Ir ao conteúdo
  • Cadastre-se
TIEiffelSerra

Virus do mal

Recommended Posts

Tempos atrás eu peguei o maldito do Win32Sality que me deu dor de cabeça aqui da loja. Tive que "isolar" os PCs que pareciam infestados e formata-los. Tive que rever todos os PCs da loja. Além de garantir que agora só exista UMA pasta compartilhada na rede em um servidor Linux com samba. 

No meu notebook (Que não quero nem considerar a hipótese de formatar, me nego rs), eu até consegui "resolver" rodando a ferramenta do AVG para a remoção do mesmo (Rodou por 3 dias seguidos) e parece que resolveu, pelo menos o Avast tinha parado de gritar... mas depois desse episódio com o Sality meu W7 nunca mais foi o mesmo. :/

 

Não sei se foi culpa do sality, mas também peguei aquele vírus do Autorun.inf na raiz do meu disco local C e D. Consegui remover na marra pelo DOS no modo de segurança e ele não voltou mais.

 

Vamos pro problema de hoje, tenho algum (ou alguns) vírus que fazem o seguinte:

 

- Criam arquivos executáveis temporários na pasta "C:\Users\Vitor\AppData\Local\Temp\". Se eu matar o processo ou reiniciar o PC eles simplesmente voltam com outros nomes. Esses malditos ficam lá parados na memória com tamanho entre 0,7Mb ~ 1.5Mb, não sei qual o vírus fonte. Sei que parece que eles não consomem CPU. As vezes aparecem na memória 1 arquivo, 2 ou até 3 como está no log. As vezes também não aparece nenhum. (???? - Sinistro)

- Fazem com que sempre algum programa da memória utilize 25% de CPU. Esse programa é sempre aleatório.(Nunca é um dos arquivos executáveis aleatórios) As vezes pegam um serviço de update tipo adobe, nesses casos eu mato o processo e ele vai alterando de executável (Sempre executando 25% de CPU) até pegar um tipo winlogon.exe que não da pra matar sem reinicialização.

- Não sei se faz relação com o vírus, mas tá dando pau direto em leitores de PDF, não consigo ficar 2 dias sem reinstalar, já utilizei 3 leitores diferentes e depois de um tempinho eles dão o mesmo problema de runtime error C++.

 

 

Sempre consegui resolver meus problemas com ameaças sozinho, mas esse realmente me quebrou as pernas. Espero que alguém consiga enxergar alguma coisa que eu não consegui.

 

Segue os logs e agradeço desde já quem se disponibilizar.

 

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.45.2

Run by Vitor at 9:41:41 on 2014-02-20

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.2722.1190 [GMT -3:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\EscSvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Apollo\Apollo.exe

C:\Users\Vitor\AppData\Local\Temp\bhrhu.exe

C:\Users\Vitor\AppData\Local\Temp\eipdvy.exe

C:\Users\Vitor\AppData\Local\Temp\sjww.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskmgr.exe

C:\Users\Vitor\Downloads\HijackThis (1).exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://webmail.maiex.com/

mStart Page = hxxp://searchfunmoods.com/?f=1&a=yokaifnm&cd=2XzuyEtN2Y1L1QzuyEtDtB0C0FyEtAyEyC0D0DzyyEyE0DtCtN0D0Tzu0CyDyCyBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2U1F1J1T1L1O1G1H&cr=1838801559&ir=

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\program files\gbplugin\gbiehabn.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [eTMonitor] "c:\program files\aladdin\etoken\pkiclient\x32\PKIMonitor.exe"

dRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatii4e.exe /ept "epltarget\P0000000000000000" /M "L355 Series"

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{2016DCCC-4517-4BDC-BE4E-EE856BAC62F2} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{2016DCCC-4517-4BDC-BE4E-EE856BAC62F2}\2556E61657C64705F6376556E64616 : DHCPNameServer = 128.64.18.253

TCP: Interfaces\{2016DCCC-4517-4BDC-BE4E-EE856BAC62F2}\2556E61657C64765E4 : DHCPNameServer = 128.64.20.253

TCP: Interfaces\{2016DCCC-4517-4BDC-BE4E-EE856BAC62F2}\357756564784F6D656 : DHCPNameServer = 192.168.1.1 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify:  GbPluginAbn - c:\program files\gbplugin\gbiehAbn.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\program files\gbplugin\gbiehabn.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-4-11 48296]

R0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;c:\windows\system32\drivers\iusb3hcs.sys [2012-10-16 16440]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-1-28 243128]

R1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\drivers\TsLwWfF.sys [2012-10-6 25288]

R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2013-9-24 122000]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2013-6-6 413784]

R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-12-5 1796200]

R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2013-7-17 181760]

R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2008-10-27 5120]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-5-22 76544]

R3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\drivers\IntcDAud.sys [2012-6-19 289792]

R3 iusb3hub;Driver para hub Intel® USB 3.0;c:\windows\system32\drivers\iusb3hub.sys [2012-10-16 351288]

R3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;c:\windows\system32\drivers\iusb3xhc.sys [2012-10-16 796216]

R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2013-6-3 31088]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-12-5 414824]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2013-7-25 27632]

S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 159232]

S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2014-1-30 34472]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2013-6-25 23608]

S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-5-22 102784]

S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-5-22 11136]

S3 GSService;GSService;c:\windows\system32\GSService.exe [2013-6-25 355112]

S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-5-22 95744]

S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2013-5-22 27520]

S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\drivers\ew_juwwanecm.sys [2013-5-22 192512]

S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2013-6-3 31088]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-12-5 254568]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-4 1343400]

S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys [2013-6-25 27496]

S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys [2013-6-25 27496]

S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys [2013-6-25 27496]

S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys [2013-6-25 27496]

S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys [2013-6-25 27496]

S4 IBExpertBackupRestore;IBExpertBackupRestore;c:\program files\hk-software\ibexpertbackuprestore\hkIBRS.exe [2013-1-3 1027584]

S4 IBExpertInstanceManager;IBExpertInstanceManager;c:\program files\hk-software\ibexpertinstancemanager\hkIM.exe [2013-1-3 765952]

S4 IBExpertJobScheduler;IBExpertJobScheduler;c:\program files\hk-software\ibexpertjobscheduler\hkJS.exe [2013-1-3 677888]

S4 IBExpertSQLMonitor;IBExpertSQLMonitor;c:\program files\hk-software\ibexpertsqlmonitor\hkProxy.exe [2013-1-3 1489920]

S4 IBExpertSQLMonitorDB;IBExpertSQLMonitorDB;c:\program files\hk-software\ibexpertsqlmonitor\StatToDB.exe [2013-1-3 1306624]

S4 IBExpertSQLMonitorHtmlMaker;IBExpertSQLMonitorHtmlMaker;c:\program files\hk-software\ibexpertsqlmonitor\StatToHtml.exe [2013-1-3 638464]

S4 IBExpertTransactionMonitor;IBExpertTransactionMonitor;c:\program files\hk-software\ibexperttransactionmonitor\hkTRmon.exe [2013-1-3 960000]

.

=============== File Associations ===============

.

FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2014-02-19 18:02:59 -------- d-----w- c:\users\vitor\appdata\roaming\SumatraPDF

2014-02-19 18:02:54 -------- d-----w- c:\program files\SumatraPDF

2014-02-19 15:06:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2014-02-19 14:49:40 -------- d-----w- C:\Intel

2014-02-17 11:45:21 -------- d-----w- c:\users\vitor\appdata\roaming\Foxit Software

2014-01-30 17:59:15 34472 ----a-w- c:\windows\system32\drivers\aksup.sys

2014-01-30 17:59:07 -------- d-----w- c:\program files\Aladdin

2014-01-30 17:58:36 -------- d-----w- c:\program files\Athena

2014-01-30 11:41:51 -------- d-----w- c:\users\vitor\appdata\local\LogMeIn Client

2014-01-28 20:18:31 -------- d-----w- c:\programdata\Protexis

2014-01-28 20:14:04 -------- d-----w- c:\program files\common files\Protexis

2014-01-28 20:13:56 -------- d-----w- c:\programdata\Corel

2014-01-28 20:07:39 99328 --sh--r- C:\ihcub.exe

2014-01-28 20:07:10 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X6

2014-01-28 19:44:50 -------- d-----w- c:\users\vitor\appdata\roaming\SpeedyPC Software

2014-01-28 19:44:50 -------- d-----w- c:\users\vitor\appdata\roaming\DriverCure

2014-01-28 19:44:23 -------- d-----w- c:\programdata\SpeedyPC Software

2014-01-28 19:39:43 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2014-01-28 19:39:39 -------- d-----w- c:\users\vitor\appdata\roaming\DAEMON Tools Lite

2014-01-28 19:39:36 -------- d-----w- c:\program files\DAEMON Tools Lite

2014-01-28 19:38:48 -------- d-----w- c:\programdata\DAEMON Tools Lite

2014-01-28 19:20:55 -------- d-----w- c:\programdata\Samsung

2014-01-27 15:28:01 -------- d-----w- c:\users\vitor\appdata\roaming\AtomPark

2014-01-27 13:01:46 -------- d-----w- c:\program files\EMS

2014-01-23 19:43:15 2563347 ------w- c:\program files\xerox\xerox workcentre 3210\install\installation_video.exe

2014-01-23 19:42:49 8893800 ------w- c:\program files\xerox\xerox workcentre 3210\install\acrobat_reader\english\acrobat.exe

2014-01-23 19:29:24 2224904 ------w- c:\windows\Xreg.exe

2014-01-23 19:29:06 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2014-01-23 19:29:06 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2014-01-23 19:29:06 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

2014-01-23 19:29:06 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2014-01-23 19:29:04 688260 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe

2014-01-23 19:29:00 479232 ----a-w- c:\windows\ssndii.exe

2014-01-23 19:28:59 -------- d-----w- c:\windows\Xerox

2014-01-23 19:28:54 19968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\sxs1mpc.dll

.

==================== Find3M  ====================

.

2014-02-20 11:55:06 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys

2013-12-17 11:16:55 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2013-12-10 19:56:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-12-09 11:14:09 554496 ----a-w- c:\windows\system32\soaprtl100.bpl

.

============= FINISH:  9:42:31,46 ===============

 

 

 

ATTACH

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate 

Boot Device: \Device\HarddiskVolume1

Install Date: 05/12/2012 16:42:24

System Uptime: 20/02/2014 09:54:44 (0 hours ago)

.

Motherboard: Hewlett-Packard |  | 183D

Processor: Intel® Core i3-2350M CPU @ 2.30GHz | U3E1 | 2300/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 146 GiB total, 82,099 GiB free.

D: is FIXED (NTFS) - 319 GiB total, 126,439 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: 

Description: 

Device ID: ACPI\HPQ0004\3&11583659&0

Manufacturer: 

Name: 

PNP Device ID: ACPI\HPQ0004\3&11583659&0

Service: 

.

Class GUID: 

Description: Controlador de comunicação PCI simples

Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_183D103C&REV_04\3&11583659&0&B0

Manufacturer: 

Name: Controlador de comunicação PCI simples

PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_183D103C&REV_04\3&11583659&0&B0

Service: 

.

Class GUID: 

Description: Dispositivo PCI

Device ID: PCI\VEN_10EC&DEV_5229&SUBSYS_183D103C&REV_01\4&72CB206&0&00E2

Manufacturer: 

Name: Dispositivo PCI

PNP Device ID: PCI\VEN_10EC&DEV_5229&SUBSYS_183D103C&REV_01\4&72CB206&0&00E2

Service: 

.

==== System Restore Points ===================

.

RP173: 30/01/2014 15:34:55 - Removed eToken PKI Client 5.1 SP1

RP174: 30/01/2014 15:44:23 - Removed OpenTrust SCM Client

RP175: 30/01/2014 15:57:54 - Installed Athena ASEDrive 2.9.0.0.

RP176: 30/01/2014 15:58:41 - Installed eToken PKI Client 5.1 SP1

RP177: 30/01/2014 16:00:45 - Installed OpenTrust SCM Client

RP178: 07/02/2014 09:51:58 - Removed Adobe Reader 9.5.5 - Português.

RP179: 19/02/2014 12:20:09 - Removed Corel Graphics - Windows Shell Extension.

RP180: 19/02/2014 12:22:39 - Removed Adobe Reader XI (11.0.06) - Português.

RP181: 19/02/2014 12:24:42 - Removed Crystal Reports 2008

RP183: 19/02/2014 12:29:54 - Removed Crystal Reports XI

RP184: 19/02/2014 12:31:59 - Removed Crystal Reports 2008 Portuguese (Brazilian) Language Pack

RP185: 19/02/2014 12:32:39 - Removed Epson Customer Participation

RP186: 19/02/2014 12:33:08 - Removed Epson Event Manager

RP187: 19/02/2014 12:35:18 - Removed Microsoft SQL Server 2005 Compact Edition [ENU]

RP188: 19/02/2014 12:35:54 - Removido Microsoft Visual C++ 2005 Redistributable

RP189: 19/02/2014 12:40:03 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

RP190: 19/02/2014 12:40:40 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

RP191: 19/02/2014 12:41:46 - Removed Microsoft Visual Studio Tools for Applications 2.0 - ENU

RP192: 19/02/2014 12:43:19 - Removed Microsoft Visual Studio Tools for Applications 2.0 Runtime

RP193: 19/02/2014 12:50:06 - Removed Facebook Video Calling 2.0.0.447

RP194: 20/02/2014 10:08:06 - Instalado Microsoft Visual C++ 2005 Redistributable

.

==== Installed Programs ======================

.

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 11 ActiveX

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Stock Photos 1.0

Arquivo do WinRAR

Athena ASEDrive 2.9.0.0

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

Broadcom 802.11 Wireless LAN Adapter

Brother DCP-8085DN

Brother MFL-Pro Suite MFC-8480DN

CCleaner

CorelDRAW Graphics Suite X6

CorelDRAW Graphics Suite X6 - BR

CorelDRAW Graphics Suite X6 - Capture

CorelDRAW Graphics Suite X6 - Common

CorelDRAW Graphics Suite X6 - Connect

CorelDRAW Graphics Suite X6 - Custom Data

CorelDRAW Graphics Suite X6 - Draw

CorelDRAW Graphics Suite X6 - Filters

CorelDRAW Graphics Suite X6 - FontNav

CorelDRAW Graphics Suite X6 - IPM

CorelDRAW Graphics Suite X6 - PHOTO-PAINT

CorelDRAW Graphics Suite X6 - Photozoom Plugin

CorelDRAW Graphics Suite X6 - Redist

CorelDRAW Graphics Suite X6 - Setup Files

CorelDRAW Graphics Suite X6 - VBA

CorelDRAW Graphics Suite X6 - VideoBrowser

CorelDRAW Graphics Suite X6 - VSTA

CorelDRAW Graphics Suite X6 - Writing Tools

D3DX10

DAEMON Tools Lite

Dropbox

DVD Shrink 3.2

EPSON L355 Series Printer Uninstall

EPSON Scan

EpsonNet Print

eToken PKI Client 5.1 SP1

Firebird ODBC Driver 1.2.0.69

Free Audio Dub version 1.7.9.908

Free Video Dub version 2.0.17.128

Galeria de Fotos

Google Chrome

Google Update Helper

Guitar Pro 5.2

HK-Software IBExpert Developer Studio Trial Version

Intel® Processor Graphics

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® USB 3.0 eXtensible Host Controller Driver

Java 7 Update 45

Java Auto Updater

Módulo de Proteção Santander 3.2.0.2

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Visual Basic for Applications 7.1 (x86)

Microsoft Visual Basic for Applications 7.1 (x86) English

Microsoft Visual Basic for Applications 7.1 (x86) Portuguese (Brazil)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

Microsoft XML Parser

Movie Maker

MSVCRT

MSVCRT110

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 8

neroxml

OpenTrust SCM Client

Photo Common

Photo Gallery

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

SCM Installation Kit for Vectury (Version 4.3 - r119307)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 

Skype™ 6.6

Spark 2.6.0.12343

Speex for Windows 1.0.5

Synaptics Pointing Device Driver

UltraVnc

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition

VCRedistSetup

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Xerox WorkCentre 3210

.

==== End Of File ===========================

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

 

Desculpe a demora :)

 

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK, segue:

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.45.2
Run by Vitor at 8:42:24 on 2014-02-24
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.1046.18.2722.1633 [GMT -3:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\EscSvc.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\TEMP\wininxcii.exe
C:\Windows\TEMP\pgqvyr.exe
C:\Windows\TEMP\outwr.exe
C:\Users\Vitor\AppData\Local\Temp\cfwrs.exe
C:\Users\Vitor\AppData\Local\Temp\winrgvmcq.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://webmail.maiex.com/
mStart Page = hxxp://searchfunmoods.com/?f=1&a=yokaifnm&cd=2XzuyEtN2Y1L1QzuyEtDtB0C0FyEtAyEyC0D0DzyyEyE0DtCtN0D0Tzu0CyDyCyBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2U1F1J1T1L1O1G1H&cr=1838801559&ir=
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\program files\gbplugin\gbiehabn.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [eTMonitor] "c:\program files\aladdin\etoken\pkiclient\x32\PKIMonitor.exe"
dRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatii4e.exe /ept "epltarget\P0000000000000000" /M "L355 Series"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: NameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{2016DCCC-4517-4BDC-BE4E-EE856BAC62F2} : DHCPNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{2016DCCC-4517-4BDC-BE4E-EE856BAC62F2}\2556E61657C647021444D4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2016DCCC-4517-4BDC-BE4E-EE856BAC62F2}\2556E61657C64705F6376556E64616 : DHCPNameServer = 128.64.18.253
TCP: Interfaces\{2016DCCC-4517-4BDC-BE4E-EE856BAC62F2}\2556E61657C64765E4 : DHCPNameServer = 128.64.20.253
TCP: Interfaces\{2016DCCC-4517-4BDC-BE4E-EE856BAC62F2}\357756564784F6D656 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{2016DCCC-4517-4BDC-BE4E-EE856BAC62F2}\3577565647D284F6D656 : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginAbn - c:\program files\gbplugin\gbiehAbn.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\program files\gbplugin\gbiehabn.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-4-11 48296]
R0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;c:\windows\system32\drivers\iusb3hcs.sys [2012-10-16 16440]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-1-28 243128]
R1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\drivers\TsLwWfF.sys [2012-10-6 25288]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2013-9-24 122000]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-2-21 239680]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2013-6-6 413784]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 345440]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2012-12-5 1861736]
R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2013-7-17 181760]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2008-10-27 5120]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-5-22 76544]
R3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\drivers\IntcDAud.sys [2012-6-19 289792]
R3 iusb3hub;Driver para hub Intel® USB 3.0;c:\windows\system32\drivers\iusb3hub.sys [2012-10-16 351288]
R3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;c:\windows\system32\drivers\iusb3xhc.sys [2012-10-16 796216]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\GbpNdisrd.sys [2013-6-3 31088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-12-5 414824]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2013-7-25 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 159232]
S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [2014-1-30 34472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2013-6-25 23608]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-5-22 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-5-22 11136]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2013-6-25 355112]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-5-22 95744]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2013-5-22 27520]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\drivers\ew_juwwanecm.sys [2013-5-22 192512]
S3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\drivers\GbpNdisrd.sys [2013-6-3 31088]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-12-5 254568]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-4 1343400]
S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys [2013-6-25 27496]
S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys [2013-6-25 27496]
S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys [2013-6-25 27496]
S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys [2013-6-25 27496]
S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys [2013-6-25 27496]
S4 IBExpertBackupRestore;IBExpertBackupRestore;c:\program files\hk-software\ibexpertbackuprestore\hkIBRS.exe [2013-1-3 2141696]
S4 IBExpertInstanceManager;IBExpertInstanceManager;c:\program files\hk-software\ibexpertinstancemanager\hkIM.exe [2013-1-3 1880064]
S4 IBExpertJobScheduler;IBExpertJobScheduler;c:\program files\hk-software\ibexpertjobscheduler\hkJS.exe [2013-1-3 677888]
S4 IBExpertSQLMonitor;IBExpertSQLMonitor;c:\program files\hk-software\ibexpertsqlmonitor\hkProxy.exe [2013-1-3 2604032]
S4 IBExpertSQLMonitorDB;IBExpertSQLMonitorDB;c:\program files\hk-software\ibexpertsqlmonitor\StatToDB.exe [2013-1-3 1306624]
S4 IBExpertSQLMonitorHtmlMaker;IBExpertSQLMonitorHtmlMaker;c:\program files\hk-software\ibexpertsqlmonitor\StatToHtml.exe [2013-1-3 638464]
S4 IBExpertTransactionMonitor;IBExpertTransactionMonitor;c:\program files\hk-software\ibexperttransactionmonitor\hkTRmon.exe [2013-1-3 960000]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2014-02-21 17:43:57 -------- d-----w- c:\users\vitor\appdata\roaming\SendBlaster3
2014-02-21 17:42:56 -------- d-----w- c:\program files\SendBlaster3
2014-02-21 13:08:55 -------- d-----w- c:\program files\common files\Protexis
2014-02-21 13:08:49 -------- d-----w- c:\programdata\Corel
2014-02-21 13:03:15 -------- d-----w- c:\program files\Corel
2014-02-20 19:03:30 -------- d-----w- c:\program files\Foxit Software
2014-02-19 18:02:59 -------- d-----w- c:\users\vitor\appdata\roaming\SumatraPDF
2014-02-19 18:02:54 -------- d-----w- c:\program files\SumatraPDF
2014-02-19 15:06:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-02-19 14:49:40 -------- d-----w- C:\Intel
2014-02-17 11:45:21 -------- d-----w- c:\users\vitor\appdata\roaming\Foxit Software
2014-01-30 17:59:15 34472 ----a-w- c:\windows\system32\drivers\aksup.sys
2014-01-30 17:59:07 -------- d-----w- c:\program files\Aladdin
2014-01-30 17:58:36 -------- d-----w- c:\program files\Athena
2014-01-30 11:41:51 -------- d-----w- c:\users\vitor\appdata\local\LogMeIn Client
2014-01-28 20:18:31 -------- d-----w- c:\programdata\Protexis
2014-01-28 20:07:39 99328 --sh--r- C:\ihcub.exe
2014-01-28 20:07:10 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X6
2014-01-28 19:44:50 -------- d-----w- c:\users\vitor\appdata\roaming\SpeedyPC Software
2014-01-28 19:44:50 -------- d-----w- c:\users\vitor\appdata\roaming\DriverCure
2014-01-28 19:44:23 -------- d-----w- c:\programdata\SpeedyPC Software
2014-01-28 19:39:43 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-01-28 19:39:39 -------- d-----w- c:\users\vitor\appdata\roaming\DAEMON Tools Lite
2014-01-28 19:39:36 -------- d-----w- c:\program files\DAEMON Tools Lite
2014-01-28 19:38:48 -------- d-----w- c:\programdata\DAEMON Tools Lite
2014-01-28 19:20:55 -------- d-----w- c:\programdata\Samsung
2014-01-27 15:28:01 -------- d-----w- c:\users\vitor\appdata\roaming\AtomPark
2014-01-27 13:01:46 -------- d-----w- c:\program files\EMS
.
==================== Find3M  ====================
.
2014-02-24 11:33:39 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys
2013-12-17 11:16:55 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2013-12-10 19:56:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-09 11:14:09 554496 ----a-w- c:\windows\system32\soaprtl100.bpl
.
============= FINISH:  8:43:39,12 ===============
 
 
 
 
ATTACH
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 05/12/2012 16:42:24
System Uptime: 24/02/2014 08:33:13 (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 183D
Processor: Intel® Core i3-2350M CPU @ 2.30GHz | U3E1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 79,769 GiB free.
D: is FIXED (NTFS) - 319 GiB total, 126,345 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\HPQ0004\3&11583659&0
Manufacturer: 
Name: 
PNP Device ID: ACPI\HPQ0004\3&11583659&0
Service: 
.
Class GUID: 
Description: Controlador de comunicação PCI simples
Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_183D103C&REV_04\3&11583659&0&B0
Manufacturer: 
Name: Controlador de comunicação PCI simples
PNP Device ID: PCI\VEN_8086&DEV_1E3A&SUBSYS_183D103C&REV_04\3&11583659&0&B0
Service: 
.
Class GUID: 
Description: Dispositivo PCI
Device ID: PCI\VEN_10EC&DEV_5229&SUBSYS_183D103C&REV_01\4&72CB206&0&00E2
Manufacturer: 
Name: Dispositivo PCI
PNP Device ID: PCI\VEN_10EC&DEV_5229&SUBSYS_183D103C&REV_01\4&72CB206&0&00E2
Service: 
.
==== System Restore Points ===================
.
RP179: 19/02/2014 12:20:09 - Removed Corel Graphics - Windows Shell Extension.
RP180: 19/02/2014 12:22:39 - Removed Adobe Reader XI (11.0.06) - Português.
RP181: 19/02/2014 12:24:42 - Removed Crystal Reports 2008
RP183: 19/02/2014 12:29:54 - Removed Crystal Reports XI
RP184: 19/02/2014 12:31:59 - Removed Crystal Reports 2008 Portuguese (Brazilian) Language Pack
RP185: 19/02/2014 12:32:39 - Removed Epson Customer Participation
RP186: 19/02/2014 12:33:08 - Removed Epson Event Manager
RP187: 19/02/2014 12:35:18 - Removed Microsoft SQL Server 2005 Compact Edition [ENU]
RP188: 19/02/2014 12:35:54 - Removido Microsoft Visual C++ 2005 Redistributable
RP189: 19/02/2014 12:40:03 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP190: 19/02/2014 12:40:40 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
RP191: 19/02/2014 12:41:46 - Removed Microsoft Visual Studio Tools for Applications 2.0 - ENU
RP192: 19/02/2014 12:43:19 - Removed Microsoft Visual Studio Tools for Applications 2.0 Runtime
RP193: 19/02/2014 12:50:06 - Removed Facebook Video Calling 2.0.0.447
RP194: 20/02/2014 10:08:06 - Instalado Microsoft Visual C++ 2005 Redistributable
RP195: 21/02/2014 15:42:21 - Installed SendBlaster 3
.
==== Installed Programs ======================
.
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Arquivo do WinRAR
Athena ASEDrive 2.9.0.0
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
Broadcom 802.11 Wireless LAN Adapter
Brother DCP-8085DN
Brother MFL-Pro Suite MFC-8480DN
CCleaner
CorelDRAW Graphics Suite X6
CorelDRAW Graphics Suite X6 - BR
CorelDRAW Graphics Suite X6 - Capture
CorelDRAW Graphics Suite X6 - Common
CorelDRAW Graphics Suite X6 - Connect
CorelDRAW Graphics Suite X6 - Custom Data
CorelDRAW Graphics Suite X6 - Draw
CorelDRAW Graphics Suite X6 - Filters
CorelDRAW Graphics Suite X6 - FontNav
CorelDRAW Graphics Suite X6 - IPM
CorelDRAW Graphics Suite X6 - PHOTO-PAINT
CorelDRAW Graphics Suite X6 - Photozoom Plugin
CorelDRAW Graphics Suite X6 - Redist
CorelDRAW Graphics Suite X6 - Setup Files
CorelDRAW Graphics Suite X6 - VBA
CorelDRAW Graphics Suite X6 - VideoBrowser
CorelDRAW Graphics Suite X6 - VSTA
CorelDRAW Graphics Suite X6 - Writing Tools
D3DX10
DAEMON Tools Lite
Dropbox
DVD Shrink 3.2
EPSON L355 Series Printer Uninstall
EPSON Scan
EpsonNet Print
eToken PKI Client 5.1 SP1
Firebird ODBC Driver 1.2.0.69
Foxit Cloud
Foxit Reader
Free Audio Dub version 1.7.9.908
Free Video Dub version 2.0.17.128
Galeria de Fotos
Google Chrome
Google Update Helper
Guitar Pro 5.2
HK-Software IBExpert Developer Studio Trial Version
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® USB 3.0 eXtensible Host Controller Driver
Java 7 Update 45
Java Auto Updater
Módulo de Proteção Santander 3.2.0.2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended PTB Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft XML Parser
Movie Maker
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
OpenTrust SCM Client
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
Photo Common
Photo Gallery
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
SCM Installation Kit for Vectury (Version 4.3 - r119307)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
SendBlaster 3
Skype™ 6.6
Spark 2.6.0.12343
Speex for Windows 1.0.5
Synaptics Pointing Device Driver
UltraVnc
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
VCRedistSetup
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xerox WorkCentre 3210
.
==== End Of File ===========================
 
 
 
GMER
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-24 09:49:20
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LM012_HN-M500MBB rev.2AR10002 465,76GB
Running: b0nfsdro.exe; Driver: C:\Users\Vitor\AppData\Local\Temp\kgriypog.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9                                                                                                                                                            83253839 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                               832783F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
init            C:\Windows\system32\DRIVERS\aksifdh.sys                                                                                                                                                              entry point in "init" section [0x93221090]
 
---- User code sections - GMER 2.1 ----
 
.text           C:\Windows\system32\services.exe[600] kernel32.dll!FreeLibraryAndExitThread                                                                                                                          77AD34E0 5 Bytes  JMP 3C2A8FBB C:\Program Files\GbPlugin\gbiehabn.dll
.text           C:\Windows\system32\services.exe[600] kernel32.dll!FreeLibrary                                                                                                                                       77AE19C9 5 Bytes  JMP 3C2A9043 C:\Program Files\GbPlugin\gbiehabn.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] kernel32.dll!CreateThread                                                                                                                      77AE27DD 5 Bytes  JMP 6C7B75DB C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!EnableWindow                                                                                                                        7775A72E 5 Bytes  JMP 6C7F9EB4 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!UnhookWindowsHookEx                                                                                                                 7775CC7B 5 Bytes  JMP 6C83ED00 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CallNextHookEx                                                                                                                      7775CC8F 5 Bytes  JMP 6C817FDF C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DefWindowProcA                                                                                                                      7775E0E4 7 Bytes  JMP 6C7B9805 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CreateWindowExA                                                                                                                     7775E18A 5 Bytes  JMP 6C7C363B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!CreateWindowExW                                                                                                                     77760E51 5 Bytes  JMP 6C8203CF C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!SetWindowsHookExW                                                                                                                   7776210A 5 Bytes  JMP 6C7F25AC C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DefWindowProcW                                                                                                                      7776724B 7 Bytes  JMP 6C818042 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxIndirectParamW                                                                                                             77784AA7 5 Bytes  JMP 6C948FB6 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxParamW                                                                                                                     7778564A 5 Bytes  JMP 6C751893 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxParamA                                                                                                                     7779CF6A 5 Bytes  JMP 6C948F51 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!DialogBoxIndirectParamA                                                                                                             7779D29C 5 Bytes  JMP 6C94901B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxIndirectA                                                                                                                 777AE8C9 5 Bytes  JMP 6C948ED8 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxIndirectW                                                                                                                 777AE9C3 5 Bytes  JMP 6C948E5F C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxExA                                                                                                                       777AEA29 5 Bytes  JMP 6C948DFB C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] USER32.dll!MessageBoxExW                                                                                                                       777AEA4D 5 Bytes  JMP 6C948D97 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] ole32.dll!OleLoadFromStream                                                                                                                    76D05BF6 5 Bytes  JMP 6C949784 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] ole32.dll!CoUnmarshalInterface                                                                                                                 76D3533B 6 Bytes  JMP 71A2000A 
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] WS2_32.dll!getaddrinfo                                                                                                                         76EE6737 6 Bytes  JMP 71AF000A 
.text           C:\Program Files\Internet Explorer\iexplore.exe[1844] WS2_32.dll!gethostbyname                                                                                                                       76EF7133 6 Bytes  JMP 71A8000A 
.text           C:\Windows\Explorer.EXE[3300] ole32.dll!CoUnmarshalInterface                                                                                                                                         76D3533B 6 Bytes  JMP 71AB000A 
.text           C:\Program Files\Internet Explorer\iexplore.exe[5152] USER32.dll!EnableWindow                                                                                                                        7775A72E 5 Bytes  JMP 6C7F9EB4 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5152] USER32.dll!DialogBoxIndirectParamW                                                                                                             77784AA7 5 Bytes  JMP 6C948FB6 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5152] USER32.dll!DialogBoxParamW                                                                                                                     7778564A 5 Bytes  JMP 6C751893 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5152] USER32.dll!DialogBoxParamA                                                                                                                     7779CF6A 5 Bytes  JMP 6C948F51 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5152] USER32.dll!DialogBoxIndirectParamA                                                                                                             7779D29C 5 Bytes  JMP 6C94901B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5152] USER32.dll!MessageBoxIndirectA                                                                                                                 777AE8C9 5 Bytes  JMP 6C948ED8 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5152] USER32.dll!MessageBoxIndirectW                                                                                                                 777AE9C3 5 Bytes  JMP 6C948E5F C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5152] USER32.dll!MessageBoxExA                                                                                                                       777AEA29 5 Bytes  JMP 6C948DFB C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[5152] USER32.dll!MessageBoxExW                                                                                                                       777AEA4D 5 Bytes  JMP 6C948D97 C:\Windows\system32\IEFRAME.dll
.text           C:\Users\Vitor\Downloads\b0nfsdro.exe[6024] USER32.dll!FindWindowExA                                                                                                                                 77757184 5 Bytes  JMP 3C2A2229 C:\Program Files\GbPlugin\gbiehabn.dll
.text           C:\Users\Vitor\Downloads\b0nfsdro.exe[6024] USER32.dll!FindWindowA                                                                                                                                   7775A818 5 Bytes  JMP 3C2A21F0 C:\Program Files\GbPlugin\gbiehabn.dll
.text           C:\Users\Vitor\Downloads\b0nfsdro.exe[6024] USER32.dll!GetAsyncKeyState                                                                                                                              7775C09A 5 Bytes  JMP 3C28E7F9 C:\Program Files\GbPlugin\gbiehabn.dll
.text           C:\Users\Vitor\Downloads\b0nfsdro.exe[6024] USER32.dll!SetWindowsHookExW                                                                                                                             7776210A 5 Bytes  JMP 3C28E5EE C:\Program Files\GbPlugin\gbiehabn.dll
.text           C:\Users\Vitor\Downloads\b0nfsdro.exe[6024] USER32.dll!GetKeyState                                                                                                                                   77764FDA 5 Bytes  JMP 3C28E921 C:\Program Files\GbPlugin\gbiehabn.dll
.text           C:\Users\Vitor\Downloads\b0nfsdro.exe[6024] USER32.dll!GetKeyboardState                                                                                                                              77786B3E 5 Bytes  JMP 3C28EA30 C:\Program Files\GbPlugin\gbiehabn.dll
.text           C:\Users\Vitor\Downloads\b0nfsdro.exe[6024] USER32.dll!SetWindowsHookExA                                                                                                                             77786DFA 5 Bytes  JMP 3C28E59A C:\Program Files\GbPlugin\gbiehabn.dll
.text           C:\Users\Vitor\Downloads\b0nfsdro.exe[6024] ole32.dll!CoUnmarshalInterface                                                                                                                           76D3533B 6 Bytes  JMP 71AB000A 
 
---- Devices - GMER 2.1 ----
 
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                                                              Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                                                              Wdf01000.sys
 
---- Registry - GMER 2.1 ----
 
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4207b00                                                                                                                          
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4207b00@00026b00b848                                                                                                             0x4C 0x0A 0x52 0xF6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf4207b00@3c363df1220c                                                                                                             0x42 0x02 0x68 0x26 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4207b00 (not active ControlSet)                                                                                                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4207b00@00026b00b848                                                                                                                 0x4C 0x0A 0x52 0xF6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf4207b00@3c363df1220c                                                                                                                 0x42 0x02 0x68 0x26 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6962BCE-6DFC-A861-0B2A-086BC89748A8}                                                                                      
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6962BCE-6DFC-A861-0B2A-086BC89748A8}@lajaeidkjjnkbigfflmfofcj                                                             0x62 0x61 0x6C 0x6A ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6962BCE-6DFC-A861-0B2A-086BC89748A8}@kadffpidhppdbnhoglnafg                                                               0x62 0x61 0x63 0x65 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6962BCE-6DFC-A861-0B2A-086BC89748A8}@kadffpidhppdbnhoglnaeg                                                               0x62 0x61 0x6C 0x6A ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6962BCE-6DFC-A861-0B2A-086BC89748A8}@kadffpidhppdbnhoglnadg                                                               0x62 0x61 0x6C 0x6A ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6962BCE-6DFC-A861-0B2A-086BC89748A8}@kagaohihpfglookhliclgj                                                               0x61 0x61 0x00 0x6A 
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6962BCE-6DFC-A861-0B2A-086BC89748A8}@kagaphcibopkoekeciemlm                                                               0x61 0x61 0x00 0x6A 
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6962BCE-6DFC-A861-0B2A-086BC89748A8}@hakaanjhalalcdec                                                                     0x61 0x61 0x00 0x6A 
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Vitor\Documentos\Programas\NERO 8 + serial by Blog da Informática\xae\Nero-8.2.8.0_ptb_br.exe  1
 
---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro TIEiffelSerra

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

 
# Etapa nº 2 #
 

  • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
No final do scan será aberto um log com o resultado.
Caso algo seja detectado, clique então no botão Remover.
Novamente, no final do scan será aberto um log com o resultado.
Copie todo seu conteúdo e cole em sua próxima resposta.

 
# Etapa nº 3 #
 
Leia as instruções contidas neste link:
 
 
 
 
Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
[*]Duplo clique no icone desktopicon.png que está no desktop.
[*]Leia e aceite as condições, digitando 1 e enter.
[*]Computadores com Windows XP deverão instalar o Console de Recuperação:
Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
Clique em "OK" ao EULA.
Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.
[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
[*]Poderá surgir o aviso que é necessário reiniciar o computador.
NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.


NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela atenção. O ComboFix não roda, ele faz o bkp do registro, da a mensagem de Warning se utilizado em modo de compatibilidade e fecha.

 

Os outros logs estão aqui:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x86
Ran by Vitor on 26/02/2014 at 13:06:51,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funmoods
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3068686931-3783116967-4089573513-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\funmoods
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\dsearchlink"
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Vitor\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Vitor\AppData\Roaming\claro"
Successfully deleted: [Folder] "C:\Users\Vitor\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Vitor\AppData\Roaming\funmoods"
Successfully deleted: [Folder] "C:\Users\Vitor\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Vitor\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Users\Vitor\appdata\local\lollipop"
Successfully deleted: [Folder] "C:\Users\Vitor\appdata\locallow\funmoods"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/02/2014 at 13:10:26,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

# AdwCleaner v3.019 - Relatório criado 26/02/2014 às 13:14:14
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate  (32 bits)
# Usuário : Vitor - VITOR-TI
# Executando de : C:\Users\Vitor\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Vitor\WebConnect
Pasta Deletada : C:\Users\Vitor\Desktop\iac
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods

***** [ Atalhos ] *****

***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14B7BA05-C238-4AA0-9546-94B97DE4E6EF}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14B7BA05-C238-4AA0-9546-94B97DE4E6EF}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKLM\Software\Description
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16457

-\\ Google Chrome v33.0.1750.117

[ Arquivo : C:\Users\Vitor\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2764 octets] - [26/02/2014 13:11:50]
AdwCleaner[s0].txt - [2678 octets] - [26/02/2014 13:14:14]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2738 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro TIEiffelSerra

 

Faça o donwload do OTL by OldTimer e salve em seu Desktop.
  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Deixe a tela principal configurada conforme figura abaixo:

5369448421_6bf795eb1a_b.jpg

  • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg
netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sys/md5stop
  • Clique no botão 5370056362_e3d07d5d8a_m.jpg
Não interrompa o scan em hipótese alguma;
Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
Poste os dois logs em sua próxima resposta.
Não exclua o OTL

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Só gerou um log, o outro que mencionou chamado EXTRAS, não apareceu quando terminou o Scan:

 

OTL

 

OTL Extras logfile created on: 06/03/2014 09:38:28 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Vitor\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,66 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 50,72% Memory free
5,32 Gb Paging File | 3,81 Gb Available in Paging File | 71,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,48 Gb Total Space | 77,74 Gb Free Space | 53,07% Space Free | Partition Type: NTFS
Drive D: | 319,18 Gb Total Space | 126,25 Gb Free Space | 39,56% Space Free | Partition Type: NTFS
 
Computer Name: VITOR-TI | User Name: Vitor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3068686931-3783116967-4089573513-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\system32\csrss.exe" = C:\Windows\system32\csrss.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe" = C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe:*:Enabled:ipsec -- (Google Inc.)
"C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe" = C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe:*:Enabled:ipsec -- (Aladdin Knowledge Systems, Ltd.)
"C:\Users\Vitor\AppData\Local\Temp\winsoyp.exe" = C:\Users\Vitor\AppData\Local\Temp\winsoyp.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winmnfb.exe" = C:\Users\Vitor\AppData\Local\Temp\winmnfb.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winmdtly.exe" = C:\Users\Vitor\AppData\Local\Temp\winmdtly.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\kjym.exe" = C:\Users\Vitor\AppData\Local\Temp\kjym.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winptfn.exe" = C:\Users\Vitor\AppData\Local\Temp\winptfn.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winaoqlt.exe" = C:\Users\Vitor\AppData\Local\Temp\winaoqlt.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\cpsktx.exe" = C:\Users\Vitor\AppData\Local\Temp\cpsktx.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\migi.exe" = C:\Users\Vitor\AppData\Local\Temp\migi.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winobbem.exe" = C:\Users\Vitor\AppData\Local\Temp\winobbem.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winsnukjs.exe" = C:\Users\Vitor\AppData\Local\Temp\winsnukjs.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\wincpjffb.exe" = C:\Users\Vitor\AppData\Local\Temp\wincpjffb.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\bhrhu.exe" = C:\Users\Vitor\AppData\Local\Temp\bhrhu.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\eipdvy.exe" = C:\Users\Vitor\AppData\Local\Temp\eipdvy.exe:*:Enabled:ipsec
"C:\Apollo\Apollo.exe" = C:\Apollo\Apollo.exe:*:Enabled:ipsec -- ()
"C:\Windows\system32\winlogon.exe" = C:\Windows\system32\winlogon.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Windows\TEMP\ljdl.exe" = C:\Windows\TEMP\ljdl.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winieib.exe" = C:\Windows\TEMP\winieib.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winmjrv.exe" = C:\Windows\TEMP\winmjrv.exe:*:Enabled:ipsec
"C:\Windows\TEMP\vvopl.exe" = C:\Windows\TEMP\vvopl.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winwofip.exe" = C:\Windows\TEMP\winwofip.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winrhio.exe" = C:\Windows\TEMP\winrhio.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winlvlugc.exe" = C:\Windows\TEMP\winlvlugc.exe:*:Enabled:ipsec
"C:\ProgramData\DatacardService\HWDeviceService.exe" = C:\ProgramData\DatacardService\HWDeviceService.exe:*:Enabled:ipsec -- ()
"C:\ProgramData\DatacardService\DCSHelper.exe" = C:\ProgramData\DatacardService\DCSHelper.exe:*:Enabled:ipsec -- (Huawei Technologies Co., Ltd.)
"C:\Windows\TEMP\winghubcv.exe" = C:\Windows\TEMP\winghubcv.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winalqrox.exe" = C:\Windows\TEMP\winalqrox.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\wfke.exe" = C:\Users\Vitor\AppData\Local\Temp\wfke.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\wapp.exe" = C:\Users\Vitor\AppData\Local\Temp\wapp.exe:*:Enabled:ipsec
"C:\Windows\TEMP\wineepto.exe" = C:\Windows\TEMP\wineepto.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\mdlcs.exe" = C:\Users\Vitor\AppData\Local\Temp\mdlcs.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winmvyi.exe" = C:\Users\Vitor\AppData\Local\Temp\winmvyi.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winmjcrnl.exe" = C:\Windows\TEMP\winmjcrnl.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winwmtpe.exe" = C:\Users\Vitor\AppData\Local\Temp\winwmtpe.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winycaixg.exe" = C:\Windows\TEMP\winycaixg.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winwapywl.exe" = C:\Windows\TEMP\winwapywl.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\auuda.exe" = C:\Users\Vitor\AppData\Local\Temp\auuda.exe:*:Enabled:ipsec
"C:\Windows\TEMP\bvcbmg.exe" = C:\Windows\TEMP\bvcbmg.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\trvdx.exe" = C:\Users\Vitor\AppData\Local\Temp\trvdx.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winfjuw.exe" = C:\Windows\TEMP\winfjuw.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winoyqd.exe" = C:\Users\Vitor\AppData\Local\Temp\winoyqd.exe:*:Enabled:ipsec
"C:\Windows\TEMP\hubhg.exe" = C:\Windows\TEMP\hubhg.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winrglt.exe" = C:\Users\Vitor\AppData\Local\Temp\winrglt.exe:*:Enabled:ipsec
"C:\Windows\system32\taskhost.exe" = C:\Windows\system32\taskhost.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Windows\TEMP\winxaxpc.exe" = C:\Windows\TEMP\winxaxpc.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winuqnh.exe" = C:\Windows\TEMP\winuqnh.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winobrcd.exe" = C:\Windows\TEMP\winobrcd.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\wvag.exe" = C:\Users\Vitor\AppData\Local\Temp\wvag.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winvdyx.exe" = C:\Users\Vitor\AppData\Local\Temp\winvdyx.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winqgjft.exe" = C:\Users\Vitor\AppData\Local\Temp\winqgjft.exe:*:Enabled:ipsec
"C:\Windows\TEMP\ijep.exe" = C:\Windows\TEMP\ijep.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\ywypqc.exe" = C:\Users\Vitor\AppData\Local\Temp\ywypqc.exe:*:Enabled:ipsec
"C:\Windows\TEMP\csrkky.exe" = C:\Windows\TEMP\csrkky.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\qclynm.exe" = C:\Users\Vitor\AppData\Local\Temp\qclynm.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winnkqhsb.exe" = C:\Windows\TEMP\winnkqhsb.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winwehobb.exe" = C:\Users\Vitor\AppData\Local\Temp\winwehobb.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winvjnkas.exe" = C:\Windows\TEMP\winvjnkas.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winslhqb.exe" = C:\Users\Vitor\AppData\Local\Temp\winslhqb.exe:*:Enabled:ipsec
"C:\Windows\TEMP\pwfrek.exe" = C:\Windows\TEMP\pwfrek.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\wtkwmf.exe" = C:\Users\Vitor\AppData\Local\Temp\wtkwmf.exe:*:Enabled:ipsec
"C:\Windows\TEMP\bkhav.exe" = C:\Windows\TEMP\bkhav.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winbjrxf.exe" = C:\Users\Vitor\AppData\Local\Temp\winbjrxf.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winouol.exe" = C:\Windows\TEMP\winouol.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winckgchv.exe" = C:\Windows\TEMP\winckgchv.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winlrmyem.exe" = C:\Users\Vitor\AppData\Local\Temp\winlrmyem.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\nrhahd.exe" = C:\Users\Vitor\AppData\Local\Temp\nrhahd.exe:*:Enabled:ipsec
"C:\Program Files\Google\Update\GoogleUpdate.exe" = C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec -- (Google Inc.)
"C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe" = C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe:*:Enabled:ipsec -- (Realsil Microelectronics Inc.)
"C:\Windows\system32\wininit.exe" = C:\Windows\system32\wininit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Windows\TEMP\winkifhy.exe" = C:\Windows\TEMP\winkifhy.exe:*:Enabled:ipsec
"C:\Windows\TEMP\vkdypx.exe" = C:\Windows\TEMP\vkdypx.exe:*:Enabled:ipsec
"C:\Windows\TEMP\capy.exe" = C:\Windows\TEMP\capy.exe:*:Enabled:ipsec
"C:\Windows\TEMP\sscq.exe" = C:\Windows\TEMP\sscq.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winprteno.exe" = C:\Windows\TEMP\winprteno.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winlkjdf.exe" = C:\Windows\TEMP\winlkjdf.exe:*:Enabled:ipsec
"C:\Windows\TEMP\ndilp.exe" = C:\Windows\TEMP\ndilp.exe:*:Enabled:ipsec
"C:\Windows\system32\wbem\wmiprvse.exe" = C:\Windows\system32\wbem\wmiprvse.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe" = C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe:*:Enabled:ipsec -- ()
"C:\Windows\TEMP\winatqmdn.exe" = C:\Windows\TEMP\winatqmdn.exe:*:Enabled:ipsec
"C:\Windows\TEMP\nwqk.exe" = C:\Windows\TEMP\nwqk.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winxbxk.exe" = C:\Users\Vitor\AppData\Local\Temp\winxbxk.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winlekjgj.exe" = C:\Users\Vitor\AppData\Local\Temp\winlekjgj.exe:*:Enabled:ipsec
"C:\Windows\TEMP\wincgsvh.exe" = C:\Windows\TEMP\wincgsvh.exe:*:Enabled:ipsec
"C:\Windows\TEMP\lysami.exe" = C:\Windows\TEMP\lysami.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\wingeum.exe" = C:\Users\Vitor\AppData\Local\Temp\wingeum.exe:*:Enabled:ipsec
"C:\Windows\TEMP\msdj.exe" = C:\Windows\TEMP\msdj.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\pfma.exe" = C:\Users\Vitor\AppData\Local\Temp\pfma.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winkacim.exe" = C:\Windows\TEMP\winkacim.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winopubpn.exe" = C:\Users\Vitor\AppData\Local\Temp\winopubpn.exe:*:Enabled:ipsec
"C:\Windows\TEMP\bruiy.exe" = C:\Windows\TEMP\bruiy.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winegns.exe" = C:\Users\Vitor\AppData\Local\Temp\winegns.exe:*:Enabled:ipsec
"C:\Windows\TEMP\kkyhj.exe" = C:\Windows\TEMP\kkyhj.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\ufybf.exe" = C:\Users\Vitor\AppData\Local\Temp\ufybf.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winepch.exe" = C:\Windows\TEMP\winepch.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winjdpuda.exe" = C:\Users\Vitor\AppData\Local\Temp\winjdpuda.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winhoyg.exe" = C:\Windows\TEMP\winhoyg.exe:*:Enabled:ipsec
"C:\Windows\TEMP\oxgwuh.exe" = C:\Windows\TEMP\oxgwuh.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winxmwvdr.exe" = C:\Users\Vitor\AppData\Local\Temp\winxmwvdr.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\rnitut.exe" = C:\Users\Vitor\AppData\Local\Temp\rnitut.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winsiatwg.exe" = C:\Windows\TEMP\winsiatwg.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winghgv.exe" = C:\Users\Vitor\AppData\Local\Temp\winghgv.exe:*:Enabled:ipsec
"C:\Windows\TEMP\wineodhrc.exe" = C:\Windows\TEMP\wineodhrc.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winblrk.exe" = C:\Users\Vitor\AppData\Local\Temp\winblrk.exe:*:Enabled:ipsec
"C:\Windows\TEMP\wininxcii.exe" = C:\Windows\TEMP\wininxcii.exe:*:Enabled:ipsec
"C:\Windows\TEMP\pgqvyr.exe" = C:\Windows\TEMP\pgqvyr.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\cfwrs.exe" = C:\Users\Vitor\AppData\Local\Temp\cfwrs.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winfiglt.exe" = C:\Users\Vitor\AppData\Local\Temp\winfiglt.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winenvknf.exe" = C:\Windows\TEMP\winenvknf.exe:*:Enabled:ipsec
"C:\Windows\TEMP\ixsxk.exe" = C:\Windows\TEMP\ixsxk.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winwyak.exe" = C:\Users\Vitor\AppData\Local\Temp\winwyak.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\dxmbul.exe" = C:\Users\Vitor\AppData\Local\Temp\dxmbul.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winhgjego.exe" = C:\Windows\TEMP\winhgjego.exe:*:Enabled:ipsec
"C:\Windows\TEMP\dfhs.exe" = C:\Windows\TEMP\dfhs.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winyyvg.exe" = C:\Users\Vitor\AppData\Local\Temp\winyyvg.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\qquuts.exe" = C:\Users\Vitor\AppData\Local\Temp\qquuts.exe:*:Enabled:ipsec
"C:\Windows\system32\taskmgr.exe" = C:\Windows\system32\taskmgr.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Windows\TEMP\winftrw.exe" = C:\Windows\TEMP\winftrw.exe:*:Enabled:ipsec
"C:\Windows\TEMP\mbfqx.exe" = C:\Windows\TEMP\mbfqx.exe:*:Enabled:ipsec
"C:\Windows\TEMP\eeid.exe" = C:\Windows\TEMP\eeid.exe:*:Enabled:ipsec
"C:\Windows\TEMP\windqcgy.exe" = C:\Windows\TEMP\windqcgy.exe:*:Enabled:ipsec
"C:\Windows\TEMP\qevwmt.exe" = C:\Windows\TEMP\qevwmt.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winnfeamn.exe" = C:\Users\Vitor\AppData\Local\Temp\winnfeamn.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winnbbfh.exe" = C:\Users\Vitor\AppData\Local\Temp\winnbbfh.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winesbphg.exe" = C:\Windows\TEMP\winesbphg.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\wintdmmbs.exe" = C:\Users\Vitor\AppData\Local\Temp\wintdmmbs.exe:*:Enabled:ipsec
"C:\Windows\TEMP\ktmca.exe" = C:\Windows\TEMP\ktmca.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\xreyl.exe" = C:\Users\Vitor\AppData\Local\Temp\xreyl.exe:*:Enabled:ipsec
"C:\Windows\TEMP\windhmh.exe" = C:\Windows\TEMP\windhmh.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winvcukw.exe" = C:\Users\Vitor\AppData\Local\Temp\winvcukw.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winfxdr.exe" = C:\Windows\TEMP\winfxdr.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winvqvo.exe" = C:\Users\Vitor\AppData\Local\Temp\winvqvo.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winfllf.exe" = C:\Windows\TEMP\winfllf.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\oqpjp.exe" = C:\Users\Vitor\AppData\Local\Temp\oqpjp.exe:*:Enabled:ipsec
"C:\Windows\TEMP\nsxsk.exe" = C:\Windows\TEMP\nsxsk.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winpmdquj.exe" = C:\Users\Vitor\AppData\Local\Temp\winpmdquj.exe:*:Enabled:ipsec
"C:\Windows\TEMP\dtcygv.exe" = C:\Windows\TEMP\dtcygv.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\tamja.exe" = C:\Users\Vitor\AppData\Local\Temp\tamja.exe:*:Enabled:ipsec
"C:\Windows\system32\Dwm.exe" = C:\Windows\system32\Dwm.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Windows\TEMP\winnilwk.exe" = C:\Windows\TEMP\winnilwk.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winpowlu.exe" = C:\Windows\TEMP\winpowlu.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\vgxd.exe" = C:\Users\Vitor\AppData\Local\Temp\vgxd.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winwlmdy.exe" = C:\Users\Vitor\AppData\Local\Temp\winwlmdy.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winxuec.exe" = C:\Windows\TEMP\winxuec.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winqkgjto.exe" = C:\Users\Vitor\AppData\Local\Temp\winqkgjto.exe:*:Enabled:ipsec
"C:\Windows\TEMP\wincxpufs.exe" = C:\Windows\TEMP\wincxpufs.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\fqoqc.exe" = C:\Users\Vitor\AppData\Local\Temp\fqoqc.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winaqeuq.exe" = C:\Windows\TEMP\winaqeuq.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winoxgjc.exe" = C:\Users\Vitor\AppData\Local\Temp\winoxgjc.exe:*:Enabled:ipsec
"C:\Windows\TEMP\gisp.exe" = C:\Windows\TEMP\gisp.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winlepmaq.exe" = C:\Windows\TEMP\winlepmaq.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\abvun.exe" = C:\Users\Vitor\AppData\Local\Temp\abvun.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winsgaa.exe" = C:\Users\Vitor\AppData\Local\Temp\winsgaa.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winlthp.exe" = C:\Windows\TEMP\winlthp.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winqhpl.exe" = C:\Users\Vitor\AppData\Local\Temp\winqhpl.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winaons.exe" = C:\Windows\TEMP\winaons.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winwwgyi.exe" = C:\Users\Vitor\AppData\Local\Temp\winwwgyi.exe:*:Enabled:ipsec
"C:\Windows\TEMP\futft.exe" = C:\Windows\TEMP\futft.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winemrocm.exe" = C:\Users\Vitor\AppData\Local\Temp\winemrocm.exe:*:Enabled:ipsec
"C:\Windows\TEMP\wingllfeh.exe" = C:\Windows\TEMP\wingllfeh.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\fgqs.exe" = C:\Users\Vitor\AppData\Local\Temp\fgqs.exe:*:Enabled:ipsec
"C:\Windows\TEMP\wwsqw.exe" = C:\Windows\TEMP\wwsqw.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winnmif.exe" = C:\Users\Vitor\AppData\Local\Temp\winnmif.exe:*:Enabled:ipsec
"C:\Windows\TEMP\tkrw.exe" = C:\Windows\TEMP\tkrw.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\sfyxk.exe" = C:\Users\Vitor\AppData\Local\Temp\sfyxk.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\gnhtyd.exe" = C:\Users\Vitor\AppData\Local\Temp\gnhtyd.exe:*:Enabled:ipsec
"C:\Windows\TEMP\rjfrad.exe" = C:\Windows\TEMP\rjfrad.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winkunvq.exe" = C:\Windows\TEMP\winkunvq.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winpbfc.exe" = C:\Windows\TEMP\winpbfc.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\wintoeqb.exe" = C:\Users\Vitor\AppData\Local\Temp\wintoeqb.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\mfeae.exe" = C:\Users\Vitor\AppData\Local\Temp\mfeae.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winypytr.exe" = C:\Windows\TEMP\winypytr.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\tkssm.exe" = C:\Users\Vitor\AppData\Local\Temp\tkssm.exe:*:Enabled:ipsec
"C:\Windows\TEMP\dgaih.exe" = C:\Windows\TEMP\dgaih.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\amkdh.exe" = C:\Users\Vitor\AppData\Local\Temp\amkdh.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winshhxf.exe" = C:\Windows\TEMP\winshhxf.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winmqffox.exe" = C:\Users\Vitor\AppData\Local\Temp\winmqffox.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winscif.exe" = C:\Windows\TEMP\winscif.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winolmid.exe" = C:\Users\Vitor\AppData\Local\Temp\winolmid.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winkjlutg.exe" = C:\Windows\TEMP\winkjlutg.exe:*:Enabled:ipsec
"C:\Windows\TEMP\mqfqcj.exe" = C:\Windows\TEMP\mqfqcj.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winynsl.exe" = C:\Users\Vitor\AppData\Local\Temp\winynsl.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winfnlto.exe" = C:\Users\Vitor\AppData\Local\Temp\winfnlto.exe:*:Enabled:ipsec
"C:\Windows\TEMP\windsiwqy.exe" = C:\Windows\TEMP\windsiwqy.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winqdiqom.exe" = C:\Users\Vitor\AppData\Local\Temp\winqdiqom.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winlkjawe.exe" = C:\Windows\TEMP\winlkjawe.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winexjt.exe" = C:\Users\Vitor\AppData\Local\Temp\winexjt.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winmkas.exe" = C:\Windows\TEMP\winmkas.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\wvydl.exe" = C:\Users\Vitor\AppData\Local\Temp\wvydl.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winmjjrtj.exe" = C:\Windows\TEMP\winmjjrtj.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winhmma.exe" = C:\Users\Vitor\AppData\Local\Temp\winhmma.exe:*:Enabled:ipsec
"C:\Windows\TEMP\uqtsj.exe" = C:\Windows\TEMP\uqtsj.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\uvyirq.exe" = C:\Users\Vitor\AppData\Local\Temp\uvyirq.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winfgsc.exe" = C:\Windows\TEMP\winfgsc.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\vwxpe.exe" = C:\Users\Vitor\AppData\Local\Temp\vwxpe.exe:*:Enabled:ipsec
"C:\Windows\TEMP\wineweko.exe" = C:\Windows\TEMP\wineweko.exe:*:Enabled:ipsec
"C:\Windows\TEMP\qvgve.exe" = C:\Windows\TEMP\qvgve.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winvmrwn.exe" = C:\Windows\TEMP\winvmrwn.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winfbepa.exe" = C:\Windows\TEMP\winfbepa.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winfcesa.exe" = C:\Windows\TEMP\winfcesa.exe:*:Enabled:ipsec
"C:\Windows\system32\WLANExt.exe" = C:\Windows\system32\WLANExt.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Windows\TEMP\winislc.exe" = C:\Windows\TEMP\winislc.exe:*:Enabled:ipsec
"C:\Windows\TEMP\bgcv.exe" = C:\Windows\TEMP\bgcv.exe:*:Enabled:ipsec
"C:\Windows\TEMP\sdnk.exe" = C:\Windows\TEMP\sdnk.exe:*:Enabled:ipsec
"C:\Windows\TEMP\bqvvkb.exe" = C:\Windows\TEMP\bqvvkb.exe:*:Enabled:ipsec
"C:\Windows\TEMP\jcwn.exe" = C:\Windows\TEMP\jcwn.exe:*:Enabled:ipsec
"C:\Windows\TEMP\rkeh.exe" = C:\Windows\TEMP\rkeh.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winyobaa.exe" = C:\Windows\TEMP\winyobaa.exe:*:Enabled:ipsec
"C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe" = C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe:*:Enabled:ipsec -- (Samsung Electronics Co., Ltd.)
"C:\Windows\TEMP\bkue.exe" = C:\Windows\TEMP\bkue.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winllggid.exe" = C:\Windows\TEMP\winllggid.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\wintgmqa.exe" = C:\Users\Vitor\AppData\Local\Temp\wintgmqa.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\gddtu.exe" = C:\Users\Vitor\AppData\Local\Temp\gddtu.exe:*:Enabled:ipsec
"C:\Windows\TEMP\umhwxi.exe" = C:\Windows\TEMP\umhwxi.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winyjclru.exe" = C:\Windows\TEMP\winyjclru.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winwoxa.exe" = C:\Users\Vitor\AppData\Local\Temp\winwoxa.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\vpefle.exe" = C:\Users\Vitor\AppData\Local\Temp\vpefle.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winkypubk.exe" = C:\Windows\TEMP\winkypubk.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winhnndbm.exe" = C:\Users\Vitor\AppData\Local\Temp\winhnndbm.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winuobiq.exe" = C:\Windows\TEMP\winuobiq.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\hqtdoo.exe" = C:\Users\Vitor\AppData\Local\Temp\hqtdoo.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winrfet.exe" = C:\Windows\TEMP\winrfet.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winaldf.exe" = C:\Users\Vitor\AppData\Local\Temp\winaldf.exe:*:Enabled:ipsec
"C:\Windows\TEMP\qrbl.exe" = C:\Windows\TEMP\qrbl.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\phrq.exe" = C:\Users\Vitor\AppData\Local\Temp\phrq.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winmmfdr.exe" = C:\Windows\TEMP\winmmfdr.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\dedx.exe" = C:\Users\Vitor\AppData\Local\Temp\dedx.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winavxvg.exe" = C:\Windows\TEMP\winavxvg.exe:*:Enabled:ipsec
"C:\Windows\TEMP\dswo.exe" = C:\Windows\TEMP\dswo.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\gkyyi.exe" = C:\Users\Vitor\AppData\Local\Temp\gkyyi.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winrvsvmo.exe" = C:\Users\Vitor\AppData\Local\Temp\winrvsvmo.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winqvou.exe" = C:\Windows\TEMP\winqvou.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\oqfol.exe" = C:\Users\Vitor\AppData\Local\Temp\oqfol.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winhgtdpk.exe" = C:\Windows\TEMP\winhgtdpk.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winuotunr.exe" = C:\Users\Vitor\AppData\Local\Temp\winuotunr.exe:*:Enabled:ipsec
"C:\Windows\TEMP\qieari.exe" = C:\Windows\TEMP\qieari.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winubaa.exe" = C:\Windows\TEMP\winubaa.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winqhacv.exe" = C:\Users\Vitor\AppData\Local\Temp\winqhacv.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\jpue.exe" = C:\Users\Vitor\AppData\Local\Temp\jpue.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winmtpplw.exe" = C:\Windows\TEMP\winmtpplw.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\jlfd.exe" = C:\Users\Vitor\AppData\Local\Temp\jlfd.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winrtkla.exe" = C:\Windows\TEMP\winrtkla.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\tuvig.exe" = C:\Users\Vitor\AppData\Local\Temp\tuvig.exe:*:Enabled:ipsec
"C:\Windows\TEMP\clpsb.exe" = C:\Windows\TEMP\clpsb.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winkeom.exe" = C:\Users\Vitor\AppData\Local\Temp\winkeom.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winwhtoq.exe" = C:\Windows\TEMP\winwhtoq.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\ppnts.exe" = C:\Users\Vitor\AppData\Local\Temp\ppnts.exe:*:Enabled:ipsec
"C:\Windows\TEMP\wthqt.exe" = C:\Windows\TEMP\wthqt.exe:*:Enabled:ipsec
"C:\Windows\TEMP\cbqwf.exe" = C:\Windows\TEMP\cbqwf.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\covw.exe" = C:\Users\Vitor\AppData\Local\Temp\covw.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\winbjilry.exe" = C:\Users\Vitor\AppData\Local\Temp\winbjilry.exe:*:Enabled:ipsec
"C:\Windows\TEMP\qkav.exe" = C:\Windows\TEMP\qkav.exe:*:Enabled:ipsec
"C:\Windows\TEMP\nygdkc.exe" = C:\Windows\TEMP\nygdkc.exe:*:Enabled:ipsec
"C:\Windows\TEMP\qtbrf.exe" = C:\Windows\TEMP\qtbrf.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winkqfesc.exe" = C:\Windows\TEMP\winkqfesc.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\icvkfd.exe" = C:\Users\Vitor\AppData\Local\Temp\icvkfd.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\inbk.exe" = C:\Users\Vitor\AppData\Local\Temp\inbk.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winjikexd.exe" = C:\Windows\TEMP\winjikexd.exe:*:Enabled:ipsec
"C:\Windows\TEMP\winylprx.exe" = C:\Windows\TEMP\winylprx.exe:*:Enabled:ipsec -- ()
"C:\Users\Vitor\AppData\Local\Temp\wincrevov.exe" = C:\Users\Vitor\AppData\Local\Temp\wincrevov.exe:*:Enabled:ipsec -- ()
"C:\Windows\TEMP\winindg.exe" = C:\Windows\TEMP\winindg.exe:*:Enabled:ipsec -- ()
"C:\Users\Vitor\AppData\Local\Temp\winacywuv.exe" = C:\Users\Vitor\AppData\Local\Temp\winacywuv.exe:*:Enabled:ipsec
"C:\Windows\TEMP\jkfm.exe" = C:\Windows\TEMP\jkfm.exe:*:Enabled:ipsec
"C:\Users\Vitor\AppData\Local\Temp\vuufjn.exe" = C:\Users\Vitor\AppData\Local\Temp\vuufjn.exe:*:Enabled:ipsec
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F87839-A2DF-4C06-9C2B-E5E85D77AAEE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{23FA4F18-0533-4B93-844C-65341739C697}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{26670BDE-EEA3-45F3-AEC9-8FB9BD35900A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5C7EC0B4-B3AA-437D-A47F-893529DBD4C2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{66903BDC-65ED-458D-86A5-B2228DD3261B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7674FCBE-E7E7-4AAD-8D4C-D055FF357C01}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8E357E71-B46C-47DA-84B5-2F78D5D293CF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9470E450-02D5-466F-A9DC-F26E248CEC38}" = lport=445 | protocol=6 | dir=in | app=system | 
"{96CC6B94-0B86-4D6D-B004-23040291490D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9C99B699-69AE-4476-8005-FF7661E6B621}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9DABC968-EEF7-45E5-9863-91303D3F347D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{C1170AE6-9D2D-4F2E-95E2-56485A81043F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C75BCA11-BCEE-4F3B-878B-F29D4789B139}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D1910619-88D7-4C8F-975A-ED62F4080737}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{EB66812D-41BE-4EA9-A17A-263E3BDB973E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ED0B7FD2-7F8D-4E86-8613-D7A76C0081B1}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B6DCBD-02E1-41BB-9B9C-11F8B70E6577}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{19438694-449C-4011-8389-D0A5528DFC69}" = protocol=6 | dir=in | app=c:\windows\twain_32\xerox\wc3210\sscan2io.exe | 
"{2865CC4C-3AB1-4F43-B015-EFA7CF6B2B87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{287A4FDA-0C27-4843-9317-876AE0D83861}" = protocol=17 | dir=in | app=c:\windows\twain_32\xerox\wc3210\sscan2io.exe | 
"{3E578347-8B95-4A95-AAFB-08BE15CBF351}" = protocol=6 | dir=in | app=c:\users\vitor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4F0FF78B-6635-4652-A2CC-AF213AF59457}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{4F9D76C1-AC24-4697-97FA-9C111159E17D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{4FFBC398-B997-490F-B1FE-54FCE797241F}" = protocol=17 | dir=in | app=c:\users\vitor\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9AD012CE-5E72-4D3B-AA69-404EBDC5FEC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A7B83E26-0CD7-4765-A7BC-7487C967FB57}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{AB0A1F89-938D-4179-A977-66FD0DC4D937}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B9B4CF7A-FF64-40CA-96BA-C64358C7EA78}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EDF9B4AB-8A15-46C9-A646-D68637958322}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe | 
"{FA37584A-FBBB-42DC-AFE0-450905867196}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FD1F9D92-51D9-4F27-AFC9-EFD4D54B4519}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FE00EF19-7C52-4B54-9F78-C8CA5640160C}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe | 
"TCP Query User{017696E8-77D6-49B2-965A-007CA7435D80}D:\vitor\documentos\programas\photoshop 9\adobe® photoshop® cs2\setup.exe" = protocol=6 | dir=in | app=d:\vitor\documentos\programas\photoshop 9\adobe® photoshop® cs2\setup.exe | 
"TCP Query User{070B318D-A901-4C00-9315-215E4F54149D}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{0775BA0B-CF94-41F9-94D3-5348CBB07B08}C:\users\vitor\downloads\u1301.exe" = protocol=6 | dir=in | app=c:\users\vitor\downloads\u1301.exe | 
"TCP Query User{0B947554-94A2-42D2-A706-23648C37762A}C:\program files\spark\spark.exe" = protocol=6 | dir=in | app=c:\program files\spark\spark.exe | 
"TCP Query User{0BFCDF88-E043-4032-BEF0-4EEEAC223FE1}C:\program files\aladdin\etoken\pkiclient\x32\pkimonitor.exe" = protocol=6 | dir=in | app=c:\program files\aladdin\etoken\pkiclient\x32\pkimonitor.exe | 
"TCP Query User{0FE1A29A-AFBF-44C1-8FFA-49D5A6BD0093}E:\common\epsonnet setup\eneasyapp.exe" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe | 
"TCP Query User{197EBB06-B7F7-422B-96CA-159C3C5080F9}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"TCP Query User{1A3ECBBA-1D32-4207-ACD5-E40580A2EF1B}C:\dealerserra\objsglb\ps103atb.exe" = protocol=6 | dir=in | app=c:\dealerserra\objsglb\ps103atb.exe | 
"TCP Query User{4301FAE1-D23D-4648-9AC5-2EE514DD58D0}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"TCP Query User{4303F455-E7A3-4A85-AA4A-DF4BDAB19D61}C:\program files\adobe\adobe photoshop cs2\photoshop.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe photoshop cs2\photoshop.exe | 
"TCP Query User{4F854A7A-46E8-410E-ABD9-6E5F06513D4A}C:\windows\system32\spool\drivers\w32x86\3\e_tatii4e.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\e_tatii4e.exe | 
"TCP Query User{556D6AC7-4E46-483E-8415-47BEB384E7AC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{607CFA89-5E6F-44C5-84A1-52797A391896}C:\program files\adobe\adobe photoshop cs2\imageready.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe photoshop cs2\imageready.exe | 
"TCP Query User{8D943B49-1A24-4956-97F2-C37B10A82E3E}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe | 
"TCP Query User{A8DDD73A-91DB-48DD-BB62-AEF0C68E8555}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe | 
"TCP Query User{ADA8B4A5-72AF-4D00-A5AF-CBAF7667F008}C:\program files\common files\adobe\calibration\adobe gamma loader.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\calibration\adobe gamma loader.exe | 
"TCP Query User{B7580613-1B39-4122-8C66-A3750A0FB7A1}C:\apollo\frentecaixa.exe" = protocol=6 | dir=in | app=c:\apollo\frentecaixa.exe | 
"TCP Query User{E072F4D4-1FFB-4325-AB0F-067752ABA08E}C:\apollo\fiscal.exe" = protocol=6 | dir=in | app=c:\apollo\fiscal.exe | 
"TCP Query User{E83DB235-4AB0-42D9-89FD-D8248C161C2A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{EC7C0B5A-3AC1-4CA7-B35C-125129F4039C}C:\users\vitor\downloads\u1301.exe" = protocol=6 | dir=in | app=c:\users\vitor\downloads\u1301.exe | 
"TCP Query User{FE2E5CD4-3940-4425-B0FD-75976CCA4782}C:\users\vitor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\vitor\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{14FAB4BB-FF8C-4AD7-9D9B-B290507F6462}C:\program files\adobe\adobe photoshop cs2\photoshop.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe photoshop cs2\photoshop.exe | 
"UDP Query User{19C19D29-AB11-45E3-B6D6-3D9E50FB9666}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{258112B7-C07F-4F8D-928D-0D1B82152303}C:\program files\adobe\adobe photoshop cs2\imageready.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe photoshop cs2\imageready.exe | 
"UDP Query User{36EF6634-2893-4C8D-B3AF-4C7BBFF35B93}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"UDP Query User{4A319D9C-1CA7-439D-A63E-200988303892}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe | 
"UDP Query User{5A7284B4-EACE-4FDD-AF59-21990D7F95E1}C:\apollo\frentecaixa.exe" = protocol=17 | dir=in | app=c:\apollo\frentecaixa.exe | 
"UDP Query User{5B05426A-60FB-46AF-88DE-95ADD22E273B}C:\dealerserra\objsglb\ps103atb.exe" = protocol=17 | dir=in | app=c:\dealerserra\objsglb\ps103atb.exe | 
"UDP Query User{75B20E7E-8E8B-4528-A9F2-8833D88E5F5C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{7C9573A0-3074-4CDC-997D-BAFB87E81587}C:\program files\spark\spark.exe" = protocol=17 | dir=in | app=c:\program files\spark\spark.exe | 
"UDP Query User{86B86FE9-E792-4553-8FFC-FADAB663AB98}C:\users\vitor\downloads\u1301.exe" = protocol=17 | dir=in | app=c:\users\vitor\downloads\u1301.exe | 
"UDP Query User{88F36015-D78D-4A74-8716-294FC93DD4AC}C:\users\vitor\downloads\u1301.exe" = protocol=17 | dir=in | app=c:\users\vitor\downloads\u1301.exe | 
"UDP Query User{A6CE9D88-1F79-4F71-AE7A-980FFC5A276E}E:\common\epsonnet setup\eneasyapp.exe" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe | 
"UDP Query User{B263DA81-A837-4601-ABDF-ACA6C6EDAB91}C:\program files\aladdin\etoken\pkiclient\x32\pkimonitor.exe" = protocol=17 | dir=in | app=c:\program files\aladdin\etoken\pkiclient\x32\pkimonitor.exe | 
"UDP Query User{BC6E95D7-035B-4326-9B5B-31C5D6E9F8EC}C:\windows\system32\spool\drivers\w32x86\3\e_tatii4e.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\e_tatii4e.exe | 
"UDP Query User{DE61F899-7BA6-4832-8C38-B7E4C59B8527}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{EB96FFBB-952E-49D6-9976-926181BFAE5E}C:\apollo\fiscal.exe" = protocol=17 | dir=in | app=c:\apollo\fiscal.exe | 
"UDP Query User{ED294528-A309-4CEA-A73B-B03C70BFB8AA}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe | 
"UDP Query User{F12967C7-7751-4228-A2B4-BA5F93D91853}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"UDP Query User{FCD939C2-5A6E-4BA8-9AF8-1D46237FA904}D:\vitor\documentos\programas\photoshop 9\adobe® photoshop® cs2\setup.exe" = protocol=17 | dir=in | app=d:\vitor\documentos\programas\photoshop 9\adobe® photoshop® cs2\setup.exe | 
"UDP Query User{FF0463E1-2576-4743-8520-25858BD62352}C:\users\vitor\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\vitor\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FF2E3384-D2F2-4FF1-BFEF-8F713CF10F76}C:\program files\common files\adobe\calibration\adobe gamma loader.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\calibration\adobe gamma loader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6
"{004B8D14-7E3A-490A-ABB3-753535E169E3}" = Brother MFL-Pro Suite MFC-8480DN
"{0084B0C3-F376-42E3-804A-885D249282BD}" = CorelDRAW Graphics Suite X6 - IPM
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{25D69CEE-3EE2-47FD-9A0E-5013240EC953}" = CorelDRAW Graphics Suite X6 - Common
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{318FF3D7-0C40-483B-AF92-AF36416B0AC6}" = CorelDRAW Graphics Suite X6 - Writing Tools
"{3909BE71-2D8F-42D2-BA46-3831B60CFD0F}" = eToken PKI Client 5.1 SP1
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6 - Setup Files
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579CA850-B2C3-43F3-A3F6-3A0AE42E8225}" = CorelDRAW Graphics Suite X6 - FontNav
"{5FCCD531-1B38-4A94-924C-127F722F1046}" = Nero 8
"{603C6570-2BA1-4FC6-8735-7EFA6D1F6F61}" = CorelDRAW Graphics Suite X6 - Custom Data
"{62BEC144-7029-4BF4-B3F2-FA231FB9F84B}" = CorelDRAW Graphics Suite X6 - Redist
"{69D48C91-CCC2-4305-89DE-D1F8122EDBF4}" = Photo Common
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F53FB68-6620-423E-B7CD-B8205655B421}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT
"{74FA94F1-9566-4252-9372-E7EAFFEFE209}" = CorelDRAW Graphics Suite X6 - Capture
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A2FF332-E4F6-4D87-9EBD-EDFF1216490F}" = CorelDRAW Graphics Suite X6 - Filters
"{7CCD75BD-5528-4FE1-90D2-392D661A2BF1}" = CorelDRAW Graphics Suite X6 - VSTA
"{7F9F6864-8CAB-440C-AF44-030D0135666D}" = CorelDRAW Graphics Suite X6
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1" = Módulo de Proteção Santander 3.2.0.2
"{879E2460-18F9-48F2-B736-4E814A699504}" = CorelDRAW Graphics Suite X6 - VBA
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8C5C331A-97D6-46DE-BFF4-8424BD06A888}" = UltraVnc
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98ADF875-648F-3E73-8F3B-010C2464C948}" = Microsoft .NET Framework 4 Extended PTB Language Pack
"{99AA6730-54CD-4B9E-B05B-0A5196743923}" = Windows Live UX Platform Language Pack
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C32D87E1-6310-4CD5-8D6D-865AFE0E9B4E}" = Movie Maker
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C5262276-0075-498B-B80F-7D997482E4DB}" = CorelDRAW Graphics Suite X6 - Draw
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D4A17D31-2F7B-4682-AD57-467021452909}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin
"{D4EFC6B7-3DA5-400D-9682-9BE287A5440E}" = CorelDRAW Graphics Suite X6 - Connect
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D9D4D271-609F-440D-A9EC-A66B0815CFE2}" = Windows Live Essentials
"{DDFEB503-D662-4224-82C9-37A5698FDC25}" = CorelDRAW Graphics Suite X6 - VideoBrowser
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E66367-7064-4030-8E09-03421DDA8368}" = Brother DCP-8085DN
"{E44BD161-C6E2-4ADB-9545-BDD586D0E7BE}" = CorelDRAW Graphics Suite X6 - BR
"{E4E191C2-041A-4444-A52C-D702A9BB3482}_is1" = SCM Installation Kit for Vectury (Version 4.3 - r119307)
"{E7FA5B1D-28A8-4D4D-B3BA-F399B24FCB2B}" = Athena ASEDrive 2.9.0.0
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F5248B7E-779A-4FA4-8134-D1933D8680FA}" = Galeria de Fotos
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FD7BA4C0-9B55-4A5F-B96B-777D258C83EE}" = OpenTrust SCM Client
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON L355 Series" = EPSON L355 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Firebird ODBC Driver_is1" = Firebird ODBC Driver 1.2.0.69
"Foxit Reader_is1" = Foxit Reader
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free Video Dub_is1" = Free Video Dub version 2.0.17.128
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HK-Software IBExpert Developer Studio Trial Version_is1" = HK-Software IBExpert Developer Studio Trial Version
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)
"Spark 2.6.0.12343" = Spark 2.6.0.12343
"Speex for Windows_is1" = Speex for Windows 1.0.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"Xerox WorkCentre 3210" = Xerox WorkCentre 3210
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3068686931-3783116967-4089573513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26/02/2014 13:44:49 | Computer Name = Vitor-TI | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "C:\Users\Vitor\Downloads\ccsetup407.exe".
 Erro no arquivo de manifesto ou de diretiva C:\Users\Vitor\Downloads\ccsetup407.exe",
 na linha 0.  Sintaxe XMl inválida.
 
Error - 26/02/2014 13:44:50 | Computer Name = Vitor-TI | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "C:\Users\Vitor\Downloads\TeamViewer_Setup_pt-dix.exe".
 Erro no arquivo de manifesto ou de diretiva C:\Users\Vitor\Downloads\TeamViewer_Setup_pt-dix.exe",
 na linha 0.  Sintaxe XMl inválida.
 
Error - 26/02/2014 13:44:50 | Computer Name = Vitor-TI | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "C:\Users\Vitor\Downloads\TeamViewer_Setup_pt.exe".
 Erro no arquivo de manifesto ou de diretiva C:\Users\Vitor\Downloads\TeamViewer_Setup_pt.exe",
 na linha 0.  Sintaxe XMl inválida.
 
Error - 26/02/2014 13:48:50 | Computer Name = Vitor-TI | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "C:\Users\Vitor\Downloads\ccsetup407.exe".
 Erro no arquivo de manifesto ou de diretiva C:\Users\Vitor\Downloads\ccsetup407.exe",
 na linha 0.  Sintaxe XMl inválida.
 
Error - 26/02/2014 13:49:56 | Computer Name = Vitor-TI | Source = SideBySide | ID = 16842811
Description = Falha na geração de contexto de ativação para "C:\Users\Vitor\Downloads\ccsetup407.exe".
 Erro no arquivo de manifesto ou de diretiva C:\Users\Vitor\Downloads\ccsetup407.exe",
 na linha 0.  Sintaxe XMl inválida.
 
[ System Events ]
Error - 26/02/2014 13:19:54 | Computer Name = Vitor-TI | Source = Service Control Manager | ID = 7034
Description = O serviço HWDeviceService.exe foi encerrado inesperadamente.  Isso
 aconteceu 1 vez(es).
 
Error - 26/02/2014 16:15:21 | Computer Name = Vitor-TI | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço DgiVecp devido ao seguinte erro:
   %%2
 
Error - 26/02/2014 21:44:27 | Computer Name = Vitor-TI | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço DgiVecp devido ao seguinte erro:
   %%2
 
Error - 27/02/2014 08:00:11 | Computer Name = Vitor-TI | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço DgiVecp devido ao seguinte erro:
   %%2
 
Error - 27/02/2014 14:20:20 | Computer Name = Vitor-TI | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço DgiVecp devido ao seguinte erro:
   %%2
 
Error - 28/02/2014 10:51:08 | Computer Name = Vitor-TI | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço DgiVecp devido ao seguinte erro:
   %%2
 
Error - 28/02/2014 20:29:30 | Computer Name = Vitor-TI | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço DgiVecp devido ao seguinte erro:
   %%2
 
Error - 28/02/2014 20:32:14 | Computer Name = Vitor-TI | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço DgiVecp devido ao seguinte erro:
   %%2
 
Error - 04/03/2014 14:55:29 | Computer Name = Vitor-TI | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço DgiVecp devido ao seguinte erro:
   %%2
 
Error - 06/03/2014 07:42:44 | Computer Name = Vitor-TI | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço DgiVecp devido ao seguinte erro:
   %%2
 
 
< End of report >
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro TIEiffelSerra

 

O log que você postou é o Extras.txt, o que está faltando é o OTL.txt. Por outro lado, você não executou o OTL corretamente. Ele é para ser executado do Desktop e no entanto você executou da pasta Folder = C:\Users\Vitor\Downloads.

 

Preciso que transfira o OTL para o Desktop e repita o procedimento ;)

 

Aguardo os logs. :)

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×