Ir ao conteúdo
  • Comunicados

    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.

vinigo_lp

Membros Plenos
  • Total de itens

    34
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Informações gerais

  • Cidade e Estado
    recife,pe
  1. Net devagar.

    Não sei então o que tá acontecendo, mas quando eu ligo esse pc a net fica lerda... Acho que passou, nunca mais aconteceu isso... hsuHsuhushUSHuHsuhUShUHsuHUShUHS, meu pc não aguentou ficar 24 hrs ligado e uma das memorias rams queimou... Tô rodando só com 1gb.
  2. Net devagar.

    Isso demora viu.... Verificação automática: concluído 3 horas atrás (eventos: 2798822, objetos: 2780865, hora: 10:57:17) Resultado: OK (eventos: 2769814) Resultado: Detectados (eventos: 3) 23/12/2010 20:46:31 C:\Documents and Settings\Vinicius\Desktop\Anti Virus\Age Of Empires 2 & The Conquerors Expansion - Full Game.exe/Data\Aconfig.exe/PE_Patch/data0007.res/ASProtect Ação padrão selecionada 23/12/2010 21:45:18 C:\Documents and Settings\Vinicius\Downloads\sXeInjectedSetup.11.1.Fix.1.exe/web.dll Ação padrão selecionada 23/12/2010 21:47:44 C:\Documents and Settings\Vinicius\Downloads\sXeInjectedSetup.11.2.exe/web.dll Ação padrão selecionada Resultado: Arquivar (eventos: 27462) Resultado: Compactado (eventos: 1243) Resultado: Corrompido (eventos: 5) Resultado: Excluído (eventos: 3) Resultado: Em backup (eventos: 3) Resultado: Não processado (eventos: 27) Resultado: Protegido por senha (eventos: 260) Resultado: Tarefa iniciada (eventos: 1) Resultado: Tarefa concluída (eventos: 1) Verificação de vírus: concluído 15 minutos atrás (eventos: 223, objetos: 214, hora: 00:00:16)
  3. Net devagar.

    Como divido a net com os computadores da casa, vejo que só quando ligo esse, a internet fica lerda, mesmo sem baixar nada... Assim o problema não é com a provedora.
  4. Net devagar.

    A minha net está devagar a algum tempo. Acho que estou com vírus... Pois não é problema com a operadora. DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Vinicius at 19:34:58,50 on 17/12/2010 Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_21 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.55.1046.18.1790.680 [GMT -3:00] AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\lxczcoms.exe C:\Program Files\webserver\bin\win32\matlabserver.exe C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\bin\win32\MATLAB.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Windows\SysWOW64\conime.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\foobar2000\foobar2000.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Vinicius\Downloads\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~2\Crawler\ctbr.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~2\Crawler\ctbr.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Auxiliar de Conex?o do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll TB: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: Barra de ferramentas &Crawler: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - C:\PROGRA~2\Crawler\ctbr.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) IE: Crawler Search - tbr:iemenu IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL Trusted Zone: bancobrasil.com.br\www Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\www DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - C:\Program Files (x86)\GbPlugin\gbieh.dll {32099AAC-C132-4136-9E9A-4E364A424E17} TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide ================= FIREFOX =================== FF - ProfilePath - C:\Users\Vinicius\AppData\Roaming\Mozilla\Firefox\Profiles\l82jokle.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.localstrike.com.ar/ FF - prefs.js: keyword.URL - hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: C:\Users\Vinicius\AppData\Roaming\Mozilla\Firefox\Profiles\l82jokle.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - component: C:\Users\Vinicius\AppData\Roaming\Mozilla\Firefox\Profiles\l82jokle.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll FF - plugin: C:\Users\Vinicius\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Vinicius\AppData\Roaming\Mozilla\Firefox\Profiles\l82jokle.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: LoudMo Contextual Ad Assistant: {dc73254b-b7f3-cebd-1220-a4e2bb3b747b} - C:\Program Files (x86)\Mozilla Firefox\extensions\{dc73254b-b7f3-cebd-1220-a4e2bb3b747b} FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Verificador Ortogrأ،fico para Portuguأھs do Brasil.: pt-BR@dellalibera.sf.net - %profile%\extensions\pt-BR@dellalibera.sf.net FF - Ext: Mأ³dulo de Proteأ§أ£o: {87F8774F-B485-47E2-A755-A40A8A5E8874} - %profile%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874} FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} FF - Ext: Mأ³dulo de Seguranأ§a - Banco do Brasil: {87F8774F-B485-47E2-A755-A40A8A5E886C} - %profile%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension ---- FIREFOX POLICIES ---- FF - user.js: google.toolbar.linkdoctor.enabled - false ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2009-6-14 33792] R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2008-10-24 136912] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2008-10-24 53008] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-6-1 108289] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-6-1 185089] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2009-6-1 74880] R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2010-2-21 55072] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-5-23 72216] R2 npf;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2008-6-29 40464] S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-1-5 9968] S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 74480] S2 gupdate1c9c38e93112d81;Google Update Service (gupdate1c9c38e93112d81);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-4-22 133104] S2 REXEC;REXECD;C:\Windows\SysWOW64\REXECD.exe [2005-5-9 98353] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-26 89920] S3 FontCache;Serviço de Cache de Fontes do Windows;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-16 27648] S3 PerfHost;Host de DLL de Contador de Desempenho;C:\Windows\SysWOW64\perfhost.exe [2008-4-16 19968] S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\Windows\System32\drivers\s916bus.sys [2007-11-2 108072] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\Windows\System32\drivers\s916mdfl.sys [2007-11-2 19496] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\Windows\System32\drivers\s916mdm.sys [2007-11-2 145448] S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 7408] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2010-8-13 127488] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2010-8-13 18944] S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2010-8-13 161280] S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-8-13 16448] S4 Aspen Remote Simulation Service V7.0;Aspen Remote Simulation Service V7.0;C:\Program Files (x86)\AspenTech\Aspen Remote Simulation Service V7.0\AspenTech.AspenCxs.RemotingSvc.exe [2008-6-20 81920] =============== File Associations =============== JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* =============== Created Last 30 ================ 2010-12-17 13:19:03 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{9BA09C05-F324-4302-B5FC-0F73710AB87F}\mpengine.dll 2010-12-17 06:12:54 -------- d-----w- C:\LinhaDefensiva 2010-12-15 21:27:47 96256 ----a-w- C:\Windows\System32\fontsub.dll 2010-12-15 21:27:47 72704 ----a-w- C:\Windows\SysWow64\fontsub.dll 2010-12-15 21:27:47 48128 ----a-w- C:\Windows\System32\atmlib.dll 2010-12-15 21:27:47 367104 ----a-w- C:\Windows\System32\atmfd.dll 2010-12-15 21:27:47 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2010-12-15 21:27:47 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll 2010-12-15 21:27:19 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat 2010-12-15 21:27:19 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat 2010-12-15 21:24:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2010-12-15 21:24:57 2048 ----a-w- C:\Windows\System32\tzres.dll 2010-12-15 21:24:01 855040 ----a-w- C:\Windows\System32\schedsvc.dll 2010-12-15 21:24:01 655872 ----a-w- C:\Windows\System32\taskschd.dll 2010-12-15 21:24:00 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2010-12-15 21:24:00 410112 ----a-w- C:\Windows\System32\taskcomp.dll 2010-12-15 21:24:00 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll 2010-12-15 21:24:00 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll 2010-12-15 21:24:00 267776 ----a-w- C:\Windows\System32\taskeng.exe 2010-12-15 21:24:00 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe 2010-12-09 04:34:30 -------- d-----w- C:\Users\Vinicius\AppData\Roaming\mIRC 2010-12-09 04:34:29 -------- d-----w- C:\Program Files (x86)\mIRC 2010-12-07 03:32:33 -------- d-----w- C:\Program Files (x86)\URUSoft 2010-12-03 22:02:48 -------- d-----w- C:\Program Files (x86)\Clownfish 2010-12-02 01:46:18 -------- d-----w- C:\Users\Vinicius\AppData\Roaming\HTML Executable 2010-11-24 21:10:31 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2010-11-24 21:10:31 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll ==================== Find3M ==================== 2010-12-17 14:06:15 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll 2010-11-29 20:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-11-16 00:37:38 419840 ----a-w- C:\Windows\System32\wrap_oal.dll 2010-11-16 00:37:38 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2010-11-16 00:37:38 133632 ----a-w- C:\Windows\System32\OpenAL32.dll 2010-11-16 00:37:37 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll 2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll 2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl 2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll 2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll 2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll 2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec 2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec 2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe 2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2010-10-19 13:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe 2010-10-18 15:35:48 87552 ----a-w- C:\Windows\System32\consent.exe 2010-10-18 15:25:36 2753536 ----a-w- C:\Windows\System32\win32k.sys 2010-10-17 22:35:43 199995 ----a-w- C:\Windows\ADDONS SITECS (NONSTEAM) Uninstaller.exe ============= FINISH: 19:36:37,08 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft® Windows Vista™ Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 19/09/2008 15:49:18 System Uptime: 17/12/2010 16:21:40 (3 hours ago) Motherboard: ECS | | GeForce 8000 series Processor: AMD Athlon 64 X2 Dual Core Processor 5200+ | CPU 1 | 1800/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 149 GiB total, 15,093 GiB free. D: is CDROM (CDFS) E: is CDROM () F: is CDROM () G: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP698: 17/12/2010 10:18:05 - Windows Update RP699: 17/12/2010 19:29:04 - Spyware Terminator - restore point ==== Installed Programs ====================== ABBYY FineReader 6.0 Sprint ADDONS SITECS (NONSTEAM) Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 9.4.1 - Português Adobe Setup Adobe Shockwave Player 11.5 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Advanced SystemCare 3 Advertising Center Age Of Empires 2 & The Conquerors Expansion - Full Game AGEIA GAME System Software 2.8.0 AKVIS Sketch AMR Player 1.3 Any Video Converter 2.7.1 Applian FLV Player Arquivo do WinRAR Assistente de Conex?o do Windows Live µTorrent Atualizaç?o do produto Microsoft Office Excel 2007 Help (KB963678) Atualizaç?o do produto Microsoft Office Outlook 2007 Help (KB963677) Atualizaç?o do produto Microsoft Office Powerpoint 2007 Help (KB963669) Atualizaç?o do produto Microsoft Office Word 2007 Help (KB963665) Audacity 1.3.12 (Unicode) AutoUpdate Avira AntiVir Personal - Free Antivirus Barra de Ferramentas do Yahoo! CALL - Vs5 CALL Vs.5 Cambridge Advanced Learner's Dictionary - 2nd edition CFD GridEditor 2.0 CFD Mesh 1.0 CFD SciView 1.0 CFD Sinflow Library 1.0 CFD Studio 1.0 Cheating-Death 4.33.4 ChemSep 6.0 Chime/Chime Pro for Internet Explorer Clownfish for Skype CodeBlocks CodecInstaller 2.10.1 Counter-Strike 1.6 Crawler Toolbar with Web Security Guard DAEMON Tools Toolbar DDR - Digital Camera Recovery(Demo) 4.0.1.6 Dealio Toolbar v4.0.1 DivX Codec DivX Converter DivX Player DivX Web Player Documentaç?o - Projeto CFD Sinflow DVD Shrink 3.2 Everest Dictionary Exchanger Design and Rating V7.0 FastDictionary 2007 Ferramenta de Carregamento do Windows Live FlightGear v2.0.0 Flobo Photo Digital Recovery 1.5 foobar2000 v0.9.5.5 Foxit Reader Free FLV to AVI Video Converter v. 1.0 Free Mp3 Wma Converter V 1.81 Free PDF to Word Doc Converter v1.1 Fundamentos GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892) Google Chrome Google Update Helper GUNROX 1.11 Hero Editor V0.96 HiJackThis HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IRPF2009 - Declaraç?o de Ajuste Anual e Final de Esp?lio IRPF2010 - Declaraç?o de Ajuste Anual e Final de Esp?lio Java Auto Updater Java 6 Update 21 Junk Mail filter update K-Lite Mega Codec Pack 5.1.0 License Admin Tools Longman Dicion?rio Escolar Malwarebytes' Anti-Malware MATLAB 7.1 MATLAB R2006b MediaCoder 0.6.1 MessengerDiscovery 2.5.95 Microke Special Edition Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft Choice Guard Microsoft English TTS 5.1 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Portuguese (Brazil)) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Visio 2007 Service Pack 2 (SP2) Microsoft Office Visio MUI (Portuguese (Brazil)) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Setup Support Files (English) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Minilyrics(remove only) mIRC Mozilla Firefox (3.6.13) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Lite Nero ControlCenter Nero Installer Nero Online Upgrade Nero StartSmart neroxml NextUp-ScanSoft Raquel Brazilian Portuguese Voice Nmap 4.76 No-IP.com DUC (remove only) NSIS Example2 OpenAL Origin 6.0 PC Inspector File Recovery PDF Settings PhotoFiltre Studio Postal 2 Share The Pain Process Modeling (Aspen Plus) V7.0 Process Modeling (HYSYS) V7.0 Python 2.4.4 QUICKfind QuickTime Alternative 2.7.0 Real Alternative 1.9.0 RealPlayer Receitanet 2009 Receitanet Java 2010.02a Samsung New PC Studio Samsung PC Studio 3 USB Driver Installer Search Settings 1.2.2 Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio 2007 (KB982127) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) Skype Toolbars Skype™ 4.2 Sony Vegas Pro 8.0 Spyware Terminator Steam StuffPlug 3 Subtitle Workshop 2.51 Sun xVM VirtualBox SUPERAntiSpyware Free Edition sXe Injected TextAloud The KMPlayer (remove only) The Unscrambler® 9.8 Tibia Tibia MULTI-ip changer Unity Web Player Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2412171) Update for Outlook 2007 Junk Email Filter (KB2466076) Visual C++ 8.0 Runtime Setup Package (x64) Windows Essentials Media Codec Pack 2.3d Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Sync Windows Live Writer Windows Media Player Firefox Plugin Windows Movie Maker 2.6 winpcap-nmap 4.02 WinSCP 4.1.8 Worms2 Demo ==== End Of File =========================== GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-17 20:13:49 Windows 6.0.6002 Service Pack 2 Running: gmer.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@NIC Gigabit Ethernet PCI-E Realtek Fam 1? Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0x43 0xE5 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x31 0xDB 0x85 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x93 0x3C 0xE2 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0xA3 0x77 0xD0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x38 0xFB 0xA3 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x39 0xD2 0x78 0xEA ... Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@NIC Gigabit Ethernet PCI-E Realtek Fam 1? Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA2 0x43 0xE5 0xFD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x31 0xDB 0x85 0x15 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x93 0x3C 0xE2 0x84 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x41 0xA3 0x77 0xD0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x38 0xFB 0xA3 0x8A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x39 0xD2 0x78 0xEA ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IRPF2009 - Declaraç Reg HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IRPF2009 - Declaraç@SlowInfoCache 0x28 0x02 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IRPF2009 - Declaraç@Changed 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IRPF2010 - Declaraç Reg HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IRPF2010 - Declaraç@SlowInfoCache 0x28 0x02 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IRPF2010 - Declaraç@Changed 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Acess Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Acess@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Acess Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Acess@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Acess Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Acess@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\1795218283\Groups@Fam 0 Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\2208660093\Groups@Fam 1 Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\255171934\Groups@Dispon 0 Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\940874458\Groups@Fam 1 Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\969140246\Groups@Fam 1 ---- EOF - GMER 1.0.15 ----
  5. Da uma olhada nos Scans

    Não, por enquanto só isso. Já fiz...mas não pega.
  6. Da uma olhada nos Scans

    Fiz tudo isso, agora só o msn sem pegar..
  7. Da uma olhada nos Scans

    Autoscan: completed 35 minutes ago (events: 1674813, objects: 1665617, time: 09:07:29) Result: OK (events: 1663825) Result: Detected (events: 6) 07/08/2010 21:09:05 C:\Documents and Settings\Vinicius\Documents\Downloads\SXEClient-SITECS.net.zip/sXeInjectedSetup.8.5.exe/sXe Injected.exe 07/08/2010 21:32:57 C:\Documents and Settings\Vinicius\Documents\Downloads\SXEClient-SITECS.net.zip/sXeInjectedSetup.8.5.exe/sXe.dll 07/08/2010 23:34:08 C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2010\kitserver\speeder.dll 08/08/2010 00:19:20 C:\Program Files (x86)\Remere's Map Editor\RME.exe 08/08/2010 00:51:02 C:\Windows\elf_key.dll Information 08/08/2010 04:42:14 C:\Windows\elf_key.dll Information Result: Archive (events: 9564) Result: Packed (events: 1175) Result: Corrupted (events: 1) Result: Deleted (events: 3) 07/08/2010 21:32:57 C:\Documents and Settings\Vinicius\Documents\Downloads\SXEClient-SITECS.net.zip/sXeInjectedSetup.8.5.exe 07/08/2010 23:35:43 C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2010\kitserver\speeder.dll 08/08/2010 00:20:42 C:\Program Files (x86)\Remere's Map Editor\RME.exe Result: Backed up (events: 3) 07/08/2010 21:32:56 C:\Documents and Settings\Vinicius\Documents\Downloads\SXEClient-SITECS.net.zip 07/08/2010 23:35:43 C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2010\kitserver\speeder.dll 08/08/2010 00:20:42 C:\Program Files (x86)\Remere's Map Editor\RME.exe Result: Not processed (events: 10) Result: Password protected (events: 224) Result: Task started (events: 1) 07/08/2010 19:59:03 Result: Task completed (events: 1) 08/08/2010 05:06:32
  8. Da uma olhada nos Scans

    Tá aqui, eu salvei em outro local. Esse scan demora 24 hrs aqui em casa.... Demora com força... All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d1b9c02-f47c-11de-b27c-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d1b9c02-f47c-11de-b27c-001e90ec58e6}\ not found. File cold\hott\¥¶¾³¿¸¤£ù²¯² not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d1b9c02-f47c-11de-b27c-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d1b9c02-f47c-11de-b27c-001e90ec58e6}\ not found. File cold\hott\¥¶¾³¿¸¤£ù²¯² not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d1b9c02-f47c-11de-b27c-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d1b9c02-f47c-11de-b27c-001e90ec58e6}\ not found. File cold\hott\¥¶¾³¿¸¤£ù²¯² not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d63a46b-45ad-11df-a11b-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d63a46b-45ad-11df-a11b-001e90ec58e6}\ not found. File RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d63a46b-45ad-11df-a11b-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d63a46b-45ad-11df-a11b-001e90ec58e6}\ not found. File RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3815b9c2-e375-11de-a0fc-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3815b9c2-e375-11de-a0fc-001e90ec58e6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3815b9c2-e375-11de-a0fc-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3815b9c2-e375-11de-a0fc-001e90ec58e6}\ not found. File G:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e51c049-110b-11df-93bb-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e51c049-110b-11df-93bb-001e90ec58e6}\ not found. File Resources\sEtuP64.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e51c049-110b-11df-93bb-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e51c049-110b-11df-93bb-001e90ec58e6}\ not found. File Resources\sEtuP64.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e51c04a-110b-11df-93bb-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e51c04a-110b-11df-93bb-001e90ec58e6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e51c04a-110b-11df-93bb-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e51c04a-110b-11df-93bb-001e90ec58e6}\ not found. File H:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79663c47-4a42-11df-b468-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79663c47-4a42-11df-b468-001e90ec58e6}\ not found. File J:\zybxjg.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79663c47-4a42-11df-b468-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79663c47-4a42-11df-b468-001e90ec58e6}\ not found. File J:\zybxjg.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79663c47-4a42-11df-b468-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79663c47-4a42-11df-b468-001e90ec58e6}\ not found. File J:\zybxjg.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87c86f33-e32b-11de-9796-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87c86f33-e32b-11de-9796-001e90ec58e6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87c86f33-e32b-11de-9796-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87c86f33-e32b-11de-9796-001e90ec58e6}\ not found. File G:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf308ea-6eaf-11df-9bc2-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf308ea-6eaf-11df-9bc2-001e90ec58e6}\ not found. File I:\NNITEDN\LODGI\NintenD.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf308ea-6eaf-11df-9bc2-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf308ea-6eaf-11df-9bc2-001e90ec58e6}\ not found. File I:\NNITEDN\LODGI\NintenD.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf308eb-6eaf-11df-9bc2-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf308eb-6eaf-11df-9bc2-001e90ec58e6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf308eb-6eaf-11df-9bc2-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf308eb-6eaf-11df-9bc2-001e90ec58e6}\ not found. File H:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d64154a-867a-11dd-b942-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d64154a-867a-11dd-b942-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d64154a-867a-11dd-b942-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d64154a-867a-11dd-b942-806e6f6e6963}\ not found. File D:\Setup.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb436103-3853-11df-9fad-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb436103-3853-11df-9fad-001e90ec58e6}\ not found. File Isass.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beda6917-d21d-11dd-9405-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beda6917-d21d-11dd-9405-001e90ec58e6}\ not found. File H:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beda6917-d21d-11dd-9405-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beda6917-d21d-11dd-9405-001e90ec58e6}\ not found. File H:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d280a400-1357-11df-9b7b-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d280a400-1357-11df-9b7b-001e90ec58e6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d280a400-1357-11df-9b7b-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d280a400-1357-11df-9b7b-001e90ec58e6}\ not found. File G:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea907a91-86be-11dd-89f2-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea907a91-86be-11dd-89f2-001e90ec58e6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea907a91-86be-11dd-89f2-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea907a91-86be-11dd-89f2-001e90ec58e6}\ not found. File E:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea907aa3-86be-11dd-89f2-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea907aa3-86be-11dd-89f2-001e90ec58e6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea907aa3-86be-11dd-89f2-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea907aa3-86be-11dd-89f2-001e90ec58e6}\ not found. File F:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f31c0a24-c24e-11de-b456-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f31c0a24-c24e-11de-b456-001e90ec58e6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f31c0a24-c24e-11de-b456-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f31c0a24-c24e-11de-b456-001e90ec58e6}\ not found. File H:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5fa45c8-e1c5-11de-89f6-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5fa45c8-e1c5-11de-89f6-001e90ec58e6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5fa45c8-e1c5-11de-89f6-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5fa45c8-e1c5-11de-89f6-001e90ec58e6}\ not found. File G:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f82557bb-bf5a-11de-9785-001e90ec58e6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f82557bb-bf5a-11de-9785-001e90ec58e6}\ not found. File G:\F1\X1\trx.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f82557bb-bf5a-11de-9785-001e90ec58e6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f82557bb-bf5a-11de-9785-001e90ec58e6}\ not found. File G:\F1\X1\trx.exe not found. ========== PROCESSES ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: Administrador ->Flash cache emptied: 2318 bytes User: All Users User: Default User: Default User User: Public User: Vinicius ->Flash cache emptied: 4657 bytes Total Flash Files Cleaned = 0,00 mb Error: Unable to interpret <[clearallrestorepoint]> in the current context! Restore point Set: OTL Restore Point [EMPTYTEMP] User: Administrador ->Temp folder emptied: 38089924 bytes ->Temporary Internet Files folder emptied: 1023580 bytes ->FireFox cache emptied: 93592714 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Vinicius ->Temp folder emptied: 7235960 bytes ->Temporary Internet Files folder emptied: 6139889 bytes ->Java cache emptied: 1584605 bytes ->FireFox cache emptied: 93591899 bytes ->Google Chrome cache emptied: 214460695 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 327974 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 104315724 bytes Total Files Cleaned = 534,00 mb OTL by OldTimer - Version 3.2.9.1 log created on 08042010_144001 OTL by OldTimer - Version 3.2.9.1 log created on 08042010_144001 Files\Folders moved on Reboot... File\Folder C:\Users\Vinicius\AppData\Local\Temp\ Usuários dos Computadores da Sala Pesquisadores 1.docx not found! C:\Users\Vinicius\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\hsperfdata_MONSTRO$\1044 not found! Registry entries deleted on Reboot...
  9. Da uma olhada nos Scans

    Tipo fiz o que tu mandou ai em cima... Mas na segunda passo de quick scan não coloquei nenhum Script... Outra coisa...era para colocar aquele .txt que gerou quando reiniciou?! OTL logfile created on: 04/08/2010 14:47:36 - Run 5 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Vinicius\Desktop\Anti Virus 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 7,25 Gb Free Space | 4,86% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MONSTRO Current User Name: Vinicius Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/07/27 18:12:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Vinicius\Desktop\Anti Virus\OTL.exe PRC - [2010/07/24 00:31:26 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010/07/02 17:33:10 | 002,347,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe PRC - [2010/05/26 10:46:42 | 000,055,072 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe PRC - [2010/04/14 09:12:34 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe PRC - [2009/12/21 21:45:57 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2009/09/16 08:20:24 | 000,666,360 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe PRC - [2009/08/05 17:55:22 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009/06/09 20:27:47 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2008/07/24 12:02:06 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (SafeList) ========== MOD - [2010/07/27 18:12:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Vinicius\Desktop\Anti Virus\OTL.exe MOD - [2008/04/16 23:04:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/04/11 04:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:64bit: - [2009/04/11 04:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:64bit: - [2008/04/16 23:16:31 | 000,195,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007/02/08 19:51:08 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device) SRV - [2010/05/26 10:46:42 | 000,055,072 | ---- | M] ( ) [unknown | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv) SRV - [2010/04/14 09:12:34 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv) SRV - [2010/01/23 20:01:29 | 000,326,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/09/16 08:20:24 | 000,666,360 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2009/08/05 17:55:22 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/06/09 20:27:47 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/09/27 00:44:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/02/08 19:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxczcoms.exe -- (lxcz_device) SRV - [2005/07/27 09:53:00 | 000,536,576 | ---- | M] () [Auto | Stopped] -- C:\Arquivos de Programas\webserver\bin\win32\matlabserver.exe -- (matlabserver) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem) DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp) DRV:64bit: - [2010/07/12 11:16:00 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2009/12/14 11:37:31 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009/09/30 21:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/09/28 19:35:32 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009/04/11 01:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC) DRV:64bit: - [2009/03/19 17:32:34 | 000,150,656 | ---- | M] (ONDA Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ONDAusbser6k.sys -- (ONDAusbser6k) DRV:64bit: - [2009/03/19 17:32:34 | 000,150,656 | ---- | M] (ONDA Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ONDAusbnmea.sys -- (ONDAusbnmea) DRV:64bit: - [2009/03/19 17:32:34 | 000,150,656 | ---- | M] (ONDA Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ONDAusbmdm6k.sys -- (ONDAusbmdm6k) DRV:64bit: - [2008/08/11 12:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2008/08/11 12:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr) DRV:64bit: - [2008/06/29 12:12:32 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2008/06/19 17:24:32 | 000,033,792 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2007/11/02 10:47:32 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s916mdm.sys -- (s916mdm) DRV:64bit: - [2007/11/02 10:47:32 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s916bus.sys -- (s916bus) Sony Ericsson Device 916 driver (WDM) DRV:64bit: - [2007/11/02 10:47:32 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s916mdfl.sys -- (s916mdfl) DRV:64bit: - [2007/05/02 11:11:14 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys -- (ss_mdm) DRV:64bit: - [2007/05/02 11:11:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV:64bit: - [2007/05/02 11:11:14 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys -- (ss_mdfl) DRV:64bit: - [2006/10/02 23:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2006/09/18 18:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV - [2010/05/26 10:48:08 | 000,045,472 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm) DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 6D E9 A2 23 A9 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "LocalStrike" FF - prefs.js..browser.search.defaultthis.engineName: "LocalStrike" FF - prefs.js..browser.search.defaulturl: "http://search.localstrike.com.ar/?q={searchTerms}" FF - prefs.js..browser.search.order.1: "LocalStrike" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.localstrike.com.ar/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.0 FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.11.7 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: pt-BR@dellalibera.sf.net:1.5 FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.11.5 FF - prefs.js..extensions.enabledItems: {dc73254b-b7f3-cebd-1220-a4e2bb3b747b}:4.6.6.4 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1 FF - prefs.js..keyword.URL: "http://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - prefs.js..network.proxy.autoconfig_url: "http://www.ufpe.br/proxy.pac" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/22 18:11:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\firefox\ [2010/01/26 21:28:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/27 01:41:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/24 00:31:30 | 000,000,000 | ---D | M] [2008/09/19 21:05:25 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\mozilla\Extensions [2010/08/03 18:27:04 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions [2010/06/09 17:38:47 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010/05/18 22:02:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/07/23 22:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} [2010/07/23 22:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874} [2010/06/09 17:41:05 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2010/04/03 20:27:59 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2009/11/06 17:57:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/01/12 19:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{e3868d2c-9a68-4c4a-87f2-4e9d78fd16ee} [2010/01/12 19:04:16 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2010/07/23 22:51:51 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\pt-BR@dellalibera.sf.net [2010/01/18 11:45:41 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\pt-BR@dictionaries.addons.mozilla.org [2009/11/09 14:54:18 | 000,002,163 | ---- | M] () -- C:\Users\Vinicius\AppData\Roaming\Mozilla\FireFox\Profiles\l82jokle.default\searchplugins\bing.xml [2010/01/12 19:32:29 | 000,001,331 | ---- | M] () -- C:\Users\Vinicius\AppData\Roaming\Mozilla\FireFox\Profiles\l82jokle.default\searchplugins\crawlersrch.xml [2008/09/19 23:51:53 | 000,000,523 | ---- | M] () -- C:\Users\Vinicius\AppData\Roaming\Mozilla\FireFox\Profiles\l82jokle.default\searchplugins\daemon-search.xml [2010/03/21 13:51:03 | 000,000,266 | ---- | M] () -- C:\Users\Vinicius\AppData\Roaming\Mozilla\FireFox\Profiles\l82jokle.default\searchplugins\Search.xml [2010/08/04 14:45:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010/03/21 14:20:12 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\mozilla firefox\extensions\{dc73254b-b7f3-cebd-1220-a4e2bb3b747b} [2009/10/15 11:48:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\search@searchsettings.com [2009/10/23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2010/01/15 22:18:55 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml O1 HOSTS File: ([2010/07/29 17:44:25 | 000,000,862 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de Programas\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll () O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Barra de ferramentas &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Barra de ferramentas &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe File not found O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [spywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis) O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files (x86)\GbPlugin\gbieh.dll - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/08/04 14:40:01 | 000,000,000 | ---D | C] -- C:\_OTL [2010/07/22 19:21:27 | 000,093,056 | ---- | C] (GMER) -- C:\ffldypoc.sys [2010/07/22 03:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TibiaBot NG [2010/07/22 02:50:12 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Desktop\Anti Virus [2010/07/21 15:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElfBot NG [2010/07/14 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Documents\Alcohol 120% [2010/07/12 11:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2010/07/08 19:39:04 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Documents\Aléxia THON [2010/07/05 20:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMR Player [2010/07/05 20:13:49 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\AppData\Roaming\Audacity [2010/07/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode) [2010/07/01 16:26:12 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Desktop\Portal BR_files [2010/06/09 13:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery [2010/06/09 01:03:53 | 000,066,800 | ---- | C] (Just Great Software) -- C:\Windows\UnDeployV.exe [2010/06/09 01:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DDR - Digital Camera Recovery(Demo) [2010/06/09 00:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flobo Photo Digital Recovery [2010/06/03 00:32:10 | 000,000,000 | ---D | C] -- C:\The Back-up Plan.2010.DvdScr.Xvid {1337x}-Noir [2010/05/23 20:22:59 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2010/05/23 20:21:10 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\AppData\Local\LogMeIn [2010/05/23 20:20:55 | 000,029,496 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll [2010/05/23 20:20:54 | 000,087,384 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll [2010/05/23 20:20:54 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys [2010/05/23 20:20:49 | 000,080,696 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll [2010/05/23 20:20:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn [2010/05/23 20:18:18 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\AppData\Local\Deployment [2010/05/23 17:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sXe Injected [2010/05/23 13:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Half-life [2010/05/22 21:49:43 | 000,000,000 | ---D | C] -- C:\Counter Strike 1.6 [2010/05/22 20:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve [2010/05/21 18:20:02 | 000,145,160 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_mdm.sys [2010/05/21 18:20:02 | 000,108,296 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_bus.sys [2010/05/21 18:20:02 | 000,019,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_mdfl.sys [2010/05/21 18:20:02 | 000,015,624 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_whnt.sys [2010/05/21 18:20:02 | 000,015,624 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_wh.sys [2010/05/21 18:20:02 | 000,015,112 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_cmnt.sys [2010/05/21 18:20:02 | 000,015,112 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ss_cm.sys [2010/05/21 18:20:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers [2010/05/21 18:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2010/05/21 16:36:49 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Valve [2010/05/17 20:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ChemSepL [2010/05/13 07:24:26 | 000,000,000 | ---D | C] -- C:\b147a8f36661a87ed48a [2010/05/09 14:17:25 | 000,000,000 | ---D | C] -- C:\Lyrics [2010/05/09 14:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minilyrics [2008/09/25 21:00:33 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll [2008/09/25 21:00:33 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll [2008/09/25 21:00:32 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll [2008/09/25 21:00:32 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll [2008/09/25 21:00:32 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll [2008/09/25 21:00:31 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll [2008/09/25 21:00:31 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll [2008/09/25 21:00:31 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll [2008/09/25 21:00:31 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll [2008/09/25 21:00:31 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll [2008/09/25 21:00:31 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll ========== Files - Modified Within 90 Days ========== [2010/08/04 14:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{89702626-5B6D-4B2A-9EE1-4864F8A556F4}.job [2010/08/04 14:53:03 | 008,650,752 | ---- | M] () -- C:\Users\Vinicius\NTUSER.DAT [2010/08/04 14:44:38 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/08/04 14:44:37 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/08/04 14:43:57 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/08/04 14:43:56 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job [2010/08/04 14:43:51 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/08/04 14:43:51 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/08/04 14:43:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/08/04 14:43:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/08/04 14:42:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2010/08/04 14:42:11 | 000,524,288 | -HS- | M] () -- C:\Users\Vinicius\NTUSER.DAT{f23d4ba3-e812-11de-b1cb-001e90ec58e6}.TMContainer00000000000000000001.regtrans-ms [2010/08/04 14:42:11 | 000,065,536 | -HS- | M] () -- C:\Users\Vinicius\NTUSER.DAT{f23d4ba3-e812-11de-b1cb-001e90ec58e6}.TM.blf [2010/08/04 14:42:08 | 004,399,335 | -H-- | M] () -- C:\Users\Vinicius\AppData\Local\IconCache.db [2010/08/04 14:42:04 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/08/03 22:34:00 | 000,000,478 | ---- | M] () -- C:\Windows\Lexstat.ini [2010/08/03 19:23:46 | 001,452,574 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/08/03 19:23:46 | 000,636,908 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat [2010/08/03 19:23:46 | 000,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/08/03 19:23:46 | 000,122,534 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat [2010/08/03 19:23:46 | 000,101,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/08/03 19:15:30 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4E7FFDCC-8AC2-4A6A-B48D-5A3EADE8F765}.job [2010/08/03 18:33:25 | 000,204,276 | ---- | M] () -- C:\Users\Vinicius\Desktop\histo regina.docx [2010/08/03 11:26:31 | 000,048,500 | ---- | M] () -- C:\Users\Vinicius\Desktop\MPU.jpg [2010/08/03 11:09:09 | 000,678,206 | ---- | M] () -- C:\Users\Vinicius\Desktop\espectometria_de_massas.pdf [2010/08/01 21:15:49 | 000,000,894 | ---- | M] () -- C:\Users\Vinicius\Desktop\sXe Injected.lnk [2010/07/29 18:03:20 | 000,137,728 | ---- | M] () -- C:\Users\Vinicius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/07/26 22:55:46 | 000,429,969 | ---- | M] () -- C:\Users\Vinicius\Desktop\TEST DE PAI.PDF [2010/07/26 18:53:24 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz [2010/07/26 18:53:24 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll [2010/07/26 18:53:24 | 000,000,087 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz [2010/07/26 18:53:24 | 000,000,073 | ---- | M] () -- C:\Windows\SysWow64\ssprs.dll [2010/07/26 18:52:07 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.tgz [2010/07/26 18:52:07 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.dll [2010/07/26 18:52:07 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\clauth2.dll [2010/07/26 18:52:07 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\clauth1.dll [2010/07/22 19:21:27 | 000,093,056 | ---- | M] (GMER) -- C:\ffldypoc.sys [2010/07/21 14:46:22 | 000,197,632 | ---- | M] () -- C:\Windows\elf_key.dll [2010/07/18 06:45:02 | 000,000,687 | ---- | M] () -- C:\Users\Vinicius\Documents\ax_files.xml [2010/07/17 16:51:26 | 000,001,749 | ---- | M] () -- C:\Users\Vinicius\Desktop\Tibia Auto.lnk [2010/07/16 20:18:04 | 000,429,310 | ---- | M] () -- C:\Users\Vinicius\Desktop\raven.pdf [2010/07/14 19:34:55 | 000,492,421 | ---- | M] () -- C:\Users\Vinicius\Desktop\LastScan.jpg [2010/07/12 11:16:00 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010/07/06 14:34:22 | 000,129,626 | ---- | M] () -- C:\Users\Vinicius\Desktop\MINISTÉRIO DA FAZENDA.docx [2010/07/04 22:50:58 | 000,067,232 | ---- | M] () -- C:\Users\Vinicius\Documents\projeto de tata.docx [2010/07/01 16:26:12 | 000,261,864 | ---- | M] () -- C:\Users\Vinicius\Desktop\Portal BR.htm [2010/06/28 21:18:59 | 000,000,274 | ---- | M] () -- C:\Windows\SysWow64\CALL.INI [2010/06/21 11:58:19 | 000,000,162 | -H-- | M] () -- C:\Users\Vinicius\Desktop\~$olução das Espécies e Seleção Natural.doc [2010/06/21 11:57:24 | 000,000,162 | -H-- | M] () -- C:\Users\Vinicius\Desktop\~$PRIMIR - MUTAÇÃO E SELEÇÃO NATURAL.docx [2010/06/12 16:32:05 | 002,320,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/06/09 17:41:34 | 000,100,109 | ---- | M] () -- C:\Users\Vinicius\Desktop\player.swf [2010/06/09 01:22:32 | 000,000,367 | ---- | M] () -- C:\Users\Vinicius\Documents\RECUPERAR FOTOS.DCM [2010/06/09 01:03:54 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\DDR - Digital Camera Recovery(Demo).lnk [2010/05/28 19:18:27 | 000,090,112 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt.dll [2010/05/28 09:10:54 | 000,030,866 | ---- | M] () -- C:\Users\Vinicius\Documents\Projeto dE PROTEOMICA ( MEU ).docx [2010/05/26 10:48:08 | 000,045,472 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysWow64\drivers\gbpkm.sys [2010/05/23 20:20:47 | 000,001,024 | ---- | M] () -- C:\.rnd [2010/05/22 22:18:43 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike 1.6.lnk ========== Files Created - No Company Name ========== [2010/08/03 18:33:22 | 000,204,276 | ---- | C] () -- C:\Users\Vinicius\Desktop\histo regina.docx [2010/08/03 11:26:31 | 000,048,500 | ---- | C] () -- C:\Users\Vinicius\Desktop\MPU.jpg [2010/08/03 11:09:09 | 000,678,206 | ---- | C] () -- C:\Users\Vinicius\Desktop\espectometria_de_massas.pdf [2010/07/27 22:31:01 | 000,263,185 | ---- | C] () -- C:\Users\Vinicius\Desktop\Prova-19-Tipo-001.pdf [2010/07/26 22:55:45 | 000,429,969 | ---- | C] () -- C:\Users\Vinicius\Desktop\TEST DE PAI.PDF [2010/07/26 18:52:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.tgz [2010/07/26 18:52:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010/07/26 18:52:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2010/07/26 18:52:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2010/07/26 18:52:07 | 000,000,219 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.tgz [2010/07/26 18:52:07 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2010/07/26 18:52:07 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\ssprs.tgz [2010/07/26 18:52:07 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll [2010/07/21 14:44:11 | 000,197,632 | ---- | C] () -- C:\Windows\elf_key.dll [2010/07/16 20:20:37 | 000,429,310 | ---- | C] () -- C:\Users\Vinicius\Desktop\raven.pdf [2010/07/14 19:34:54 | 000,492,421 | ---- | C] () -- C:\Users\Vinicius\Desktop\LastScan.jpg [2010/07/12 11:24:49 | 000,000,687 | ---- | C] () -- C:\Users\Vinicius\Documents\ax_files.xml [2010/07/06 14:34:19 | 000,129,626 | ---- | C] () -- C:\Users\Vinicius\Desktop\MINISTÉRIO DA FAZENDA.docx [2010/07/04 22:50:50 | 000,067,232 | ---- | C] () -- C:\Users\Vinicius\Documents\projeto de tata.docx [2010/07/01 16:26:10 | 000,261,864 | ---- | C] () -- C:\Users\Vinicius\Desktop\Portal BR.htm [2010/06/21 11:58:19 | 000,000,162 | -H-- | C] () -- C:\Users\Vinicius\Desktop\~$olução das Espécies e Seleção Natural.doc [2010/06/21 11:57:24 | 000,000,162 | -H-- | C] () -- C:\Users\Vinicius\Desktop\~$PRIMIR - MUTAÇÃO E SELEÇÃO NATURAL.docx [2010/06/09 17:41:28 | 000,100,109 | ---- | C] () -- C:\Users\Vinicius\Desktop\player.swf [2010/06/09 13:53:08 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD [2010/06/09 01:22:32 | 000,000,367 | ---- | C] () -- C:\Users\Vinicius\Documents\RECUPERAR FOTOS.DCM [2010/06/09 01:03:54 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\DDR - Digital Camera Recovery(Demo).lnk [2010/05/28 15:09:59 | 000,000,894 | ---- | C] () -- C:\Users\Vinicius\Desktop\sXe Injected.lnk [2010/05/28 09:10:54 | 000,030,866 | ---- | C] () -- C:\Users\Vinicius\Documents\Projeto dE PROTEOMICA ( MEU ).docx [2010/05/23 20:20:45 | 000,001,024 | ---- | C] () -- C:\.rnd [2010/05/22 22:11:24 | 000,001,693 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike 1.6.lnk [2010/05/21 18:20:00 | 000,000,766 | ---- | C] () -- C:\Windows\SysWow64\Uninstall.ico [2010/02/10 11:15:47 | 000,000,572 | ---- | C] () -- C:\Windows\ChemDraw.ini [2010/02/10 11:14:11 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\sdt_security.dll [2010/02/06 17:20:27 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2010/02/06 17:20:27 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2010/02/06 17:20:26 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2010/01/28 16:47:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winvcbsc.dll [2009/10/15 11:40:46 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2009/10/01 18:37:01 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009/10/01 18:37:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009/10/01 18:36:58 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/10/01 18:36:58 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/10/01 18:36:57 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/10/01 18:36:57 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009/09/26 10:02:03 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/26 09:59:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/04/28 20:28:44 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MSJCE.dll [2009/04/05 20:38:26 | 000,005,361 | ---- | C] () -- C:\Windows\DesinstWRecnet.ini [2009/04/05 20:38:26 | 000,000,129 | ---- | C] () -- C:\Windows\REC-NET.INI [2009/03/15 10:09:31 | 000,000,158 | ---- | C] () -- C:\Windows\matlab.ini [2009/02/07 13:26:33 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\CALL.INI [2009/01/21 18:00:44 | 000,000,440 | ---- | C] () -- C:\Windows\ODBC.INI [2008/11/23 20:14:04 | 000,142,592 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys [2008/10/31 23:18:16 | 000,000,334 | ---- | C] () -- C:\Windows\pdf2word.INI [2008/10/29 16:50:40 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt.dll [2008/10/24 18:50:06 | 001,454,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008/10/21 09:35:22 | 000,000,000 | ---- | C] () -- C:\Windows\lde.INI [2008/09/25 21:04:28 | 000,000,478 | ---- | C] () -- C:\Windows\Lexstat.ini [2008/09/25 21:00:33 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll [2008/09/25 21:00:33 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll [2008/09/25 00:26:48 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2008/09/15 21:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008/09/15 21:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest [2008/09/15 21:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest [2008/09/15 21:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll [2008/06/01 04:13:10 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2008/04/16 23:05:12 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2004/08/17 11:57:24 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\QFClient2.dll ========== LOP Check ========== [2009/03/06 23:26:50 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Any Video Converter [2008/09/25 17:43:05 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Astroburn [2010/07/05 20:20:54 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Audacity [2008/10/29 16:51:04 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\cald2 [2008/09/19 23:47:52 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\DAEMON Tools [2010/02/04 19:44:26 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Desktopicon [2009/01/15 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Dev-Cpp [2010/03/26 21:52:53 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Downloaded Installations [2010/08/03 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\foobar2000 [2010/01/26 18:58:13 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\IObit [2010/04/14 09:48:35 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Participatory Culture Foundation [2010/06/09 17:53:45 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\PCF-VLC [2009/09/22 17:20:50 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\PeerNetworking [2008/09/26 22:17:24 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Publish Providers [2009/01/15 12:18:24 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Remere's Map Editor [2008/10/19 08:22:58 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Soldat [2008/09/26 22:17:12 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Sony [2010/01/26 21:26:46 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Spyware Terminator [2010/01/10 20:33:25 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\TeraCopy [2009/11/07 22:59:36 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Tibia [2008/11/07 23:59:37 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\TibiaTestserver [2009/10/10 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\Tunngle [2010/08/04 14:39:59 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\uTorrent [2010/08/04 14:43:56 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job [2010/08/04 14:42:28 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/08/03 19:15:30 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4E7FFDCC-8AC2-4A6A-B48D-5A3EADE8F765}.job [2010/08/04 14:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{89702626-5B6D-4B2A-9EE1-4864F8A556F4}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 204 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst < End of report >
  10. Da uma olhada nos Scans

    OTL Extras logfile created on: 03/08/2010 21:10:42 - Run 4 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Vinicius\Desktop\Anti Virus 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 30,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 6,27 Gb Free Space | 4,21% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MONSTRO Current User Name: Vinicius Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- Reg Error: Value error. https [open] -- Reg Error: Value error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D9099B6-DAC4-4954-B0BC-FC7CC0510E2F}" = lport=20085 | protocol=6 | dir=in | name=a | "{189DC846-2C3B-4BEA-BA3D-4503FA0E8FDC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{19856859-5DDF-4F47-BE5C-B402B3308F1C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{23B615F2-1C73-47C8-8A44-B7F16EE6BEDC}" = rport=445 | protocol=6 | dir=out | app=system | "{2B0F42BD-C625-4F4C-8F1E-0A02FB971288}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{2CB6348D-0457-422E-A197-662CB7AA5F1D}" = lport=138 | protocol=17 | dir=in | app=system | "{30741452-9005-4528-9718-B25B3B436624}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{31AEA167-EB90-489A-83D1-238D3CED0DEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{33A83C56-F97E-46AC-9EC7-63CAA3A84CD2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{3766B243-F549-4E04-BDE5-4CC3FF68B78C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3778D8B5-13F7-45D0-BD68-69667D65AF5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{39A3C94C-0CF0-4328-A5CE-ED02B32D2E98}" = lport=7171 | protocol=6 | dir=in | name=ot | "{439D90FB-7759-4A16-B0CA-7A3D6F118F60}" = rport=10243 | protocol=6 | dir=out | app=system | "{48DFC5EF-2618-4F51-98C8-DE878A232F5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4DE50991-FA3E-43A1-B6D2-7E14C9A3AC50}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4F551094-7375-4DF0-8948-9EE797BBF333}" = lport=80 | protocol=17 | dir=in | name=81 | "{4FC5B7B1-C34E-4695-B1AF-A10EDD1A46EF}" = lport=2869 | protocol=6 | dir=in | app=system | "{55A09095-5C89-4E20-872B-67844AB79423}" = lport=20030 | protocol=6 | dir=in | name=a | "{55C790AA-4989-4C9D-8DA7-B42E824F36DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{655C468A-96A4-484E-AD69-BA084A6119CD}" = lport=445 | protocol=6 | dir=in | app=system | "{666B6E32-0767-49F6-9B24-775CB622E7DB}" = rport=137 | protocol=17 | dir=out | app=system | "{748ADC58-5033-488F-ABA3-B71FAB6D4782}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{768887BE-6133-4B92-946E-3BF4CA70F950}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7D595989-2E80-4B01-AFA2-7E47B1FF20CE}" = lport=20010 | protocol=6 | dir=in | name=a | "{88C11F18-160B-4A47-ABDE-E2A8872E553E}" = lport=137 | protocol=17 | dir=in | app=system | "{8D179773-D199-49B4-817C-369C0DC80D53}" = lport=20020 | protocol=6 | dir=in | name=a | "{9672AD5E-F4B5-4EAA-95F6-175492425505}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{99E23C74-2620-4541-881D-68B5A22537DA}" = rport=138 | protocol=17 | dir=out | app=system | "{9BC0B298-7441-4F47-ACB8-E0D4E6848274}" = rport=139 | protocol=6 | dir=out | app=system | "{AC64312A-C905-4440-978F-306E373AF835}" = lport=5454 | protocol=17 | dir=in | name=kong 1 | "{AD32B727-2445-40DA-9530-FF0D1C2BFB77}" = lport=2869 | protocol=6 | dir=in | app=system | "{ADBCC863-566B-4404-A174-945B66EB8078}" = lport=5739 | protocol=17 | dir=in | name=a | "{BC808FE0-CF50-42CC-8A70-CE2E72C8DE6E}" = lport=5454 | protocol=6 | dir=in | name=kong | "{C1B35FBA-9A74-49C3-B7BE-43303FC6C22E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D29D6061-9007-40B6-9F91-5C5611C2F89F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D3AD1D8C-FAE8-432A-9760-16BB18AA6C24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{DBE0CECF-D46C-4D18-A517-77EFB20F26C8}" = lport=7171 | protocol=17 | dir=in | name=ot56 | "{E2A0C914-9E56-4303-8D9B-937FE0A3701D}" = lport=10243 | protocol=6 | dir=in | app=system | "{EA64FCF4-B3CE-4263-92FA-23E27091B890}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F35BD47B-3C8A-4C05-8E73-5B30A4A310B3}" = lport=139 | protocol=6 | dir=in | app=system | "{FD24C5DE-950B-4F68-A4D8-F27955A02C81}" = lport=80 | protocol=6 | dir=in | name=80 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0191B1EA-1C06-4B62-9F3F-CD5681FBD16E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{09F6D244-EB1E-4B56-BCDF-FCD2971DDB57}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe | "{0F821761-DB4B-4C66-8A79-8036403D35AA}" = protocol=6 | dir=out | app=system | "{0F9EDFC2-4D2A-4B0D-82F1-5D468D3EDF65}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{15EBD709-205E-4994-88ED-F08EAB5D60B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{16B1A1B8-F6C4-421F-996F-A0A6ADC87E49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1AC9FB4C-2AF5-4BC1-8E5E-45887895EBAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1E620251-63F0-4826-A1D2-20A93E1DDCC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1F3CA4C2-EC7A-4B06-8AC6-179B4FB0F724}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{203B398D-5848-4182-BBE2-DC0690D44B43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{207C7279-3448-4EBF-941C-C7CB3DB47A28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{220FB067-8E4B-424B-A97B-1E79D5BFAF05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{299889D4-CBCD-4DF4-B299-E1553123855D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{29C5288D-9F3C-4249-8359-95722708B888}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{29F2D909-6870-4097-8C47-E5AE7FEAEDD1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{2A5FF35D-E5B3-409D-B298-C8E9188B8093}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2FCB2114-565A-42E7-94D7-C4BEEC14A6D0}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe | "{3205167F-4C8F-48D8-8058-2BD8AFF892D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{33550859-5093-434D-B7D5-287AFA03089A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3A6F8A28-A07B-46A3-B2C4-2E0E7D3CC857}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3FAD46BE-6BF1-4622-A656-767ACC38A732}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4408E6BF-E5DB-4DA0-930B-713DF645AC69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{44BA1933-16C9-4185-8E41-39433F25AEAE}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 | "{45BBB3AC-8AE1-4AC6-AD5D-842203613B64}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{46ABAA95-AC98-4019-A529-C3EA05D17BC1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{48C82D2A-A718-4170-BC4D-988CFAC2D18C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A1E9661-0C11-4070-A7A8-618829AAE7F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{50CD899E-CE74-4D7A-AC3E-8B00E1E5369C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe | "{576A0418-82AA-4CA6-B98A-F60E471EC919}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{577678D2-34F5-4F30-A716-10614ACAB419}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{57DC63E7-9A90-429C-ACF7-033C88FF3CCB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{58EAB6B4-18DE-45E7-94A6-979FC355C8C7}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{58F1A9D0-200D-4ED4-8D77-5550F817BAE0}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | "{64B2A6D5-5C30-4CD8-A5D2-9B2D60D4D812}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{64E5641C-2E35-4091-95C4-171E61A7978E}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe | "{65D74B67-F3DB-43B0-A219-F0957F9BCCFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{680E61E8-4FEF-4FED-BFEA-F6325B1AE143}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{698521D3-3943-4ABE-90EC-4CF258DB30AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6A54CE1F-CCA5-4F62-B6A6-803E8E130A10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6B260B38-3B12-49BB-AE2D-D04DD7DD8A4A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6F1BCACA-4FA1-4F73-9E15-A196EEEB167A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{70D9F873-2991-4131-998E-0BBBE5BA4BBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{76DD8C1D-C87D-4BBA-9BD8-FDA42E8D9F5C}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe | "{7CED3853-84A4-4630-9A47-0BAD56A2F281}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7DA4FDC2-D710-4DD6-A386-2BBD5C5378C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{801C3BAB-3373-4D31-9F83-811FC6C50399}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{85046690-834B-4740-8313-439AF8F178E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{864C4DB8-B9F9-4463-A335-4C8D28BAEE5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8A116E5D-AD09-4B41-9E70-99E3395D1E73}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe | "{8C109D0F-7C89-406B-81B3-00E8780A2314}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{8C49EFA9-1600-428B-9C62-EC0FAEFFF0B9}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{8C6E58B3-3FE0-4B55-957B-4288B8376E6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{90DB6FB7-1E67-4408-90D0-9E4D823B0879}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth \game.dat | "{94CFA04A-B6F9-4309-959E-53BF9F94636B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9953D58F-8015-40EC-8F3F-67B28BCAC225}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{99946BE1-A836-4680-8B0D-EAC0D0B0619F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe | "{9C956D9E-5389-48C3-9E3C-E1546136B1A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9FE8DA95-0029-4B92-994E-138DD82C0020}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A094F296-275B-4A64-B2D6-B47A8A35A934}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A0E30380-BC79-4080-BAB5-91A507530B71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A501E20C-5F01-4D03-9626-22B279259804}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A6931023-0B11-4CAF-BA0A-D980DAAB4F5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{AA059F9A-5039-4334-9B84-4B0C6D6242CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{ADF19113-0EAF-4039-9FE7-515E8669C6DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE70D9C0-415F-484E-A69E-3A32DE4C2371}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{AF8684C8-0EA6-47A9-BAD7-0BD534AA7B14}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe | "{B061F7A3-AE02-47B5-A5D0-3F97ABA77E0A}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe | "{B0E0EEE8-9440-4A36-AEEE-DE18D61CFECE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B2A43316-4417-43E1-BE64-81077EA8E7EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B438C7B7-A0B2-4672-81F4-9E0EEF2B075A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{B45FACAA-AF60-459E-B457-3B7DE6F949A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B62A7041-6D0A-49EC-AF10-24986EDC50E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B77239AC-0CF1-4402-B923-103E374518DB}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | "{B8B11F6F-024D-4600-AA19-C988D5992E93}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\the battle for middle-earth \game.dat | "{B9634EE8-059C-4A6C-9AB2-62A074F1A719}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 | "{BBD9DA03-CCFF-41C0-A167-4FB353F1A4A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BCB23510-F199-4FAF-ADF0-3147D9617C49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C0ABC96A-D6F8-425E-A95B-60920FDCBCAC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C178C717-93A9-4A97-B9AB-8904E5F69F09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C9984CCA-74AD-4E4A-BF83-D3BC41761DB5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CDE3F665-6297-42D0-8654-E659A0D02368}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{D2D6D96E-3AE1-410F-8837-E52F5F2EA076}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D69C94AE-76AE-4F6C-8755-EED722AB8AAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D6CB75AF-2E17-4D7A-B766-25B91951611A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D6E4379B-3D6A-4BAB-BC40-5D30AD17A3EC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D70C763D-93CD-4103-AA7E-72BB90FF9C5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D844CF27-9E3D-4BEB-AAA2-7773E5AEDFB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D8BD6B41-686E-408F-936B-F9C187B52992}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DADABCF3-989B-43D0-A560-B32905AAC912}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe | "{E6CD273A-5320-44CD-BA6F-85DFBBF92505}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E6ED45BB-283C-4658-941B-4AA5F84F7BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2009\pes2009.exe | "{E9C39BA0-754E-4B24-B083-772050FDB14F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EC0AF329-EAEB-44DC-B7EF-C29863B9ECA6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EC99B305-060B-45E0-ADE3-8D469B7962B8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{ECFF3816-40D8-4A42-908E-20EEDC1B63A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F0A1E87C-7B92-4691-A94E-D15402DE029F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F32EF8F9-D796-4AAE-9F94-7DEFDB6C5535}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F6137A95-DA04-4203-B8F9-20795336DDBD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FA647C68-245F-4073-A901-D45C5DD3CF92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FB92BF23-C4A1-466E-A386-274A2531C316}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe | "{FC1184D7-1CF0-44A8-871C-4A324C083409}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FC1FE4E0-C177-4A9C-BC38-E9F7409CF4B2}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{012CDA73-C323-4727-907D-E0552F604499}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{0B04953C-EFAA-49BC-9DF7-E2903B3C7B15}C:\program files (x86)\left4dead\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\left4dead\hl2.exe | "TCP Query User{18446802-E464-4156-A8F1-9106A7CD3FD3}C:\program files (x86)\kong\kong.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kong\kong.exe | "TCP Query User{193CA08F-2D74-49F2-8958-9B24CAEA39CB}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{1A2E1BEE-1F6F-4AC9-98E9-92543E27721E}C:\users\vinicius\desktop\gustoppi(3).exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\gustoppi(3).exe | "TCP Query User{1A9CFCE6-E2CE-47EE-A7D1-690D229A394C}C:\team17\worms2 demo\worms2.exe" = protocol=6 | dir=in | app=c:\team17\worms2 demo\worms2.exe | "TCP Query User{20717FCC-AFDC-4BD5-8EA1-5E0A30F85C4C}C:\program files (x86)\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe | "TCP Query User{24FD1E78-74EE-40B0-9AC5-BA6EF82B6993}C:\windows\temp\gskp0304\stun-server-0-96.exe" = protocol=6 | dir=in | app=c:\windows\temp\gskp0304\stun-server-0-96.exe | "TCP Query User{292D2758-2C8F-4642-8D77-ABF80CEDF686}C:\program files (x86)\the kmplayer\kmplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the kmplayer\kmplayer.exe | "TCP Query User{2FB4CD35-BB6C-4E82-B4B4-B5F9058D7CC6}C:\program files (x86)\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real alternative\media player classic\mplayerc.exe | "TCP Query User{3478BF1B-DE15-42B9-98B4-DC1E29E798AC}C:\program files (x86)\zdaemon\zlauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zdaemon\zlauncher.exe | "TCP Query User{3850FD0E-A9F1-4388-A63E-D0F01401305D}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe | "TCP Query User{3864DF53-B5FF-4B6C-A29B-AFBEE2B4355B}C:\program files (x86)\valve\hlds.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hlds.exe | "TCP Query User{3870E943-D4CB-4E21-80A8-5C4FA0021089}C:\program files (x86)\postal2stp\system\postal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\postal2stp\system\postal2.exe | "TCP Query User{38D82CBE-689A-4734-970B-9051850F5349}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{3953439A-892A-46D0-8DF4-E817B7392F9A}C:\users\vinicius\desktop\ot\mystic spirit\the forgotten server.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\ot\mystic spirit\the forgotten server.exe | "TCP Query User{3CD8D9C2-C950-42DE-9411-8C933E8D484B}C:\users\vinicius\desktop\nfsuserver.1.0.1.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\nfsuserver.1.0.1.exe | "TCP Query User{3E8A255D-4ACB-4EAA-A64C-0313CCE459F7}C:\program files (x86)\left4dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files (x86)\left4dead\left4dead.exe | "TCP Query User{434853CE-B6CF-4A1B-8776-54E86A3099C0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{435CC6D3-6EEA-4841-8962-9885AEFC6432}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{48A5CA49-9D9B-4F4E-94D9-1E10135A5680}C:\users\vinicius\desktop\need for speed underground 2\need for speed underground 2.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\need for speed underground 2\need for speed underground 2.exe | "TCP Query User{5021E939-1676-4812-9D22-696755992759}C:\windows\temp\gskp0304\stunnel\stunnel.exe" = protocol=6 | dir=in | app=c:\windows\temp\gskp0304\stunnel\stunnel.exe | "TCP Query User{5176926C-A785-4F85-B9DF-1429DF2AF877}C:\program files (x86)\the kmplayer\kmplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the kmplayer\kmplayer.exe | "TCP Query User{58BC6DB0-76C0-4731-8AA3-6C953E7E7F48}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{64A6C390-AD0E-44D0-BED6-A7F518B9EDE9}C:\program files (x86)\emule2\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule2\emule.exe | "TCP Query User{6812863E-82AC-4697-AC66-1393FA550986}C:\users\vinicius\desktop\nfsuserver.0.9.9.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\nfsuserver.0.9.9.exe | "TCP Query User{69993044-6A32-49E5-A625-D4DD3DDBBD3A}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe | "TCP Query User{6EF50A2A-54E0-4CD2-930B-2031468C604D}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | "TCP Query User{7014DFD3-62A0-4EDD-8C0D-A933F3391F7B}C:\users\vinicius\desktop\pg_02\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\pg_02\age2_x1.exe | "TCP Query User{7330CD8C-4ECD-48F9-B08B-C04F8EF5CA0E}C:\users\vinicius\desktop\games\netsoccer\server.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\games\netsoccer\server.exe | "TCP Query User{74ACA090-A6CC-4F6E-9AA0-B1535FA6F378}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "TCP Query User{7791AB6A-6EB1-49ED-8A1E-E7E3E197291F}C:\program files (x86)\ea games\need for speed underground\nfsuserver.0.9.9.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\need for speed underground\nfsuserver.0.9.9.exe | "TCP Query User{7F3BCD33-AD04-4588-85FA-76F8E692D4AD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{82BB622A-E68E-4332-8130-46A4A23B363D}C:\program files (x86)\activision\modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4sp.exe | "TCP Query User{8E2F963C-69D2-4AE7-A38F-F30DA1AD463B}C:\program files (x86)\emule2\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule2\emule.exe | "TCP Query User{8F6BCB00-DC52-42BA-AB7F-F3AAC7AE7BC9}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{912BAD7D-F8A6-4B9C-A466-FD5EF6A28028}C:\users\vinicius\desktop\vinicius\jogos\age 2\empires2.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\vinicius\jogos\age 2\empires2.exe | "TCP Query User{92D21325-9C96-43A1-8AFE-23BB0833C4DC}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | "TCP Query User{94211A88-C875-4E80-81C4-A919037D5998}C:\users\vinicius\desktop\ot\mystic spirit 1\the forgotten server.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\ot\mystic spirit 1\the forgotten server.exe | "TCP Query User{957B4F80-8D28-49D6-AD18-C84304279CD2}C:\users\vinicius\desktop\ot\mystic spirit\the forgotten server.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\ot\mystic spirit\the forgotten server.exe | "TCP Query User{B2BE04CF-8EA9-4865-8C5D-3251B31609E7}C:\users\vinicius\desktop\ot\mystic spirit 1\the forgotten server.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\ot\mystic spirit 1\the forgotten server.exe | "TCP Query User{B8E5831B-D67A-448F-B37B-F8506EF9DB02}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | "TCP Query User{B99F4F95-3D94-44BA-AB6E-11F88FECC82A}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe | "TCP Query User{BD75AD4F-4214-4D38-A937-A279486F4DC7}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | "TCP Query User{BEE35A0F-CCA5-4CBA-9122-4E88AB23120E}C:\windows\temp\gskp0304\stun-server-0-96.exe" = protocol=6 | dir=in | app=c:\windows\temp\gskp0304\stun-server-0-96.exe | "TCP Query User{BFC6C831-18C2-4460-8FD6-97A2F6D1FCC7}C:\users\vinicius\downloads\gustoppi(2).exe" = protocol=6 | dir=in | app=c:\users\vinicius\downloads\gustoppi(2).exe | "TCP Query User{C05F4363-295F-4D58-BCF0-50680FAE8A62}C:\users\vinicius\desktop\vinicius\jogos\age 2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\vinicius\jogos\age 2\age2_x1.exe | "TCP Query User{CB36A392-F975-4FEF-8398-01C9F032F67A}C:\windows\temp\gskp0304\stunnel\stunnel.exe" = protocol=6 | dir=in | app=c:\windows\temp\gskp0304\stunnel\stunnel.exe | "TCP Query User{D00690FA-07A3-45DD-B552-B0D7149A5F8F}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{D273F610-7B7A-4CAC-A5F5-EA5CBCCBC48C}C:\users\vinicius\desktop\nfsuclient.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\nfsuclient.exe | "TCP Query User{D431FD34-3B1F-4764-B1D3-6126D47F3028}C:\users\vinicius\downloads\gustoppi(3).exe" = protocol=6 | dir=in | app=c:\users\vinicius\downloads\gustoppi(3).exe | "TCP Query User{D59F44FC-3B9F-43E1-AB65-ED64E1CE6816}C:\users\vinicius\desktop\vinicius\jogos\age 2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\vinicius\jogos\age 2\age2_x1.exe | "TCP Query User{D8799808-87B9-43B2-9576-EC807D9C33E1}C:\windows\temp\gskp0304\goalserver2009.exe" = protocol=6 | dir=in | app=c:\windows\temp\gskp0304\goalserver2009.exe | "TCP Query User{DBB0C965-1097-4B64-92EA-E4EC97893399}C:\users\vinicius\desktop\ot\world of tibiasula\theforgottenserver.exe" = protocol=6 | dir=in | app=c:\users\vinicius\desktop\ot\world of tibiasula\theforgottenserver.exe | "TCP Query User{DC10E46F-B8F7-4CC5-BD43-9F39039AD36F}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "TCP Query User{E7FF3832-5CA1-46C9-90D9-6DFBAEFFFE3D}\\pedroca\users\administrador\desktop\nova pasta (3)\nfsuserver.0.9.9.exe" = protocol=6 | dir=in | app=\\pedroca\users\administrador\desktop\nova pasta (3)\nfsuserver.0.9.9.exe | "TCP Query User{F986943E-8804-47B4-8F1F-40F64E08C800}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{03A17485-472B-4C3A-A071-EB505FB50870}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{0E47011D-8291-49BF-9414-D857EC23F5AC}\\pedroca\users\administrador\desktop\nova pasta (3)\nfsuserver.0.9.9.exe" = protocol=17 | dir=in | app=\\pedroca\users\administrador\desktop\nova pasta (3)\nfsuserver.0.9.9.exe | "UDP Query User{0FCD37B0-60FB-4182-AA67-B96A5DAF0E03}C:\program files (x86)\ea games\need for speed underground\nfsuserver.0.9.9.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\need for speed underground\nfsuserver.0.9.9.exe | "UDP Query User{111D77A9-3D1D-49E8-8DD5-243D2A8620AF}C:\users\vinicius\desktop\ot\mystic spirit\the forgotten server.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\ot\mystic spirit\the forgotten server.exe | "UDP Query User{170DCC6B-7AB0-4939-861E-15F662BF313C}C:\users\vinicius\desktop\games\netsoccer\server.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\games\netsoccer\server.exe | "UDP Query User{1766F596-0FBF-4E11-8892-D28CDAB2E391}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | "UDP Query User{195E14AD-DD18-41EA-AB94-2EC036B7D0B5}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "UDP Query User{19755226-63F8-43B2-88AD-3E24E954999A}C:\program files (x86)\left4dead\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\left4dead\hl2.exe | "UDP Query User{1B842C67-6AC7-4E0D-B258-887BF4FBC0C1}C:\program files (x86)\the kmplayer\kmplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the kmplayer\kmplayer.exe | "UDP Query User{1E872563-7A25-4862-97D5-308868B516D7}C:\program files (x86)\emule2\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule2\emule.exe | "UDP Query User{1F3EB05B-4EE9-4AE4-ACBD-65505DBF45CD}C:\users\vinicius\downloads\gustoppi(2).exe" = protocol=17 | dir=in | app=c:\users\vinicius\downloads\gustoppi(2).exe | "UDP Query User{297C0807-E9C0-44B6-A868-D5208E283D5D}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe | "UDP Query User{2BF36E93-7D80-46FC-B14B-8FBFF32DDA12}C:\program files (x86)\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe | "UDP Query User{2D3D5CBA-B77D-415D-BAF3-F7FA6F39767B}C:\windows\temp\gskp0304\stunnel\stunnel.exe" = protocol=17 | dir=in | app=c:\windows\temp\gskp0304\stunnel\stunnel.exe | "UDP Query User{2EB4B794-789A-43ED-BA2E-D59E500EC4A3}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{356865D6-7121-4708-B4FF-AB7ACEE50F98}C:\program files (x86)\emule2\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule2\emule.exe | "UDP Query User{38AE335C-4C1E-4D4E-9B78-08BEDE345330}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe | "UDP Query User{3993671F-ECCC-4798-BDCB-E29652E10B20}C:\program files (x86)\activision\modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\modern warfare 2\iw4sp.exe | "UDP Query User{432F39AE-2EF9-4323-8291-0D9FF5496F15}C:\users\vinicius\desktop\vinicius\jogos\age 2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\vinicius\jogos\age 2\age2_x1.exe | "UDP Query User{458622A6-59D5-4ED1-8627-8FCC924627F1}C:\program files (x86)\postal2stp\system\postal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\postal2stp\system\postal2.exe | "UDP Query User{4C603FE6-B21A-4708-8F92-AECB400C9D4F}C:\program files (x86)\zdaemon\zlauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zdaemon\zlauncher.exe | "UDP Query User{4D6DB84E-4983-48A0-9BEF-C045EBCEC5E4}C:\users\vinicius\desktop\gustoppi(3).exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\gustoppi(3).exe | "UDP Query User{4EC4404F-4DFC-41CB-B8E2-D3E6BD76487B}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{4F43BEAF-826E-48F8-A038-8089D336F7B6}C:\users\vinicius\desktop\need for speed underground 2\need for speed underground 2.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\need for speed underground 2\need for speed underground 2.exe | "UDP Query User{5147B2E8-3BAC-41BE-A7F8-CF6AB4B5130E}C:\users\vinicius\desktop\nfsuserver.1.0.1.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\nfsuserver.1.0.1.exe | "UDP Query User{5B6E0E04-831A-41B5-883B-30BAC3C828C7}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{65694FFC-D14E-4248-8B16-7ED2AB5E7EF9}C:\users\vinicius\desktop\vinicius\jogos\age 2\empires2.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\vinicius\jogos\age 2\empires2.exe | "UDP Query User{6A1B0BCD-3FD8-4726-B073-6C9649AB5FEE}C:\users\vinicius\desktop\ot\mystic spirit 1\the forgotten server.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\ot\mystic spirit 1\the forgotten server.exe | "UDP Query User{6A843D06-1074-4162-8E16-419E799CA676}C:\users\vinicius\desktop\ot\mystic spirit\the forgotten server.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\ot\mystic spirit\the forgotten server.exe | "UDP Query User{7009B5CC-2613-4876-AF59-4AAB02E51D7A}C:\windows\temp\gskp0304\stun-server-0-96.exe" = protocol=17 | dir=in | app=c:\windows\temp\gskp0304\stun-server-0-96.exe | "UDP Query User{706EDFC0-7AEB-4488-976F-A078FD118E39}C:\program files (x86)\left4dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files (x86)\left4dead\left4dead.exe | "UDP Query User{7616F170-9A06-4A3D-9227-422DBB020A67}C:\users\vinicius\desktop\vinicius\jogos\age 2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\vinicius\jogos\age 2\age2_x1.exe | "UDP Query User{7B1F671A-102C-4168-9D2E-0BE754FDD9BB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{7F1369B3-381B-4D0E-BB69-E75B36046866}C:\program files (x86)\the kmplayer\kmplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the kmplayer\kmplayer.exe | "UDP Query User{819D9FE0-808C-45DF-8836-BDA74EFEF565}C:\program files (x86)\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real alternative\media player classic\mplayerc.exe | "UDP Query User{8329CA9C-A2E2-4D9B-9D6C-0BCEB3366841}C:\windows\temp\gskp0304\stun-server-0-96.exe" = protocol=17 | dir=in | app=c:\windows\temp\gskp0304\stun-server-0-96.exe | "UDP Query User{8EC51990-3FE3-4843-99DE-3BD25C761D6C}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | "UDP Query User{9F36E611-8F8A-4A92-B770-167D506ED2A4}C:\windows\temp\gskp0304\stunnel\stunnel.exe" = protocol=17 | dir=in | app=c:\windows\temp\gskp0304\stunnel\stunnel.exe | "UDP Query User{A3A6E5B9-28C5-4BF2-AE6F-2D221C393A8C}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | "UDP Query User{BA302C61-A07D-43E1-8EFC-5FC2D10AC288}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | "UDP Query User{C0217060-3849-485A-BAEA-009C81B58B7D}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "UDP Query User{C0D4F3C6-9C11-4E2F-89F4-F4A2643EAF4C}C:\users\vinicius\desktop\nfsuserver.0.9.9.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\nfsuserver.0.9.9.exe | "UDP Query User{C173D6E4-A05E-48B4-9369-97E8A0F0793D}C:\users\vinicius\desktop\nfsuclient.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\nfsuclient.exe | "UDP Query User{C1CE52E6-D905-45EE-90E5-2EBA3AACEA37}C:\program files (x86)\kong\kong.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kong\kong.exe | "UDP Query User{C2E22897-D109-4CE8-99D1-6E923F729229}C:\team17\worms2 demo\worms2.exe" = protocol=17 | dir=in | app=c:\team17\worms2 demo\worms2.exe | "UDP Query User{C89AF2CD-0224-4F34-AE58-C429252C8786}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{CC6339C7-4BF7-4D7E-8FDB-A2709D77E5A3}C:\users\vinicius\desktop\pg_02\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\pg_02\age2_x1.exe | "UDP Query User{D1B7B62A-736C-47A9-94A8-49DF0CB44283}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe | "UDP Query User{D6844D53-6971-40EC-BBB5-04D988B16B10}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{D96B2CB7-8E99-48FF-A1AA-B8F2FA588EB4}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{E67ED8AE-B2D1-45A8-A811-2A20B96204CF}C:\program files (x86)\valve\hlds.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hlds.exe | "UDP Query User{E856C020-A876-4554-9C0C-5C88D2C30B07}C:\users\vinicius\desktop\ot\mystic spirit 1\the forgotten server.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\ot\mystic spirit 1\the forgotten server.exe | "UDP Query User{EA6D5EDF-ABEC-40D6-8302-C6E65829DE69}C:\users\vinicius\desktop\ot\world of tibiasula\theforgottenserver.exe" = protocol=17 | dir=in | app=c:\users\vinicius\desktop\ot\world of tibiasula\theforgottenserver.exe | "UDP Query User{EB28C629-CE07-4E3D-B147-5B415DF7DF2C}C:\users\vinicius\downloads\gustoppi(3).exe" = protocol=17 | dir=in | app=c:\users\vinicius\downloads\gustoppi(3).exe | "UDP Query User{F37BC0FE-F70C-47E8-BEFE-A58B1A90202F}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | "UDP Query User{F3B49C31-9495-4802-8F8E-DCE44D64B2E1}C:\windows\temp\gskp0304\goalserver2009.exe" = protocol=17 | dir=in | app=c:\windows\temp\gskp0304\goalserver2009.exe | "UDP Query User{FDA0F3D5-0586-4F08-889D-94957D5603F1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4 "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64) "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.2 "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{2237ec71-71b2-46db-a988-2dfb312caafc}" = Nero 9 Lite "{22A09715-D6A1-4518-8BC1-E345668DA484}" = Remere's Map Editor "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10 "{27A33E01-2CBF-405A-A7DA-B900218DB898}" = Microsoft English TTS 5.1 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup "{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1" = AMR Player 1.3 "{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call "{34846B26-9584-4D68-9445-0958347D5BA9}" = CFD Mesh 1.0 "{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}" = Assistente de Conexão do Windows Live "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3 "{3EF8E8A8-2BCE-4B21-A632-606FD717AFB5}" = The Unscrambler® 9.8 "{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4 "{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{593AFFA4-D08E-4272-BABB-420949D32A10}" = QUICKfind "{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}" = AGEIA GAME System Software 2.8.0 "{5FAFC823-5E8C-40FB-8238-F2C536B2FB11}" = NextUp-ScanSoft Raquel Brazilian Portuguese Voice "{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}" = Python 2.4.4 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav "{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN "{7FCE2464-A300-4A7E-B683-53ACED3EEF92}_is1" = PRO-EVO Editing Studio 2010 2.2.0.0 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8F5231E7-311A-442B-83DB-FC9BFD5C0AF8}" = CFD Studio 1.0 "{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007 "{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 "{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 "{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 "{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 "{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007 "{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 "{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 "{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 "{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1 "{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6 "{9B6A90F0-20D2-4D2E-8F1E-C3EDC9D740CF}" = Sun xVM VirtualBox "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM "{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground "{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}" = AKVIS Sketch "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B56E1408-1CA8-11D5-8A5A-080000355597}" = CFD GridEditor 2.0 "{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English "{B664C59A-0CCF-4C70-B6F0-68F054B36E36}" = CFD Sinflow Library 1.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7C734F5-49C6-4D62-9C55-36855F06A17C}" = CFD SciView 1.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE15BBF2-846F-4AAA-BC05-3B7BB5929AC9}" = Documentação - Projeto CFD Sinflow "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E13AD42C-9660-4975-982B-F573DF9BE9FB}" = CALL Vs.5 "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB46C64B-A678-429F-BC3A-D94FE795CE27}_is1" = Flobo Photo Digital Recovery 1.5 "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3 "Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3 "Advanced SystemCare 3_is1" = Advanced SystemCare 3 "Any Video Converter_is1" = Any Video Converter 2.7.1 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "cald2" = Cambridge Advanced Learner's Dictionary - 2nd edition "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2 "CALL_VS5" = CALL - Vs5 "CCleaner" = CCleaner "Cheating-Death" = Cheating-Death 4.33.4 "Chime/Chime Pro for Internet Explorer" = Chime/Chime Pro for Internet Explorer "CodecInstaller" = CodecInstaller 2.10.1 "CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DDR - Digital Camera Recovery(Demo)" = DDR - Digital Camera Recovery(Demo) 4.0.1.6 "Diablo II" = Diablo II "DVD Shrink_is1" = DVD Shrink 3.2 "ElfBot NG_is1" = ElfBot NG 4.5.9 "eMule" = eMule "eMule Plus_is1" = eMule Plus 1.2d "ENTERPRISE" = Microsoft Office Enterprise 2007 "foobar2000" = foobar2000 v0.9.5.5 "Foxit Reader" = Foxit Reader "Free FLV to AVI Video Converter_is1" = Free FLV to AVI Video Converter v. 1.0 "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81 "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Fundamentos de Biologia Moderna_is1" = Fundamentos "Google Chrome" = Google Chrome "HijackThis" = HijackThis 2.0.2 "IRPF2009 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2009 - Declaração de Ajuste Anual e Final de Espólio "IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0 "lde" = Longman Dicionário Escolar "Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MatlabR14SP3" = MATLAB 7.1 "MatlabR2006b" = MATLAB R2006b "MediaCoder" = MediaCoder 0.6.1 "Microke Special Edition_is1" = Microke Special Edition "MiniLyrics" = Minilyrics(remove only) "Miro" = Miro "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Nmap" = Nmap 4.76 "No-IP.com DUC" = No-IP.com DUC (remove only) "Origin 6.0" = Origin 6.0 "Patch SiteCS_is1" = Patch SiteCS "PhotoFiltre Studio" = PhotoFiltre Studio "Postal 2 Share The Pain" = Postal 2 Share The Pain "QuicktimeAlt_is1" = QuickTime Alternative 2.7.0 "RealAlt_is1" = Real Alternative 1.9.0 "RealPlayer 6.0" = RealPlayer "Receitanet" = Receitanet 2009 "Receitanet Java 2010.02a" = Receitanet Java 2010.02a "ShockwaveFlash" = Macromedia Flash Player 8 "Spyware Terminator_is1" = Spyware Terminator "ST6UNST #1" = Hero Editor V0.96 "StuffPlug3" = StuffPlug 3 "sXe Injected" = sXe Injected "TextAloud MP3_is1" = TextAloud "The KMPlayer" = The KMPlayer (remove only) "Tibia Auto" = NSIS Example2 "Tibia_is1" = Tibia "TibiaBot NG_is1" = TibiaBot NG 4.9.7 "TimDialer" = Discador TIM "TMIPC" = Tibia MULTI-ip changer "Tunngle beta_is1" = Tunngle beta "Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d "WinLiveSuite_Wave3" = Windows Live Essentials "winpcap-nmap" = winpcap-nmap 4.02 "WinRAR archiver" = Arquivo do WinRAR "winscp3_is1" = WinSCP 4.1.8 "Worms2 Demo" = Worms2 Demo "Yahoo! Companion" = Barra de Ferramentas do Yahoo! "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Advanced Archive Password Recovery" = Advanced Archive Password Recovery "ChemSepL" = ChemSep 6.0 "CodeBlocks" = CodeBlocks "GUNROX" = GUNROX 1.11 "InstallShield_{3EF8E8A8-2BCE-4B21-A632-606FD717AFB5}" = The Unscrambler® 9.8 "UnityWebPlayer" = Unity Web Player "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28/07/2010 09:25:25 | Computer Name = Monstro | Source = matlabserver | ID = 0 Description = Error - 28/07/2010 22:42:59 | Computer Name = Monstro | Source = matlabserver | ID = 0 Description = Error - 28/07/2010 22:44:02 | Computer Name = Monstro | Source = matlabserver | ID = 0 Description = Error - 28/07/2010 23:21:31 | Computer Name = Monstro | Source = matlabserver | ID = 0 Description = Error - 28/07/2010 23:22:33 | Computer Name = Monstro | Source = matlabserver | ID = 0 Description = Error - 29/07/2010 15:46:37 | Computer Name = Monstro | Source = matlabserver | ID = 0 Description = Error - 29/07/2010 15:47:41 | Computer Name = Monstro | Source = matlabserver | ID = 0 Description = Error - 29/07/2010 16:14:09 | Computer Name = Monstro | Source = matlabserver | ID = 0 Description = Error - 29/07/2010 16:15:12 | Computer Name = Monstro | Source = matlabserver | ID = 0 Description = Error - 03/08/2010 10:08:06 | Computer Name = Monstro | Source = Windows Search Service | ID = 3024 Description = [ Media Center Events ] Error - 26/09/2008 05:42:20 | Computer Name = Monstro | Source = Media Center Guide | ID = 0 Description = Informações sobre o Evento: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109 Processo: DefaultDomain Nome do Objeto: Media Center Guide Error - 28/09/2008 09:02:06 | Computer Name = Monstro | Source = Media Center Guide | ID = 0 Description = Informações sobre o Evento: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Processo: DefaultDomain Nome do Objeto: Media Center Guide Error - 31/07/2009 07:11:55 | Computer Name = Monstro | Source = Media Center Guide | ID = 0 Description = Informações sobre o Evento: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Processo: DefaultDomain Nome do Objeto: Media Center Guide Error - 13/01/2010 07:59:35 | Computer Name = Monstro | Source = Media Center Guide | ID = 0 Description = Informações sobre o Evento: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Processo: DefaultDomain Nome do Objeto: Media Center Guide [ OSession Events ] Error - 14/10/2008 17:52:38 | Computer Name = Monstro | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash. Error - 24/08/2009 20:00:07 | Computer Name = Monstro | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 31/08/2009 22:40:52 | Computer Name = Monstro | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 22/09/2009 21:55:52 | Computer Name = Monstro | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 03/08/2010 17:17:39 | Computer Name = Monstro | Source = Service Control Manager | ID = 7000 Description = Error - 03/08/2010 17:17:39 | Computer Name = Monstro | Source = Service Control Manager | ID = 7026 Description = Error - 03/08/2010 17:18:37 | Computer Name = Monstro | Source = Service Control Manager | ID = 7024 Description = Error - 03/08/2010 19:44:57 | Computer Name = Monstro | Source = volmgr | ID = 262190 Description = Falha na inicialização do despejo de memória! Error - 03/08/2010 19:45:04 | Computer Name = Monstro | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys foi impedido de carregar devido a uma incompatibilidade com este sistema. Contate o fornecedor do software para obter uma versão compatível do driver. Error - 03/08/2010 19:45:05 | Computer Name = Monstro | Source = Application Popup | ID = 1060 Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS foi impedido de carregar devido a uma incompatibilidade com este sistema. Contate o fornecedor do software para obter uma versão compatível do driver. Error - 03/08/2010 19:45:05 | Computer Name = Monstro | Source = volmgr | ID = 262190 Description = Falha na inicialização do despejo de memória! Error - 03/08/2010 19:46:50 | Computer Name = Monstro | Source = Service Control Manager | ID = 7000 Description = Error - 03/08/2010 19:46:50 | Computer Name = Monstro | Source = Service Control Manager | ID = 7026 Description = Error - 03/08/2010 19:47:34 | Computer Name = Monstro | Source = Service Control Manager | ID = 7024 Description = < End of report >
  11. Da uma olhada nos Scans

    Desmarquei Incluir Verificação 64bit. OTL logfile created on: 03/08/2010 21:10:42 - Run 4 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Vinicius\Desktop\Anti Virus 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 30,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,05 Gb Total Space | 6,27 Gb Free Space | 4,21% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MONSTRO Current User Name: Vinicius Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/07/27 18:12:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Vinicius\Desktop\Anti Virus\OTL.exe PRC - [2010/07/24 00:31:28 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010/07/24 00:31:26 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010/07/02 17:33:10 | 002,347,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe PRC - [2010/05/26 10:46:42 | 000,055,072 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe PRC - [2010/04/14 09:12:34 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe PRC - [2009/12/21 21:45:57 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2009/09/16 08:20:24 | 000,666,360 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe PRC - [2009/08/05 17:55:22 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009/06/09 20:27:47 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2008/07/24 12:02:06 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2005/08/11 16:21:16 | 000,864,256 | ---- | M] (The MathWorks Inc.) -- C:\Arquivos de programas\bin\win32\MATLAB.exe PRC - [2005/07/27 09:53:00 | 000,536,576 | ---- | M] () -- C:\Arquivos de programas\webserver\bin\win32\matlabserver.exe ========== Modules (SafeList) ========== MOD - [2010/07/27 18:12:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Vinicius\Desktop\Anti Virus\OTL.exe MOD - [2008/04/16 23:04:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2006/11/02 05:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll ========== Win32 Services (SafeList) ========== SRV - [2010/05/26 10:46:42 | 000,055,072 | ---- | M] ( ) [unknown | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv) SRV - [2010/04/14 09:12:34 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv) SRV - [2010/01/23 20:01:29 | 000,326,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/09/16 08:20:24 | 000,666,360 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2009/08/05 17:55:22 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/06/09 20:27:47 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/09/27 00:44:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/02/08 19:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxczcoms.exe -- (lxcz_device) SRV - [2005/07/27 09:53:00 | 000,536,576 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\webserver\bin\win32\matlabserver.exe -- (matlabserver) ========== Driver Services (SafeList) ========== DRV - [2010/05/26 10:48:08 | 000,045,472 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm) DRV - [2010/01/05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2010/01/05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2010/01/05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 6D E9 A2 23 A9 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "LocalStrike" FF - prefs.js..browser.search.defaultthis.engineName: "LocalStrike" FF - prefs.js..browser.search.defaulturl: "http://search.localstrike.com.ar/?q={searchTerms}" FF - prefs.js..browser.search.order.1: "LocalStrike" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.localstrike.com.ar/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.0 FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.11.7 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: pt-BR@dellalibera.sf.net:1.5 FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.11.5 FF - prefs.js..extensions.enabledItems: {dc73254b-b7f3-cebd-1220-a4e2bb3b747b}:4.6.6.4 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1 FF - prefs.js..keyword.URL: "http://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - prefs.js..network.proxy.autoconfig_url: "http://www.ufpe.br/proxy.pac" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/22 18:11:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\firefox\ [2010/01/26 21:28:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/27 01:41:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/24 00:31:30 | 000,000,000 | ---D | M] [2008/09/19 21:05:25 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\mozilla\Extensions [2010/08/03 18:27:04 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions [2010/06/09 17:38:47 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010/05/18 22:02:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/07/23 22:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} [2010/07/23 22:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874} [2010/06/09 17:41:05 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2010/04/03 20:27:59 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2009/11/06 17:57:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/01/12 19:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{e3868d2c-9a68-4c4a-87f2-4e9d78fd16ee} [2010/01/12 19:04:16 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2010/07/23 22:51:51 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\pt-BR@dellalibera.sf.net [2010/01/18 11:45:41 | 000,000,000 | ---D | M] -- C:\Users\Vinicius\AppData\Roaming\mozilla\Firefox\Profiles\l82jokle.default\extensions\pt-BR@dictionaries.addons.mozilla.org [2009/11/09 14:54:18 | 000,002,163 | ---- | M] () -- C:\Users\Vinicius\AppData\Roaming\Mozilla\FireFox\Profiles\l82jokle.default\searchplugins\bing.xml [2010/01/12 19:32:29 | 000,001,331 | ---- | M] () -- C:\Users\Vinicius\AppData\Roaming\Mozilla\FireFox\Profiles\l82jokle.default\searchplugins\crawlersrch.xml [2008/09/19 23:51:53 | 000,000,523 | ---- | M] () -- C:\Users\Vinicius\AppData\Roaming\Mozilla\FireFox\Profiles\l82jokle.default\searchplugins\daemon-search.xml [2010/03/21 13:51:03 | 000,000,266 | ---- | M] () -- C:\Users\Vinicius\AppData\Roaming\Mozilla\FireFox\Profiles\l82jokle.default\searchplugins\Search.xml [2010/08/03 20:55:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010/03/21 14:20:12 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\mozilla firefox\extensions\{dc73254b-b7f3-cebd-1220-a4e2bb3b747b} [2009/10/15 11:48:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\search@searchsettings.com [2009/10/23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2010/01/15 22:18:55 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml O1 HOSTS File: ([2010/07/29 17:44:25 | 000,000,862 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de Programas\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll () O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Barra de ferramentas &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Barra de ferramentas &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [spywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis) O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files (x86)\GbPlugin\gbieh.dll - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1d1b9c02-f47c-11de-b27c-001e90ec58e6}\Shell\AutoRun\command - "" = cold\hott\¥¶¾³¿¸¤£ù²¯² O33 - MountPoints2\{1d1b9c02-f47c-11de-b27c-001e90ec58e6}\Shell\Explore\Command - "" = cold\hott\¥¶¾³¿¸¤£ù²¯² O33 - MountPoints2\{1d1b9c02-f47c-11de-b27c-001e90ec58e6}\Shell\open\command - "" = cold\hott\¥¶¾³¿¸¤£ù²¯² O33 - MountPoints2\{1d63a46b-45ad-11df-a11b-001e90ec58e6}\Shell\AutoRun\command - "" = RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe O33 - MountPoints2\{1d63a46b-45ad-11df-a11b-001e90ec58e6}\Shell\open\command - "" = RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe O33 - MountPoints2\{3815b9c2-e375-11de-a0fc-001e90ec58e6}\Shell - "" = AutoRun O33 - MountPoints2\{3815b9c2-e375-11de-a0fc-001e90ec58e6}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O33 - MountPoints2\{5e51c049-110b-11df-93bb-001e90ec58e6}\Shell\AutoRun\command - "" = Resources\sEtuP64.exe O33 - MountPoints2\{5e51c049-110b-11df-93bb-001e90ec58e6}\Shell\OpEn\CoMmAnD - "" = Resources\sEtuP64.exe O33 - MountPoints2\{5e51c04a-110b-11df-93bb-001e90ec58e6}\Shell - "" = AutoRun O33 - MountPoints2\{5e51c04a-110b-11df-93bb-001e90ec58e6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{79663c47-4a42-11df-b468-001e90ec58e6}\Shell\AutoRun\command - "" = J:\zybxjg.exe -- File not found O33 - MountPoints2\{79663c47-4a42-11df-b468-001e90ec58e6}\Shell\explore\Command - "" = J:\zybxjg.exe -- File not found O33 - MountPoints2\{79663c47-4a42-11df-b468-001e90ec58e6}\Shell\open\Command - "" = J:\zybxjg.exe -- File not found O33 - MountPoints2\{87c86f33-e32b-11de-9796-001e90ec58e6}\Shell - "" = AutoRun O33 - MountPoints2\{87c86f33-e32b-11de-9796-001e90ec58e6}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O33 - MountPoints2\{9bf308ea-6eaf-11df-9bc2-001e90ec58e6}\Shell\AutoRun\command - "" = I:\NNITEDN\LODGI\NintenD.exe -- File not found O33 - MountPoints2\{9bf308ea-6eaf-11df-9bc2-001e90ec58e6}\Shell\open\command - "" = I:\NNITEDN\LODGI\NintenD.exe -- File not found O33 - MountPoints2\{9bf308eb-6eaf-11df-9bc2-001e90ec58e6}\Shell - "" = AutoRun O33 - MountPoints2\{9bf308eb-6eaf-11df-9bc2-001e90ec58e6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{9d64154a-867a-11dd-b942-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9d64154a-867a-11dd-b942-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.EXE -- File not found O33 - MountPoints2\{bb436103-3853-11df-9fad-001e90ec58e6}\Shell\AutoRun\command - "" = Isass.exe O33 - MountPoints2\{beda6917-d21d-11dd-9405-001e90ec58e6}\Shell\AutoRun\command - "" = H:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found O33 - MountPoints2\{beda6917-d21d-11dd-9405-001e90ec58e6}\Shell\open\command - "" = H:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found O33 - MountPoints2\{d280a400-1357-11df-9b7b-001e90ec58e6}\Shell - "" = AutoRun O33 - MountPoints2\{d280a400-1357-11df-9b7b-001e90ec58e6}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found O33 - MountPoints2\{ea907a91-86be-11dd-89f2-001e90ec58e6}\Shell - "" = AutoRun O33 - MountPoints2\{ea907a91-86be-11dd-89f2-001e90ec58e6}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found O33 - MountPoints2\{ea907aa3-86be-11dd-89f2-001e90ec58e6}\Shell - "" = AutoRun O33 - MountPoints2\{ea907aa3-86be-11dd-89f2-001e90ec58e6}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found O33 - MountPoints2\{f31c0a24-c24e-11de-b456-001e90ec58e6}\Shell - "" = AutoRun O33 - MountPoints2\{f31c0a24-c24e-11de-b456-001e90ec58e6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{f5fa45c8-e1c5-11de-89f6-001e90ec58e6}\Shell - "" = AutoRun O33 - MountPoints2\{f5fa45c8-e1c5-11de-89f6-001e90ec58e6}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O33 - MountPoints2\{f82557bb-bf5a-11de-9785-001e90ec58e6}\Shell\AutoRun\command - "" = G:\F1\X1\trx.exe -- File not found O33 - MountPoints2\{f82557bb-bf5a-11de-9785-001e90ec58e6}\Shell\open\command - "" = G:\F1\X1\trx.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/22 19:21:27 | 000,093,056 | ---- | C] (GMER) -- C:\ffldypoc.sys [2010/07/22 03:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TibiaBot NG [2010/07/22 02:50:12 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Desktop\Anti Virus [2010/07/21 15:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElfBot NG [2010/07/14 13:36:16 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Documents\Alcohol 120% [2010/07/12 11:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2010/07/08 19:39:04 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\Documents\Aléxia THON [2010/07/05 20:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMR Player [2010/07/05 20:13:49 | 000,000,000 | ---D | C] -- C:\Users\Vinicius\AppData\Roaming\Audacity [2010/07/05 20:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode) [2008/09/25 21:00:33 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll [2008/09/25 21:00:33 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll [2008/09/25 21:00:32 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll [2008/09/25 21:00:32 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll [2008/09/25 21:00:32 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll [2008/09/25 21:00:31 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll [2008/09/25 21:00:31 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll [2008/09/25 21:00:31 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll [2008/09/25 21:00:31 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll [2008/09/25 21:00:31 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll [2008/09/25 21:00:31 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll ========== Files - Modified Within 30 Days ========== [2010/08/03 21:10:03 | 008,650,752 | ---- | M] () -- C:\Users\Vinicius\NTUSER.DAT [2010/08/03 21:10:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{89702626-5B6D-4B2A-9EE1-4864F8A556F4}.job [2010/08/03 20:53:52 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/08/03 20:53:52 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/08/03 20:53:38 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/08/03 20:53:34 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job [2010/08/03 20:45:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/08/03 20:45:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/08/03 20:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2010/08/03 20:43:46 | 000,524,288 | -HS- | M] () -- C:\Users\Vinicius\NTUSER.DAT{f23d4ba3-e812-11de-b1cb-001e90ec58e6}.TMContainer00000000000000000001.regtrans-ms [2010/08/03 20:43:46 | 000,065,536 | -HS- | M] () -- C:\Users\Vinicius\NTUSER.DAT{f23d4ba3-e812-11de-b1cb-001e90ec58e6}.TM.blf [2010/08/03 20:43:24 | 004,425,659 | -H-- | M] () -- C:\Users\Vinicius\AppData\Local\IconCache.db [2010/08/03 20:42:02 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/08/03 19:15:30 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4E7FFDCC-8AC2-4A6A-B48D-5A3EADE8F765}.job [2010/08/03 18:33:25 | 000,204,276 | ---- | M] () -- C:\Users\Vinicius\Desktop\histo regina.docx [2010/08/03 11:26:31 | 000,048,500 | ---- | M] () -- C:\Users\Vinicius\Desktop\MPU.jpg [2010/08/03 11:09:09 | 000,678,206 | ---- | M] () -- C:\Users\Vinicius\Desktop\espectometria_de_massas.pdf [2010/08/01 21:15:49 | 000,000,894 | ---- | M] () -- C:\Users\Vinicius\Desktop\sXe Injected.lnk [2010/07/29 18:03:20 | 000,137,728 | ---- | M] () -- C:\Users\Vinicius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/07/26 22:55:46 | 000,429,969 | ---- | M] () -- C:\Users\Vinicius\Desktop\TEST DE PAI.PDF [2010/07/26 18:53:24 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz [2010/07/26 18:53:24 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll [2010/07/26 18:53:24 | 000,000,087 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz [2010/07/26 18:53:24 | 000,000,073 | ---- | M] () -- C:\Windows\SysWow64\ssprs.dll [2010/07/26 18:52:07 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.tgz [2010/07/26 18:52:07 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.dll [2010/07/26 18:52:07 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\clauth2.dll [2010/07/26 18:52:07 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\clauth1.dll [2010/07/22 19:21:27 | 000,093,056 | ---- | M] (GMER) -- C:\ffldypoc.sys [2010/07/21 14:46:22 | 000,197,632 | ---- | M] () -- C:\Windows\elf_key.dll [2010/07/18 06:45:02 | 000,000,687 | ---- | M] () -- C:\Users\Vinicius\Documents\ax_files.xml [2010/07/17 16:51:26 | 000,001,749 | ---- | M] () -- C:\Users\Vinicius\Desktop\Tibia Auto.lnk [2010/07/16 20:18:04 | 000,429,310 | ---- | M] () -- C:\Users\Vinicius\Desktop\raven.pdf [2010/07/14 19:34:55 | 000,492,421 | ---- | M] () -- C:\Users\Vinicius\Desktop\LastScan.jpg [2010/07/14 09:26:11 | 000,000,478 | ---- | M] () -- C:\Windows\Lexstat.ini [2010/07/06 14:34:22 | 000,129,626 | ---- | M] () -- C:\Users\Vinicius\Desktop\MINISTÉRIO DA FAZENDA.docx [2010/07/04 22:50:58 | 000,067,232 | ---- | M] () -- C:\Users\Vinicius\Documents\projeto de tata.docx ========== Files Created - No Company Name ========== [2010/08/03 18:33:22 | 000,204,276 | ---- | C] () -- C:\Users\Vinicius\Desktop\histo regina.docx [2010/08/03 11:26:31 | 000,048,500 | ---- | C] () -- C:\Users\Vinicius\Desktop\MPU.jpg [2010/08/03 11:09:09 | 000,678,206 | ---- | C] () -- C:\Users\Vinicius\Desktop\espectometria_de_massas.pdf [2010/07/27 22:31:01 | 000,263,185 | ---- | C] () -- C:\Users\Vinicius\Desktop\Prova-19-Tipo-001.pdf [2010/07/26 22:55:45 | 000,429,969 | ---- | C] () -- C:\Users\Vinicius\Desktop\TEST DE PAI.PDF [2010/07/26 18:52:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.tgz [2010/07/26 18:52:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010/07/26 18:52:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll [2010/07/26 18:52:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll [2010/07/26 18:52:07 | 000,000,219 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.tgz [2010/07/26 18:52:07 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2010/07/26 18:52:07 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\ssprs.tgz [2010/07/26 18:52:07 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll [2010/07/21 14:44:11 | 000,197,632 | ---- | C] () -- C:\Windows\elf_key.dll [2010/07/16 20:20:37 | 000,429,310 | ---- | C] () -- C:\Users\Vinicius\Desktop\raven.pdf [2010/07/14 19:34:54 | 000,492,421 | ---- | C] () -- C:\Users\Vinicius\Desktop\LastScan.jpg [2010/07/12 11:24:49 | 000,000,687 | ---- | C] () -- C:\Users\Vinicius\Documents\ax_files.xml [2010/07/06 14:34:19 | 000,129,626 | ---- | C] () -- C:\Users\Vinicius\Desktop\MINISTÉRIO DA FAZENDA.docx [2010/07/04 22:50:50 | 000,067,232 | ---- | C] () -- C:\Users\Vinicius\Documents\projeto de tata.docx [2010/02/10 11:15:47 | 000,000,572 | ---- | C] () -- C:\Windows\ChemDraw.ini [2010/02/10 11:14:11 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\sdt_security.dll [2010/02/06 17:20:27 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2010/02/06 17:20:27 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2010/02/06 17:20:26 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2010/01/28 16:47:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winvcbsc.dll [2009/10/15 11:40:46 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2009/10/01 18:37:01 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009/10/01 18:37:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009/10/01 18:36:58 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/10/01 18:36:58 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/10/01 18:36:57 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/10/01 18:36:57 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009/09/26 10:02:03 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/26 09:59:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/04/28 20:28:44 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MSJCE.dll [2009/04/05 20:38:26 | 000,005,361 | ---- | C] () -- C:\Windows\DesinstWRecnet.ini [2009/04/05 20:38:26 | 000,000,129 | ---- | C] () -- C:\Windows\REC-NET.INI [2009/03/15 10:09:31 | 000,000,158 | ---- | C] () -- C:\Windows\matlab.ini [2009/02/07 13:26:33 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\CALL.INI [2009/01/21 18:00:44 | 000,000,440 | ---- | C] () -- C:\Windows\ODBC.INI [2008/11/23 20:14:04 | 000,142,592 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys [2008/10/31 23:18:16 | 000,000,334 | ---- | C] () -- C:\Windows\pdf2word.INI [2008/10/29 16:50:40 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt.dll [2008/10/24 18:50:06 | 001,454,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008/10/21 09:35:22 | 000,000,000 | ---- | C] () -- C:\Windows\lde.INI [2008/09/25 21:04:28 | 000,000,478 | ---- | C] () -- C:\Windows\Lexstat.ini [2008/09/25 21:00:33 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll [2008/09/25 21:00:33 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll [2008/09/25 00:26:48 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2008/09/15 21:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2008/09/15 21:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest [2008/09/15 21:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest [2008/09/15 21:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll [2008/06/01 04:13:10 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2008/04/16 23:05:12 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2004/08/17 11:57:24 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\QFClient2.dll ========== Custom Scans ========== < MD5 for: ATAPI.SYS > [2008/04/16 22:37:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009/04/11 04:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 08:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 06:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 06:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 06:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [1999/10/02 07:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Arquivos de Programas\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll [1999/10/02 06:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Program Files (x86)\MATLAB\R2006a\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll [1999/10/02 06:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Program Files (x86)\MATLAB\R2006b\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: NETLOGON.DLL > [2008/04/16 23:13:49 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2006/11/02 06:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll [2009/04/11 03:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 03:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 03:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009/04/11 04:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008/04/16 22:52:02 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [2006/11/02 08:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll < MD5 for: NVSTOR.SYS > [2008/04/16 22:38:04 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008/04/16 23:08:52 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2006/11/02 08:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll [2008/04/16 23:03:06 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2006/11/02 06:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll [2009/04/11 03:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 03:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 03:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009/04/11 04:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 204 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst < End of report >
  12. Da uma olhada nos Scans

    EU não sei o script que você mandou colocar, pode me mandar de novo? Atenciosamente Vinigo. Abraços.
  13. Da uma olhada nos Scans

    Por problemas no meu tópico criei outro. Aqui está de novo os scans, agora não achei aquilo que é para colocar no OTL. Só ta o DDS e Attach. DDS (Ver_10-03-17.01) - NTFSX64 Run by Vinicius at 14:20:14,33 on 27/07/2010 Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_10 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.55.1046.18.1790.821 [GMT -3:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\lxczcoms.exe C:\Program Files\webserver\bin\win32\matlabserver.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\bin\win32\MATLAB.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Tunngle\TnglCtrl.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Windows\system32\wuauclt.exe C:\Users\Vinicius\Desktop\Anti Virus\gmer.exe C:\Program Files (x86)\foobar2000\foobar2000.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\SysWOW64\conime.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchFilterHost.exe C:\Users\Vinicius\Desktop\Anti Virus\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076 mLocal Page = c:\windows\syswow64\blank.htm uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60076 mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~2\crawler\ctbr.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~2\crawler\ctbr.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~2\idm\quickf~1\plugins\IEHelp.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files (x86)\gbplugin\gbieh.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files (x86)\daemon tools toolbar\DTToolbar.dll TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\progra~2\textal~1\TAForIE.dll TB: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll TB: Barra de ferramentas &Crawler: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~2\crawler\ctbr.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [spywareTerminatorUpdate] "c:\program files (x86)\spyware terminator\SpywareTerminatorUpdate.exe" uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\daemon.exe" -autorun uRun: [AlcoholAutomount] "c:\program files (x86)\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" mRun: [FaxCenterServer] "c:\program files (x86)\lexmark fax solutions\fm3032.exe" /s mRun: [sunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe" mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) IE: Crawler Search - tbr:iemenu IE: E&xportar para o Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL Trusted Zone: bancobrasil.com.br\www Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\www DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\crawler\ctbr.dll Notify: GbPluginBb - c:\program files (x86)\gbplugin\gbieh.dll Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files (x86)\gbplugin\gbieh.dll {32099AAC-C132-4136-9E9A-4E364A424E17} TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun-x64: [LogMeIn GUI] "c:\program files (x86)\logmein\x64\LogMeInSystray.exe" ================= FIREFOX =================== FF - ProfilePath - c:\users\vinicius\appdata\roaming\mozilla\firefox\profiles\l82jokle.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.localstrike.com.ar/ FF - prefs.js: keyword.URL - hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - component: c:\users\vinicius\appdata\roaming\mozilla\firefox\profiles\l82jokle.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll FF - component: c:\users\vinicius\appdata\roaming\mozilla\firefox\profiles\l82jokle.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll FF - plugin: c:\users\vinicius\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\users\vinicius\appdata\roaming\mozilla\firefox\profiles\l82jokle.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{dc73254b-b7f3-cebd-1220-a4e2bb3b747b} ---- FIREFOX POLICIES ---- FF - user.js: google.toolbar.linkdoctor.enabled - false c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-6-14 33792] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-10-24 136912] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-10-24 53008] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-6-1 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-6-1 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-1 74880] R2 GbpSv;Gbp Service;c:\progra~2\gbplugin\GbpSv.exe [2010-2-21 55072] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-5-23 72216] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-29 40464] R2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688] R2 TunngleService;TunngleService;c:\program files (x86)\tunngle\TnglCtrl.exe [2009-10-10 666360] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2009-10-10 31232] S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2010-1-5 9968] S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2010-1-5 74480] S2 gupdate1c9c38e93112d81;Google Update Service (gupdate1c9c38e93112d81);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-4-22 133104] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-26 89920] S3 FontCache;Serviço de Cache de Fontes do Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-16 27648] S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [2009-3-19 150656] S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [2009-3-19 150656] S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [2009-3-19 150656] S3 PerfHost;Host de DLL de Contador de Desempenho;c:\windows\syswow64\perfhost.exe [2008-4-16 19968] S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-2 108072] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2007-11-2 19496] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2007-11-2 145448] S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2010-1-5 7408] ============== File Associations =============== JSEFile=c:\windows\syswow64\WScript.exe "%1" %* =============== Created Last 30 ================ 2010-07-26 21:52:07 87 ----a-w- c:\windows\syswow64\ssprs.tgz 2010-07-26 21:52:07 73 ----a-w- c:\windows\syswow64\ssprs.dll 2010-07-26 21:52:07 219 ----a-w- c:\windows\syswow64\lsprst7.tgz 2010-07-26 21:52:07 205 ----a-w- c:\windows\syswow64\lsprst7.dll 2010-07-26 21:52:07 1025 ----a-w- c:\windows\syswow64\sysprs7.tgz 2010-07-26 21:52:07 1025 ----a-w- c:\windows\syswow64\sysprs7.dll 2010-07-26 21:52:07 1025 ----a-w- c:\windows\syswow64\clauth2.dll 2010-07-26 21:52:07 1025 ----a-w- c:\windows\syswow64\clauth1.dll 2010-07-22 22:21:27 93056 ----a-w- C:\ffldypoc.sys 2010-07-22 06:22:10 0 d-----w- c:\program files (x86)\TibiaBot NG 2010-07-21 18:10:30 0 d-----w- c:\program files (x86)\ElfBot NG 2010-07-21 17:44:11 197632 ----a-w- c:\windows\elf_key.dll 2010-07-12 14:23:26 0 d-----w- c:\program files (x86)\Alcohol Soft 2010-07-05 23:17:19 0 d-----w- c:\program files (x86)\AMR Player 2010-07-05 23:13:34 0 d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode) ==================== Find3M ==================== 2010-07-27 13:43:05 53164 ----a-w- c:\programdata\nvModes.dat 2010-07-23 00:17:03 636908 ----a-w- c:\windows\system32\prfh0416.dat 2010-07-23 00:17:03 122534 ----a-w- c:\windows\system32\prfc0416.dat 2010-07-12 14:16:00 828912 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-05-28 22:18:27 90112 ----a-w- c:\windows\syswow64\CmdLineExt.dll 2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll 2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll 2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll 2010-05-21 21:26:41 86016 ----a-w- c:\windows\inf\infstor.dat 2010-05-21 21:26:41 51200 ----a-w- c:\windows\inf\infpub.dat 2010-05-21 21:26:41 143360 ----a-w- c:\windows\inf\infstrng.dat 2010-05-21 17:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe 2010-05-04 06:56:19 1147904 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 06:51:49 132096 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 06:51:48 77312 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 05:59:21 916480 ----a-w- c:\windows\syswow64\wininet.dll 2010-05-04 05:59:11 1209344 ----a-w- c:\windows\syswow64\urlmon.dll 2010-05-04 05:58:07 206848 ----a-w- c:\windows\syswow64\occache.dll 2010-05-04 05:56:49 611840 ----a-w- c:\windows\syswow64\mstime.dll 2010-05-04 05:56:28 5950976 ----a-w- c:\windows\syswow64\mshtml.dll 2010-05-04 05:56:25 599040 ----a-w- c:\windows\syswow64\msfeeds.dll 2010-05-04 05:56:25 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-05-04 05:55:56 25600 ----a-w- c:\windows\syswow64\jsproxy.dll 2010-05-04 05:55:42 71680 ----a-w- c:\windows\syswow64\iesetup.dll 2010-05-04 05:55:42 1985536 ----a-w- c:\windows\syswow64\iertutil.dll 2010-05-04 05:55:42 164352 ----a-w- c:\windows\syswow64\ieui.dll 2010-05-04 05:55:42 109056 ----a-w- c:\windows\syswow64\iesysprep.dll 2010-05-04 05:55:41 55808 ----a-w- c:\windows\syswow64\iernonce.dll 2010-05-04 05:55:41 184320 ----a-w- c:\windows\syswow64\iepeers.dll 2010-05-04 05:55:41 11076096 ----a-w- c:\windows\syswow64\ieframe.dll 2010-05-04 05:55:37 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-05-04 05:01:59 162816 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-04 04:31:05 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe 2010-05-04 04:30:58 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe 2010-05-04 04:30:19 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe 2010-05-01 14:39:56 2752000 ----a-w- c:\windows\system32\win32k.sys 2010-01-28 12:31:09 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-06-03 23:33:30 859 ----a-w- c:\program files\MATLAB 7.1.lnk 2008-09-19 18:48:48 174 --sha-w- c:\program files\desktop.ini 2008-09-19 18:48:48 174 --sha-w- c:\program files (x86)\desktop.ini 2006-11-06 02:42:08 37412 ----a-w- c:\windows\inf\perflib\0416\perfd.dat 2006-11-06 02:42:08 37412 ----a-w- c:\windows\inf\perflib\0416\perfc.dat 2006-11-06 02:42:08 318818 ----a-w- c:\windows\inf\perflib\0416\perfi.dat 2006-11-06 02:42:07 318818 ----a-w- c:\windows\inf\perflib\0416\perfh.dat 2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2005-07-26 23:17:08 73371 ----a-w- c:\program files\license.txt 2005-06-28 12:15:48 403 ----a-w- c:\program files\patents.txt 2010-02-05 23:35:50 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2008-04-17 02:44:55 8192 --sha-w- c:\windows\users\default\NTUSER.DAT ============= FINISH: 14:20:29,98 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft® Windows Vista™ Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 19/09/2008 15:49:18 System Uptime: 27/07/2010 10:41:01 (4 hours ago) Motherboard: ECS | | GeForce 8000 series Processor: AMD Athlon 64 X2 Dual Core Processor 5200+ | CPU 1 | 2400/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 149 GiB total, 6,174 GiB free. D: is CDROM () E: is CDROM () F: is CDROM () G: is CDROM () H: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP548: 26/07/2010 18:53:04 - Installed HYSYS RP549: 27/07/2010 10:48:51 - Windows Update ==== Installed Programs ====================== ABBYY FineReader 6.0 Sprint Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Setup Adobe Shockwave Player 11.5 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 Advanced Archive Password Recovery Advanced SystemCare 3 Advertising Center AGEIA GAME System Software 2.8.0 AKVIS Sketch AMR Player 1.3 Any Video Converter 2.7.1 Arquivo do WinRAR Assistente de Conexão do Windows Live µTorrent Atualização do produto Microsoft Office Excel 2007 Help (KB963678) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) Atualização do produto Microsoft Office Word 2007 Help (KB963665) Audacity 1.3.12 (Unicode) AutoUpdate Avira AntiVir Personal - Free Antivirus Barra de Ferramentas do Yahoo! CALL - Vs5 Call of Duty Modern Warfare 2 CALL Vs.5 Cambridge Advanced Learner's Dictionary - 2nd edition CCleaner CFD GridEditor 2.0 CFD Mesh 1.0 CFD SciView 1.0 CFD Sinflow Library 1.0 CFD Studio 1.0 Cheating-Death 4.33.4 ChemSep 6.0 Chime/Chime Pro for Internet Explorer CodeBlocks CodecInstaller 2.10.1 CorelDRAW Graphics Suite X4 CorelDRAW Graphics Suite X4 - Capture CorelDRAW Graphics Suite X4 - Content CorelDRAW Graphics Suite X4 - Draw CorelDRAW Graphics Suite X4 - Filters CorelDRAW Graphics Suite X4 - FontNav CorelDRAW Graphics SUite X4 - ICA CorelDRAW Graphics Suite X4 - IPM CorelDRAW Graphics Suite X4 - Lang EN CorelDRAW Graphics Suite X4 - PP CorelDRAW Graphics Suite X4 - VBA CorelDRAW® Graphics Suite X4 CorelDRAW® Graphics Suite X4 - Windows Shell Extension Counter-Strike 1.6 Crawler Toolbar with Web Security Guard DAEMON Tools Toolbar DDR - Digital Camera Recovery(Demo) 4.0.1.6 Dealio Toolbar v4.0.1 Diablo II Discador TIM DivX Codec DivX Converter DivX Player DivX Web Player Documentação - Projeto CFD Sinflow DVD Shrink 3.2 ElfBot NG 4.5.9 eMule eMule Plus 1.2d Ferramenta de Carregamento do Windows Live Flobo Photo Digital Recovery 1.5 foobar2000 v0.9.5.5 Foxit Reader Free FLV to AVI Video Converter v. 1.0 Free Mp3 Wma Converter V 1.81 Free PDF to Word Doc Converter v1.1 Fundamentos Google Chrome Google Update Helper GUNROX 1.11 Hero Editor V0.96 HiJackThis HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IRPF2009 - Declaração de Ajuste Anual e Final de Espólio IRPF2010 - Declaração de Ajuste Anual e Final de Espólio Java 6 Update 10 K-Lite Mega Codec Pack 5.1.0 Longman Dicionário Escolar Macromedia Flash Player 8 Magic ISO Maker v5.5 (build 0272) Malwarebytes' Anti-Malware MATLAB 7.1 MATLAB R2006b MediaCoder 0.6.1 Microke Special Edition Microsoft Choice Guard Microsoft English TTS 5.1 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (Portuguese (Brazil)) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft Search Enhancement Pack Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Minilyrics(remove only) Miro Mozilla Firefox (3.6.8) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Need For Speed Underground Nero 9 Lite Nero ControlCenter Nero Installer Nero Online Upgrade Nero StartSmart neroxml NextUp-ScanSoft Raquel Brazilian Portuguese Voice Nmap 4.76 No-IP.com DUC (remove only) NSIS Example2 Origin 6.0 Patch SiteCS PC Inspector File Recovery PDF Settings PhotoFiltre Studio Postal 2 Share The Pain PRO-EVO Editing Studio 2010 2.2.0.0 Pro Evolution Soccer 2010 Python 2.4.4 QUICKfind QuickTime Alternative 2.7.0 Real Alternative 1.9.0 RealPlayer Receitanet 2009 Receitanet Java 2010.02a Remere's Map Editor Samsung PC Studio 3 USB Driver Installer Search Settings 1.2.2 Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB980376) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB982135) Skype™ 4.0 Sony Vegas Pro 8.0 Spyware Terminator Steam StuffPlug 3 Sun xVM VirtualBox SUPERAntiSpyware Free Edition sXe Injected TextAloud The KMPlayer (remove only) The Unscrambler® 9.8 Tibia Tibia MULTI-ip changer TibiaBot NG 4.9.7 Tunngle beta Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Outlook 2007 Junk Email Filter (kb2202131) VDownloader 1.1 Visual Basic for Applications ® Core Visual Basic for Applications ® Core - English Visual C++ 8.0 Runtime Setup Package (x64) Windows Essentials Media Codec Pack 2.3d Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sync Windows Live Writer Windows Media Player Firefox Plugin Windows Movie Maker 2.6 winpcap-nmap 4.02 WinSCP 4.1.8 Worms2 Demo Zylom Games Player Plugin ==== End Of File ===========================
  14. Hijackthis,pode dar uma olhada.

    Pronto ta voltando ao normal, algumas coisas voltando a pegar... So para avisar o meu windows é Vista e não XP.
  15. Hijackthis,pode dar uma olhada.

    olha ai, demorou que só... umas 24hrs mais.. Tive que ficar parando e mandando começar... Acho que não achou nada.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×