFBC4-3630-48E5-8970-11E6290A72F8}" = protocol=6 | dir=out | app=system | 
"{809E8631-C51C-4609-803E-30AA41CE67E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{84EC5642-396B-41C6-B3C1-CFA1F5469D2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{891C1EE7-8470-4BD2-AD5F-7D55C9F4B267}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{8BAB8BED-7CE4-4EA5-97D5-15A2A19FB6A1}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{8C8FC513-E262-4DED-B5F6-67DB80C47CFC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8EE27537-2B47-490F-A9AC-81BE1900FEF7}" = protocol=6 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"{902313A8-E6C2-4471-93F3-CC25DF3FBB05}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{90D85922-F364-4DA6-9B17-8D8721443865}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{94F4DB8E-82A4-4842-B534-C091D2F8E743}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\war thunder\launcher.exe | 
"{9835B2ED-31FA-4794-8F12-0223643ADDC8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{99A46E93-B3E6-4794-B251-E59A5E1A1787}" = protocol=17 | dir=in | app=d:\arquivos de programas\utorrent.exe | 
"{9D221D10-88FF-4C16-9D61-21024E9B7B55}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A3F65F77-96FE-4BBF-9469-9AC84784DE2C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A8C65DC9-47CC-4ADB-8877-2EF96155FF7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AAB6FF49-4626-4836-A9AE-A5746CB74E68}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B227D68D-D07F-41DF-9449-8C1697ED8485}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B30FF37D-E001-4848-867F-5421E43ED7B8}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{B7E8F913-9284-4B3A-B75F-2B318D922B08}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{B8C45136-29F1-460E-9937-CB4682AA979C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BB170F62-1DBE-4192-BE6E-530E253307E0}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{BB682382-C8BE-491B-83F1-33BCA2914F45}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BC527F21-5785-4E7B-856A-E5F2AC3D371B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BC8EA247-AACC-41E9-B213-FB93096963E0}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\magicka\magicka.exe | 
"{C115E3F3-1DB7-4B5E-B92F-8A9AF87A704B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{CD6B7D2D-F50B-455F-9AAF-D7B85A2383F0}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{D3F7606F-5623-4AB1-AA29-84E6FE89659D}" = protocol=17 | dir=in | app=c:\program files (x86)\droidcam\droidcamapp.exe | 
"{D47B79C6-2053-40F0-AE12-E00E09363E64}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{D6A13CAA-2F72-4BA3-A759-71659CDF678A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DB34CA4A-96B9-4AD2-912F-F93FD9499797}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DBB1ECB5-8F49-4BA3-B2B9-02AD76B01FFE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DBDF6EA1-4DC9-41F2-A14F-1C8EA4C9C2BE}" = protocol=17 | dir=in | app=d:\games\origin\battlefield 3\bf3.exe | 
"{E5091569-9B3D-4E8A-AFDB-E33A97EDE50F}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{EC1AA85D-ECDC-4F5A-AC59-55B707CFF633}" = protocol=6 | dir=in | app=d:\games\capcom\street fighter x tekken\sftk.exe | 
"{F01FC3C2-C0CE-4F72-8F74-08BA8F3672AA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F0ABF494-DC4C-429F-A854-9B6DA22FDD73}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F1A93FEF-E88A-4B93-BE9B-B1AC00D1BF7B}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{F2AD4AE2-12B6-4F1C-B856-96A79AB578EF}" = protocol=58 | dir=in | app=system | 
"{F7C1C446-C902-4B54-B67D-AB740102B955}" = protocol=6 | dir=in | app=c:\program files (x86)\droidcam\droidcamapp.exe | 
"{FFBB2850-6EB5-48BE-90C8-CBE2C2EFD78A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{3FEF95F8-8770-4226-B76D-04D90295188A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{40F0230B-4C15-4627-8497-96159016BC1B}D:\games\steam\steam.exe" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"TCP Query User{4F3EA8BA-AFF9-4347-B85B-EE87D426839F}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{695E7120-61AA-4015-894F-3EB1FBCD9B99}C:\users\pedro\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"TCP Query User{C9A883AB-B98F-4738-913D-CBF343C86DA2}D:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{D1B898A0-05C4-4C1A-A435-FA65ED9F6B9C}C:\users\pedro\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"TCP Query User{D4A7DC4D-63CC-423A-ABB8-F3AC090642B3}D:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe" = protocol=6 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"UDP Query User{08F96B3D-7589-4077-B891-E6DB41DE44C8}D:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{49261EA0-4BE2-49D0-B7AA-0165943C3E82}C:\users\pedro\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"UDP Query User{51FA3187-6FED-4068-81FA-116B608B2544}D:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe" = protocol=17 | dir=in | app=d:\games\microsoft games\age of empires ii\age2_x1\age2_x2.exe | 
"UDP Query User{7A32D6EC-3615-4C99-A5D7-5C3AB1795ACC}C:\users\pedro\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\pedro\downloads\utorrent.exe | 
"UDP Query User{B2889EE2-6E16-4029-AD7D-9A7EE9DD8BC7}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{BA13E7CC-2700-47A3-8448-49145701D9F7}D:\games\steam\steam.exe" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"UDP Query User{E99F5FA7-99E5-4E8A-B1D3-FAE29C308900}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{115C101B-99FC-B3D0-753B-3FF6AF5A1859}" = AMD Drag and Drop Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2DCBB45E-AA03-4089-87E7-EC17E606D738}" = HP Deskjet 2050 J510 series Software básico do dispositivo
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55B348BE-A3BE-9AE7-58BD-BE45B9A28F82}" = AMD Media Foundation Decoders
"{5B73E1AA-CA9D-E76A-2F2D-E0EFB41CE087}" = AMD Accelerated Video Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C8EEF0B-C4BE-35A7-BF08-7C3C667EB62A}" = Microsoft .NET Framework 4 Extended PTB Language Pack
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF6C901-8C9D-C663-F997-EC95A2CCA228}" = AMD AVIVO64 Codecs
"{8D71EFB0-B1EF-4478-92D2-A65DB23AC460}" = HP Deskjet 2050 J510 series Estudo de aprimoramento de produtos
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Assistente de Conexão do Windows Live ID
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{C8807716-1F6F-5C43-3C32-7295A45CF060}" = AMD Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E54A949B-C4AE-28B6-EC97-FCB9E402D338}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DriverEasy_is1" = DriverEasy 4.5.3
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.4.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04BDADD5-B981-49DB-90F0-DE11F19C50B4}_is1" = Football Manager 2013 versão 13.3.3
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{11F2C5EC-35AA-7237-B62B-A4F041859C2A}" = CCC Help Spanish
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{229EDE35-4677-BDE6-70ED-A5A4C711DDC3}" = CCC Help Norwegian
"{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27B56E28-94B2-BDF8-D209-EC8D2FF4838E}" = Catalyst Control Center Graphics Previews Common
"{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.83
"{33D4FA83-02C0-93B3-08ED-5D7378930CFA}" = CCC Help Turkish
"{37D0F3C2-8FFD-134D-FBDF-2D711E169D78}" = Catalyst Control Center
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{42FECCEF-63CD-DF98-D6BC-DDBB27E4A580}" = CCC Help Japanese
"{43430FA5-AF68-4A2D-A7D4-891000008200}" = Street Fighter X Tekken
"{46594DA4-2D0A-B2D4-C0E0-A5CCA3260025}" = CCC Help Hungarian
"{485B8152-C59F-8569-15BC-46BDA2A1E4A9}" = CCC Help Polish
"{490F47E6-585C-531A-1BF8-4DE44ED9AED7}" = CCC Help Russian
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{50F87176-7DB3-4C75-D9DC-25CB4561D0F8}" = CCC Help Danish
"{52E706AA-B4E9-423A-1651-62E61E06DF9A}" = CCC Help Greek
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5FB51C12-62AE-0990-E419-C6F62B776E5C}" = CCC Help Portuguese
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66B46617-A156-F25B-3CC0-5E46343AEA95}" = CCC Help Thai
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Ajuda
"{81543139-18AE-703B-D3B1-F6B3A0CB2EAC}" = CCC Help English
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8FA20FAC-719F-7CCD-5790-6B59D691C370}" = CCC Help Chinese Traditional
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{940B28E7-320B-5AC8-0A8A-32D6A7B404A1}" = CCC Help Swedish
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C382AB-CA1D-8577-66D3-AA850DB5FD00}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A68C4D16-8046-5333-CB64-5E622C795785}" = CCC Help Dutch
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Português
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{BE0B654E-FC60-40AE-F60B-06526508B5FD}" = CCC Help Italian
"{BE0E1491-B2DC-6447-217C-342D8F7100EA}" = CCC Help Czech
"{C5EADF55-3B49-B545-E16F-402B443DDC77}" = CCC Help German
"{CBDFF724-E925-2964-E647-0A83D2F9165C}" = CCC Help French
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5341564-7B93-ADAC-E737-C24AA85CC5FF}" = CCC Help Chinese Standard
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D82BEF61-A0DA-4B2F-B53C-038310FB32EB}" = HydraVision
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAA18A0D-A57C-4611-B135-46EA06990E7D}" = XSplit
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3FB1E5A-1C24-D581-6BC8-6F8AC2D343AD}" = CCC Help Finnish
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E79BE5-20F5-82F4-6579-2A91AED3F066}" = Catalyst Control Center Localization All
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.70
"aTube Catcher" = aTube Catcher
"AVI ReComp" = AVI ReComp 1.5.5
"Avisynth" = AviSynth 2.5
"BSPlayerf" = BS.Player FREE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"F1 2012_is1" = F1 2012
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NoIPDUC" = No-IP DUC
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Open Broadcaster Software" = Open Broadcaster Software
"Origin" = Origin
"Pangya" = Pangya (Ntreev USA)
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.95
"Rogue Legacy_is1" = Rogue Legacy version 0.0.0.9
"Simple Port Forwarding" = Simple Port Forwarding
"Steam App 10" = Counter-Strike
"Steam App 105600" = Terraria
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 236390" = War Thunder
"Steam App 55230" = Saints Row: The Third
"uTorrent" = µTorrent
"VobSub" = VobSub 2.23
"WinAVI Video Converter" = WinAVI Video Converter
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16/09/2013 09:47:58 | Computer Name = Pedro-PC | Source = Software Protection Platform Service | ID = 8198
Description = Falha da Ativação de Licença (slui.exe) com o seguinte código de erro:
0x800401F9
 
Error - 16/09/2013 09:47:58 | Computer Name = Pedro-PC | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x00000000.
 
Error - 16/09/2013 09:48:30 | Computer Name = Pedro-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16/09/2013 10:27:42 | Computer Name = Pedro-PC | Source = SideBySide | ID = 16842815
Description = Falha na geração de contexto de ativação para "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Erro no arquivo de manifesto ou de
 diretiva C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll",
 na linha 3.  O valor "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 do atributo version no elemento assemblyIdentity é inválido.
 
Error - 16/09/2013 14:30:45 | Computer Name = Pedro-PC | Source = Software Protection Platform Service | ID = 8198
Description = Falha da Ativação de Licença (slui.exe) com o seguinte código de erro:
0x800401F9
 
Error - 16/09/2013 14:30:45 | Computer Name = Pedro-PC | Source = Winlogon | ID = 4103
Description = Falha de ativação da licença do Windows. Erro 0x00000000.
 
Error - 16/09/2013 14:32:41 | Computer Name = Pedro-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16/09/2013 09:49:50 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço WinRing0_1_2_0 devido ao seguinte
 erro:   %%2
 
Error - 16/09/2013 14:30:05 | Computer Name = Pedro-PC | Source = EventLog | ID = 6008
Description = O desligamento anterior do sistema em 15:28:30 às ?16/?09/?2013 não
 era esperado.
 
Error - 16/09/2013 14:33:01 | Computer Name = Pedro-PC | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço WinRing0_1_2_0 devido ao seguinte
 erro:   %%2
 
 
< End of report >


#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.370 posts

Jumbo19,

 

Faltou o OTL.txt


Editado por CarlosTurco, 16 setembro 2013 - 23:07.

[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#7
Jumbo19

Jumbo19

    Novato

  • Novato
  • Pip
  • 7 posts

Consegue anexar, então segue os dois arquivos:

Arquivo(s) anexado(s)



#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.370 posts

Jumbo19,
 
Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar
 

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{2E36EA80-A4D6-43f8-B9A4-EF9E51A81EC8}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O32 - AutoRun File - [2013/05/03 15:18:22 | 000,000,140 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{601deef3-27ac-11e2-91d6-c86000eb4c6e}\Shell - "" = AutoRun
O33 - MountPoints2\{601deef3-27ac-11e2-91d6-c86000eb4c6e}\Shell\AutoRun\command - "" = F:\setup.exe -- [2013/05/03 15:19:50 | 000,990,257 | R--- | M] (SEGA )

:files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[createrestorepoint]
[reboot]

 
Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log


[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#9
Jumbo19

Jumbo19

    Novato

  • Novato
  • Pip
  • 7 posts

All processes killed

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E36EA80-A4D6-43f8-B9A4-EF9E51A81EC8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E36EA80-A4D6-43f8-B9A4-EF9E51A81EC8}\ not found.
Prefs.js: S", "" removed from browser.search.defaultenginename,S
Prefs.js: "" removed from browser.search.defaultthis.engineName
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "" removed from browser.search.order.1
Prefs.js: S", "" removed from browser.search.order.1,S
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: S", "" removed from browser.search.selectedEngine,S
Prefs.js: "http://www.baixaki.c...campaign=portal" removed from browser.startup.homepage
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{601deef3-27ac-11e2-91d6-c86000eb4c6e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{601deef3-27ac-11e2-91d6-c86000eb4c6e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{601deef3-27ac-11e2-91d6-c86000eb4c6e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{601deef3-27ac-11e2-91d6-c86000eb4c6e}\ not found.
File move failed. F:\setup.exe scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\Pedro\Desktop\cmd.bat deleted successfully.
C:\Users\Pedro\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Pedro
->Temp folder emptied: 14812139 bytes
->Temporary Internet Files folder emptied: 476827 bytes
->Java cache emptied: 13404979 bytes
->FireFox cache emptied: 246229837 bytes
->Google Chrome cache emptied: 424870981 bytes
->Flash cache emptied: 3048 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3000832 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64027 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42303946 bytes
RecycleBin emptied: 2999590741 bytes
 
Total Files Cleaned = 3.571,00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 09222013_142839
 
Files\Folders moved on Reboot...
File\Folder F:\autorun.inf not found!
File\Folder F:\setup.exe not found!
C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.370 posts

Desative temporariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.


[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#11
Jumbo19

Jumbo19

    Novato

  • Novato
  • Pip
  • 7 posts
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bg.exe.vir a variant of Win32/Toolbar.CrossRider.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll.vir a variant of Win32/Toolbar.CrossRider.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil.dll.vir probably a variant of Win32/Toolbar.CrossRider.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-chromeinstaller.exe.vir probably a variant of Win32/Toolbar.CrossRider.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe.vir probably a variant of Win32/Toolbar.CrossRider.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-helper.exe.vir a variant of Win32/Toolbar.CrossRider.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe.vir probably a variant of Win32/Toolbar.CrossRider.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-2.2\utils.exe.vir Win32/Packed.ScrambleWrapper.C application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Ask\APN-Stub\FF\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Browse2Save\511b1f4f4c502.dll.vir a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir probably a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\181zs9uo.default\Extensions\511b1f4f4c38b@511b1f4f4c3c4.com\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\181zs9uo.default\Extensions\plugin@getwebcake.com\content\overlay.js.vir JS/Adware.Yontoo.C application cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\aTubeCatcher.exe multiple threats cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\avi-recomp-155-baixaki-32-bits.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\Bonde da stronda  corporacao 2012.rar.exe Win32/TrojanDownloader.Agent.RXF trojan cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\ccleaner-4014093-baixaki-32-bits (1).exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\ccleaner-4014093-baixaki-32-bits.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\internet-explorer-8--windows-vista--final-32-bits.exe a variant of Win32/InstallCore.CH application cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\internet-explorer-90-final-32-bits.exe a variant of Win32/InstallCore.CH application cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\revo-uninstaller-195-32-bits.exe a variant of Win32/InstallCore.CH application cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\setup.exe Win32/InstalleRex.I application cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\spybot--search-&-destroy-20120-32-bits.exe a variant of Win32/InstallCore.CH application cleaned by deleting - quarantined
C:\Users\Pedro\Downloads\backups\backup-20130915-194310-723.dll a variant of Win32/Toolbar.CrossRider.H application cleaned by deleting - quarantined
 
------------------------------------- // ----------------------------------
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:01:04, on 23/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
 
Running processes:
C:\Users\Pedro\Downloads\uTorrent.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
D:\Games\Origin\FIFA 13\Game\x360ce.exe
D:\Games\Origin\Origin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Pedro\Downloads\HijackThis (1).exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Pedro\Downloads\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB497898-B717-4F06-9BC3-81C43397C14D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12317 bytes
 


#12
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.370 posts

Ok,

 

Para finalizar:

 

Os logs estão limpos. :)

  • Execute o OTL.exe

    Clique no botão Botao_Limpeza_OTL.png.
  • iconjava.png Atualize o Java. Versões antigas têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u40.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 27.69 MB jre-7u40-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u40-windows-i586.exe para instalar a mais nova versão.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.Para Windows Vista e 7: Panda USB Vaccine
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do fórum Linha Defensiva.

Abraço. :legal:


[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**

#13
Jumbo19

Jumbo19

    Novato

  • Novato
  • Pip
  • 7 posts

Muito obrigado pela atenção, solucionaram meus problemas. Abraço!



#14
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 20.370 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.
[Linha Defensiva no Twitter][Linha Defensiva no Facebook]

Imagem Postada
**Tenha consideração a quem te ajuda, não Abandone seu tópico!**