ONeW 0 Denunciar post Postado Março 26, 2010 Bom dia! Desculpe encomodar vocês, mas é que ja passei anti-vírus, anti-malware e etc mas o problema não resolve... meu pc tá muito lento.. principalmente p/ inicializar.. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:00:09, on 26/03/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\SysWOW64\conime.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\ClocX\ClocX.exe C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MySQL - Unknown owner - C:\xampp\mysql\bin\mysqld.exe O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing) O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing) -- End of file - 11082 bytes Obrigado desde já! :D Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Março 30, 2010 Olá ONeW! Baixe o Malwarebytes' Anti-Malware (MBAM) neste link ou neste aqui. Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão. Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir. Se houver atualizações a serem feitas, serão baixadas e instaladas. Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar. Começará então o exame. Aguarde, pois pode demorar. Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório. Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover. Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo) O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa. Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta, juntamente com um novo log do HijackThis. NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC. Compartilhar este post Link para o post Compartilhar em outros sites
ONeW 0 Denunciar post Postado Março 31, 2010 Segue os Logs: Malwarebytes' Anti-Malware 1.45www.malwarebytes.org Versão da Base de Dados: 3930 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18828 31/03/2010 10:45:48 mbam-log-2010-03-31 (10-45-48).txt Tipo de Verificação: Verificação Rápida Objetos escaneados: 101686 Tempo decorrido: 4 minuto(s), 46 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 1 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) e Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:53:26, on 31/03/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Gateway\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\Gateway\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe" /c O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MySQL - Unknown owner - C:\xampp\mysql\bin\mysqld.exe O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing) O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing) -- End of file - 10461 bytes Obeigado pela atenção Sam Spade Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Abril 2, 2010 Baixe OTS.exe, by OldTimer e salve na sua área de trabalho. Clique com o direito do mouse sobre o arquivo e depois clique em Executar como > Administrador e confirme. Tal como a imagem acima, marque estas opções: Scan All Users Use Company Name Whitelist / Skip Microsoft files Clique no botão Run Scan OBS: Em sistemas 64bits aparecerá uma opção: "Include 64bit Scans". Marque-a. Aguarde enquanto a ferramenta examina seu pc. Quando terminar, o bloco de notas será aberto, com algumas informações. Feche o bloco de notas e também o OTS.exe O log ficou salvo na mesma pasta onde está o OTS.exe (ou seja, na sua área de trabalho), com o nome OTS.txt. Selecione, copie e cole o conteúdo deste log na sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
ONeW 0 Denunciar post Postado Abril 6, 2010 OTS logfile created on: 05/04/2010 21:40:59 - Run 1OTS by OldTimer - Version 3.1.28.0 Folder = C:\Users\Gateway64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18828)Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 38,00% Memory free8,00 Gb Paging File | 6,00 Gb Available in Paging File | 68,00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 286,37 Gb Total Space | 61,13 Gb Free Space | 21,35% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: DAVID-NOTEBOOKCurrent User Name: GatewayLogged in as Administrator. Current Boot Mode: NormalScan Mode: All usersInclude 64bit ScansCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 30 Days [Processes - Safe List]ots.exe -> C:\Users\Gateway\OTS.exe -> [2010/04/05 21:40:19 | 000,638,976 | ---- | M] (OldTimer Tools)firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2010/02/19 09:04:25 | 000,908,248 | ---- | M] (Mozilla Corporation)googletalkplugin.exe -> C:\Users\Gateway\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe -> [2010/02/05 10:26:58 | 000,083,440 | ---- | M] (Google)jp2launcher.exe -> C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe -> [2009/10/11 03:17:34 | 000,022,816 | ---- | M] (Sun Microsystems, Inc.)java.exe -> C:\Program Files (x86)\Java\jre6\bin\java.exe -> [2009/10/11 03:17:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe -> [2009/08/22 21:06:14 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009/08/22 21:06:03 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)avgemc.exe -> C:\Program Files (x86)\AVG\AVG8\avgemc.exe -> [2009/08/22 21:06:00 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)msnmsgr.exe -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe -> [2009/07/26 15:44:26 | 003,883,840 | ---- | M] (Microsoft Corporation)seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)mysqld.exe -> C:\xampp\mysql\bin\mysqld.exe -> [2009/03/16 08:29:28 | 006,562,432 | ---- | M] ()wlcomm.exe -> C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation)httpd.exe -> C:\xampp\apache\bin\httpd.exe -> [2008/12/09 20:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation)httpd.exe -> c:\xampp\apache\bin\httpd.exe -> [2008/12/09 20:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation)iaantmon.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2008/04/15 22:54:42 | 000,354,840 | ---- | M] (Intel Corporation)iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008/04/15 22:54:40 | 000,178,712 | ---- | M] (Intel Corporation)conime.exe -> C:\Windows\SysWOW64\conime.exe -> [2008/01/20 23:49:12 | 000,069,120 | ---- | M] (Microsoft Corporation)o2flash.exe -> C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007/02/12 05:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Modules - Safe List]ots.exe -> C:\Users\Gateway\OTS.exe -> [2010/04/05 21:40:19 | 000,638,976 | ---- | M] (OldTimer Tools)comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2008/01/20 23:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation)comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll -> [2008/01/20 23:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation)sptip.dll -> C:\Windows\IME\SPTIP.DLL -> [2008/01/20 23:47:36 | 000,130,560 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List]64bit-(FLEXnet Licensing Service 64) [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2009/10/02 14:33:34 | 001,038,088 | ---- | M] (Acresso Software Inc.)64bit-(ETService) [Auto | Running] -> C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -> [2008/07/16 19:00:00 | 000,024,576 | ---- | M] ()64bit-(WinDefend) [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/20 23:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation)64bit-(msvsmon90) [Disabled | Stopped] -> C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -> [2007/11/07 08:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation)64bit-(XAudioService) [Auto | Running] -> C:\Windows\SysNative\DRIVERS\xaudio64.exe -> [2007/10/18 19:37:22 | 000,412,672 | ---- | M] ()64bit-(yksvc) [Auto | Running] -> C:\Windows\SysNative\rundll32.exe -> [2006/11/02 08:16:05 | 000,046,592 | ---- | M] ()(ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -> [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia)(UpdateCenterService) Update Center Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -> [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA)(nTuneService) Performance Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -> [2009/11/06 13:13:20 | 000,276,584 | ---- | M] (NVIDIA)(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/10/02 14:25:13 | 000,655,624 | ---- | M] (Acresso Software Inc.)(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\Windows\SysWow64\GameMon.des -> [2009/08/30 21:05:00 | 003,389,720 | ---- | M] (INCA Internet Co., Ltd.)(avg8wd) AVG Free8 WatchDog [Auto | Running] -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009/08/22 21:06:03 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)(avg8emc) AVG Free8 E-mail Scanner [Auto | Running] -> C:\Program Files (x86)\AVG\AVG8\avgemc.exe -> [2009/08/22 21:06:00 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)(SeaPort) SeaPort [Auto | Running] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)(MySQL) MySQL [Auto | Running] -> C:\xampp\mysql\bin\mysqld.exe -> [2009/03/16 08:29:28 | 006,562,432 | ---- | M] ()(Apache2.2) Apache2.2 [Auto | Running] -> c:\xampp\apache\bin\httpd.exe -> [2008/12/09 20:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation)(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 15:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation)(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2008/04/15 22:54:42 | 000,354,840 | ---- | M] (Intel Corporation)(o2flash) O2Micro Flash Memory Card Service [Auto | Running] -> C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007/02/12 05:43:44 | 000,065,536 | ---- | M] (O2Micro International)(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2006/11/02 10:34:14 | 000,000,000 | ---D | M](vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 03:35:15 | 000,060,994 | ---- | M] ()(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 03:35:15 | 000,055,846 | ---- | M] () [Driver Services - Safe List]64bit-(nmwcdx64) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ccdcmbx64.sys -> [2010/01/21 14:54:26 | 000,018,944 | ---- | M] ()64bit-(UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -> [2009/12/30 11:31:40 | 000,008,704 | ---- | M] ()64bit-(nmwcdcx64) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ccdcmbox64.sys -> [2009/12/30 11:31:30 | 000,025,088 | ---- | M] ()64bit-(upperdev) upperdev [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -> [2009/12/30 11:31:30 | 000,008,704 | ---- | M] ()64bit-(nmwcdnsux64) Nokia USB Flashing Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\nmwcdnsux64.sys -> [2009/12/30 11:25:12 | 000,173,056 | ---- | M] ()64bit-(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2009/11/12 01:14:28 | 000,084,584 | ---- | M] ()64bit-(nvoclk64) NVIDIA Enthusiasts Platform KDM [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\nvoclk64.sys -> [2009/09/15 13:59:30 | 000,042,088 | ---- | M] ()64bit-(AvgMfx64) AVG Free On-access Scanner Minifilter Driver x64 [File_System | System | Running] -> C:\Windows\SysNative\Drivers\avgmfx64.sys -> [2009/08/22 21:06:16 | 000,033,416 | ---- | M] ()64bit-(AvgLdx64) AVG Free AVI Loader Driver x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgldx64.sys -> [2009/08/22 21:06:14 | 000,427,016 | ---- | M] ()64bit-(AvgTdiA) AVG Free8 Network Redirector x64 [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\avgtdia.sys -> [2009/05/25 17:19:51 | 000,133,640 | ---- | M] ()64bit-(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\sptd.sys -> [2009/05/23 23:34:25 | 000,871,408 | ---- | M] ()64bit-(NETw5v64) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\NETw5v64.sys -> [2008/11/17 15:50:30 | 004,751,360 | ---- | M] ()64bit-(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -> [2008/08/28 11:44:42 | 000,025,600 | ---- | M] ()64bit-(yukonx64) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\yk60x64.sys -> [2008/07/24 15:03:00 | 000,392,192 | ---- | M] ()64bit-(adfs) adfs [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\adfs.sys -> [2008/06/27 07:51:10 | 000,088,632 | ---- | M] ()64bit-(UVCFTR) UVCFTR [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -> [2008/06/26 21:24:20 | 000,020,520 | ---- | M] ()64bit-(O2SDRDR) O2SDRDR [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\o2sdx64.sys -> [2008/06/11 22:29:30 | 000,051,800 | ---- | M] ()64bit-(CnxtHdAudService) Conexant UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CHDRT64.sys -> [2008/06/02 04:50:04 | 000,264,192 | ---- | M] ()64bit-(O2MDRDR) O2MDRDR [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\o2mdx64.sys -> [2008/05/13 01:48:38 | 000,062,424 | ---- | M] ()64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\DRIVERS\iaStor.sys -> [2008/04/15 22:54:16 | 000,388,120 | ---- | M] ()64bit-(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -> [2008/03/25 20:51:16 | 001,487,872 | ---- | M] ()64bit-(CAXHWAZL) CAXHWAZL [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -> [2008/03/25 20:47:06 | 000,294,400 | ---- | M] ()64bit-(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -> [2008/03/25 20:45:44 | 000,740,864 | ---- | M] ()64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2008/01/20 23:47:28 | 000,046,080 | ---- | M] ()64bit-(usbvideo) Gateway USB 2.0 Webcam [Kernel | On_Demand | Running] -> C:\Windows\SysNative\Drivers\usbvideo.sys -> [2008/01/20 23:47:27 | 000,168,704 | ---- | M] ()64bit-(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -> [2008/01/20 23:46:57 | 000,286,720 | ---- | M] ()64bit-(usbser) USB Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usbser.sys -> [2008/01/20 23:46:56 | 000,032,768 | ---- | M] ()64bit-(sdbus) sdbus [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\sdbus.sys -> [2008/01/20 23:46:55 | 000,111,104 | ---- | M] ()64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\CmBatt.sys -> [2008/01/20 23:46:51 | 000,017,792 | ---- | M] ()64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\SynTP.sys -> [2008/01/18 00:31:30 | 000,320,560 | ---- | M] ()64bit-(RTL8187B) Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\RTL8187B.sys -> [2007/11/05 06:02:12 | 000,271,360 | ---- | M] ()64bit-(XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\xaudio64.sys -> [2007/10/18 19:37:10 | 000,010,240 | ---- | M] ()64bit-(motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\motmodem.sys -> [2007/02/27 14:31:26 | 000,024,576 | ---- | M] ()64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/02 02:28:10 | 000,273,920 | ---- | M] ()64bit-(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -> [2006/06/19 02:27:24 | 000,017,024 | ---- | M] ()(adfs) adfs [Kernel | Auto | Running] -> C:\Windows\SysWOW64\drivers\adfs.sys -> [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.)(int15) int15 [Kernel | Auto | Running] -> C:\Windows\SysWOW64\drivers\int15_64.sys -> [2008/07/16 18:56:06 | 000,017,952 | ---- | M] (Acer, Inc.)(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 18:36:40 | 000,003,066 | ---- | M] ()(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 18:35:23 | 000,001,088 | ---- | M] ()(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysWOW64\mdmxsdk.dll -> [2006/06/19 02:26:50 | 000,094,208 | ---- | M] (Conexant)(npkcrypt) npkcrypt [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\gravity\Ragnarok Online\npkcrypt.sys -> [2005/09/06 12:29:16 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.)(NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\npptNT2.sys -> [2005/01/03 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Registry - Safe List]< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: Main\\"Default_Page_URL" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: Main\\"SearchDefaultBranded" -> 1 -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: Main\\"Start Page" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: Main\\"StartPageCache" -> 1 -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: "ProxyOverride" -> local -> < FireFox Settings [Prefs.js] > -> C:\Users\Gateway\AppData\Roaming\Mozilla\FireFox\Profiles\51f7xdjz.default\prefs.js -> browser.search.useDBForOrder -> true ->browser.startup.homepage -> "http://www.google.com" ->extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429 ->extensions.enabledItems -> {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22 ->extensions.enabledItems -> fdm_ffext@freedownloadmanager.org:1.3.4 ->extensions.enabledItems -> {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.10.4 ->extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 ->extensions.enabledItems -> {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:2.9.2 ->extensions.enabledItems -> {37fa1426-b82d-11db-8314-0800200c9a66}:2.3.3 ->network.proxy.backup.ftp -> "" ->network.proxy.backup.ftp_port -> 0 ->network.proxy.backup.gopher -> "" ->network.proxy.backup.gopher_port -> 0 ->network.proxy.backup.socks -> "" ->network.proxy.backup.socks_port -> 0 ->network.proxy.backup.ssl -> "" ->network.proxy.backup.ssl_port -> 0 ->network.proxy.ftp -> "66.167.100.59" ->network.proxy.ftp_port -> 6649 ->network.proxy.gopher -> "66.167.100.59" ->network.proxy.gopher_port -> 6649 ->network.proxy.http -> "66.167.100.59" ->network.proxy.http_port -> 6649 ->network.proxy.share_proxy_settings -> true ->network.proxy.socks -> "66.167.100.59" ->network.proxy.socks_port -> 6649 ->network.proxy.ssl -> "66.167.100.59" ->network.proxy.ssl_port -> 6649 ->< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\MozillaHKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files (x86)\AVG\AVG8\Firefox [C:\PROGRAM FILES (X86)\AVG\AVG8\FIREFOX] -> [2009/12/23 08:14:54 | 000,000,000 | ---D | M]HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} -> C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION\ [C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION\] -> [2010/02/19 12:38:49 | 000,000,000 | ---D | M]HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/02/19 09:04:28 | 000,000,000 | ---D | M]HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/02/19 09:04:28 | 000,000,000 | ---D | M]HKLM\software\mozilla\Thunderbird\Extensions -> -> HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74} -> C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\THUNDERBIRD CONNECTOR\THUNDERBIRDEXTENSION\ [C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\THUNDERBIRD CONNECTOR\THUNDERBIRDEXTENSION\] -> [2010/02/19 12:38:50 | 000,000,000 | ---D | M]< FireFox Extensions [User Folders] > -> -> C:\Users\Gateway\AppData\Roaming\mozilla\Extensions -> [2009/05/23 01:58:18 | 000,000,000 | ---D | M] -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions -> [2010/04/05 13:14:00 | 000,000,000 | ---D | M]TwitterBar -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37} -> [2010/03/29 17:59:14 | 000,000,000 | ---D | M]Microsoft .NET Framework Assistant -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/17 15:15:22 | 000,000,000 | ---D | M]WebMail Notifier -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} -> [2010/03/29 17:59:16 | 000,000,000 | ---D | M]No name found -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} -> [2010/03/29 17:59:16 | 000,000,000 | ---D | M]No name found -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\{BC6B52D8-7539-11DE-BBD9-E31156D89593} -> [2009/08/03 15:00:24 | 000,000,000 | ---D | M] -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\twitternotifier@naan.net -> [2010/03/29 17:59:13 | 000,000,000 | ---D | M]< FireFox SearchPlugins [User Folders] > -> daemon-search.xml -> C:\Users\Gateway\AppData\Roaming\Mozilla\FireFox\Profiles\51f7xdjz.default\searchplugins\daemon-search.xml -> [2009/05/23 23:36:58 | 000,002,399 | ---- | M] ()< FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2009/12/28 11:00:30 | 000,000,000 | ---D | M]< HOSTS File > ([2009/10/24 14:44:32 | 000,000,814 | ---- | M] - 22 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts127.0.0.1 localhost::1 localhost127.0.0.1 adobeereg.com127.0.0.1 activate.adobe.com< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/12/12 08:29:51 | 001,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.){5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation){9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Auxiliar de Conexão do Windows Live] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation){AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/05/24 20:02:14 | 000,259,696 | ---- | M] (Google Inc.){AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/05/24 20:05:52 | 000,668,656 | ---- | M] (Google Inc.){C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> [2009/05/24 20:02:12 | 000,470,512 | ---- | M] (Google Inc.){CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/12/30 02:03:26 | 000,098,304 | ---- | M] (){E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [DAEMON Tools Toolbar] -> File not found< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/05/24 20:02:14 | 000,259,696 | ---- | M] (Google Inc.)< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/05/24 20:02:14 | 000,259,696 | ---- | M] (Google Inc.)64bit-WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [DAEMON Tools Toolbar] -> File not foundWebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "IAAnotif" -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe ["C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"] -> [2008/04/15 22:54:40 | 000,178,712 | ---- | M] (Intel Corporation)< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "eRecoveryService" -> [] -> File not found< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 23:47:33 | 001,233,920 | ---- | M] (Microsoft Corporation)"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 23:47:52 | 002,153,472 | ---- | M] (Microsoft Corporation)< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 23:47:33 | 001,233,920 | ---- | M] (Microsoft Corporation)"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 23:47:52 | 002,153,472 | ---- | M] (Microsoft Corporation)< Run [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "" -> [] -> File not found"AdobeBridge" -> [] -> File not found"msnmsgr" -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/07/26 15:44:26 | 003,883,840 | ---- | M] (Microsoft Corporation)< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoActiveDesktop" -> [1] -> File not found< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SystemHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun" -> [145] -> File not found< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\"LogonHoursAction" -> [2] -> File not found\\"DontDisplayLogonHoursWarnings" -> [1] -> File not found< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> Baixar com o Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dllink.htm [file://C:\Program Files (x86)\Free Download Manager\dllink.htm] -> [2007/06/02 13:25:02 | 000,002,140 | ---- | M] ()Baixar tudo com o Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlall.htm [file://C:\Program Files (x86)\Free Download Manager\dlall.htm] -> [2007/06/02 13:25:02 | 000,000,893 | ---- | M] ()Baixar vídeo com o Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlfvideo.htm [file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm] -> [2007/07/27 01:34:42 | 000,001,706 | ---- | M] ()Download selecionado pelo Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlselected.htm [file://C:\Program Files (x86)\Free Download Manager\dlselected.htm] -> [2007/06/02 13:25:02 | 000,000,463 | ---- | M] ()< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> Baixar com o Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dllink.htm [file://C:\Program Files (x86)\Free Download Manager\dllink.htm] -> [2007/06/02 13:25:02 | 000,002,140 | ---- | M] ()Baixar tudo com o Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlall.htm [file://C:\Program Files (x86)\Free Download Manager\dlall.htm] -> [2007/06/02 13:25:02 | 000,000,893 | ---- | M] ()Baixar vídeo com o Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlfvideo.htm [file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm] -> [2007/07/27 01:34:42 | 000,001,706 | ---- | M] ()Download selecionado pelo Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlselected.htm [file://C:\Program Files (x86)\Free Download Manager\dlselected.htm] -> [2007/06/02 13:25:02 | 000,000,463 | ---- | M] ()< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Incluir no Blog] -> [2009/07/26 19:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation){219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Incluir no Blog no Windows Live Writer] -> [2009/07/26 19:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation){2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation){2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix"" -> http://< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix"" -> http://< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} [HKLM] -> https://www14.bancobrasil.com.br/plugin/GbpDist.cab [GbpDistObj Class] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 201.55.232.16 192.168.0.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1579A782-15A4-49D6-886B-B25056F6AB78}\\DhcpNameServer -> 200.204.0.10 192.168.0.1 (Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter) -> {2523039A-3CD9-4127-BCA0-92A87BED0FA2}\\DhcpNameServer -> 200.204.0.10 200.204.0.138 (Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller) -> {513CA0D8-3891-42C1-AB92-C72851EAB308}\\DhcpNameServer -> 201.55.232.16 192.168.0.1 (Intel(R) WiFi Link 5100 AGN) -> < 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrssta.dll -> C:\Windows\SysNative\avgrssta.dll -> [2009/08/22 21:06:17 | 000,012,464 | ---- | M] ()*MultiFile Done* -> -> < 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2008/10/29 03:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation)*MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/29 03:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)*MultiFile Done* -> -> < Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> < Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {01E28A60-BD2B-449F-89AF-B41E377D57CD} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {11DFD504-4165-4474-A856-4D47AFC3ED50} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | {16586549-F34E-4B87-9F06-8C54F590FE71} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {19A44785-2C18-4F5C-8AE5-4934A1BC0BE3} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {233CC09A-F088-41D9-9681-846ED26EA9ED} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {26E71192-98BC-4E2D-9C11-06F135E3F9E0} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {32152DEE-40CF-421F-815F-9060D5D24D97} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {3353871F-73C6-4920-BB83-AEFA2BFB66D2} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {33A40E28-FD90-4E1E-9CDC-7FEB2729ECFA} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {375D952D-379B-4743-BD8B-FC6CEA0D954E} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {3CD39C99-5661-4E25-AA12-99AD199F6B2E} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32811 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | {4394BBF1-22D0-4BA1-9B67-5491780F7424} -> lport=67 | profile=domain | protocol=17 | dir=in | action=allow | name=@hnetcfg.dll,-144 | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | {648329AF-121D-48AB-9026-76309FE32AEB} -> rport=2869 | profile=domain | protocol=6 | dir=out | action=allow | name=@hnetcfg.dll,-152 | app=system | {688F9F46-37AA-4210-BD64-88331365BAFA} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32753 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {77FF938C-AABC-4667-B0BD-A0A4E89DB5E7} -> lport=68 | profile=domain | protocol=17 | dir=in | action=allow | name=@hnetcfg.dll,-145 | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | {79573F03-0BD6-4FD5-9887-F3EA9AA03679} -> lport=2869 | profile=domain | protocol=6 | dir=in | action=allow | name=@hnetcfg.dll,-146 | app=system | {7B0D08D6-C55D-4D99-A6D7-41C9C60E2805} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | {7F1DE438-8135-42E5-B6BB-D6D82F189861} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32757 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {82A69D2A-454D-42D9-8792-4CDD6E28AE53} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32785 | app=%systemroot%\system32\svchost.exe | svc=fdphost | {8B0951FE-6CA2-4F5C-81E6-CF852D919775} -> rport=1900 | profile=domain | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {8B885377-86EE-46F7-95B8-73C9EED84F9C} -> lport=547 | profile=domain | protocol=17 | dir=in | action=allow | name=@hnetcfg.dll,-142 | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | {9380BE65-49ED-478B-A0B7-9B8C7B7C4022} -> lport=1900 | profile=domain | protocol=17 | dir=in | action=allow | name=@hnetcfg.dll,-147 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {95A4C794-00B8-4531-BA45-22CFA20170D4} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32801 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {98BDF226-D005-45FE-9655-815A6075671C} -> rport=1900 | profile=domain | protocol=17 | dir=out | action=allow | name=@hnetcfg.dll,-150 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {999BB641-6161-43C7-A4C7-E4A79C691B72} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {9CE69462-9AE3-47BB-A164-9FBF458F454B} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {A28C4279-3C51-4E7E-86B3-145C305645F3} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {A28D221E-9EEA-4D07-9476-1A003519F72F} -> lport=1900 | profile=domain | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {A689A3B9-002B-49D1-8C8A-44E8E3043F96} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {ADC40A39-0BDC-40C3-A7B5-AF47A8C71940} -> lport=53 | profile=domain | protocol=17 | dir=in | action=allow | name=@hnetcfg.dll,-143 | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | {BFFB4F4F-5074-43D2-A3D2-849FD2A8F08E} -> lport=8370 | profile=private | protocol=17 | dir=in | action=allow | name=league of legends launcher | {C3152484-B0F9-46F6-8036-F1E3DCB3914E} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32805 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {C3B63770-339D-46AB-8A72-9E5205BE570F} -> lport=5353 | profile=public | protocol=6 | dir=in | action=allow | name=adobe csi cs4 | {C3DE5EEC-3D9C-474E-8C31-60304FF9C20F} -> lport=8370 | profile=private | protocol=6 | dir=in | action=allow | name=league of legends launcher | {D1C73276-236E-482A-97A5-4A7EF1ECA377} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32789 | app=%systemroot%\system32\svchost.exe | svc=fdphost | {DDC93454-C69E-438B-93AB-C6A25BB8894A} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {E9219CF8-465D-4A74-A84F-8BC2A2CB3106} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {EA0EDEFB-E0D8-4E83-BBAE-91C5062B32DA} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {F169D79B-C0DE-4176-B1F2-34CC8ED1CD05} -> lport=2869 | profile=domain | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {FB06B168-89D0-4703-AD05-53734FFB426F} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32809 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {0A849A79-9997-42C4-A07C-0E2A908FE5EE} -> profile=public | protocol=17 | dir=in | action=allow | name=street fighter iv | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe | {0AB3002E-EEA0-45FF-8F06-5ADC4541D429} -> profile=domain | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {0CA60253-5E6C-4E5B-B557-0F4E0C499D0A} -> profile=private | protocol=6 | dir=in | action=allow | name=assassin's creed dx9 | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | {0CAB22E4-83C7-4B84-B78F-D30078909277} -> profile=domain | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {0F36D199-7470-433F-92F4-6880BFCF1666} -> profile=public | protocol=6 | dir=in | action=allow | name=google talk plugin | app=c:\users\gateway\appdata\local\google\google talk plugin\googletalkplugin.dll | {10C3D4E4-1A2E-4B9D-A4FA-131FDA2A149F} -> profile=domain | protocol=58 | dir=in | action=allow | name=@hnetcfg.dll,-148 | {12EFD118-6448-4086-852C-31392369BDB4} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {1F272251-0DF2-4BE4-8659-56FF8AFD5AFF} -> profile=private | protocol=6 | dir=in | action=allow | name=assassin's creed update | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | {2403B071-01B5-4DC8-91AC-F78DAE65A59E} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {306F7308-7C2B-407B-9B2F-36704303EC0B} -> profile=private | protocol=17 | dir=in | action=allow | name=league of legends game client | app=c:\riot games\league of legends\game\league of legends.exe | {3EF40D62-8C31-4D61-B3C1-B03A87960CEA} -> profile=private | protocol=17 | dir=in | action=allow | name=assassin's creed update | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | {42208D23-5F8B-4C1D-9120-CF7728551637} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {44F08B11-41EF-4583-BA8C-8EFAA724EB2D} -> profile=private | protocol=6 | dir=in | action=allow | name=assassin's creed dx10 | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | {46C823B6-6E72-4299-ACD0-897E01508052} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {47E2BABD-4DD3-491D-B51E-1C44B6ED4B9B} -> profile=private | protocol=6 | dir=in | action=allow | name=league of legends game client | app=c:\riot games\league of legends\game\league of legends.exe | {4E4F2D79-AE44-40F0-B235-39616141107A} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {55A2F872-17FC-46E6-9FDC-9430830BC0EB} -> profile=domain | dir=out | action=allow | name=@hnetcfg.dll,-151 | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | {55ADC0B7-48DF-4F01-A285-29C95824E11A} -> profile=domain | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {59E91ECA-74ED-4741-B82F-E0B550E2EA53} -> profile=public | protocol=6 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | {5A6E1DF3-2CD7-4BFB-B1EA-C950D09F0F1C} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {5FEA3A6B-E661-4DD6-B555-C0A11D39A125} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31323 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {66BF340F-1E46-495C-9129-0352FA2A2C6E} -> profile=private | dir=in | action=allow | name=avgnsa.exe | app=c:\program files (x86)\avg\avg8\avgnsa.exe | {6926AEF6-8CCA-4C4E-85BA-72D48CD4A433} -> profile=private | protocol=6 | dir=in | action=allow | name=league of legends lobby | app=c:\riot games\league of legends\air\lolclient.exe | {6BF15E9A-BD27-4B71-9BF6-DABDA44D65C9} -> profile=domain | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {7AD62F3F-6ACD-409A-A0D4-9FDAC9FAAC3D} -> profile=public | protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {80A86475-8EB0-44E8-BCE3-F3D9877E7B32} -> profile=public | protocol=17 | dir=in | action=allow | name=megacubo | app=c:\program files (x86)\megacubo\megacubo.exe | {81047356-7052-4BAD-8846-9277D5FF8A42} -> profile=public | protocol=6 | dir=in | action=allow | name=google talk plugin | app=c:\users\gateway\appdata\local\google\google talk plugin\googletalkplugin.exe | {8C0EC253-32AA-4BAD-ABC9-8CEB9266A5D6} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | {8DCABF7C-EE48-463B-BC5C-3397DBFCF460} -> profile=private | dir=in | action=allow | name=avgemc.exe | app=c:\program files (x86)\avg\avg8\avgemc.exe | {90303766-0F12-45E5-8D94-FDBC342F2DA1} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {95687072-0F18-467B-8020-8590268546B4} -> profile=private | protocol=17 | dir=in | action=allow | name=the battle for middle-earth (tm) | app=c:\program files (x86)\ea games\the battle for middle-earth (tm)\game.dat | {980C9CFA-B01D-4A8F-9A44-C65D5010F671} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31325 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {984BAF93-1D84-41F7-AD0C-581A6B9952F8} -> profile=public | protocol=6 | dir=in | action=allow | name=megacubo | app=c:\program files (x86)\megacubo\megacubo.exe | {9CC97DB1-59A9-4CD8-8541-AA93ABCBA473} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {9CEEA826-0EFA-46D2-A928-695DB8A47A27} -> profile=public | protocol=6 | dir=in | action=allow | name=vncviewer.exe | app=c:\program files (x86)\ultravnc\vncviewer.exe | {9F3CB704-1DE9-44BF-9894-A2A63BCA0D63} -> profile=private | protocol=6 | dir=in | action=allow | name=megacubo | app=c:\program files (x86)\megacubo\megacubo.exe | {A07F54DE-4589-4ADE-807B-07DBF9D45B83} -> profile=private | protocol=17 | dir=in | action=allow | name=battlefield 2 | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | {A13DB8D0-8C36-4405-A4DF-A4B1E1887DDC} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {A4026C7C-43B9-4F4B-A19F-3AEF925DA133} -> profile=public | protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {A5CF718C-EA68-41FF-94A7-5073A68C872B} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {A8F143FC-23F4-4548-B0E6-34AE4CD952C6} -> profile=private | protocol=17 | dir=in | action=allow | name=assassin's creed dx10 | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | {AEBBE0F4-525C-4B2A-AD4A-9E723B975882} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {B412C5DD-6C58-48BC-98BF-5197BA78D6D9} -> profile=domain | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {B61EA1FB-31E7-4FAF-A91E-3FD129A6F3E7} -> profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-32821 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {BFAABCEC-7210-48B8-B064-C54885D384D5} -> dir=in | action=allow | name=cyberlink powerdvd | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe | {C080D053-7839-409E-AD72-FD20C2AB884C} -> profile=public | protocol=17 | dir=in | action=allow | name=google talk plugin | app=c:\users\gateway\appdata\local\google\google talk plugin\googletalkplugin.dll | {C2555977-34AB-4207-88ED-1515F8E8B197} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {C62138E4-92A5-4ADD-AD0D-D9FE5212851E} -> profile=public | protocol=17 | dir=in | action=allow | name=vncviewer.exe | app=c:\program files (x86)\ultravnc\vncviewer.exe | {CCA07B26-B3D9-43B2-BF3B-F927D69648AE} -> profile=private | protocol=17 | dir=in | action=allow | name=megacubo | app=c:\program files (x86)\megacubo\megacubo.exe | {CE264A4C-30D5-4008-86E6-08146C239AA8} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31324 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {CF0D797B-04D3-4408-A8EF-B1799EE5537C} -> profile=private | protocol=6 | dir=in | action=allow | name=the battle for middle-earth (tm) | app=c:\program files (x86)\ea games\the battle for middle-earth (tm)\game.dat | {D4D18B02-E7D1-44A1-A8E2-2E1775663D87} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {D70CBC76-89E1-440F-9F89-D2A62A706B30} -> profile=domain | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {D9291FE9-9C22-4857-A146-44BB5360024C} -> profile=private | protocol=17 | dir=in | action=allow | name=league of legends lobby | app=c:\riot games\league of legends\air\lolclient.exe | {DFA3AE43-628A-4433-845F-CCFEEFA304D8} -> profile=domain | protocol=6 | dir=out | action=allow | name=@hnetcfg.dll,-149 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {E2A812F1-AB20-4A44-86F9-8FA875F59FD6} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {E59225BD-6CA1-449E-A3E1-072E9E19FD58} -> profile=domain | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {EA2DCDFF-5812-45C6-A242-0C095F1FCE67} -> profile=private | protocol=17 | dir=in | action=allow | name=assassin's creed dx9 | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | {EAADB3B2-5F2B-43F7-991E-DD04F58445B3} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {EB061EC0-B33D-4EC7-B273-3867B30871A3} -> profile=private | protocol=6 | dir=in | action=allow | name=battlefield 2 | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | {EE7618F5-0EEF-466D-8CC1-D2411A7A4242} -> profile=private | dir=in | action=allow | name=avgupd.exe | app=c:\program files (x86)\avg\avg8\avgupd.exe | {F1E1DEB5-F3FC-4205-A9D6-52C5E24795A7} -> profile=public | protocol=17 | dir=in | action=allow | name=google talk plugin | app=c:\users\gateway\appdata\local\google\google talk plugin\googletalkplugin.exe | {F4CE0AED-E0E7-4F91-A529-4DB265BB7E58} -> profile=public | protocol=6 | dir=in | action=allow | name=street fighter iv | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe | {FE704849-BC47-49A5-8C1D-5E0F61F30855} -> profile=public | protocol=17 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | {FF01A1CB-83B8-47C7-8024-E13298583D77} -> profile=domain | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | TCP Query User{048141F6-6A35-4DD4-9397-F6DF7DD433A5}C:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe | TCP Query User{099A52E9-1DF8-4B8D-803F-490BB47358A8}C:\riot games\league of legends\lol.launcher.exe -> profile=private | protocol=6 | dir=in | action=allow | name=league of legends skinned.launcher | app=c:\riot games\league of legends\lol.launcher.exe | TCP Query User{0CF6B76C-4BF8-473E-88EB-18094D55ABBB}C:\users\gateway\alissow ots 3.6\alissowots[3.6].exe -> profile=private | protocol=6 | dir=in | action=allow | name=alissowots[3.6].exe | app=c:\users\gateway\alissow ots 3.6\alissowots[3.6].exe | TCP Query User{1244C798-9BE8-47D8-9E5B-3342F75B36DC}C:\riot games\league of legends\lol.launcher.exe -> profile=public | protocol=6 | dir=in | action=allow | name=league of legends skinned.launcher | app=c:\riot games\league of legends\lol.launcher.exe | TCP Query User{17C63982-4951-4DF7-AF38-3072DA9CB9B9}C:\users\public\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conqueros\age2_x1\age2_x1.exe | TCP Query User{1CAA6CD9-533E-4A9C-BF1D-76ACF6EC6204}C:\program files (x86)\microsoft games\age of mythology\aomx.exe -> profile=public | protocol=6 | dir=in | action=allow | name=age of mythology - the titans expansion | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | TCP Query User{2038BE4D-829E-4B99-A00A-7254768BBFFD}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=public | protocol=6 | dir=in | action=block | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe | TCP Query User{23F4FFB8-4124-4BFB-A4A6-F3CA1B51E765}C:\program files (x86)\microsoft games\age of mythology\aomx.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of mythology - the titans expansion | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | TCP Query User{2D6ED3AA-97F4-4387-A9A8-936344BC989A}C:\program files (x86)\warcraft iii\war3.exe -> profile=private | protocol=6 | dir=in | action=allow | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe | TCP Query User{2E75605D-EA40-4B3C-88AB-83C9A05AAA55}C:\program files (x86)\blizzard\diablo ii\game.exe -> profile=public | protocol=6 | dir=in | action=allow | name=diablo ii | app=c:\program files (x86)\blizzard\diablo ii\game.exe | TCP Query User{3659A0B4-73B6-48DB-81CE-D9D847A01F23}C:\users\public\worms\worms armageddon full 36290 by kira\wa.exe -> profile=public | protocol=6 | dir=in | action=allow | name=worms armageddon | app=c:\users\public\worms\worms armageddon full 36290 by kira\wa.exe | TCP Query User{3C91BE2C-5EE5-40AC-A1BE-2B057C42260C}C:\program files (x86)\garena\garena.exe -> profile=public | protocol=6 | dir=in | action=allow | name=garena | app=c:\program files (x86)\garena\garena.exe | TCP Query User{3CB9522C-CBAE-4881-B249-7ECEB8E36984}C:\windows\syswow64\dplaysvr.exe -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft directplay helper | app=c:\windows\syswow64\dplaysvr.exe | TCP Query User{444332A0-55B3-4EDB-A1FB-DFB1998EE937}C:\program files (x86)\umdchat\umdchat.exe -> profile=private | protocol=6 | dir=in | action=allow | name=umd chat | app=c:\program files (x86)\umdchat\umdchat.exe | TCP Query User{4904FB56-5475-4BC0-8F4A-38065CD1F1E4}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=block | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe | TCP Query User{4CCD317F-204F-4E9D-B582-579EF1A56945}C:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe | TCP Query User{4FC740B8-AFF4-489A-B315-A3519C50BFA5}C:\program files (x86)\ultravnc\winvnc.exe -> profile=public | protocol=6 | dir=in | action=allow | name=vnc server for win32 | app=c:\program files (x86)\ultravnc\winvnc.exe | TCP Query User{531177BA-C01C-4AAE-A02A-664EA0E2C246}C:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe -> profile=public | protocol=6 | dir=in | action=allow | name=joey_pc.exe | app=c:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe | TCP Query User{5B603BA1-FC0D-46A8-B86C-9D29F231AEA1}C:\windows\syswow64\dpnsvr.exe -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft directplay8 server | app=c:\windows\syswow64\dpnsvr.exe | TCP Query User{600490ED-4AF9-4CD3-9748-228DA4F703A5}C:\windows\syswow64\dplaysvr.exe -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft directplay helper | app=c:\windows\syswow64\dplaysvr.exe | TCP Query User{629532EE-7BBB-40F3-B063-F2D527B105F6}C:\program files (x86)\ea games\battlefield 2\bf2.exe -> profile=public | protocol=6 | dir=in | action=allow | name=bf2 | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | TCP Query User{69BB991B-8760-4FD8-9751-49C2271C2586}C:\program files (x86)\valve\hl.exe -> profile=private | protocol=6 | dir=in | action=allow | name=half-life launcher | app=c:\program files (x86)\valve\hl.exe | TCP Query User{72FDA1C2-2308-4145-9DBA-49F9FADA3F69}C:\program files (x86)\shareaza\shareaza.exe -> profile=private | protocol=6 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | TCP Query User{7BAABDF4-447D-4534-A06C-31ED3CF2EDF6}C:\program files\starcraft\starcraft.exe -> profile=private | protocol=6 | dir=in | action=allow | name=starcraft | app=c:\program files\starcraft\starcraft.exe | TCP Query User{818CC136-B738-47A9-94F7-60BE8C3F3FEB}C:\program files (x86)\warcraft iii\war3.exe -> profile=public | protocol=6 | dir=in | action=block | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe | TCP Query User{818F77DC-F574-4C86-8545-881FD7D75C3D}C:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=block | name=age2_x1.exe | app=c:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1.exe | TCP Query User{880670AF-A80E-4E1E-A56A-FB895F0795D0}C:\users\gateway\tibia\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=6 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\tibia\mamute ots\snowz ots 8.5.exe | TCP Query User{A0FE9F84-06FB-44C3-837B-28F7897EDFF3}C:\users\public\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\microsoft games\age of empires ii - the conqueros\age2_x1.exe | TCP Query User{A67C29C0-281F-4F36-BD80-84F9765FEFEB}C:\program files (x86)\garena\garena.exe -> profile=private | protocol=6 | dir=in | action=allow | name=garena | app=c:\program files (x86)\garena\garena.exe | TCP Query User{AD35C1D2-F2ED-4070-AB87-70F05147F7B0}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe | TCP Query User{AD3A700E-85BA-4DAB-BBF5-B623DA9B8C73}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe -> profile=public | protocol=6 | dir=in | action=allow | name=bf2_w32ded | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe | TCP Query User{AFB2FB79-D09E-4619-ADE2-B08A12091474}C:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe -> profile=private | protocol=6 | dir=in | action=block | name=joey_pc.exe | app=c:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe | TCP Query User{B0AF70D9-87D0-4AA3-AEF8-3E79B5BEFB2B}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=block | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe | TCP Query User{B5677D56-EE23-4D97-A868-747851E88B3C}C:\users\gateway\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=6 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\mamute ots\snowz ots 8.5.exe | TCP Query User{B67D7612-16A6-401F-B9A4-68C085015410}C:\users\gateway\alissow ots 3.6\alissowots[3.6].exe -> profile=public | protocol=6 | dir=in | action=allow | name=alissowots[3.6].exe | app=c:\users\gateway\alissow ots 3.6\alissowots[3.6].exe | TCP Query User{BB668819-1F76-4AD4-AF52-9381C8138909}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe | TCP Query User{BBDD20A3-EE1F-48CC-A211-2930090F03AA}C:\xampp\mysql\bin\mysqld.exe -> profile=private | protocol=6 | dir=in | action=allow | name=mysqld | app=c:\xampp\mysql\bin\mysqld.exe | TCP Query User{BBF2F2AE-AF72-4007-8D06-2FD306BA3AD2}C:\windows\syswow64\dpnsvr.exe -> profile=private | protocol=6 | dir=in | action=block | name=microsoft directplay8 server | app=c:\windows\syswow64\dpnsvr.exe | TCP Query User{BDA384A3-B8A2-450C-AA8D-E566605AA7B6}C:\program files (x86)\valve\hl.exe -> profile=public | protocol=6 | dir=in | action=allow | name=half-life launcher | app=c:\program files (x86)\valve\hl.exe | TCP Query User{C23625FE-3F7A-4B97-8855-A2C94DE8F69D}C:\program files (x86)\umdchat\umdchat.exe -> profile=public | protocol=6 | dir=in | action=allow | name=umd chat | app=c:\program files (x86)\umdchat\umdchat.exe | TCP Query User{CEA6565A-BF07-44EB-8E16-2A0C0C2652D1}C:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=allow | name=age2_x1.exe | app=c:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1\age2_x1.exe | TCP Query User{DB006636-DA32-4F7B-A7B3-77526B002E97}C:\program files (x86)\utorrent\utorrent.exe -> profile=private | protocol=6 | dir=in | action=allow | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe | TCP Query User{E42AC5D8-B973-43BE-81C7-6716FB032993}C:\program files (x86)\shareaza\shareaza.exe -> profile=public | protocol=6 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | TCP Query User{F4E7FA0B-C99E-4E47-9350-76DF7B2E2777}C:\users\gateway\downloads\zipados\mamute ots\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=6 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\downloads\zipados\mamute ots\mamute ots\snowz ots 8.5.exe | UDP Query User{05F68323-B61C-4AF0-941D-9798163D044A}C:\xampp\mysql\bin\mysqld.exe -> profile=private | protocol=17 | dir=in | action=allow | name=mysqld | app=c:\xampp\mysql\bin\mysqld.exe | UDP Query User{2138DEB9-F715-43FB-891F-AB432A7D6A99}C:\users\gateway\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=17 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\mamute ots\snowz ots 8.5.exe | UDP Query User{2C22FDCE-E4B0-4321-A4A6-4AA3885837A6}C:\program files (x86)\umdchat\umdchat.exe -> profile=private | protocol=17 | dir=in | action=allow | name=umd chat | app=c:\program files (x86)\umdchat\umdchat.exe | UDP Query User{318E52B3-F1A5-4887-A0F2-1FB665F02FDD}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=block | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe | UDP Query User{32A81AD8-DB2B-4655-A889-26202A110CFF}C:\program files (x86)\shareaza\shareaza.exe -> profile=private | protocol=17 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | UDP Query User{39C6035F-ED67-4C52-8C03-06963F0EE2BF}C:\users\gateway\tibia\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=17 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\tibia\mamute ots\snowz ots 8.5.exe | UDP Query User{3A8219A7-BE36-4C9E-A798-D7A6DC1C81F0}C:\program files (x86)\microsoft games\age of mythology\aomx.exe -> profile=public | protocol=17 | dir=in | action=allow | name=age of mythology - the titans expansion | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | UDP Query User{3D6F7445-5D2E-49E7-BDCF-6DC1C31B1692}C:\riot games\league of legends\lol.launcher.exe -> profile=private | protocol=17 | dir=in | action=allow | name=league of legends skinned.launcher | app=c:\riot games\league of legends\lol.launcher.exe | UDP Query User{3E829CED-C4F2-4DC9-A4E0-7C9C74735664}C:\program files (x86)\valve\hl.exe -> profile=public | protocol=17 | dir=in | action=allow | name=half-life launcher | app=c:\program files (x86)\valve\hl.exe | UDP Query User{3EA0CFD1-FD17-4433-B5E2-251F8A199032}C:\users\gateway\downloads\zipados\mamute ots\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=17 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\downloads\zipados\mamute ots\mamute ots\snowz ots 8.5.exe | UDP Query User{55B42775-DB8D-461C-BD12-FFBCF561243D}C:\program files (x86)\shareaza\shareaza.exe -> profile=public | protocol=17 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | UDP Query User{5947819C-6F9E-4EF2-9ECC-EC70B11E7CA0}C:\users\public\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conqueros\age2_x1\age2_x1.exe | UDP Query User{620D2411-D415-4F67-993B-99EEC6E3CE1F}C:\program files (x86)\valve\hl.exe -> profile=private | protocol=17 | dir=in | action=allow | name=half-life launcher | app=c:\program files (x86)\valve\hl.exe | UDP Query User{6758E069-502D-4A00-BF59-1AD5487F8CBA}C:\windows\syswow64\dpnsvr.exe -> profile=private | protocol=17 | dir=in | action=block | name=microsoft directplay8 server | app=c:\windows\syswow64\dpnsvr.exe | UDP Query User{68DAC568-4719-41C4-8BE9-7BC1E9E1B7BD}C:\windows\syswow64\dplaysvr.exe -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft directplay helper | app=c:\windows\syswow64\dplaysvr.exe | UDP Query User{69807015-A8D0-45D9-BD79-D8B65EC4B8E5}C:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe | UDP Query User{6FF14712-E995-4F76-8E44-9502E23E3C56}C:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe -> profile=public | protocol=17 | dir=in | action=allow | name=joey_pc.exe | app=c:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe | UDP Query User{6FF4B525-163B-4E4D-9964-987E72AE98D1}C:\program files (x86)\ea games\battlefield 2\bf2.exe -> profile=public | protocol=17 | dir=in | action=allow | name=bf2 | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | UDP Query User{7754EED4-28B3-4F8B-AB8A-6BC9ABBA8277}C:\program files (x86)\microsoft games\age of mythology\aomx.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of mythology - the titans expansion | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | UDP Query User{7DC2761B-41F2-402F-8FA6-9D420EB87E61}C:\program files (x86)\warcraft iii\war3.exe -> profile=public | protocol=17 | dir=in | action=block | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe | UDP Query User{83474843-F0A8-4211-A384-A63714BE7202}C:\program files (x86)\blizzard\diablo ii\game.exe -> profile=public | protocol=17 | dir=in | action=allow | name=diablo ii | app=c:\program files (x86)\blizzard\diablo ii\game.exe | UDP Query User{845F0B68-61C1-41A6-84C9-E78DC9557636}C:\users\public\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\microsoft games\age of empires ii - the conqueros\age2_x1.exe | UDP Query User{84B68B39-30B8-432A-8C25-B67D907133C0}C:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=block | name=age2_x1.exe | app=c:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1.exe | UDP Query User{88634818-F2C2-4416-ACEF-28D5CC2F234D}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe | UDP Query User{8A410474-16C7-4925-AE2B-5649FF896C41}C:\users\gateway\alissow ots 3.6\alissowots[3.6].exe -> profile=private | protocol=17 | dir=in | action=allow | name=alissowots[3.6].exe | app=c:\users\gateway\alissow ots 3.6\alissowots[3.6].exe | UDP Query User{90CEFDB5-4BAB-411D-8325-C01EF011D61E}C:\users\gateway\alissow ots 3.6\alissowots[3.6].exe -> profile=public | protocol=17 | dir=in | action=allow | name=alissowots[3.6].exe | app=c:\users\gateway\alissow ots 3.6\alissowots[3.6].exe | UDP Query User{97AAF192-9BEE-4AB3-AE63-5A81CC7E71DA}C:\program files (x86)\umdchat\umdchat.exe -> profile=public | protocol=17 | dir=in | action=allow | name=umd chat | app=c:\program files (x86)\umdchat\umdchat.exe | UDP Query User{9A23A6B7-BB6A-4E82-A7C6-BBDC41EEDF75}C:\windows\syswow64\dplaysvr.exe -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft directplay helper | app=c:\windows\syswow64\dplaysvr.exe | UDP Query User{9AB88B3D-48A5-4070-8D0C-3B38C757CE16}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe -> profile=public | protocol=17 | dir=in | action=allow | name=bf2_w32ded | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe | UDP Query User{A1655E76-892D-4F08-8764-D6F45964EC43}C:\program files (x86)\warcraft iii\war3.exe -> profile=private | protocol=17 | dir=in | action=allow | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe | UDP Query User{AF26120C-10AD-422F-986C-9AED30EC8CCD}C:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe -> profile=private | protocol=17 | dir=in | action=block | name=joey_pc.exe | app=c:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe | UDP Query User{BB545E90-EEDA-41F0-9C72-753F8D6E3A90}C:\program files (x86)\garena\garena.exe -> profile=private | protocol=17 | dir=in | action=allow | name=garena | app=c:\program files (x86)\garena\garena.exe | UDP Query User{BB75616B-1212-4782-AD67-56DAAE9D2E80}C:\program files (x86)\utorrent\utorrent.exe -> profile=private | protocol=17 | dir=in | action=allow | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe | UDP Query User{C37FF78D-D9BC-45EE-9DEB-BFB2E1F375C9}C:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe | UDP Query User{C7A3E4E4-85D8-4A8E-9BAC-D6721370BB0C}C:\riot games\league of legends\lol.launcher.exe -> profile=public | protocol=17 | dir=in | action=allow | name=league of legends skinned.launcher | app=c:\riot games\league of legends\lol.launcher.exe | UDP Query User{CAF17594-E8AC-4890-8E47-7026F6EBFBB5}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=public | protocol=17 | dir=in | action=block | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe | UDP Query User{D5EAFC64-BC3B-4475-968E-BCEAEDC2E366}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=block | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe | UDP Query User{DE1F783E-2F05-4C6F-AB5D-0C8DEF6B03F0}C:\windows\syswow64\dpnsvr.exe -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft directplay8 server | app=c:\windows\syswow64\dpnsvr.exe | UDP Query User{E36FBE02-7020-448C-B463-4DCC87C9D0A7}C:\program files (x86)\ultravnc\winvnc.exe -> profile=public | protocol=17 | dir=in | action=allow | name=vnc server for win32 | app=c:\program files (x86)\ultravnc\winvnc.exe | UDP Query User{E9FF0675-EDAF-4D22-805B-C2D81B4E7E3B}C:\users\public\worms\worms armageddon full 36290 by kira\wa.exe -> profile=public | protocol=17 | dir=in | action=allow | name=worms armageddon | app=c:\users\public\worms\worms armageddon full 36290 by kira\wa.exe | UDP Query User{EA1AC7A0-9FDD-410E-98B0-4D99FB5061F3}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe | UDP Query User{F138E513-520C-48D3-A58E-A603FC52E089}C:\program files\starcraft\starcraft.exe -> profile=private | protocol=17 | dir=in | action=allow | name=starcraft | app=c:\program files\starcraft\starcraft.exe | UDP Query User{F1AF81DD-59DC-40AE-8FCF-F77D2FBC83B0}C:\program files (x86)\garena\garena.exe -> profile=public | protocol=17 | dir=in | action=allow | name=garena | app=c:\program files (x86)\garena\garena.exe | UDP Query User{FC98E82F-CA48-4E8E-B24E-C1483E8E3761}C:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=allow | name=age2_x1.exe | app=c:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1\age2_x1.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->"AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/20 23:46:54 | 000,079,872 | ---- | M] ()< Drives with AutoRun files > -> -> C:\Autodesk [] -> C:\Autodesk [ NTFS ] -> [2009/07/23 14:20:56 | 000,000,000 | ---D | M]< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{2df5f055-88dc-11de-a833-001d72f1d513}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2df5f055-88dc-11de-a833-001d72f1d513}\shell\{2df5f055-88dc-11de-a833-001d72f1d513}\shell\\"" -> [AutoRun] -> File not foundHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2df5f055-88dc-11de-a833-001d72f1d513}\shell\AutoRun\command\{2df5f055-88dc-11de-a833-001d72f1d513}\shell\AutoRun\command\\"" -> H:\SETUP.EXE [H:\SETUP.EXE] -> File not found\{4cd184db-87fd-11de-8bfb-00216b1085b2}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cd184db-87fd-11de-8bfb-00216b1085b2}\shell\{4cd184db-87fd-11de-8bfb-00216b1085b2}\shell\\"" -> [AutoRun] -> File not foundHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cd184db-87fd-11de-8bfb-00216b1085b2}\shell\AutoRun\command\{4cd184db-87fd-11de-8bfb-00216b1085b2}\shell\AutoRun\command\\"" -> G:\SETUP.EXE [G:\SETUP.EXE] -> File not found\{4d7902bb-77d0-11de-99f1-00216b1085b2}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d7902bb-77d0-11de-99f1-00216b1085b2}\shell\AutoRun\command\{4d7902bb-77d0-11de-99f1-00216b1085b2}\shell\AutoRun\command\\"" -> [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe] -> File not found\{4d7902bb-77d0-11de-99f1-00216b1085b2}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d7902bb-77d0-11de-99f1-00216b1085b2}\shell\open\command\{4d7902bb-77d0-11de-99f1-00216b1085b2}\shell\open\command\\"" -> [RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe] -> File not found\{e1d78625-4ba8-11de-ab6b-001d72f1d513}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1d78625-4ba8-11de-ab6b-001d72f1d513}\shell\AutoRun\command\{e1d78625-4ba8-11de-ab6b-001d72f1d513}\shell\AutoRun\command\\"" -> F:\Autorun.exe [F:\Autorun.exe /run] -> File not found\{e1d78625-4ba8-11de-ab6b-001d72f1d513}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1d78625-4ba8-11de-ab6b-001d72f1d513}\shell\Shell00\Command\{e1d78625-4ba8-11de-ab6b-001d72f1d513}\shell\Shell00\Command\\"" -> F:\Autorun.exe [F:\Autorun.exe /run] -> File not found\{e1d78625-4ba8-11de-ab6b-001d72f1d513}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1d78625-4ba8-11de-ab6b-001d72f1d513}\shell\Shell01\Command\{e1d78625-4ba8-11de-ab6b-001d72f1d513}\shell\Shell01\Command\\"" -> F:\Autorun.exe [F:\Autorun.exe /action] -> File not found\{e1d78625-4ba8-11de-ab6b-001d72f1d513}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1d78625-4ba8-11de-ab6b-001d72f1d513}\shell\Shell02\Command\{e1d78625-4ba8-11de-ab6b-001d72f1d513}\shell\Shell02\Command\\"" -> F:\Autorun.exe [F:\Autorun.exe /uninstall] -> File not found< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found64bit-exefile [open] -> "%1" %* -> File not foundcomfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Gateway\OTS.exe -> [2010/04/05 21:40:14 | 000,638,976 | ---- | C] (OldTimer Tools) Denise -> C:\Users\Gateway\Denise -> [2010/04/01 20:54:03 | 000,000,000 | ---D | C] HiJackThis -> C:\Users\Gateway\HiJackThis -> [2010/03/31 10:53:11 | 000,000,000 | ---D | C] HiJackThis.exe -> C:\HiJackThis.exe -> [2010/03/25 23:54:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) 3Planesoft_Screensaver_Manager.scr -> C:\Windows\SysWow64\3Planesoft_Screensaver_Manager.scr -> [2010/03/19 16:28:54 | 000,684,032 | ---- | C] (3Planesoft) 3Planesoft Screensaver Manager -> C:\Program Files (x86)\3Planesoft Screensaver Manager -> [2010/03/19 16:28:54 | 000,000,000 | ---D | C] 3Planesoft -> C:\ProgramData\3Planesoft -> [2010/03/19 16:28:54 | 000,000,000 | ---D | C] Sun_Village_NV_3D_Screensaver.scr -> C:\Windows\SysWow64\Sun_Village_NV_3D_Screensaver.scr -> [2010/03/19 16:28:44 | 000,587,776 | ---- | C] (3Planesoft) Sun Village NV 3D Screensaver -> C:\Program Files (x86)\Sun Village NV 3D Screensaver -> [2010/03/19 16:28:44 | 000,000,000 | ---D | C] CCleaner -> C:\Program Files (x86)\CCleaner -> [2010/03/19 12:43:04 | 000,000,000 | ---D | C] Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2010/03/19 11:40:37 | 000,000,000 | ---D | C] NVIDIA Corporation -> C:\Program Files\NVIDIA Corporation -> [2010/03/19 11:24:09 | 000,000,000 | ---D | C] NVIDIA Corporation -> C:\Users\Gateway\AppData\Local\NVIDIA Corporation -> [2010/03/19 11:24:08 | 000,000,000 | ---D | C] NVIDIA Corporation -> C:\Program Files (x86)\NVIDIA Corporation -> [2010/03/19 11:23:25 | 000,000,000 | ---D | C] OpenCL.dll -> C:\Windows\SysWow64\OpenCL.dll -> [2010/03/18 22:38:39 | 000,076,392 | ---- | C] (Khronos Group) NVIDIA -> C:\Users\Gateway\AppData\Roaming\NVIDIA -> [2010/03/18 21:52:38 | 000,000,000 | ---D | C] Valve -> C:\Program Files (x86)\Valve -> [2010/03/18 19:18:33 | 000,000,000 | ---D | C] Pixologic -> C:\Program Files (x86)\Pixologic -> [2010/03/12 13:07:28 | 000,000,000 | ---D | C] Downloaded Installations -> C:\Users\Gateway\AppData\Local\Downloaded Installations -> [2010/03/12 13:04:44 | 000,000,000 | ---D | C] ScUnin.exe -> C:\Windows\ScUnin.exe -> [2010/03/10 15:45:57 | 000,070,656 | ---- | C] (Blizzard Entertainment) Starcraft -> C:\Program Files\Starcraft -> [2010/03/10 15:45:54 | 000,000,000 | ---D | C] My Chat Logs -> C:\Users\Gateway\Documents\My Chat Logs -> [2010/03/08 18:26:16 | 000,000,000 | ---D | C] 1 C:\Users\Gateway\AppData\Local\*.tmp files -> C:\Users\Gateway\AppData\Local\*.tmp -> [Files/Folders - Modified Within 30 Days] ntuser.dat -> C:\Users\Gateway\ntuser.dat -> [2010/04/05 21:46:48 | 006,029,312 | -HS- | M] () User_Feed_Synchronization-{52B7CACA-1635-4473-98AC-A40D57DF97DD}.job -> C:\Windows\tasks\User_Feed_Synchronization-{52B7CACA-1635-4473-98AC-A40D57DF97DD}.job -> [2010/04/05 21:45:45 | 000,000,434 | -H-- | M] () OTS.exe -> C:\Users\Gateway\OTS.exe -> [2010/04/05 21:40:19 | 000,638,976 | ---- | M] (OldTimer Tools) PilhaPonteiro.pas -> C:\Users\Gateway\Desktop\PilhaPonteiro.pas -> [2010/04/05 21:30:06 | 000,002,897 | ---- | M] () nvModes.dat -> C:\ProgramData\nvModes.dat -> [2010/04/05 21:05:07 | 000,053,021 | ---- | M] () nvModes.001 -> C:\ProgramData\nvModes.001 -> [2010/04/05 21:05:07 | 000,053,021 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-361280648-2570976795-4106338221-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-361280648-2570976795-4106338221-1000UA.job -> [2010/04/05 20:55:00 | 000,001,062 | ---- | M] () PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/04/05 20:40:34 | 000,690,960 | ---- | M] () perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/04/05 20:40:34 | 000,595,684 | ---- | M] () perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/04/05 20:40:34 | 000,101,350 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/05 19:57:11 | 000,003,216 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/05 19:57:11 | 000,003,216 | -H-- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Gateway\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/04/05 17:51:47 | 000,144,896 | ---- | M] () incavi.avm -> C:\Windows\SysNative\drivers\Avg\incavi.avm -> [2010/04/05 17:24:25 | 058,576,358 | ---- | M] () NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2010/04/05 13:30:19 | 000,000,069 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-361280648-2570976795-4106338221-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-361280648-2570976795-4106338221-1000Core.job -> [2010/04/05 08:55:00 | 000,001,010 | ---- | M] () LogConfigTemp.xml -> C:\Windows\SysNative\LogConfigTemp.xml -> [2010/04/05 07:57:16 | 000,000,000 | ---- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/04/05 07:57:13 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/04/05 07:57:11 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/04/05 07:57:09 | 4289,601,536 | -HS- | M] () ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Gateway\ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TMContainer00000000000000000001.regtrans-ms -> [2010/04/04 17:11:19 | 000,524,288 | -HS- | M] () ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TM.blf -> C:\Users\Gateway\ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TM.blf -> [2010/04/04 17:11:19 | 000,065,536 | -HS- | M] () IconCache.db -> C:\Users\Gateway\AppData\Local\IconCache.db -> [2010/04/04 17:11:11 | 004,984,526 | -H-- | M] () mtfk_card.jpg -> C:\Users\Gateway\mtfk_card.jpg -> [2010/03/29 23:21:10 | 000,154,367 | ---- | M] () 466px-Kamehameha_DB_scheme.svg.png -> C:\Users\Gateway\466px-Kamehameha_DB_scheme.svg.png -> [2010/03/29 21:21:19 | 000,041,102 | ---- | M] () mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/03/29 15:24:46 | 000,024,664 | ---- | M] () me.jpg -> C:\Users\Gateway\me.jpg -> [2010/03/29 13:16:39 | 000,002,484 | ---- | M] () HiJackThis.exe -> C:\HiJackThis.exe -> [2010/03/25 23:54:24 | 000,401,720 | ---- | M] (Trend Micro Inc.) tutorial Mysql.docx -> C:\Users\Gateway\Documents\tutorial Mysql.docx -> [2010/03/22 22:00:32 | 000,015,092 | ---- | M] () FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/03/20 12:36:15 | 003,055,840 | ---- | M] () GDIPFONTCACHEV1.DAT -> C:\Users\Gateway\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/03/19 16:05:19 | 000,134,152 | ---- | M] () cc_20100319_125514.reg -> C:\Users\Gateway\Documents\cc_20100319_125514.reg -> [2010/03/19 12:55:53 | 002,356,220 | ---- | M] () d3d9caps.dat -> C:\Users\Gateway\AppData\Local\d3d9caps.dat -> [2010/03/19 11:36:44 | 000,001,356 | ---- | M] () d3d9caps64.dat -> C:\Users\Gateway\AppData\Local\d3d9caps64.dat -> [2010/03/19 11:36:42 | 000,001,460 | ---- | M] () mapaAmorMedico.jpg -> C:\Users\Gateway\mapaAmorMedico.jpg -> [2010/03/11 20:36:13 | 000,036,387 | ---- | M] () currículo David Asbahr Pedoneze.doc -> C:\Users\Gateway\Documents\currículo David Asbahr Pedoneze.doc -> [2010/03/11 19:46:16 | 000,029,184 | ---- | M] () scunin.dat -> C:\Windows\scunin.dat -> [2010/03/10 15:48:32 | 000,034,046 | ---- | M] () ScUnin.exe -> C:\Windows\ScUnin.exe -> [2010/03/10 15:48:31 | 000,070,656 | ---- | M] (Blizzard Entertainment) ScUnin.pif -> C:\Windows\ScUnin.pif -> [2010/03/10 15:48:31 | 000,000,967 | ---- | M] () ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Gateway\ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TMContainer00000000000000000002.regtrans-ms -> [2010/03/09 02:15:21 | 000,524,288 | -HS- | M] () NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Gateway\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> [2010/03/08 11:07:20 | 000,524,288 | -HS- | M] () NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> C:\Users\Gateway\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> [2010/03/08 11:07:20 | 000,065,536 | -HS- | M] () 1 C:\Users\Gateway\AppData\Local\*.tmp files -> C:\Users\Gateway\AppData\Local\*.tmp -> [Files - No Company Name] PilhaPonteiro.pas -> C:\Users\Gateway\Desktop\PilhaPonteiro.pas -> [2010/04/05 21:37:57 | 000,002,897 | ---- | C] () gastos.txt -> C:\Users\Gateway\gastos.txt -> [2010/04/05 11:13:07 | 000,000,204 | ---- | C] () X-Men VS Street Fighter.exe -> C:\Users\Gateway\Desktop\X-Men VS Street Fighter.exe -> [2010/04/02 14:14:25 | 019,482,291 | ---- | C] () mtfk_card.jpg -> C:\Users\Gateway\mtfk_card.jpg -> [2010/03/29 23:21:10 | 000,154,367 | ---- | C] () 466px-Kamehameha_DB_scheme.svg.png -> C:\Users\Gateway\466px-Kamehameha_DB_scheme.svg.png -> [2010/03/29 21:21:16 | 000,041,102 | ---- | C] () me.jpg -> C:\Users\Gateway\me.jpg -> [2010/03/29 13:16:39 | 000,002,484 | ---- | C] () zmtl02.rtf -> C:\Users\Public\Documents\zmtl02.rtf -> [2010/03/21 07:31:04 | 000,000,719 | -HS- | C] () cc_20100319_125514.reg -> C:\Users\Gateway\Documents\cc_20100319_125514.reg -> [2010/03/19 12:55:16 | 002,356,220 | ---- | C] () nvModes.001 -> C:\ProgramData\nvModes.001 -> [2010/03/19 11:55:49 | 000,053,021 | ---- | C] () nvModes.dat -> C:\ProgramData\nvModes.dat -> [2010/03/19 11:55:23 | 000,053,021 | ---- | C] () hiberfil.sys -> C:\hiberfil.sys -> [2010/03/19 11:54:52 | 4289,601,536 | -HS- | C] () nvhda64v.sys -> C:\Windows\SysNative\drivers\nvhda64v.sys -> [2010/03/19 11:42:23 | 000,084,584 | ---- | C] () nvapo64v.dll -> C:\Windows\SysNative\nvapo64v.dll -> [2010/03/19 11:42:23 | 000,062,976 | ---- | C] () nvhdap64.dll -> C:\Windows\SysNative\nvhdap64.dll -> [2010/03/19 11:42:23 | 000,022,528 | ---- | C] () nvwgf2umx.dll -> C:\Windows\SysNative\nvwgf2umx.dll -> [2010/03/18 22:38:39 | 005,915,752 | ---- | C] () OpenCL.dll -> C:\Windows\SysNative\OpenCL.dll -> [2010/03/18 22:38:39 | 000,076,904 | ---- | C] () nvBridge.kmd -> C:\Windows\SysNative\drivers\nvBridge.kmd -> [2010/03/18 22:38:39 | 000,011,240 | ---- | C] () nvinfo.pb -> C:\Windows\SysNative\nvinfo.pb -> [2010/03/18 22:38:39 | 000,008,862 | ---- | C] () nvoglv64.dll -> C:\Windows\SysNative\nvoglv64.dll -> [2010/03/18 22:38:37 | 019,223,144 | ---- | C] () nvd3dumx.dll -> C:\Windows\SysNative\nvd3dumx.dll -> [2010/03/18 22:38:34 | 011,775,080 | ---- | C] () nvcuda.dll -> C:\Windows\SysNative\nvcuda.dll -> [2010/03/18 22:38:32 | 005,347,944 | ---- | C] () nvcuvid.dll -> C:\Windows\SysNative\nvcuvid.dll -> [2010/03/18 22:38:32 | 002,332,264 | ---- | C] () nvcuvenc.dll -> C:\Windows\SysNative\nvcuvenc.dll -> [2010/03/18 22:38:32 | 002,028,136 | ---- | C] () nvcompiler.dll -> C:\Windows\SysNative\nvcompiler.dll -> [2010/03/18 22:38:30 | 015,874,664 | ---- | C] () nvcod178.dll -> C:\Windows\SysNative\nvcod178.dll -> [2010/03/18 22:38:30 | 000,202,344 | ---- | C] () nvcod.dll -> C:\Windows\SysNative\nvcod.dll -> [2010/03/18 22:38:30 | 000,202,344 | ---- | C] () nvapi64.dll -> C:\Windows\SysNative\nvapi64.dll -> [2010/03/18 22:38:29 | 001,541,736 | ---- | C] () mapaAmorMedico.jpg -> C:\Users\Gateway\mapaAmorMedico.jpg -> [2010/03/11 20:36:13 | 000,036,387 | ---- | C] () currículo David Asbahr Pedoneze.doc -> C:\Users\Gateway\Documents\currículo David Asbahr Pedoneze.doc -> [2010/03/11 19:46:16 | 000,029,184 | ---- | C] () scunin.dat -> C:\Windows\scunin.dat -> [2010/03/10 15:45:59 | 000,034,046 | ---- | C] () ScUnin.pif -> C:\Windows\ScUnin.pif -> [2010/03/10 15:45:57 | 000,000,967 | ---- | C] () REP.txt -> C:\Users\Gateway\REP.txt -> [2010/03/09 18:59:09 | 000,000,016 | ---- | C] () ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\Gateway\ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TMContainer00000000000000000002.regtrans-ms -> [2010/03/08 18:19:41 | 000,524,288 | -HS- | C] () ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Gateway\ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TMContainer00000000000000000001.regtrans-ms -> [2010/03/08 18:19:41 | 000,524,288 | -HS- | C] () ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TM.blf -> C:\Users\Gateway\ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TM.blf -> [2010/03/08 18:19:41 | 000,065,536 | -HS- | C] () SIntfNT.dll -> C:\Windows\SysWow64\SIntfNT.dll -> [2009/08/13 08:51:47 | 000,021,840 | ---- | C] () SIntf32.dll -> C:\Windows\SysWow64\SIntf32.dll -> [2009/08/13 08:51:47 | 000,017,212 | ---- | C] () SIntf16.dll -> C:\Windows\SysWow64\SIntf16.dll -> [2009/08/13 08:51:47 | 000,012,067 | ---- | C] () CmdLineExt03.dll -> C:\Windows\SysWow64\CmdLineExt03.dll -> [2009/08/13 08:37:10 | 000,043,520 | ---- | C] () NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2009/08/03 15:27:08 | 000,000,069 | ---- | C] () mjpcodec.dll -> C:\Windows\SysWow64\mjpcodec.dll -> [2009/06/29 18:20:04 | 000,061,440 | ---- | C] () nfsc_patch.ini -> C:\Windows\nfsc_patch.ini -> [2009/05/25 20:44:30 | 000,000,058 | ---- | C] () xlive.dll.cat -> C:\Windows\SysWow64\xlive.dll.cat -> [2009/04/21 23:19:06 | 000,172,173 | ---- | C] () ff_vfw.dll -> C:\Windows\SysWow64\ff_vfw.dll -> [2009/04/02 15:21:50 | 000,084,480 | ---- | C] () xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2008/12/07 14:08:04 | 000,130,048 | ---- | C] () AgCPanelTraditionalChinese.dll -> C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll -> [2008/10/07 14:13:22 | 000,058,648 | ---- | C] () AgCPanelSwedish.dll -> C:\Windows\SysWow64\AgCPanelSwedish.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelSpanish.dll -> C:\Windows\SysWow64\AgCPanelSpanish.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelSimplifiedChinese.dll -> C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelPortugese.dll -> C:\Windows\SysWow64\AgCPanelPortugese.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelKorean.dll -> C:\Windows\SysWow64\AgCPanelKorean.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelJapanese.dll -> C:\Windows\SysWow64\AgCPanelJapanese.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelGerman.dll -> C:\Windows\SysWow64\AgCPanelGerman.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelFrench.dll -> C:\Windows\SysWow64\AgCPanelFrench.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () ff_vfw.dll.manifest -> C:\Windows\SysWow64\ff_vfw.dll.manifest -> [2008/09/12 16:21:02 | 000,000,547 | ---- | C] () physxcudart_20.dll -> C:\Windows\SysWow64\physxcudart_20.dll -> [2008/06/05 13:58:26 | 000,197,912 | ---- | C] () xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2008/04/27 10:33:36 | 000,765,952 | ---- | C] () tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 23:50:05 | 000,060,124 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/20 23:49:49 | 000,368,640 | ---- | C] () AviSplitter.INI -> C:\Windows\AviSplitter.INI -> [2007/02/05 20:05:26 | 000,000,038 | ---- | C] () SSCProt.dll -> C:\Windows\SysWow64\SSCProt.dll -> [2007/01/10 07:44:26 | 001,457,024 | R--- | C] () GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 12:07:25 | 000,030,808 | ---- | C] () GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 12:07:25 | 000,029,779 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 12:07:25 | 000,026,489 | ---- | C] () GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 12:07:25 | 000,026,040 | ---- | C] () unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2002/10/15 19:54:04 | 000,153,088 | ---- | C] ()< End of report > Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Abril 8, 2010 Execute o OTS.exe by OldTimer. Na caixa Paste Fix Here do lado direito do OTS, cole o que está dentro do CODE: [Unregister Dlls][Registry - Safe List]< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2YN -> \{2df5f055-88dc-11de-a833-001d72f1d513} -> YN -> \{4cd184db-87fd-11de-8bfb-00216b1085b2} -> YN -> \{4d7902bb-77d0-11de-99f1-00216b1085b2} -> YN -> \{e1d78625-4ba8-11de-ab6b-001d72f1d513} -> [Empty Temp Folders] Clique no botão . Aguarde o Fix terminar. Tenha paciência pois pode demorar um certo tempo. Dê o OK para que o PC reinicie. Depois que reiniciar, quando começar a carregar o SO, aparecerá uma janela pedindo que autorize que seja executado o OTS.exe. Permita. Então abrirá um log. O log é salvo em C:\_OTS\MovedFiles\ O seu nome significa o dia e a hora que foi gerado: data_hora.log Ex: 02232010_165746.log Selecione, copie e cole o conteúdo deste log na sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
ONeW 0 Denunciar post Postado Abril 8, 2010 All Processes Killed[Registry - Safe List] Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2df5f055-88dc-11de-a833-001d72f1d513}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2df5f055-88dc-11de-a833-001d72f1d513}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cd184db-87fd-11de-8bfb-00216b1085b2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4cd184db-87fd-11de-8bfb-00216b1085b2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d7902bb-77d0-11de-99f1-00216b1085b2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d7902bb-77d0-11de-99f1-00216b1085b2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1d78625-4ba8-11de-ab6b-001d72f1d513}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1d78625-4ba8-11de-ab6b-001d72f1d513}\ not found. [Empty Temp Folders] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41044 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gateway ->Temp folder emptied: 54222400 bytes ->Temporary Internet Files folder emptied: 1810612 bytes ->Java cache emptied: 49728521 bytes ->FireFox cache emptied: 36739315 bytes ->Google Chrome cache emptied: 7347016 bytes ->Flash cache emptied: 54193 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2076 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2385996 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 25494360 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 170,00 mb < End of fix log > OTS by OldTimer - Version 3.1.28.0 fix logfile created on 04082010_000315 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9IKSMB5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQMPNV17\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG476YQ2\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KS1KUKP\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot. Registry entries deleted on Reboot... Obrigado mais uma vez Sam Spade pelo acompanhamento! Ps, quando rodei o OTS.exe, eu utilizei o mesmo processo do post de 02 abril 2010 - 13:37 (primeira vez que utilizei o OTS). Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Abril 8, 2010 Clique com o direito do mouse sobre o OTS.exe e depois clique em Executar como > Administrador e confirme. Marque estas opções: Scan All Users Use Company Name Whitelist / Skip Microsoft files Na seção Additional Scans:Marque as caixas Reg - Drivers32 Reg - NetSvcs Clique no botão Run Scan Aguarde enquanto a ferramenta examina seu pc. Quando terminar, o bloco de notas será aberto, com algumas informações. Feche o bloco de notas e também o OTS.exe O log ficou salvo na mesma pasta onde está o OTS.exe (ou seja, na sua área de trabalho), com o nome OTS.txt. Selecione, copie e cole o seu conteúdo na sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
ONeW 0 Denunciar post Postado Abril 8, 2010 OTS logfile created on: 08/04/2010 18:21:40 - Run 2OTS by OldTimer - Version 3.1.28.0 Folder = C:\Users\Gateway64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18828)Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 286,37 Gb Total Space | 62,97 Gb Free Space | 21,99% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: DAVID-NOTEBOOKCurrent User Name: GatewayLogged in as Administrator. Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 30 Days [Processes - Safe List]ots.exe -> C:\Users\Gateway\OTS.exe -> [2010/04/05 21:40:19 | 000,638,976 | ---- | M] (OldTimer Tools)chrome.exe -> C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe -> [2010/03/28 00:13:16 | 000,530,416 | ---- | M] (Google Inc.)avgcsrvx.exe -> C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe -> [2009/08/22 21:06:14 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009/08/22 21:06:03 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)avgemc.exe -> C:\Program Files (x86)\AVG\AVG8\avgemc.exe -> [2009/08/22 21:06:00 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)mysqld.exe -> C:\xampp\mysql\bin\mysqld.exe -> [2009/03/16 08:29:28 | 006,562,432 | ---- | M] ()httpd.exe -> C:\xampp\apache\bin\httpd.exe -> [2008/12/09 20:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation)httpd.exe -> c:\xampp\apache\bin\httpd.exe -> [2008/12/09 20:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation)iaantmon.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2008/04/15 22:54:42 | 000,354,840 | ---- | M] (Intel Corporation)iaanotif.exe -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2008/04/15 22:54:40 | 000,178,712 | ---- | M] (Intel Corporation)conime.exe -> C:\Windows\SysWOW64\conime.exe -> [2008/01/20 23:49:12 | 000,069,120 | ---- | M] (Microsoft Corporation)clocx.exe -> C:\Program Files (x86)\ClocX\ClocX.exe -> [2007/07/26 12:43:14 | 000,270,336 | ---- | M] (BonSoft)o2flash.exe -> C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007/02/12 05:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Modules - Safe List]ots.exe -> C:\Users\Gateway\OTS.exe -> [2010/04/05 21:40:19 | 000,638,976 | ---- | M] (OldTimer Tools)comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2008/01/20 23:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation)comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll -> [2008/01/20 23:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation)sptip.dll -> C:\Windows\IME\SPTIP.DLL -> [2008/01/20 23:47:36 | 000,130,560 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List](ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -> [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia)(UpdateCenterService) Update Center Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -> [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA)(nTuneService) Performance Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -> [2009/11/06 13:13:20 | 000,276,584 | ---- | M] (NVIDIA)(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/10/02 14:25:13 | 000,655,624 | ---- | M] (Acresso Software Inc.)(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\Windows\SysWow64\GameMon.des -> [2009/08/30 21:05:00 | 003,389,720 | ---- | M] (INCA Internet Co., Ltd.)(avg8wd) AVG Free8 WatchDog [Auto | Running] -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009/08/22 21:06:03 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)(avg8emc) AVG Free8 E-mail Scanner [Auto | Running] -> C:\Program Files (x86)\AVG\AVG8\avgemc.exe -> [2009/08/22 21:06:00 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)(SeaPort) SeaPort [Auto | Running] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation)(MySQL) MySQL [Auto | Running] -> C:\xampp\mysql\bin\mysqld.exe -> [2009/03/16 08:29:28 | 006,562,432 | ---- | M] ()(Apache2.2) Apache2.2 [Auto | Running] -> c:\xampp\apache\bin\httpd.exe -> [2008/12/09 20:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation)(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 15:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation)(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2008/04/15 22:54:42 | 000,354,840 | ---- | M] (Intel Corporation)(o2flash) O2Micro Flash Memory Card Service [Auto | Running] -> C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -> [2007/02/12 05:43:44 | 000,065,536 | ---- | M] (O2Micro International)(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2006/11/02 10:34:14 | 000,000,000 | ---D | M](vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2006/11/02 03:35:15 | 000,060,994 | ---- | M] ()(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vss.mof -> [2006/11/02 03:35:15 | 000,055,846 | ---- | M] () [Driver Services - Safe List](adfs) adfs [Kernel | Auto | Running] -> C:\Windows\SysWOW64\drivers\adfs.sys -> [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.)(int15) int15 [Kernel | Auto | Running] -> C:\Windows\SysWOW64\drivers\int15_64.sys -> [2008/07/16 18:56:06 | 000,017,952 | ---- | M] (Acer, Inc.)(Tcpip) TCP/IP Protocol Driver [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2006/09/18 18:36:40 | 000,003,066 | ---- | M] ()(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2006/09/18 18:35:23 | 000,001,088 | ---- | M] ()(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\Windows\SysWOW64\mdmxsdk.dll -> [2006/06/19 02:26:50 | 000,094,208 | ---- | M] (Conexant)(npkcrypt) npkcrypt [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\gravity\Ragnarok Online\npkcrypt.sys -> [2005/09/06 12:29:16 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.)(NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\npptNT2.sys -> [2005/01/03 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Registry - Safe List]< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: Main\\"Default_Page_URL" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: Main\\"SearchDefaultBranded" -> 1 -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: Main\\"Start Page" -> http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0209&m=p-7807u -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: Main\\"StartPageCache" -> 1 -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\: "ProxyOverride" -> local -> < FireFox Settings [Prefs.js] > -> C:\Users\Gateway\AppData\Roaming\Mozilla\FireFox\Profiles\51f7xdjz.default\prefs.js -> browser.search.useDBForOrder -> true ->browser.startup.homepage -> "http://www.google.com" ->extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429 ->extensions.enabledItems -> {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22 ->extensions.enabledItems -> fdm_ffext@freedownloadmanager.org:1.3.4 ->extensions.enabledItems -> {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.10.4 ->extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 ->extensions.enabledItems -> {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:2.9.2 ->extensions.enabledItems -> {37fa1426-b82d-11db-8314-0800200c9a66}:2.3.3 ->network.proxy.backup.ftp -> "" ->network.proxy.backup.ftp_port -> 0 ->network.proxy.backup.gopher -> "" ->network.proxy.backup.gopher_port -> 0 ->network.proxy.backup.socks -> "" ->network.proxy.backup.socks_port -> 0 ->network.proxy.backup.ssl -> "" ->network.proxy.backup.ssl_port -> 0 ->network.proxy.ftp -> "66.167.100.59" ->network.proxy.ftp_port -> 6649 ->network.proxy.gopher -> "66.167.100.59" ->network.proxy.gopher_port -> 6649 ->network.proxy.http -> "66.167.100.59" ->network.proxy.http_port -> 6649 ->network.proxy.share_proxy_settings -> true ->network.proxy.socks -> "66.167.100.59" ->network.proxy.socks_port -> 6649 ->network.proxy.ssl -> "66.167.100.59" ->network.proxy.ssl_port -> 6649 ->< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\MozillaHKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files (x86)\AVG\AVG8\Firefox [C:\PROGRAM FILES (X86)\AVG\AVG8\FIREFOX] -> [2009/12/23 08:14:54 | 000,000,000 | ---D | M]HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} -> C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION\ [C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION\] -> [2010/02/19 12:38:49 | 000,000,000 | ---D | M]HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/06 11:56:46 | 000,000,000 | ---D | M]HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/04/06 11:56:46 | 000,000,000 | ---D | M]HKLM\software\mozilla\Thunderbird\Extensions -> -> HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74} -> C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\THUNDERBIRD CONNECTOR\THUNDERBIRDEXTENSION\ [C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\THUNDERBIRD CONNECTOR\THUNDERBIRDEXTENSION\] -> [2010/02/19 12:38:50 | 000,000,000 | ---D | M]< FireFox Extensions [User Folders] > -> -> C:\Users\Gateway\AppData\Roaming\mozilla\Extensions -> [2009/05/23 01:58:18 | 000,000,000 | ---D | M] -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions -> [2010/04/08 12:54:35 | 000,000,000 | ---D | M]TwitterBar -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37} -> [2010/03/29 17:59:14 | 000,000,000 | ---D | M]Microsoft .NET Framework Assistant -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/17 15:15:22 | 000,000,000 | ---D | M]WebMail Notifier -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66} -> [2010/03/29 17:59:16 | 000,000,000 | ---D | M]No name found -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} -> [2010/03/29 17:59:16 | 000,000,000 | ---D | M]No name found -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\{BC6B52D8-7539-11DE-BBD9-E31156D89593} -> [2009/08/03 15:00:24 | 000,000,000 | ---D | M] -> C:\Users\Gateway\AppData\Roaming\mozilla\Firefox\Profiles\51f7xdjz.default\extensions\twitternotifier@naan.net -> [2010/03/29 17:59:13 | 000,000,000 | ---D | M]< FireFox SearchPlugins [User Folders] > -> daemon-search.xml -> C:\Users\Gateway\AppData\Roaming\Mozilla\FireFox\Profiles\51f7xdjz.default\searchplugins\daemon-search.xml -> [2009/05/23 23:36:58 | 000,002,399 | ---- | M] ()< FireFox Extensions [Program Folders] > -> -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2009/12/28 11:00:30 | 000,000,000 | ---D | M]< HOSTS File > ([2009/10/24 14:44:32 | 000,000,814 | ---- | M] - 22 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> Reset Hosts127.0.0.1 localhost::1 localhost127.0.0.1 adobeereg.com127.0.0.1 activate.adobe.com< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/12/12 08:29:51 | 001,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.){5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 000,137,600 | ---- | M] (Microsoft Corporation){9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Auxiliar de Conexão do Windows Live] -> [2009/01/22 15:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation){AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/05/24 20:02:14 | 000,259,696 | ---- | M] (Google Inc.){AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/05/24 20:05:52 | 000,668,656 | ---- | M] (Google Inc.){C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> [2009/05/24 20:02:12 | 000,470,512 | ---- | M] (Google Inc.){CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/12/30 02:03:26 | 000,098,304 | ---- | M] (){E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/05/24 20:02:14 | 000,259,696 | ---- | M] (Google Inc.)< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 18:17:46 | 001,068,904 | ---- | M] (Microsoft Corporation)WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/05/24 20:02:14 | 000,259,696 | ---- | M] (Google Inc.)WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "eRecoveryService" -> [] -> File not found< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 23:47:33 | 001,233,920 | ---- | M] (Microsoft Corporation)"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 23:47:52 | 002,153,472 | ---- | M] (Microsoft Corporation)< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2008/01/20 23:47:33 | 001,233,920 | ---- | M] (Microsoft Corporation)"WindowsWelcomeCenter" -> C:\Windows\SysWow64\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2008/01/20 23:47:52 | 002,153,472 | ---- | M] (Microsoft Corporation)< Run [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "" -> [] -> File not found"AdobeBridge" -> [] -> File not found"msnmsgr" -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/07/26 15:44:26 | 003,883,840 | ---- | M] (Microsoft Corporation)< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoActiveDesktop" -> [1] -> File not found< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\SystemHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun" -> [145] -> File not found< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\"LogonHoursAction" -> [2] -> File not found\\"DontDisplayLogonHoursWarnings" -> [1] -> File not found< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> Baixar com o Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dllink.htm [file://C:\Program Files (x86)\Free Download Manager\dllink.htm] -> [2007/06/02 13:25:02 | 000,002,140 | ---- | M] ()Baixar tudo com o Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlall.htm [file://C:\Program Files (x86)\Free Download Manager\dlall.htm] -> [2007/06/02 13:25:02 | 000,000,893 | ---- | M] ()Baixar vídeo com o Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlfvideo.htm [file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm] -> [2007/07/27 01:34:42 | 000,001,706 | ---- | M] ()Download selecionado pelo Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlselected.htm [file://C:\Program Files (x86)\Free Download Manager\dlselected.htm] -> [2007/06/02 13:25:02 | 000,000,463 | ---- | M] ()< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Incluir no Blog] -> [2009/07/26 19:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation){219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Incluir no Blog no Windows Live Writer] -> [2009/07/26 19:17:14 | 000,186,192 | ---- | M] (Microsoft Corporation){2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation){2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 07:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix"" -> http://< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\] > -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-361280648-2570976795-4106338221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} [HKLM] -> https://www14.bancobrasil.com.br/plugin/GbpDist.cab [GbpDistObj Class] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 201.55.232.16 192.168.0.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1579A782-15A4-49D6-886B-B25056F6AB78}\\DhcpNameServer -> 200.204.0.10 192.168.0.1 (Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter) -> {2523039A-3CD9-4127-BCA0-92A87BED0FA2}\\DhcpNameServer -> 200.204.0.10 200.204.0.138 (Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller) -> {513CA0D8-3891-42C1-AB92-C72851EAB308}\\DhcpNameServer -> 201.55.232.16 192.168.0.1 (Intel(R) WiFi Link 5100 AGN) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/29 03:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation)*MultiFile Done* -> -> < Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> < Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> < Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {01E28A60-BD2B-449F-89AF-B41E377D57CD} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | {11DFD504-4165-4474-A856-4D47AFC3ED50} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv | {16586549-F34E-4B87-9F06-8C54F590FE71} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | {19A44785-2C18-4F5C-8AE5-4934A1BC0BE3} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | {233CC09A-F088-41D9-9681-846ED26EA9ED} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | {26E71192-98BC-4E2D-9C11-06F135E3F9E0} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | {32152DEE-40CF-421F-815F-9060D5D24D97} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | {3353871F-73C6-4920-BB83-AEFA2BFB66D2} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | {33A40E28-FD90-4E1E-9CDC-7FEB2729ECFA} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | {375D952D-379B-4743-BD8B-FC6CEA0D954E} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | {3CD39C99-5661-4E25-AA12-99AD199F6B2E} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32811 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | {4394BBF1-22D0-4BA1-9B67-5491780F7424} -> lport=67 | profile=domain | protocol=17 | dir=in | action=allow | name=@hnetcfg.dll,-144 | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | {648329AF-121D-48AB-9026-76309FE32AEB} -> rport=2869 | profile=domain | protocol=6 | dir=out | action=allow | name=@hnetcfg.dll,-152 | app=system | {688F9F46-37AA-4210-BD64-88331365BAFA} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32753 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {77FF938C-AABC-4667-B0BD-A0A4E89DB5E7} -> lport=68 | profile=domain | protocol=17 | dir=in | action=allow | name=@hnetcfg.dll,-145 | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | {79573F03-0BD6-4FD5-9887-F3EA9AA03679} -> lport=2869 | profile=domain | protocol=6 | dir=in | action=allow | name=@hnetcfg.dll,-146 | app=system | {7B0D08D6-C55D-4D99-A6D7-41C9C60E2805} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system | {7F1DE438-8135-42E5-B6BB-D6D82F189861} -> rport=1900 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32757 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {82A69D2A-454D-42D9-8792-4CDD6E28AE53} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32785 | app=%systemroot%\system32\svchost.exe | svc=fdphost | {8B0951FE-6CA2-4F5C-81E6-CF852D919775} -> rport=1900 | profile=domain | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {8B885377-86EE-46F7-95B8-73C9EED84F9C} -> lport=547 | profile=domain | protocol=17 | dir=in | action=allow | name=@hnetcfg.dll,-142 | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | {9380BE65-49ED-478B-A0B7-9B8C7B7C4022} -> lport=1900 | profile=domain | protocol=17 | dir=in | action=allow | name=@hnetcfg.dll,-147 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {95A4C794-00B8-4531-BA45-22CFA20170D4} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32801 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {98BDF226-D005-45FE-9655-815A6075671C} -> rport=1900 | profile=domain | protocol=17 | dir=out | action=allow | name=@hnetcfg.dll,-150 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {999BB641-6161-43C7-A4C7-E4A79C691B72} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | {9CE69462-9AE3-47BB-A164-9FBF458F454B} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | {A28C4279-3C51-4E7E-86B3-145C305645F3} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | {A28D221E-9EEA-4D07-9476-1A003519F72F} -> lport=1900 | profile=domain | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | {A689A3B9-002B-49D1-8C8A-44E8E3043F96} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | {ADC40A39-0BDC-40C3-A7B5-AF47A8C71940} -> lport=53 | profile=domain | protocol=17 | dir=in | action=allow | name=@hnetcfg.dll,-143 | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | {BFFB4F4F-5074-43D2-A3D2-849FD2A8F08E} -> lport=8370 | profile=private | protocol=17 | dir=in | action=allow | name=league of legends launcher | {C3152484-B0F9-46F6-8036-F1E3DCB3914E} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32805 | app=%systemroot%\system32\svchost.exe | svc=dnscache | {C3B63770-339D-46AB-8A72-9E5205BE570F} -> lport=5353 | profile=public | protocol=6 | dir=in | action=allow | name=adobe csi cs4 | {C3DE5EEC-3D9C-474E-8C31-60304FF9C20F} -> lport=8370 | profile=private | protocol=6 | dir=in | action=allow | name=league of legends launcher | {D1C73276-236E-482A-97A5-4A7EF1ECA377} -> rport=3702 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-32789 | app=%systemroot%\system32\svchost.exe | svc=fdphost | {DDC93454-C69E-438B-93AB-C6A25BB8894A} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | {E9219CF8-465D-4A74-A84F-8BC2A2CB3106} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | {EA0EDEFB-E0D8-4E83-BBAE-91C5062B32DA} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | {F169D79B-C0DE-4176-B1F2-34CC8ED1CD05} -> lport=2869 | profile=domain | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | {FB06B168-89D0-4703-AD05-53734FFB426F} -> lport=3702 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-32809 | app=%systemroot%\system32\svchost.exe | svc=fdrespub | < Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> {0A849A79-9997-42C4-A07C-0E2A908FE5EE} -> profile=public | protocol=17 | dir=in | action=allow | name=street fighter iv | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe | {0AB3002E-EEA0-45FF-8F06-5ADC4541D429} -> profile=domain | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {0CA60253-5E6C-4E5B-B557-0F4E0C499D0A} -> profile=private | protocol=6 | dir=in | action=allow | name=assassin's creed dx9 | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | {0CAB22E4-83C7-4B84-B78F-D30078909277} -> profile=domain | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {0F36D199-7470-433F-92F4-6880BFCF1666} -> profile=public | protocol=6 | dir=in | action=allow | name=google talk plugin | app=c:\users\gateway\appdata\local\google\google talk plugin\googletalkplugin.dll | {10C3D4E4-1A2E-4B9D-A4FA-131FDA2A149F} -> profile=domain | protocol=58 | dir=in | action=allow | name=@hnetcfg.dll,-148 | {12EFD118-6448-4086-852C-31392369BDB4} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | {1F272251-0DF2-4BE4-8659-56FF8AFD5AFF} -> profile=private | protocol=6 | dir=in | action=allow | name=assassin's creed update | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | {2403B071-01B5-4DC8-91AC-F78DAE65A59E} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | {306F7308-7C2B-407B-9B2F-36704303EC0B} -> profile=private | protocol=17 | dir=in | action=allow | name=league of legends game client | app=c:\riot games\league of legends\game\league of legends.exe | {3EF40D62-8C31-4D61-B3C1-B03A87960CEA} -> profile=private | protocol=17 | dir=in | action=allow | name=assassin's creed update | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | {42208D23-5F8B-4C1D-9120-CF7728551637} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | {44F08B11-41EF-4583-BA8C-8EFAA724EB2D} -> profile=private | protocol=6 | dir=in | action=allow | name=assassin's creed dx10 | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | {46C823B6-6E72-4299-ACD0-897E01508052} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | {47E2BABD-4DD3-491D-B51E-1C44B6ED4B9B} -> profile=private | protocol=6 | dir=in | action=allow | name=league of legends game client | app=c:\riot games\league of legends\game\league of legends.exe | {4E4F2D79-AE44-40F0-B235-39616141107A} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {55A2F872-17FC-46E6-9FDC-9430830BC0EB} -> profile=domain | dir=out | action=allow | name=@hnetcfg.dll,-151 | app=%systemroot%\system32\svchost.exe | svc=sharedaccess | {55ADC0B7-48DF-4F01-A285-29C95824E11A} -> profile=domain | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | {59E91ECA-74ED-4741-B82F-E0B550E2EA53} -> profile=public | protocol=6 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | {5A6E1DF3-2CD7-4BFB-B1EA-C950D09F0F1C} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | {5FEA3A6B-E661-4DD6-B555-C0A11D39A125} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31323 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {66BF340F-1E46-495C-9129-0352FA2A2C6E} -> profile=private | dir=in | action=allow | name=avgnsa.exe | app=c:\program files (x86)\avg\avg8\avgnsa.exe | {6926AEF6-8CCA-4C4E-85BA-72D48CD4A433} -> profile=private | protocol=6 | dir=in | action=allow | name=league of legends lobby | app=c:\riot games\league of legends\air\lolclient.exe | {6BF15E9A-BD27-4B71-9BF6-DABDA44D65C9} -> profile=domain | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {7AD62F3F-6ACD-409A-A0D4-9FDAC9FAAC3D} -> profile=public | protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {80A86475-8EB0-44E8-BCE3-F3D9877E7B32} -> profile=public | protocol=17 | dir=in | action=allow | name=megacubo | app=c:\program files (x86)\megacubo\megacubo.exe | {81047356-7052-4BAD-8846-9277D5FF8A42} -> profile=public | protocol=6 | dir=in | action=allow | name=google talk plugin | app=c:\users\gateway\appdata\local\google\google talk plugin\googletalkplugin.exe | {8C0EC253-32AA-4BAD-ABC9-8CEB9266A5D6} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | {8DCABF7C-EE48-463B-BC5C-3397DBFCF460} -> profile=private | dir=in | action=allow | name=avgemc.exe | app=c:\program files (x86)\avg\avg8\avgemc.exe | {90303766-0F12-45E5-8D94-FDBC342F2DA1} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | {95687072-0F18-467B-8020-8590268546B4} -> profile=private | protocol=17 | dir=in | action=allow | name=the battle for middle-earth (tm) | app=c:\program files (x86)\ea games\the battle for middle-earth (tm)\game.dat | {980C9CFA-B01D-4A8F-9A44-C65D5010F671} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31325 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {984BAF93-1D84-41F7-AD0C-581A6B9952F8} -> profile=public | protocol=6 | dir=in | action=allow | name=megacubo | app=c:\program files (x86)\megacubo\megacubo.exe | {9CC97DB1-59A9-4CD8-8541-AA93ABCBA473} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | {9CEEA826-0EFA-46D2-A928-695DB8A47A27} -> profile=public | protocol=6 | dir=in | action=allow | name=vncviewer.exe | app=c:\program files (x86)\ultravnc\vncviewer.exe | {9F3CB704-1DE9-44BF-9894-A2A63BCA0D63} -> profile=private | protocol=6 | dir=in | action=allow | name=megacubo | app=c:\program files (x86)\megacubo\megacubo.exe | {A07F54DE-4589-4ADE-807B-07DBF9D45B83} -> profile=private | protocol=17 | dir=in | action=allow | name=battlefield 2 | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | {A13DB8D0-8C36-4405-A4DF-A4B1E1887DDC} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | {A4026C7C-43B9-4F4B-A19F-3AEF925DA133} -> profile=public | protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe | {A5CF718C-EA68-41FF-94A7-5073A68C872B} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe | {A8F143FC-23F4-4548-B0E6-34AE4CD952C6} -> profile=private | protocol=17 | dir=in | action=allow | name=assassin's creed dx10 | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | {AEBBE0F4-525C-4B2A-AD4A-9E723B975882} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | {B412C5DD-6C58-48BC-98BF-5197BA78D6D9} -> profile=domain | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | {B61EA1FB-31E7-4FAF-A91E-3FD129A6F3E7} -> profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-32821 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {BFAABCEC-7210-48B8-B064-C54885D384D5} -> dir=in | action=allow | name=cyberlink powerdvd | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe | {C080D053-7839-409E-AD72-FD20C2AB884C} -> profile=public | protocol=17 | dir=in | action=allow | name=google talk plugin | app=c:\users\gateway\appdata\local\google\google talk plugin\googletalkplugin.dll | {C2555977-34AB-4207-88ED-1515F8E8B197} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | {C62138E4-92A5-4ADD-AD0D-D9FE5212851E} -> profile=public | protocol=17 | dir=in | action=allow | name=vncviewer.exe | app=c:\program files (x86)\ultravnc\vncviewer.exe | {CCA07B26-B3D9-43B2-BF3B-F927D69648AE} -> profile=private | protocol=17 | dir=in | action=allow | name=megacubo | app=c:\program files (x86)\megacubo\megacubo.exe | {CE264A4C-30D5-4008-86E6-08146C239AA8} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31324 | app=%programfiles(x86)%\windows media player\wmplayer.exe | {CF0D797B-04D3-4408-A8EF-B1799EE5537C} -> profile=private | protocol=6 | dir=in | action=allow | name=the battle for middle-earth (tm) | app=c:\program files (x86)\ea games\the battle for middle-earth (tm)\game.dat | {D4D18B02-E7D1-44A1-A8E2-2E1775663D87} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | {D70CBC76-89E1-440F-9F89-D2A62A706B30} -> profile=domain | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | {D9291FE9-9C22-4857-A146-44BB5360024C} -> profile=private | protocol=17 | dir=in | action=allow | name=league of legends lobby | app=c:\riot games\league of legends\air\lolclient.exe | {DFA3AE43-628A-4433-845F-CCFEEFA304D8} -> profile=domain | protocol=6 | dir=out | action=allow | name=@hnetcfg.dll,-149 | app=%systemroot%\system32\svchost.exe | svc=upnphost | {E2A812F1-AB20-4A44-86F9-8FA875F59FD6} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | {E59225BD-6CA1-449E-A3E1-072E9E19FD58} -> profile=domain | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | {EA2DCDFF-5812-45C6-A242-0C095F1FCE67} -> profile=private | protocol=17 | dir=in | action=allow | name=assassin's creed dx9 | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | {EAADB3B2-5F2B-43F7-991E-DD04F58445B3} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | {EB061EC0-B33D-4EC7-B273-3867B30871A3} -> profile=private | protocol=6 | dir=in | action=allow | name=battlefield 2 | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | {EE7618F5-0EEF-466D-8CC1-D2411A7A4242} -> profile=private | dir=in | action=allow | name=avgupd.exe | app=c:\program files (x86)\avg\avg8\avgupd.exe | {F1E1DEB5-F3FC-4205-A9D6-52C5E24795A7} -> profile=public | protocol=17 | dir=in | action=allow | name=google talk plugin | app=c:\users\gateway\appdata\local\google\google talk plugin\googletalkplugin.exe | {F4CE0AED-E0E7-4F91-A529-4DB265BB7E58} -> profile=public | protocol=6 | dir=in | action=allow | name=street fighter iv | app=c:\program files (x86)\capcom\streetfighteriv\streetfighteriv.exe | {FE704849-BC47-49A5-8C1D-5E0F61F30855} -> profile=public | protocol=17 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | {FF01A1CB-83B8-47C7-8024-E13298583D77} -> profile=domain | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | TCP Query User{048141F6-6A35-4DD4-9397-F6DF7DD433A5}C:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe | TCP Query User{099A52E9-1DF8-4B8D-803F-490BB47358A8}C:\riot games\league of legends\lol.launcher.exe -> profile=private | protocol=6 | dir=in | action=allow | name=league of legends skinned.launcher | app=c:\riot games\league of legends\lol.launcher.exe | TCP Query User{0CF6B76C-4BF8-473E-88EB-18094D55ABBB}C:\users\gateway\alissow ots 3.6\alissowots[3.6].exe -> profile=private | protocol=6 | dir=in | action=allow | name=alissowots[3.6].exe | app=c:\users\gateway\alissow ots 3.6\alissowots[3.6].exe | TCP Query User{1244C798-9BE8-47D8-9E5B-3342F75B36DC}C:\riot games\league of legends\lol.launcher.exe -> profile=public | protocol=6 | dir=in | action=allow | name=league of legends skinned.launcher | app=c:\riot games\league of legends\lol.launcher.exe | TCP Query User{17C63982-4951-4DF7-AF38-3072DA9CB9B9}C:\users\public\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conqueros\age2_x1\age2_x1.exe | TCP Query User{1CAA6CD9-533E-4A9C-BF1D-76ACF6EC6204}C:\program files (x86)\microsoft games\age of mythology\aomx.exe -> profile=public | protocol=6 | dir=in | action=allow | name=age of mythology - the titans expansion | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | TCP Query User{2038BE4D-829E-4B99-A00A-7254768BBFFD}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=public | protocol=6 | dir=in | action=block | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe | TCP Query User{23F4FFB8-4124-4BFB-A4A6-F3CA1B51E765}C:\program files (x86)\microsoft games\age of mythology\aomx.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of mythology - the titans expansion | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | TCP Query User{2D6ED3AA-97F4-4387-A9A8-936344BC989A}C:\program files (x86)\warcraft iii\war3.exe -> profile=private | protocol=6 | dir=in | action=allow | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe | TCP Query User{2E75605D-EA40-4B3C-88AB-83C9A05AAA55}C:\program files (x86)\blizzard\diablo ii\game.exe -> profile=public | protocol=6 | dir=in | action=allow | name=diablo ii | app=c:\program files (x86)\blizzard\diablo ii\game.exe | TCP Query User{3659A0B4-73B6-48DB-81CE-D9D847A01F23}C:\users\public\worms\worms armageddon full 36290 by kira\wa.exe -> profile=public | protocol=6 | dir=in | action=allow | name=worms armageddon | app=c:\users\public\worms\worms armageddon full 36290 by kira\wa.exe | TCP Query User{3C91BE2C-5EE5-40AC-A1BE-2B057C42260C}C:\program files (x86)\garena\garena.exe -> profile=public | protocol=6 | dir=in | action=allow | name=garena | app=c:\program files (x86)\garena\garena.exe | TCP Query User{3CB9522C-CBAE-4881-B249-7ECEB8E36984}C:\windows\syswow64\dplaysvr.exe -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft directplay helper | app=c:\windows\syswow64\dplaysvr.exe | TCP Query User{444332A0-55B3-4EDB-A1FB-DFB1998EE937}C:\program files (x86)\umdchat\umdchat.exe -> profile=private | protocol=6 | dir=in | action=allow | name=umd chat | app=c:\program files (x86)\umdchat\umdchat.exe | TCP Query User{4904FB56-5475-4BC0-8F4A-38065CD1F1E4}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=block | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe | TCP Query User{4CCD317F-204F-4E9D-B582-579EF1A56945}C:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe | TCP Query User{4FC740B8-AFF4-489A-B315-A3519C50BFA5}C:\program files (x86)\ultravnc\winvnc.exe -> profile=public | protocol=6 | dir=in | action=allow | name=vnc server for win32 | app=c:\program files (x86)\ultravnc\winvnc.exe | TCP Query User{531177BA-C01C-4AAE-A02A-664EA0E2C246}C:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe -> profile=public | protocol=6 | dir=in | action=allow | name=joey_pc.exe | app=c:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe | TCP Query User{5B603BA1-FC0D-46A8-B86C-9D29F231AEA1}C:\windows\syswow64\dpnsvr.exe -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft directplay8 server | app=c:\windows\syswow64\dpnsvr.exe | TCP Query User{600490ED-4AF9-4CD3-9748-228DA4F703A5}C:\windows\syswow64\dplaysvr.exe -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft directplay helper | app=c:\windows\syswow64\dplaysvr.exe | TCP Query User{629532EE-7BBB-40F3-B063-F2D527B105F6}C:\program files (x86)\ea games\battlefield 2\bf2.exe -> profile=public | protocol=6 | dir=in | action=allow | name=bf2 | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | TCP Query User{69BB991B-8760-4FD8-9751-49C2271C2586}C:\program files (x86)\valve\hl.exe -> profile=private | protocol=6 | dir=in | action=allow | name=half-life launcher | app=c:\program files (x86)\valve\hl.exe | TCP Query User{72FDA1C2-2308-4145-9DBA-49F9FADA3F69}C:\program files (x86)\shareaza\shareaza.exe -> profile=private | protocol=6 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | TCP Query User{7BAABDF4-447D-4534-A06C-31ED3CF2EDF6}C:\program files\starcraft\starcraft.exe -> profile=private | protocol=6 | dir=in | action=allow | name=starcraft | app=c:\program files\starcraft\starcraft.exe | TCP Query User{818CC136-B738-47A9-94F7-60BE8C3F3FEB}C:\program files (x86)\warcraft iii\war3.exe -> profile=public | protocol=6 | dir=in | action=block | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe | TCP Query User{818F77DC-F574-4C86-8545-881FD7D75C3D}C:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=block | name=age2_x1.exe | app=c:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1.exe | TCP Query User{880670AF-A80E-4E1E-A56A-FB895F0795D0}C:\users\gateway\tibia\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=6 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\tibia\mamute ots\snowz ots 8.5.exe | TCP Query User{A0FE9F84-06FB-44C3-837B-28F7897EDFF3}C:\users\public\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\microsoft games\age of empires ii - the conqueros\age2_x1.exe | TCP Query User{A67C29C0-281F-4F36-BD80-84F9765FEFEB}C:\program files (x86)\garena\garena.exe -> profile=private | protocol=6 | dir=in | action=allow | name=garena | app=c:\program files (x86)\garena\garena.exe | TCP Query User{AD35C1D2-F2ED-4070-AB87-70F05147F7B0}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe | TCP Query User{AD3A700E-85BA-4DAB-BBF5-B623DA9B8C73}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe -> profile=public | protocol=6 | dir=in | action=allow | name=bf2_w32ded | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe | TCP Query User{AFB2FB79-D09E-4619-ADE2-B08A12091474}C:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe -> profile=private | protocol=6 | dir=in | action=block | name=joey_pc.exe | app=c:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe | TCP Query User{B0AF70D9-87D0-4AA3-AEF8-3E79B5BEFB2B}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=block | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe | TCP Query User{B5677D56-EE23-4D97-A868-747851E88B3C}C:\users\gateway\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=6 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\mamute ots\snowz ots 8.5.exe | TCP Query User{B67D7612-16A6-401F-B9A4-68C085015410}C:\users\gateway\alissow ots 3.6\alissowots[3.6].exe -> profile=public | protocol=6 | dir=in | action=allow | name=alissowots[3.6].exe | app=c:\users\gateway\alissow ots 3.6\alissowots[3.6].exe | TCP Query User{BB668819-1F76-4AD4-AF52-9381C8138909}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=private | protocol=6 | dir=in | action=allow | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe | TCP Query User{BBDD20A3-EE1F-48CC-A211-2930090F03AA}C:\xampp\mysql\bin\mysqld.exe -> profile=private | protocol=6 | dir=in | action=allow | name=mysqld | app=c:\xampp\mysql\bin\mysqld.exe | TCP Query User{BBF2F2AE-AF72-4007-8D06-2FD306BA3AD2}C:\windows\syswow64\dpnsvr.exe -> profile=private | protocol=6 | dir=in | action=block | name=microsoft directplay8 server | app=c:\windows\syswow64\dpnsvr.exe | TCP Query User{BDA384A3-B8A2-450C-AA8D-E566605AA7B6}C:\program files (x86)\valve\hl.exe -> profile=public | protocol=6 | dir=in | action=allow | name=half-life launcher | app=c:\program files (x86)\valve\hl.exe | TCP Query User{C23625FE-3F7A-4B97-8855-A2C94DE8F69D}C:\program files (x86)\umdchat\umdchat.exe -> profile=public | protocol=6 | dir=in | action=allow | name=umd chat | app=c:\program files (x86)\umdchat\umdchat.exe | TCP Query User{CEA6565A-BF07-44EB-8E16-2A0C0C2652D1}C:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=public | protocol=6 | dir=in | action=allow | name=age2_x1.exe | app=c:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1\age2_x1.exe | TCP Query User{DB006636-DA32-4F7B-A7B3-77526B002E97}C:\program files (x86)\utorrent\utorrent.exe -> profile=private | protocol=6 | dir=in | action=allow | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe | TCP Query User{E42AC5D8-B973-43BE-81C7-6716FB032993}C:\program files (x86)\shareaza\shareaza.exe -> profile=public | protocol=6 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | TCP Query User{F4E7FA0B-C99E-4E47-9350-76DF7B2E2777}C:\users\gateway\downloads\zipados\mamute ots\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=6 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\downloads\zipados\mamute ots\mamute ots\snowz ots 8.5.exe | UDP Query User{05F68323-B61C-4AF0-941D-9798163D044A}C:\xampp\mysql\bin\mysqld.exe -> profile=private | protocol=17 | dir=in | action=allow | name=mysqld | app=c:\xampp\mysql\bin\mysqld.exe | UDP Query User{2138DEB9-F715-43FB-891F-AB432A7D6A99}C:\users\gateway\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=17 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\mamute ots\snowz ots 8.5.exe | UDP Query User{2C22FDCE-E4B0-4321-A4A6-4AA3885837A6}C:\program files (x86)\umdchat\umdchat.exe -> profile=private | protocol=17 | dir=in | action=allow | name=umd chat | app=c:\program files (x86)\umdchat\umdchat.exe | UDP Query User{318E52B3-F1A5-4887-A0F2-1FB665F02FDD}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=block | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe | UDP Query User{32A81AD8-DB2B-4655-A889-26202A110CFF}C:\program files (x86)\shareaza\shareaza.exe -> profile=private | protocol=17 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | UDP Query User{39C6035F-ED67-4C52-8C03-06963F0EE2BF}C:\users\gateway\tibia\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=17 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\tibia\mamute ots\snowz ots 8.5.exe | UDP Query User{3A8219A7-BE36-4C9E-A798-D7A6DC1C81F0}C:\program files (x86)\microsoft games\age of mythology\aomx.exe -> profile=public | protocol=17 | dir=in | action=allow | name=age of mythology - the titans expansion | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | UDP Query User{3D6F7445-5D2E-49E7-BDCF-6DC1C31B1692}C:\riot games\league of legends\lol.launcher.exe -> profile=private | protocol=17 | dir=in | action=allow | name=league of legends skinned.launcher | app=c:\riot games\league of legends\lol.launcher.exe | UDP Query User{3E829CED-C4F2-4DC9-A4E0-7C9C74735664}C:\program files (x86)\valve\hl.exe -> profile=public | protocol=17 | dir=in | action=allow | name=half-life launcher | app=c:\program files (x86)\valve\hl.exe | UDP Query User{3EA0CFD1-FD17-4433-B5E2-251F8A199032}C:\users\gateway\downloads\zipados\mamute ots\mamute ots\snowz ots 8.5.exe -> profile=public | protocol=17 | dir=in | action=allow | name=snowz ots 8.5.exe | app=c:\users\gateway\downloads\zipados\mamute ots\mamute ots\snowz ots 8.5.exe | UDP Query User{55B42775-DB8D-461C-BD12-FFBCF561243D}C:\program files (x86)\shareaza\shareaza.exe -> profile=public | protocol=17 | dir=in | action=allow | name=shareaza ultimate file sharing | app=c:\program files (x86)\shareaza\shareaza.exe | UDP Query User{5947819C-6F9E-4EF2-9ECC-EC70B11E7CA0}C:\users\public\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conqueros\age2_x1\age2_x1.exe | UDP Query User{620D2411-D415-4F67-993B-99EEC6E3CE1F}C:\program files (x86)\valve\hl.exe -> profile=private | protocol=17 | dir=in | action=allow | name=half-life launcher | app=c:\program files (x86)\valve\hl.exe | UDP Query User{6758E069-502D-4A00-BF59-1AD5487F8CBA}C:\windows\syswow64\dpnsvr.exe -> profile=private | protocol=17 | dir=in | action=block | name=microsoft directplay8 server | app=c:\windows\syswow64\dpnsvr.exe | UDP Query User{68DAC568-4719-41C4-8BE9-7BC1E9E1B7BD}C:\windows\syswow64\dplaysvr.exe -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft directplay helper | app=c:\windows\syswow64\dplaysvr.exe | UDP Query User{69807015-A8D0-45D9-BD79-D8B65EC4B8E5}C:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe | UDP Query User{6FF14712-E995-4F76-8E44-9502E23E3C56}C:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe -> profile=public | protocol=17 | dir=in | action=allow | name=joey_pc.exe | app=c:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe | UDP Query User{6FF4B525-163B-4E4D-9964-987E72AE98D1}C:\program files (x86)\ea games\battlefield 2\bf2.exe -> profile=public | protocol=17 | dir=in | action=allow | name=bf2 | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | UDP Query User{7754EED4-28B3-4F8B-AB8A-6BC9ABBA8277}C:\program files (x86)\microsoft games\age of mythology\aomx.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of mythology - the titans expansion | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe | UDP Query User{7DC2761B-41F2-402F-8FA6-9D420EB87E61}C:\program files (x86)\warcraft iii\war3.exe -> profile=public | protocol=17 | dir=in | action=block | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe | UDP Query User{83474843-F0A8-4211-A384-A63714BE7202}C:\program files (x86)\blizzard\diablo ii\game.exe -> profile=public | protocol=17 | dir=in | action=allow | name=diablo ii | app=c:\program files (x86)\blizzard\diablo ii\game.exe | UDP Query User{845F0B68-61C1-41A6-84C9-E78DC9557636}C:\users\public\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\microsoft games\age of empires ii - the conqueros\age2_x1.exe | UDP Query User{84B68B39-30B8-432A-8C25-B67D907133C0}C:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=block | name=age2_x1.exe | app=c:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1.exe | UDP Query User{88634818-F2C2-4416-ACEF-28D5CC2F234D}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1\age2_x1.exe | UDP Query User{8A410474-16C7-4925-AE2B-5649FF896C41}C:\users\gateway\alissow ots 3.6\alissowots[3.6].exe -> profile=private | protocol=17 | dir=in | action=allow | name=alissowots[3.6].exe | app=c:\users\gateway\alissow ots 3.6\alissowots[3.6].exe | UDP Query User{90CEFDB5-4BAB-411D-8325-C01EF011D61E}C:\users\gateway\alissow ots 3.6\alissowots[3.6].exe -> profile=public | protocol=17 | dir=in | action=allow | name=alissowots[3.6].exe | app=c:\users\gateway\alissow ots 3.6\alissowots[3.6].exe | UDP Query User{97AAF192-9BEE-4AB3-AE63-5A81CC7E71DA}C:\program files (x86)\umdchat\umdchat.exe -> profile=public | protocol=17 | dir=in | action=allow | name=umd chat | app=c:\program files (x86)\umdchat\umdchat.exe | UDP Query User{9A23A6B7-BB6A-4E82-A7C6-BBDC41EEDF75}C:\windows\syswow64\dplaysvr.exe -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft directplay helper | app=c:\windows\syswow64\dplaysvr.exe | UDP Query User{9AB88B3D-48A5-4070-8D0C-3B38C757CE16}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe -> profile=public | protocol=17 | dir=in | action=allow | name=bf2_w32ded | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe | UDP Query User{A1655E76-892D-4F08-8764-D6F45964EC43}C:\program files (x86)\warcraft iii\war3.exe -> profile=private | protocol=17 | dir=in | action=allow | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe | UDP Query User{AF26120C-10AD-422F-986C-9AED30EC8CCD}C:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe -> profile=private | protocol=17 | dir=in | action=block | name=joey_pc.exe | app=c:\users\gateway\games\yu-gi-oh-joeypassion_www.gamedownload.com.br\yu-gi-oh! joey the passion_www.gamedownload.com.br\yugiohpc\joey_pc.exe | UDP Query User{BB545E90-EEDA-41F0-9C72-753F8D6E3A90}C:\program files (x86)\garena\garena.exe -> profile=private | protocol=17 | dir=in | action=allow | name=garena | app=c:\program files (x86)\garena\garena.exe | UDP Query User{BB75616B-1212-4782-AD67-56DAAE9D2E80}C:\program files (x86)\utorrent\utorrent.exe -> profile=private | protocol=17 | dir=in | action=allow | name=μtorrent | app=c:\program files (x86)\utorrent\utorrent.exe | UDP Query User{C37FF78D-D9BC-45EE-9DEB-BFB2E1F375C9}C:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\users\public\age of empires ii - the conquerors\age2_x1\age2_x1.exe | UDP Query User{C7A3E4E4-85D8-4A8E-9BAC-D6721370BB0C}C:\riot games\league of legends\lol.launcher.exe -> profile=public | protocol=17 | dir=in | action=allow | name=league of legends skinned.launcher | app=c:\riot games\league of legends\lol.launcher.exe | UDP Query User{CAF17594-E8AC-4890-8E47-7026F6EBFBB5}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=public | protocol=17 | dir=in | action=block | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe | UDP Query User{D5EAFC64-BC3B-4475-968E-BCEAEDC2E366}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=block | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe | UDP Query User{DE1F783E-2F05-4C6F-AB5D-0C8DEF6B03F0}C:\windows\syswow64\dpnsvr.exe -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft directplay8 server | app=c:\windows\syswow64\dpnsvr.exe | UDP Query User{E36FBE02-7020-448C-B463-4DCC87C9D0A7}C:\program files (x86)\ultravnc\winvnc.exe -> profile=public | protocol=17 | dir=in | action=allow | name=vnc server for win32 | app=c:\program files (x86)\ultravnc\winvnc.exe | UDP Query User{E9FF0675-EDAF-4D22-805B-C2D81B4E7E3B}C:\users\public\worms\worms armageddon full 36290 by kira\wa.exe -> profile=public | protocol=17 | dir=in | action=allow | name=worms armageddon | app=c:\users\public\worms\worms armageddon full 36290 by kira\wa.exe | UDP Query User{EA1AC7A0-9FDD-410E-98B0-4D99FB5061F3}C:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe -> profile=private | protocol=17 | dir=in | action=allow | name=age of empires ii expansion | app=c:\program files (x86)\microsoft games\age of empires ii - the conqueros\age2_x1.exe | UDP Query User{F138E513-520C-48D3-A58E-A603FC52E089}C:\program files\starcraft\starcraft.exe -> profile=private | protocol=17 | dir=in | action=allow | name=starcraft | app=c:\program files\starcraft\starcraft.exe | UDP Query User{F1AF81DD-59DC-40AE-8FCF-F77D2FBC83B0}C:\program files (x86)\garena\garena.exe -> profile=public | protocol=17 | dir=in | action=allow | name=garena | app=c:\program files (x86)\garena\garena.exe | UDP Query User{FC98E82F-CA48-4E8E-B24E-C1483E8E3761}C:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1\age2_x1.exe -> profile=public | protocol=17 | dir=in | action=allow | name=age2_x1.exe | app=c:\users\gateway\desktop\age of empires ii - the conquerors\age2_x1\age2_x1.exe | < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->"AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/20 23:46:54 | 000,079,872 | ---- | M] ()< Drives with AutoRun files > -> -> C:\Autodesk [] -> C:\Autodesk [ NTFS ] -> [2009/07/23 14:20:56 | 000,000,000 | ---D | M]< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 64bit-comfile [open] -> "%1" %* -> File not found64bit-exefile [open] -> "%1" %* -> File not foundcomfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List]< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.clmp3enc" -> C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM [C:\PROGRA~2\CYBERL~1\Power2Go\CLMP3Enc.ACM] -> [2005/05/14 01:00:52 | 000,217,088 | ---- | M] (CyberLink Corp.)"msacm.iac2" -> C:\\Windows\\system32\\iac25_32.ax [C:\\Windows\\system32\\iac25_32.ax] -> [2006/11/02 06:44:49 | 000,197,632 | ---- | M] ()"msacm.l3acm" -> C:\Windows\SysWOW64\l3codeca.acm [C:\Windows\SysWOW64\l3codeca.acm] -> [2008/01/20 23:51:46 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)"msacm.l3codecp" -> C:\Windows\SysWow64\l3codecp.acm [l3codecp.acm] -> [2008/01/20 23:51:46 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)"msacm.msaudio1" -> [msaud32.acm] -> File not found"msacm.msg723" -> [msg723.acm] -> File not found"msacm.siren" -> C:\Windows\SysWow64\sirenacm.dll [sirenacm.dll] -> [2009/07/26 15:44:56 | 000,048,448 | ---- | M] (Microsoft Corporation)"msacm.sl_anet" -> [sl_anet.acm] -> File not found"msacm.trspch" -> [tssoft32.acm] -> File not found"msacm.voxacm160" -> [vct3216.acm] -> File not found"MSVideo" -> C:\Windows\SysWow64\vfwwdm32.dll [vfwwdm32.dll] -> [2008/01/20 23:48:29 | 000,056,832 | ---- | M] (Microsoft Corporation)"MSVideo8" -> C:\Windows\SysWow64\vfwwdm32.dll [VfWWDM32.dll] -> [2008/01/20 23:48:29 | 000,056,832 | ---- | M] (Microsoft Corporation)"vidc.cvid" -> C:\Windows\SysWow64\iccvid.dll [iccvid.dll] -> [2006/11/02 12:02:31 | 000,081,920 | ---- | M] (Radius Inc.)"vidc.DIVX" -> [DivX.dll] -> File not found"VIDC.DRAW" -> [DVIDEO.DLL] -> File not found"VIDC.FFDS" -> C:\Windows\SysWow64\ff_vfw.dll [ff_vfw.dll] -> [2009/04/02 15:21:50 | 000,084,480 | ---- | M] ()"VIDC.FPS1" -> [frapsvid.dll] -> File not found"vidc.i420" -> [i420vfw.dll] -> File not found"vidc.iv31" -> C:\Windows\SysWow64\ir32_32.dll [ir32_32.dll] -> [2006/11/02 12:02:31 | 000,197,632 | ---- | M] (Intel(R) Corporation)"vidc.iv32" -> C:\Windows\SysWow64\ir32_32.dll [ir32_32.dll] -> [2006/11/02 12:02:31 | 000,197,632 | ---- | M] (Intel(R) Corporation)"vidc.iv41" -> C:\Windows\SysWow64\ir41_32.ax [ir41_32.ax] -> [2006/11/02 06:44:49 | 000,839,680 | ---- | M] (Intel Corporation)"vidc.iv50" -> C:\Windows\SysWow64\ir50_32.dll [ir50_32.dll] -> [2006/11/02 06:46:05 | 000,746,496 | ---- | M] (Intel Corporation)"vidc.M261" -> [msh261.drv] -> File not found"vidc.M263" -> [msh263.drv] -> File not found"vidc.mp42" -> [MPG4C32.dll] -> File not found"VIDC.MSUD" -> [msulvc05.dll] -> File not found"vidc.MVJP" -> C:\Windows\SysWOW64\mjpcodec.dll [C:\Windows\system32\mjpcodec.dll] -> [2001/08/16 16:19:04 | 000,061,440 | ---- | M] ()"VIDC.VP40" -> [vp4vfw.dll] -> File not found"vidc.VP60" -> [vp6vfw.dll] -> File not found"vidc.VP61" -> [vp6vfw.dll] -> File not found"vidc.VP62" -> [vp6vfw.dll] -> File not found"vidc.VP70" -> [vp7vfw.dll] -> File not found"VIDC.WMV3" -> [wmv9vcm.dll] -> File not found"vidc.X264" -> [x264vfw.dll] -> File not found"VIDC.YV12" -> [yv12vfw.dll] -> File not found< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->Ias -> C:\Windows\SysWOW64\ias -> [2009/10/23 05:37:06 | 000,000,000 | ---D | M]Wmi -> C:\Windows\SysWOW64\wmi.dll -> [2006/11/02 06:44:15 | 000,005,120 | ---- | M] (Microsoft Corporation)*MultiFile Done* -> -> [Files/Folders - Created Within 30 Days] _OTS -> C:\_OTS -> [2010/04/08 00:03:15 | 000,000,000 | ---D | C] OTS.exe -> C:\Users\Gateway\OTS.exe -> [2010/04/05 21:40:14 | 000,638,976 | ---- | C] (OldTimer Tools) Denise -> C:\Users\Gateway\Denise -> [2010/04/01 20:54:03 | 000,000,000 | ---D | C] HiJackThis -> C:\Users\Gateway\HiJackThis -> [2010/03/31 10:53:11 | 000,000,000 | ---D | C] HiJackThis.exe -> C:\HiJackThis.exe -> [2010/03/25 23:54:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) 3Planesoft_Screensaver_Manager.scr -> C:\Windows\SysWow64\3Planesoft_Screensaver_Manager.scr -> [2010/03/19 16:28:54 | 000,684,032 | ---- | C] (3Planesoft) 3Planesoft Screensaver Manager -> C:\Program Files (x86)\3Planesoft Screensaver Manager -> [2010/03/19 16:28:54 | 000,000,000 | ---D | C] 3Planesoft -> C:\ProgramData\3Planesoft -> [2010/03/19 16:28:54 | 000,000,000 | ---D | C] Sun_Village_NV_3D_Screensaver.scr -> C:\Windows\SysWow64\Sun_Village_NV_3D_Screensaver.scr -> [2010/03/19 16:28:44 | 000,587,776 | ---- | C] (3Planesoft) Sun Village NV 3D Screensaver -> C:\Program Files (x86)\Sun Village NV 3D Screensaver -> [2010/03/19 16:28:44 | 000,000,000 | ---D | C] CCleaner -> C:\Program Files (x86)\CCleaner -> [2010/03/19 12:43:04 | 000,000,000 | ---D | C] Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2010/03/19 11:40:37 | 000,000,000 | ---D | C] NVIDIA Corporation -> C:\Users\Gateway\AppData\Local\NVIDIA Corporation -> [2010/03/19 11:24:08 | 000,000,000 | ---D | C] NVIDIA Corporation -> C:\Program Files (x86)\NVIDIA Corporation -> [2010/03/19 11:23:25 | 000,000,000 | ---D | C] OpenCL.dll -> C:\Windows\SysWow64\OpenCL.dll -> [2010/03/18 22:38:39 | 000,076,392 | ---- | C] (Khronos Group) NVIDIA -> C:\Users\Gateway\AppData\Roaming\NVIDIA -> [2010/03/18 21:52:38 | 000,000,000 | ---D | C] Valve -> C:\Program Files (x86)\Valve -> [2010/03/18 19:18:33 | 000,000,000 | ---D | C] Pixologic -> C:\Program Files (x86)\Pixologic -> [2010/03/12 13:07:28 | 000,000,000 | ---D | C] Downloaded Installations -> C:\Users\Gateway\AppData\Local\Downloaded Installations -> [2010/03/12 13:04:44 | 000,000,000 | ---D | C] ScUnin.exe -> C:\Windows\ScUnin.exe -> [2010/03/10 15:45:57 | 000,070,656 | ---- | C] (Blizzard Entertainment) 1 C:\Users\Gateway\AppData\Local\*.tmp files -> C:\Users\Gateway\AppData\Local\*.tmp -> [Files/Folders - Modified Within 30 Days] ntuser.dat -> C:\Users\Gateway\ntuser.dat -> [2010/04/08 18:21:20 | 006,029,312 | -HS- | M] () User_Feed_Synchronization-{52B7CACA-1635-4473-98AC-A40D57DF97DD}.job -> C:\Windows\tasks\User_Feed_Synchronization-{52B7CACA-1635-4473-98AC-A40D57DF97DD}.job -> [2010/04/08 18:20:00 | 000,000,434 | -H-- | M] () GoogleUpdateTaskUserS-1-5-21-361280648-2570976795-4106338221-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-361280648-2570976795-4106338221-1000UA.job -> [2010/04/08 17:55:00 | 000,001,062 | ---- | M] () nvModes.dat -> C:\ProgramData\nvModes.dat -> [2010/04/08 12:36:10 | 000,053,021 | ---- | M] () nvModes.001 -> C:\ProgramData\nvModes.001 -> [2010/04/08 12:36:10 | 000,053,021 | ---- | M] () GoogleUpdateTaskUserS-1-5-21-361280648-2570976795-4106338221-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-361280648-2570976795-4106338221-1000Core.job -> [2010/04/08 08:55:00 | 000,001,010 | ---- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/04/08 00:04:32 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/04/08 00:04:30 | 000,067,584 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/04/08 00:04:28 | 4289,601,536 | -HS- | M] () ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Gateway\ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TMContainer00000000000000000001.regtrans-ms -> [2010/04/08 00:03:35 | 000,524,288 | -HS- | M] () ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TM.blf -> C:\Users\Gateway\ntuser.dat{3de3544c-2af8-11df-8df6-00216b1085b2}.TM.blf -> [2010/04/08 00:03:35 | 000,065,536 | -HS- | M] () IconCache.db -> C:\Users\Gateway\AppData\Local\IconCache.db -> [2010/04/08 00:03:32 | 005,005,735 | -H-- | M] () NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2010/04/07 23:22:51 | 000,000,069 | ---- | M] () setup-win.exe -> C:\Users\Gateway\setup-win.exe -> [2010/04/07 00:46:05 | 404,539,719 | ---- | M] () 294.jpg -> C:\Users\Gateway\294.jpg -> [2010/04/06 22:47:52 | 000,112,644 | ---- | M] () GDIPFONTCACHEV1.DAT -> C:\Users\Gateway\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/04/06 19:06:57 | 000,134,928 | ---- | M] () OTS.exe -> C:\Users\Gateway\OTS.exe -> [2010/04/05 21:40:19 | 000,638,976 | ---- | M] (OldTimer Tools) PilhaPonteiro.pas -> C:\Users\Gateway\Desktop\PilhaPonteiro.pas -> [2010/04/05 21:30:06 | 000,002,897 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Gateway\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/04/05 17:51:47 | 000,144,896 | ---- | M] () mtfk_card.jpg -> C:\Users\Gateway\mtfk_card.jpg -> [2010/03/29 23:21:10 | 000,154,367 | ---- | M] () 466px-Kamehameha_DB_scheme.svg.png -> C:\Users\Gateway\466px-Kamehameha_DB_scheme.svg.png -> [2010/03/29 21:21:19 | 000,041,102 | ---- | M] () mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) me.jpg -> C:\Users\Gateway\me.jpg -> [2010/03/29 13:16:39 | 000,002,484 | ---- | M] () HiJackThis.exe -> C:\HiJackThis.exe -> [2010/03/25 23:54:24 | 000,401,720 | ---- | M] (Trend Micro Inc.) tutorial Mysql.docx -> C:\Users\Gateway\Documents\tutorial Mysql.docx -> [2010/03/22 22:00:32 | 000,015,092 | ---- | M] () cc_20100319_125514.reg -> C:\Users\Gateway\Documents\cc_20100319_125514.reg -> [2010/03/19 12:55:53 | 002,356,220 | ---- | M] () d3d9caps.dat -> C:\Users\Gateway\AppData\Local\d3d9caps.dat -> [2010/03/19 11:36:44 | 000,001,356 | ---- | M] () d3d9caps64.dat -> C:\Users\Gateway\AppData\Local\d3d9caps64.dat -> [2010/03/19 11:36:42 | 000,001,460 | ---- | M] () mapaAmorMedico.jpg -> C:\Users\Gateway\mapaAmorMedico.jpg -> [2010/03/11 20:36:13 | 000,036,387 | ---- | M] () currículo David Asbahr Pedoneze.doc -> C:\Users\Gateway\Documents\currículo David Asbahr Pedoneze.doc -> [2010/03/11 19:46:16 | 000,029,184 | ---- | M] () scunin.dat -> C:\Windows\scunin.dat -> [2010/03/10 15:48:32 | 000,034,046 | ---- | M] () ScUnin.exe -> C:\Windows\ScUnin.exe -> [2010/03/10 15:48:31 | 000,070,656 | ---- | M] (Blizzard Entertainment) ScUnin.pif -> C:\Windows\ScUnin.pif -> [2010/03/10 15:48:31 | 000,000,967 | ---- | M] () 1 C:\Users\Gateway\AppData\Local\*.tmp files -> C:\Users\Gateway\AppData\Local\*.tmp -> [Files - No Company Name] setup-win.exe -> C:\Users\Gateway\setup-win.exe -> [2010/04/07 00:12:34 | 404,539,719 | ---- | C] () 294.jpg -> C:\Users\Gateway\294.jpg -> [2010/04/06 22:47:48 | 000,112,644 | ---- | C] () OTS.Txt -> C:\Users\Gateway\OTS.Txt -> [2010/04/05 21:47:16 | 000,207,124 | ---- | C] () PilhaPonteiro.pas -> C:\Users\Gateway\Desktop\PilhaPonteiro.pas -> [2010/04/05 21:37:57 | 000,002,897 | ---- | C] () gastos.txt -> C:\Users\Gateway\gastos.txt -> [2010/04/05 11:13:07 | 000,000,219 | ---- | C] () X-Men VS Street Fighter.exe -> C:\Users\Gateway\Desktop\X-Men VS Street Fighter.exe -> [2010/04/02 14:14:25 | 019,482,291 | ---- | C] () mtfk_card.jpg -> C:\Users\Gateway\mtfk_card.jpg -> [2010/03/29 23:21:10 | 000,154,367 | ---- | C] () 466px-Kamehameha_DB_scheme.svg.png -> C:\Users\Gateway\466px-Kamehameha_DB_scheme.svg.png -> [2010/03/29 21:21:16 | 000,041,102 | ---- | C] () me.jpg -> C:\Users\Gateway\me.jpg -> [2010/03/29 13:16:39 | 000,002,484 | ---- | C] () zmtl02.rtf -> C:\Users\Public\Documents\zmtl02.rtf -> [2010/03/21 07:31:04 | 000,000,719 | -HS- | C] () cc_20100319_125514.reg -> C:\Users\Gateway\Documents\cc_20100319_125514.reg -> [2010/03/19 12:55:16 | 002,356,220 | ---- | C] () nvModes.001 -> C:\ProgramData\nvModes.001 -> [2010/03/19 11:55:49 | 000,053,021 | ---- | C] () nvModes.dat -> C:\ProgramData\nvModes.dat -> [2010/03/19 11:55:23 | 000,053,021 | ---- | C] () hiberfil.sys -> C:\hiberfil.sys -> [2010/03/19 11:54:52 | 4289,601,536 | -HS- | C] () mapaAmorMedico.jpg -> C:\Users\Gateway\mapaAmorMedico.jpg -> [2010/03/11 20:36:13 | 000,036,387 | ---- | C] () currículo David Asbahr Pedoneze.doc -> C:\Users\Gateway\Documents\currículo David Asbahr Pedoneze.doc -> [2010/03/11 19:46:16 | 000,029,184 | ---- | C] () scunin.dat -> C:\Windows\scunin.dat -> [2010/03/10 15:45:59 | 000,034,046 | ---- | C] () ScUnin.pif -> C:\Windows\ScUnin.pif -> [2010/03/10 15:45:57 | 000,000,967 | ---- | C] () REP.txt -> C:\Users\Gateway\REP.txt -> [2010/03/09 18:59:09 | 000,000,016 | ---- | C] () SIntfNT.dll -> C:\Windows\SysWow64\SIntfNT.dll -> [2009/08/13 08:51:47 | 000,021,840 | ---- | C] () SIntf32.dll -> C:\Windows\SysWow64\SIntf32.dll -> [2009/08/13 08:51:47 | 000,017,212 | ---- | C] () SIntf16.dll -> C:\Windows\SysWow64\SIntf16.dll -> [2009/08/13 08:51:47 | 000,012,067 | ---- | C] () CmdLineExt03.dll -> C:\Windows\SysWow64\CmdLineExt03.dll -> [2009/08/13 08:37:10 | 000,043,520 | ---- | C] () NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2009/08/03 15:27:08 | 000,000,069 | ---- | C] () mjpcodec.dll -> C:\Windows\SysWow64\mjpcodec.dll -> [2009/06/29 18:20:04 | 000,061,440 | ---- | C] () nfsc_patch.ini -> C:\Windows\nfsc_patch.ini -> [2009/05/25 20:44:30 | 000,000,058 | ---- | C] () xlive.dll.cat -> C:\Windows\SysWow64\xlive.dll.cat -> [2009/04/21 23:19:06 | 000,172,173 | ---- | C] () ff_vfw.dll -> C:\Windows\SysWow64\ff_vfw.dll -> [2009/04/02 15:21:50 | 000,084,480 | ---- | C] () xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2008/12/07 14:08:04 | 000,130,048 | ---- | C] () AgCPanelTraditionalChinese.dll -> C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll -> [2008/10/07 14:13:22 | 000,058,648 | ---- | C] () AgCPanelSwedish.dll -> C:\Windows\SysWow64\AgCPanelSwedish.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelSpanish.dll -> C:\Windows\SysWow64\AgCPanelSpanish.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelSimplifiedChinese.dll -> C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelPortugese.dll -> C:\Windows\SysWow64\AgCPanelPortugese.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelKorean.dll -> C:\Windows\SysWow64\AgCPanelKorean.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelJapanese.dll -> C:\Windows\SysWow64\AgCPanelJapanese.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelGerman.dll -> C:\Windows\SysWow64\AgCPanelGerman.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () AgCPanelFrench.dll -> C:\Windows\SysWow64\AgCPanelFrench.dll -> [2008/10/07 14:13:20 | 000,058,648 | ---- | C] () ff_vfw.dll.manifest -> C:\Windows\SysWow64\ff_vfw.dll.manifest -> [2008/09/12 16:21:02 | 000,000,547 | ---- | C] () physxcudart_20.dll -> C:\Windows\SysWow64\physxcudart_20.dll -> [2008/06/05 13:58:26 | 000,197,912 | ---- | C] () xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2008/04/27 10:33:36 | 000,765,952 | ---- | C] () tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 23:50:05 | 000,060,124 | ---- | C] () msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/20 23:49:49 | 000,368,640 | ---- | C] () AviSplitter.INI -> C:\Windows\AviSplitter.INI -> [2007/02/05 20:05:26 | 000,000,038 | ---- | C] () SSCProt.dll -> C:\Windows\SysWow64\SSCProt.dll -> [2007/01/10 07:44:26 | 001,457,024 | R--- | C] () GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 12:07:25 | 000,030,808 | ---- | C] () GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 12:07:25 | 000,029,779 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 12:07:25 | 000,026,489 | ---- | C] () GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 12:07:25 | 000,026,040 | ---- | C] () unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2002/10/15 19:54:04 | 000,153,088 | ---- | C] ()< End of report > Compartilhar este post Link para o post Compartilhar em outros sites
Sam Spade 2 Denunciar post Postado Abril 10, 2010 Execute o OTS.exe Clique no botão . Permita que seu computador seja reiniciado. Versões antigas do Java, têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema. Verifique se o seu sistema tem a última versão instalada: Baixe > JavaRa Dê um duplo-clique no JavaRa.exe. Depois clique em Search For Updates. Selecione a opção Update Using jucheck.exe. Clique então no botão Search. Se estiver atualizado, receberá um aviso de que tem a última versão. Caso contrário, aguarde a nova versão do Java ser baixada e instalada. Depois clique no botão Remove Older Versions para que as versões antigas que existirem no PC sejam desinstaladas. leia estes artigos sobre segurança: Proteja seu PC Cuidados ao navegar na net. Abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Maio 11, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites