Syperrj 0 Denunciar post Postado Abril 4, 2012 Meu PC está sofrendo lentidão e acusa toda hora de estar com a memória virtual baixa. Mantenho meu HD com bastante espaço, faço limpezas periodicamente, mas ainda assim está acusando. Acredito que sejam vírus. Gostaria que me ajudassem o mais rápido possível. Aqui o Log do Hijack This, realizado no dia 04/04, às 10:03: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:03:19, on 04/04/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19154) Boot mode: Normal Running processes: C:\Program Files\Spyware Terminator\st_rsser.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Windows\PixArt\PAC207\Monitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Steam\Steam.exe C:\Program Files\DAEMON Tools Pro\DTAgent.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sidnei\Documents\Hijack this\HijackThis.exe C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - (no file) R3 - URLSearchHook: (no name) - {1d80d668-2160-46a2-b3a7-e166795b0b28} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [spywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe O4 - HKLM\..\Run: [spywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Memory Cleaner] C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Memory Improve Master] C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe /autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser') O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} - http://c6.community.alice.it/download/DownloaderActiveX.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F6DD7A2D-6839-4820-93D7-45D6FE210907}: NameServer = 10.10.2.1,10.10.5.1 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 10300 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 5, 2012 Bom Dia! Syperrj |- Baixe: < > ( ... by OldTimer Tools ) |- Clique em Salvar! < > |- Salve-o no desktop! < > |- Duplo clique em OTL.exe --> Executar: |- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida ) |- Ps: Para Windows 7,clique direito e execute-o como "Administrador". |- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log ) |- Poste,também,o relatório "Extras". Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Syperrj 0 Denunciar post Postado Abril 5, 2012 Aqui está o relatório do OLT: OTL logfile created on: 05/04/2012 11:19:17 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sidnei\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 53,87% Memory free 4,24 Gb Paging File | 1,75 Gb Available in Paging File | 41,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 312,50 Gb Total Space | 62,97 Gb Free Space | 20,15% Space Free | Partition Type: NTFS Drive D: | 153,25 Gb Total Space | 147,77 Gb Free Space | 96,42% Space Free | Partition Type: NTFS Computer Name: SIDNEI-GAME | User Name: Sidnei | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/05 11:17:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sidnei\Desktop\OTL.exe PRC - [2012/03/23 20:48:25 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Arquivos de programas\Common Files\Steam\SteamService.exe PRC - [2012/02/29 12:25:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\javaw.exe PRC - [2012/02/20 06:51:18 | 003,669,680 | ---- | M] (Crawler.com) -- C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2012/02/20 06:51:08 | 002,786,480 | ---- | M] (Crawler.com) -- C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2012/02/07 11:21:25 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2011/12/06 01:18:36 | 000,785,489 | ---- | M] (KoshyJohn.com) -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe PRC - [2011/12/04 16:39:05 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Real\RealPlayer\Update\realsched.exe PRC - [2011/11/02 23:00:22 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Arquivos de programas\Steam\Steam.exe PRC - [2011/09/28 02:16:08 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Arquivos de programas\Spyware Terminator\st_rsser.exe PRC - [2011/08/17 04:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Arquivos de programas\DAEMON Tools Pro\DTAgent.exe PRC - [2011/08/17 04:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Arquivos de programas\DAEMON Tools Pro\DTShellHlp.exe PRC - [2011/08/08 05:00:00 | 005,547,008 | ---- | M] (MPC-HC Team) -- C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe PRC - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/06/30 14:31:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe PRC - [2011/04/27 12:23:12 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe PRC - [2010/11/03 13:29:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/08/18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009/08/18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009/04/10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Sidebar\sidebar.exe PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2009/03/16 11:05:30 | 005,095,424 | ---- | M] (Memory Improve Master Studio) -- C:\Arquivos de programas\Memory Improve Master\MemoryImproveMaster.exe PRC - [2009/03/08 08:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\ielowutil.exe PRC - [2008/07/10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/01/18 22:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Defender\MSASCui.exe PRC - [2007/12/10 18:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe PRC - [1999/12/31 21:00:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [1999/12/31 21:00:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\Display\nvxdsync.exe PRC - [1999/12/31 21:00:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\Display\nvtray.exe ========== Modules (No Company Name) ========== MOD - [2012/03/26 23:28:43 | 000,444,400 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll MOD - [2012/03/26 23:28:42 | 003,915,248 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll MOD - [2012/03/26 23:27:17 | 000,122,880 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\avutil-51.dll MOD - [2012/03/26 23:27:16 | 000,220,672 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\avformat-53.dll MOD - [2012/03/26 23:27:14 | 001,747,456 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll MOD - [2012/03/26 22:37:41 | 008,747,168 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll MOD - [2012/03/26 22:37:41 | 008,747,168 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\APPLIC~1\180102~1.142\gcswf32.dll MOD - [2012/03/23 20:48:25 | 020,297,512 | ---- | M] () -- C:\Arquivos de programas\Steam\bin\libcef.dll MOD - [2012/03/23 20:48:24 | 001,099,576 | ---- | M] () -- C:\Arquivos de programas\Steam\bin\avcodec-53.dll MOD - [2012/03/23 20:48:24 | 000,907,048 | ---- | M] () -- C:\Arquivos de programas\Steam\bin\chromehtml.dll MOD - [2012/03/23 20:48:24 | 000,190,776 | ---- | M] () -- C:\Arquivos de programas\Steam\bin\avformat-53.dll MOD - [2012/03/23 20:48:24 | 000,123,192 | ---- | M] () -- C:\Arquivos de programas\Steam\bin\avutil-51.dll MOD - [2011/08/08 05:00:00 | 003,852,288 | ---- | M] () -- C:\Arquivos de programas\K-Lite Codec Pack\ffdshow\ffmpeg.dll MOD - [2011/08/08 05:00:00 | 003,577,856 | ---- | M] () -- C:\Arquivos de programas\K-Lite Codec Pack\ffdshow\ffdshow.ax MOD - [2011/08/08 05:00:00 | 000,145,920 | ---- | M] () -- C:\Arquivos de programas\K-Lite Codec Pack\ffdshow\ff_libmad.dll MOD - [2008/09/10 01:20:08 | 000,294,912 | ---- | M] () -- C:\Arquivos de programas\Memory Improve Master\MemIM.dll MOD - [2008/08/08 08:03:36 | 000,126,976 | ---- | M] () -- C:\Arquivos de programas\Memory Improve Master\MemIMReg.dll MOD - [2006/06/16 15:20:54 | 000,126,464 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012/03/23 20:48:25 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/09/28 02:16:08 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Arquivos de Programas\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/07/20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011/06/30 14:31:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de Programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/27 12:23:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de Programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/08/18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/07/23 00:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) SRV - [2009/03/30 02:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2009/03/30 02:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) SRV - [2008/07/10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [1999/12/31 21:00:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdLLD.sys -- (AmdLLD) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aa4mzmtq) DRV - [2012/01/27 18:14:44 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon) DRV - [2011/12/09 21:14:44 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/11/29 12:16:34 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2011/11/08 15:26:17 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2011/06/30 14:31:22 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/30 14:31:22 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/06/21 10:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2009/12/12 12:22:56 | 000,240,128 | ---- | M] (PARADOX) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\royal.sys -- (OemBiosDevice) DRV - [2009/12/12 12:01:42 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2008/12/10 05:37:46 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/02/13 16:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [1999/12/31 21:00:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2567694 IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {1d80d668-2160-46a2-b3a7-e166795b0b28} - No CLSID value found IE - HKCU\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=PF&o=&src=crm&q={searchTerms}&locale= IE - HKCU\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?} IE - HKCU\..\SearchScopes\{33D59858-89D9-4AC2-A956-93875EB02323}: "URL" = http://search.localstrike.com.ar/?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.com/results.php?pr=pando&id=pandoleveluptb&v=1_0&gen=ms&ent=ch&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2567694 IE - HKCU\..\SearchScopes\{C85BDB30-7E46-42C1-A985-5D4E73F93D80}: "URL" = http://www.google.com.br/search?hl=pt-BR&q={searchTerms}&meta= IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_br&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Brazil Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search The Web" FF - prefs.js..browser.startup.homepage: "www.google.com.br" FF - prefs.js..extensions.enabledItems: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {1d80d668-2160-46a2-b3a7-e166795b0b28}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files\Microsoft Research\HD View\nphdview.dll (Microsoft Research) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sidnei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sidnei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sidnei\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/04 16:40:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 16:39:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/04 16:42:03 | 000,000,000 | ---D | M] [2010/01/13 21:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Extensions [2012/03/25 14:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions [2011/03/22 08:37:10 | 000,000,000 | ---D | M] (Messenger Plus BR Community Toolbar) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\{1d80d668-2160-46a2-b3a7-e166795b0b28} [2010/07/01 17:45:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/01/27 13:07:31 | 000,000,000 | ---D | M] (P2P Torrent Toolbar) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\{bc4be15d-6a34-4356-9e97-79e43da32b1d} [2010/06/15 09:22:54 | 000,000,000 | ---D | M] (Messenger Plus Live Brazil Toolbar) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} [2011/03/22 08:37:10 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\engine@conduit.com [2012/02/16 13:31:37 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\redshift_V2@shift-themes.com [2009/07/10 17:26:08 | 000,002,257 | ---- | M] () -- C:\Users\Sidnei\AppData\Roaming\Mozilla\Firefox\Profiles\6dsamkzh.default\searchplugins\askcom.xml [2010/04/21 12:06:34 | 000,000,955 | ---- | M] () -- C:\Users\Sidnei\AppData\Roaming\Mozilla\Firefox\Profiles\6dsamkzh.default\searchplugins\conduit.xml [2010/04/19 13:36:18 | 000,002,059 | ---- | M] () -- C:\Users\Sidnei\AppData\Roaming\Mozilla\Firefox\Profiles\6dsamkzh.default\searchplugins\daemon-search.xml [2012/02/29 12:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions [2011/04/02 10:11:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/07/31 00:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/02/29 12:25:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2010/02/22 19:35:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2011/04/02 10:11:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/07/31 00:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/02/29 12:25:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011/12/04 16:40:07 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012/02/29 12:25:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/07/16 22:33:04 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml [2010/07/16 22:33:04 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml [2011/04/14 00:29:02 | 000,002,281 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml [2010/07/16 22:33:04 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml [2010/07/16 22:33:04 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: HD View (Enabled) = C:\Program Files\Microsoft Research\HD View\nphdview.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Sidnei\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Pesquisa do Google = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: AT_DJTiesto = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2_0\ CHR - Extension: Gmail = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/03/14 12:15:09 | 000,000,985 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1D80D668-2160-46A2-B3A7-E166795B0B28} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de Programas\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PlusService] C:\Arquivos de Programas\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [spywareTerminatorShield] C:\Arquivos de Programas\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [spywareTerminatorUpdater] C:\Arquivos de Programas\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED File not found O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [Memory Cleaner] C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe (KoshyJohn.com) O4 - HKCU..\Run: [Memory Improve Master] C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe (Memory Improve Master Studio) O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de Programas\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} http://c6.community.alice.it/download/DownloaderActiveX.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907}: NameServer = 10.10.2.1,10.10.5.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\AUtoplAy\command - "" = I:\erpvmq.exe O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\AutoRun\command - "" = I:\erpvmq.exe O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\expLorE\CoMmanD - "" = I:\erpvmq.exe O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\Open\CommaNd - "" = I:\erpvmq.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/05 11:17:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Sidnei\Desktop\OTL.exe [2012/03/25 17:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memory Improve Master [2012/03/25 17:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Memory Improve Master [2012/03/14 12:13:32 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/05 11:17:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sidnei\Desktop\OTL.exe [2012/04/05 11:16:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{61EC2A35-5569-44D9-A816-87E82FAB20BF}.job [2012/04/05 11:05:21 | 000,058,880 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/05 10:54:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/05 10:32:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796026459-2530574266-2461488858-1000UA.job [2012/04/05 09:57:26 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/05 09:57:26 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/04 20:03:57 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/04 19:55:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/04 11:32:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796026459-2530574266-2461488858-1000Core.job [2012/04/03 20:06:21 | 000,754,056 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2012/04/03 20:06:21 | 000,702,266 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/03 20:06:21 | 000,170,746 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2012/04/03 20:06:21 | 000,145,334 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/03/30 20:03:36 | 000,002,047 | ---- | M] () -- C:\Users\Sidnei\Desktop\Google Chrome.lnk [2012/03/29 21:13:08 | 2143,838,208 | -HS- | M] () -- C:\hiberfil.sys [2012/03/28 22:57:28 | 000,009,400 | -HS- | M] () -- C:\Users\Sidnei\Documents\Folder.jpg [2012/03/28 22:57:28 | 000,009,400 | -HS- | M] () -- C:\Users\Sidnei\Documents\AlbumArt_{8454A573-188D-4510-9C69-A612A60D1FE8}_Large.jpg [2012/03/28 22:57:26 | 000,002,526 | -HS- | M] () -- C:\Users\Sidnei\Documents\AlbumArtSmall.jpg [2012/03/28 22:57:26 | 000,002,526 | -HS- | M] () -- C:\Users\Sidnei\Documents\AlbumArt_{8454A573-188D-4510-9C69-A612A60D1FE8}_Small.jpg [2012/03/25 17:05:01 | 000,000,872 | ---- | M] () -- C:\Users\Sidnei\Desktop\Memory Improve Master.lnk [2012/03/14 10:13:50 | 000,000,000 | -H-- | M] () -- C:\Users\Sidnei\AppData\Roaming\tGlt1fFyD6G1 [2012/03/06 22:31:30 | 000,000,680 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\d3d9caps.dat [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/03/28 22:57:34 | 000,009,400 | -HS- | C] () -- C:\Users\Sidnei\Documents\AlbumArt_{8454A573-188D-4510-9C69-A612A60D1FE8}_Large.jpg [2012/03/28 22:57:34 | 000,002,526 | -HS- | C] () -- C:\Users\Sidnei\Documents\AlbumArt_{8454A573-188D-4510-9C69-A612A60D1FE8}_Small.jpg [2012/03/25 17:05:01 | 000,000,872 | ---- | C] () -- C:\Users\Sidnei\Desktop\Memory Improve Master.lnk [2012/03/14 10:13:50 | 000,000,000 | -H-- | C] () -- C:\Users\Sidnei\AppData\Roaming\tGlt1fFyD6G1 [2011/11/08 15:36:58 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys [2011/11/08 12:39:23 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/11/08 12:39:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011/11/08 12:38:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/11/08 12:38:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/11/07 19:30:40 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2011/11/07 13:26:16 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2011/08/11 23:36:08 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011/08/11 23:36:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011/08/11 23:36:06 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011/08/11 23:36:06 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011/08/03 14:23:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011/05/29 15:02:47 | 000,000,118 | ---- | C] () -- C:\Windows\Video To Audio Converter.ini [2011/05/29 14:59:40 | 000,000,102 | ---- | C] () -- C:\Windows\pro Video To Audio Converter.ini [2011/05/29 14:59:29 | 000,000,001 | ---- | C] () -- C:\Windows\System32\Video To Audio Converter.dat [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010/08/29 11:44:28 | 000,000,094 | ---- | C] () -- C:\Users\Sidnei\AppData\Local\fusioncache.dat [2010/08/29 08:28:38 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010/08/29 08:28:37 | 000,022,328 | ---- | C] () -- C:\Users\Sidnei\AppData\Roaming\PnkBstrK.sys [2010/08/29 08:28:23 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010/08/29 08:28:20 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010/08/29 08:28:20 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010/07/09 11:13:56 | 000,000,012 | ---- | C] () -- C:\Users\Sidnei\AppData\Roaming\hwzypv.dat [2010/07/09 11:04:23 | 000,000,004 | ---- | C] () -- C:\Users\Sidnei\AppData\Roaming\avdrn.dat [2010/06/19 13:12:58 | 000,000,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/04/15 20:33:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat ========== LOP Check ========== [2010/07/30 07:51:50 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\Audacity [2010/05/03 14:49:24 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\AVG9 [2011/06/04 17:19:03 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/02/18 23:12:34 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\cYo [2012/01/04 12:53:07 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\DAEMON Tools Lite [2012/04/04 20:40:28 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\DAEMON Tools Pro [2010/02/03 09:14:10 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\DMCache [2011/05/16 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\FreeAudioPack [2011/05/17 08:48:30 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\FreeCDRipper [2010/02/03 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\IDM [2012/02/10 17:47:46 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com [2009/12/12 14:53:31 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\PeerNetworking [2011/04/03 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\PunkBuster [2011/11/07 13:26:12 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\Spyware Terminator [2010/04/04 20:45:23 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\Ubisoft [2012/03/28 12:18:23 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/04/05 11:16:56 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{61EC2A35-5569-44D9-A816-87E82FAB20BF}.job ========== Purity Check ========== < End of report > Aqui os extras: OTL Extras logfile created on: 05/04/2012 11:19:17 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sidnei\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 53,87% Memory free 4,24 Gb Paging File | 1,75 Gb Available in Paging File | 41,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 312,50 Gb Total Space | 62,97 Gb Free Space | 20,15% Space Free | Partition Type: NTFS Drive D: | 153,25 Gb Total Space | 147,77 Gb Free Space | 96,42% Space Free | Partition Type: NTFS Computer Name: SIDNEI-GAME | User Name: Sidnei | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3318E50D-78F0-40B1-9578-D71A9FA712ED}" = lport=2869 | protocol=6 | dir=in | app=system | "{416BD81F-DBD5-4752-BA86-C7C142E10259}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{5DDAD886-C584-4036-B248-EC9A82B70401}" = lport=58907 | protocol=17 | dir=in | name=pando media booster | "{70A79345-0D51-4079-A8C4-FC8223FD7D48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8E7456C2-AD18-4095-9671-3DDD2FCF4C3C}" = lport=58907 | protocol=6 | dir=in | name=pando media booster | "{B17A2850-0D5C-43FB-AA81-8A2AD4A84239}" = lport=58907 | protocol=17 | dir=in | name=pando media booster | "{C90AD126-145F-4CBD-B725-25D8ABB40557}" = lport=58907 | protocol=6 | dir=in | name=pando media booster | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{040615F3-796C-43FD-8CF3-8D46A54B0013}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrmp.exe | "{04D31705-4AC0-4FF7-80B8-8A4118064DDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{0A7CFE71-6E76-45BA-8A07-60FD95710E75}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{153297E8-3B80-4693-BBEA-F325E4BCF00C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{16C85B3F-59F1-49D3-95E9-F27806C13311}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | "{1AB9668E-F422-4B6F-8595-511071A134C3}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed hot pursuit\launcher.exe | "{222D9D9E-FCE9-4F99-B7F4-0D3E739E00D3}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "{23CEDE6F-1BFA-461D-AE3B-B158132522BE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{2766190F-E4FB-48D9-BA8F-B612FBA20AE5}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{2D2C617D-CD43-43AD-BC19-8941AFA35F08}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | "{2EFB99C8-875B-415C-8E91-1AF34E41AB61}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "{30C09AFD-4723-4573-B5DD-2AE96253E1C0}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe | "{35B01A89-0270-4D86-9D2D-213EF52F0ED0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{38BCCD1E-8E8C-4667-90EB-AE2F5B6F96D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{42E5D385-3BAD-4A45-B504-4465695EE7E2}" = protocol=6 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{43AE5A31-8CCF-4308-9663-6E042276C4EA}" = protocol=17 | dir=in | app=c:\program files\pes.2010-kaos\pes2010.exe | "{446221AC-3259-4186-B86E-C2BCEF35B634}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{4A49F6EF-EBFA-4821-B3D0-24EFEE6C0B14}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{4ADC4F76-DECA-4D23-B9CB-C29F6A419633}" = protocol=6 | dir=in | app=c:\program files\pes.2010-kaos\pes2010.exe | "{5025BDCA-AB7F-4A77-9CD8-508C39E007A7}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed hot pursuit\launcher.exe | "{50900F5A-9F0B-4771-AC5B-E9CF06B59DCE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{53C69CBC-1ECD-41E1-BDDE-21A2EBF55368}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{59BFABD4-5CEE-4E6C-8B45-FA9CB06C33F7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{59C82F61-D1B1-44DB-BA80-59DACD8A5E47}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrmp.exe | "{5C711547-6CDE-4A2F-92A8-A08E9E686A77}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{5DA4BF43-88E2-4E38-A2FA-47D93013860F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{678E6905-4B5C-4D26-80D3-49C1F4E11C22}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{6D049FC1-DD04-4122-8DD0-49AD2A8197A3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{6E4130C6-6F20-4A75-ACE2-909D662414D4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{7399A8B9-8839-46EC-93CE-9205864CC40E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{7AB6A1D5-B718-447D-B248-66D1CCA689BC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{87028F9F-C6F3-41FB-A12C-EFFB5FF3EFE2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{87824D9F-886E-4E44-8891-A8E342BFDABC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{9041852E-F923-4F23-9822-997D3D781D2B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{945B2947-D0ED-46AD-BB81-23A5886ACBA8}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{9C3B132A-ADAB-4967-BB48-6188DB3B750F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{9F5B9EA8-D182-45DA-BB38-6822A5F90725}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{A7310642-1BE6-4DDE-8F22-09AB48C5922C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{AB147672-8980-40BA-82B0-3ED3E26A692B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | "{AB31C374-335B-44B2-ADAA-37A13D97B962}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrsp.exe | "{BB938F46-A5A2-4384-B4E5-B0F0067F0FD8}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{BCEAFD40-B6E0-4A1E-AF5B-54354CAF49EB}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe | "{C30F9B51-8CA9-4F9B-B457-26C1D2399A66}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrsp.exe | "{CB8C7B1C-1879-4663-832D-A2C22080854E}" = protocol=17 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{CBDC4EBF-971E-4504-9EED-F0E6CC6622B2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{CC7ADE29-52E8-4DAA-8347-C655CAED2806}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{D02EBC54-863C-4F44-A8E8-07771F94223D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{D1A37712-3D4C-4CB6-953F-C471CDAC604F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{E246CA89-075A-4D55-9FE3-EA4B290FB099}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{EBAC49D3-3D88-4B4E-864F-839D9F4F14A7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | "{EDA2BB7B-AB8E-4CBE-8A57-6DFC88D1465D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{F0FB9563-0BC7-47A5-88CC-A72FDB8DC1E9}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{F6AF2EF5-9EC7-4D03-82D5-A875D2757383}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{FE8B75E4-C8CD-47EC-A9AC-0173349035E4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{FE9D4259-81DC-4AD3-B28B-E606D0FADD9C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{FFC18F13-DF74-484A-A024-2A737AC1405D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "TCP Query User{05E5AF76-6260-4ED1-92BE-82E7E725BF08}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{07BD0271-CB3C-4DA4-B74F-EA91BCC3B529}C:\program files\real\realplayer\update\realsched.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\update\realsched.exe | "TCP Query User{0B9E64D8-1BDB-4197-8195-C679E2290758}C:\users\sidnei\documents\modern warfare 3\call_of_duty_modern_warfare_3_setup\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\users\sidnei\documents\modern warfare 3\call_of_duty_modern_warfare_3_setup\iw5mp_server.exe | "TCP Query User{0C566CC3-23E1-45A7-8760-D7996433D191}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "TCP Query User{0D764E73-6648-4849-B345-BC76DB10E94E}C:\users\sidnei\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\sidnei\appdata\local\google\update\googleupdate.exe | "TCP Query User{132CFE85-B5EC-4893-99ED-F05727670BBD}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | "TCP Query User{164C2035-4629-4CA6-B624-409608C42C77}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe | "TCP Query User{1A15BCB8-9CF2-45B6-AD92-11558EAA14A2}C:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "TCP Query User{1EC9EE99-B795-4720-A006-66547F33AF3B}C:\program files\pes.2010-kaos\pes2010.exe" = protocol=6 | dir=in | app=c:\program files\pes.2010-kaos\pes2010.exe | "TCP Query User{2311C076-169E-4BCD-B976-1DEA841BA5E0}C:2\mmqmca.pif" = protocol=6 | dir=in | app=c:2\mmqmca.pif | "TCP Query User{242831CE-52C1-489D-9AE2-24E6AE4F146B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{286963FB-86D4-4042-AF59-56F33BA7BEE6}C:\program files\cyberlink\powerdvd\pdvdserv.exe" = protocol=6 | dir=in | app=c:\program files\cyberlink\powerdvd\pdvdserv.exe | "TCP Query User{3D9764C3-85BD-4565-97D0-15E464BAA5D3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{419BEE7B-9AE9-4886-8570-224F070DDB66}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "TCP Query User{4537963C-76F0-4C24-94D2-0BA7C61D92EF}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe | "TCP Query User{45CF5508-202B-444B-8B7B-800537F2BE95}C:\program files\electronic arts\need for speed hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed hot pursuit\nfs11.exe | "TCP Query User{4F97A771-BCD6-4CA7-AB9B-AAAF3D0A120E}C:\users\sidnei\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\sidnei\appdata\local\google\chrome\application\chrome.exe | "TCP Query User{53B6EB79-3CFE-48C2-B27B-9C6758D1CF5D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{5A812A9A-902E-44CD-97EE-6347B815EF2C}C:\users\sidnei\appdata\roaming\mxsysk.exe" = protocol=6 | dir=in | app=c:\users\sidnei\appdata\roaming\mxsysk.exe | "TCP Query User{6CD85EEE-98E2-438F-BE03-3DD9B809263C}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe | "TCP Query User{79D3E8FA-9EA9-479E-8BDD-1E7DCAA16190}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe | "TCP Query User{884445D0-6AC6-44B7-9FED-0F6142BDD819}C:\users\sidnei\documents\minhas coisas\arquivos sem definição\drm\server.exe" = protocol=6 | dir=in | app=c:\users\sidnei\documents\minhas coisas\arquivos sem definição\drm\server.exe | "TCP Query User{A1C772A6-8B2F-40E6-9CAE-FD1F316249EF}C:\program files\daemon tools pro\dtagent.exe" = protocol=6 | dir=in | app=c:\program files\daemon tools pro\dtagent.exe | "TCP Query User{BAA830D9-2A61-40CF-8299-7ACC9C03FF43}C:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{D385FC9D-AFF6-4FCD-B93D-4BDB931358DE}C:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{D4C0491F-F16C-4C0A-A408-C51E558FFCA4}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe | "TCP Query User{E270831D-D12B-45E6-8A3B-EE9C9D3F02B8}J:\recycler\f4448e25.exe" = protocol=6 | dir=in | app=j:\recycler\f4448e25.exe | "TCP Query User{EED7D8EE-D6D5-4E87-9169-FDAA55263293}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{F7285C72-4447-422F-8C51-6301516AAEB4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{FBD0FB1F-CB4F-441D-A933-CB026E2DD718}C:\program files\nvidia corporation\display\nvtray.exe" = protocol=6 | dir=in | app=c:\program files\nvidia corporation\display\nvtray.exe | "TCP Query User{FF3E2388-5FB7-45C1-951B-DD92C2B6C0B8}C:\users\sidnei\documents\4rkc1b4.www.baixatudogames.com\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\users\sidnei\documents\4rkc1b4.www.baixatudogames.com\binaries\win32\batmanac.exe | "UDP Query User{09080143-F5C0-434B-9509-46699EC91250}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{1068475C-78EE-444A-B3DE-0E26A0CB133A}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe | "UDP Query User{16F42385-42F2-4E9A-B0B1-20FBF10397BF}C:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{29EADD8D-9380-4A23-AC58-8BD2FE324CB6}C:\program files\real\realplayer\update\realsched.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\update\realsched.exe | "UDP Query User{33E65BBD-D3B3-4784-A5C0-AB3F50C4D124}C:\program files\daemon tools pro\dtagent.exe" = protocol=17 | dir=in | app=c:\program files\daemon tools pro\dtagent.exe | "UDP Query User{376BA6C2-F3E3-4DB9-9192-BA5947506DDB}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{497D759A-B9AF-4231-B850-8CD47862D9D0}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "UDP Query User{4EDF724B-4CEF-486D-80B2-BFDE5D871E16}C:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "UDP Query User{520BA082-7B89-4181-89EE-ACE3714E17D6}C:\users\sidnei\appdata\roaming\mxsysk.exe" = protocol=17 | dir=in | app=c:\users\sidnei\appdata\roaming\mxsysk.exe | "UDP Query User{5392214E-79CD-42E5-925F-FF5DB68B7FDB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{56C92023-39C2-412F-AF77-828FE3944890}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | "UDP Query User{571EEF3A-0BC1-4C19-A58B-838E552BA5CA}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe | "UDP Query User{673D961F-A046-405E-BA56-4B5A1F2FF959}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{67CF4931-FC82-4E81-96D9-2DDCA3D350BD}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe | "UDP Query User{6B0304A4-F01B-4FB1-9454-D950B169AE0A}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe | "UDP Query User{84C5FA2E-F5DB-433F-AEAD-BB45EA7F5A80}C:\program files\cyberlink\powerdvd\pdvdserv.exe" = protocol=17 | dir=in | app=c:\program files\cyberlink\powerdvd\pdvdserv.exe | "UDP Query User{8E03872E-8429-4F99-AB5F-F1E59E69D750}J:\recycler\f4448e25.exe" = protocol=17 | dir=in | app=j:\recycler\f4448e25.exe | "UDP Query User{9773936C-1950-4B03-86C6-953288278A24}C:\users\sidnei\documents\modern warfare 3\call_of_duty_modern_warfare_3_setup\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\users\sidnei\documents\modern warfare 3\call_of_duty_modern_warfare_3_setup\iw5mp_server.exe | "UDP Query User{A38EC5E5-96E2-4EAF-8D3F-F19C88137B43}C:\users\sidnei\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\sidnei\appdata\local\google\update\googleupdate.exe | "UDP Query User{D5A3D16D-3702-4F98-80FF-549F4A03DA71}C:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{D690D8BE-E18D-4D6D-BA77-98AFBAB03635}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "UDP Query User{DC471D60-39DA-4848-945B-5636148DF300}C:\program files\nvidia corporation\display\nvtray.exe" = protocol=17 | dir=in | app=c:\program files\nvidia corporation\display\nvtray.exe | "UDP Query User{E1FAC1B6-1ADD-48B5-A40C-53A9D2F18175}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe | "UDP Query User{E58AACED-2B04-4685-A02D-EC0BEFD06BF6}C:\users\sidnei\documents\minhas coisas\arquivos sem definição\drm\server.exe" = protocol=17 | dir=in | app=c:\users\sidnei\documents\minhas coisas\arquivos sem definição\drm\server.exe | "UDP Query User{E778BB5B-681E-45C9-9820-AE26FB11EB73}C:\users\sidnei\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\sidnei\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{ED7665F9-25C8-47B5-867E-6C19C3694D6C}C:\program files\pes.2010-kaos\pes2010.exe" = protocol=17 | dir=in | app=c:\program files\pes.2010-kaos\pes2010.exe | "UDP Query User{F387F190-17C0-401F-BAC1-C2FB80E702AF}C:\users\sidnei\documents\4rkc1b4.www.baixatudogames.com\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\users\sidnei\documents\4rkc1b4.www.baixatudogames.com\binaries\win32\batmanac.exe | "UDP Query User{F6EB1C61-0433-4C1A-96C4-6DB22F241146}C:2\mmqmca.pif" = protocol=17 | dir=in | app=c:2\mmqmca.pif | "UDP Query User{F72E4C6A-4058-45FB-B8C6-1807B2A5773D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F88370E0-96C0-4885-8F0D-8F1F3B9FB1A5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F8EAB99F-3D91-48BC-8392-6FA681EAE774}C:\program files\electronic arts\need for speed hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed hot pursuit\nfs11.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types "{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects "{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client "{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012 "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services "{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{67CDD5A0-C572-4D2C-A354-6492B51F4138}" = SlimDrivers "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime "{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail "{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed Hot Pursuit "{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{8550BF64-851E-4ABA-967D-DF1AEF55C75B}" = USB Dual Vibration Joystick_Vista "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8DA83EA6-E731-4722-958D-613399AE1046}" = Nero 7 Essentials "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007 "{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 "{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 "{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 "{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 "{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007 "{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 "{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 "{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 "{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}" = Pro Evolution Soccer 2011 "{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1046-7B44-A81200000003}" = Adobe Reader 8.1.2 - Português "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 280.26 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 280.19 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.4.28 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX "{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@ "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser "{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 "{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F58E04CD-6E76-43C8-AAF1-482225C2910E}" = Xml Viewer "{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86) "{FF29527A-44CD-3422-945E-981A13584000}" = você Runtimes MSI "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "ComicRack" = ComicRack v0.9.149 "conduitEngine" = Conduit Engine "CursorFX" = CursorFX "DAEMON Tools Pro" = DAEMON Tools Pro "DriverAgent.exe" = DriverAgent by eSupport.com "ENTERPRISE" = Microsoft Office Enterprise 2007 "InstallShield_{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@ "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.6.0 "Memory Improve Master Free Version_is1" = Memory Improve Master Free Version v6.1.2.369 "Messenger Plus!" = Messenger Plus! 5 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU "Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "PunkBusterSvc" = PunkBuster Services "Sonic Generations_is1" = Sonic Generations "SopCast" = SopCast 3.0.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = Arquivo do WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Tradução PES2010 By Werther" = Tradução PES2010 By Werther "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 5, 2012 Boa Tarde! Syperrj |- Desinstale: C:\Program Files\Spyware Terminator ///°°°/// |- Baixe: < AdwCleaner > ( ... par Xplode ) |- Clique na imagem: < > |- Salve-o no desktop! |- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador". |- Dê início ao scan,clicando em "Recherche" < > |- Ao concluir,poste o relatório: C:\AdwCleaner[R].txt ///°°°/// |- Execute o OTL.exe. |- Para Windows Vista,desabilite a UAC. |- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" ) :OTLIE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2567694 IE - HKCU\..\URLSearchHook: {1d80d668-2160-46a2-b3a7-e166795b0b28} - No CLSID value found IE - HKCU\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - No CLSID value found IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.c...q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2567694 FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}" FF - prefs.js..extensions.enabledItems: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {1d80d668-2160-46a2-b3a7-e166795b0b28}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=" FF - user.js - File not found O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1D80D668-2160-46A2-B3A7-E166795B0B28} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - No CLSID value found. O4 - HKCU..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED File not found O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.) O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\AUtoplAy\command - "" = I:\erpvmq.exe O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\AutoRun\command - "" = I:\erpvmq.exe O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\expLorE\CoMmanD - "" = I:\erpvmq.exe O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\Open\CommaNd - "" = I:\erpvmq.exe [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] :Files C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796026459-2530574266-2461488858-1000UA.job C:\Users\Sidnei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\LinhaDefensiva :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" =- "VistaSp2" =- :Commands [createrestorepoint] [resethosts] [emptytemp] [emptyflash] [Reboot] |- Clique no botão Consertar -> Aguarde a conclusão! |- O computador vai reiniciar! -> Clique em "Executar". |- Poste o relatório: C:\_OTL\MovedFiles\*.log Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Syperrj 0 Denunciar post Postado Abril 5, 2012 Aqui o relatório do AdwCleaner: # AdwCleaner v1.504 - Logfile created 04/05/2012 at 14:56:48 # Updated 01/04/2012 by Xplode # Operating system : Windows Vista Ultimate Service Pack 2 (32 bits) # User : Sidnei - SIDNEI-GAME # Running from : C:\Users\Sidnei\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Sidnei\AppData\LocalLow\Conduit Folder Found : C:\Users\Sidnei\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\Sidnei\AppData\LocalLow\PriceGong Folder Found : C:\Program Files\ConduitEngine Folder Found : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\Conduit Folder Found : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\ConduitEngine Folder Found : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\extensions\engine@conduit.com File Found : C:\Program Files\Mozilla Firefox\.autoreg File Found : C:\Windows\system32\conduitEngine.tmp File Found : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\searchplugins\Askcom.xml File Found : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\searchplugins\Conduit.xml ***** [H. Navipromo] ***** ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1210541 [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2567694 [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2905346 Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\AppDataLow\Software\conduitEngine Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\Toolbar Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\conduitEngine Key Found : HKLM\SOFTWARE\Software Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19154 [OK] Registry is clean. -\\ Mozilla Firefox v3.6.8 (pt-BR) Profile name : default File : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\prefs.js Found : user_pref("CT1210541.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT1210541.CTID", "CT1210541"); Found : user_pref("CT1210541.Chat.Meebo.ServerLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.Chat.Meebo.ServerLastResponseTime", "Tue Jun 08 2010 20:09:13 GMT-0300 (Hora of[...] Found : user_pref("CT1210541.Chat.Meebo.rooms.2030dff2c5edb1", 6); Found : user_pref("CT1210541.Chat.Meebo.rooms.entertainmentc0ed09fb", 6); Found : user_pref("CT1210541.Chat.Meebo.rooms.health3693b665", 0); Found : user_pref("CT1210541.Chat.Meebo.rooms.musicj375cf270", 4); Found : user_pref("CT1210541.Chat.Meebo.rooms.newsxu117b840d", 23); Found : user_pref("CT1210541.Chat.Meebo.rooms.p2ptorrentcommunitychat77903f5f", 2); Found : user_pref("CT1210541.Chat.Meebo.rooms.recreationab17d1f9", 0); Found : user_pref("CT1210541.Chat.Meebo.rooms.sports522528d3", 2); Found : user_pref("CT1210541.Chat.Meebo.rooms.technology8bb9fd5b", 2); Found : user_pref("CT1210541.Chat.Meebo.rooms.teenagers833b8249", 17); Found : user_pref("CT1210541.Chat.Meebo.rooms.travel8c2e48db", 2); Found : user_pref("CT1210541.Chat.Meebo.rooms.videogames2fe066e0", 5); Found : user_pref("CT1210541.Chat.ServerLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial do [...] Found : user_pref("CT1210541.CommunitiesChangesLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora ofic[...] Found : user_pref("CT1210541.CommunityChanged", true); Found : user_pref("CT1210541.DialogsAlignMode", "LTR"); Found : user_pref("CT1210541.DownloadDomainsCheckInterval", "168"); Found : user_pref("CT1210541.DownloadDomainsListLastCheckTime", "Sat Jun 05 2010 16:35:08 GMT-0300 (Hora ofi[...] Found : user_pref("CT1210541.DownloadDomainsListLastServerUpdateTime", "1201073583"); Found : user_pref("CT1210541.EMailNotifierPollDate", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora oficial do Bra[...] Found : user_pref("CT1210541.FeedLastCount128333674102944076", 194); Found : user_pref("CT1210541.FeedLastCount128338056328344243", 0); Found : user_pref("CT1210541.FeedPollDate128362477949513467", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128362477949513468", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128362477949513469", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128362477949513470", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128362477949513471", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128428944348862621", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128428944348862623", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128428944348862625", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128428944348862626", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128428944348862628", "Mon May 17 2010 15:13:48 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128547301936719331", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128580336206875491", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128580337504375114", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128580338582031818", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128580339914219220", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FeedPollDate128795106830100273", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora ofici[...] Found : user_pref("CT1210541.FirstTime", true); Found : user_pref("CT1210541.FirstTimeFF3", true); Found : user_pref("CT1210541.GroupingServerCheckInterval", 1440); Found : user_pref("CT1210541.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT1210541.Initialize", true); Found : user_pref("CT1210541.InitializeCommonPrefs", true); Found : user_pref("CT1210541.InstalledDate", "Wed Jan 27 2010 14:07:48 GMT-0200"); Found : user_pref("CT1210541.InvalidateCache", false); Found : user_pref("CT1210541.IsGrouping", false); Found : user_pref("CT1210541.IsMulticommunity", true); Found : user_pref("CT1210541.IsOpenThankYouPage", true); Found : user_pref("CT1210541.IsOpenUninstallPage", true); Found : user_pref("CT1210541.LanguagePackLastCheckTime", "Tue Jun 08 2010 20:09:25 GMT-0300 (Hora oficial do[...] Found : user_pref("CT1210541.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT1210541.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT1210541.LastLogin_2.4.0.4", "Sat Jun 05 2010 16:35:16 GMT-0300 (Hora oficial do Brasil)[...] Found : user_pref("CT1210541.LatestVersion", "2.1.0.18"); Found : user_pref("CT1210541.Locale", "en-us"); Found : user_pref("CT1210541.LoginCache", 4); Found : user_pref("CT1210541.MCDetectTooltipHeight", "83"); Found : user_pref("CT1210541.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT1210541.MCDetectTooltipWidth", "295"); Found : user_pref("CT1210541.RadioIsPodcast", false); Found : user_pref("CT1210541.RadioLastCheckTime", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora oficial do Brasil[...] Found : user_pref("CT1210541.RadioLastUpdateIPServer", "3"); Found : user_pref("CT1210541.RadioLastUpdateServer", "128929877726170000"); Found : user_pref("CT1210541.RadioMediaID", "5534206"); Found : user_pref("CT1210541.RadioMediaType", "Media Player"); Found : user_pref("CT1210541.RadioMenuSelectedID", "EBRadioMenu_CT12105415534206"); Found : user_pref("CT1210541.RadioStationName", "Classic%20RAp"); Found : user_pref("CT1210541.RadioStationURL", "hxxp://www.sky.fm/wma/classicrap.asx"); Found : user_pref("CT1210541.SHRINK_TOOLBAR", 1); Found : user_pref("CT1210541.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Found : user_pref("CT1210541.SearchFromAddressBarIsInit", true); Found : user_pref("CT1210541.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT121[...] Found : user_pref("CT1210541.SearchInNewTabEnabled", true); Found : user_pref("CT1210541.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT1210541.SearchInNewTabLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial [...] Found : user_pref("CT1210541.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT1210541.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT1210541.SettingsCheckIntervalMin", 120); Found : user_pref("CT1210541.SettingsLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial do Bra[...] Found : user_pref("CT1210541.SettingsLastUpdate", "1273848391"); Found : user_pref("CT1210541.ThirdPartyComponentsInterval", 504); Found : user_pref("CT1210541.ThirdPartyComponentsLastCheck", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficia[...] Found : user_pref("CT1210541.ThirdPartyComponentsLastUpdate", "1273848391"); Found : user_pref("CT1210541.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Found : user_pref("CT1210541.UserID", "UN40162500994612867"); Found : user_pref("CT1210541.ValidationData_Toolbar", 0); Found : user_pref("CT1210541.WeatherNetwork", ""); Found : user_pref("CT1210541.WeatherPollDate", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora oficial do Brasil)")[...] Found : user_pref("CT1210541.WeatherUnit", "C"); Found : user_pref("CT1210541.clientLogIsEnabled", false); Found : user_pref("CT1210541.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Found : user_pref("CT1210541.myStuffEnabled", true); Found : user_pref("CT1210541.myStuffPublihserMinWidth", 400); Found : user_pref("CT1210541.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT1210541.myStuffServiceIntervalMM", 1440); Found : user_pref("CT1210541.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT1210541.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Found : user_pref("CT2567694.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2567694.CTID", "CT2567694"); Found : user_pref("CT2567694.CurrentServerDate", "15-6-2010"); Found : user_pref("CT2567694.DialogsAlignMode", "LTR"); Found : user_pref("CT2567694.DownloadReferralCookieData", ""); Found : user_pref("CT2567694.EMailNotifierPollDate", "Tue Jun 15 2010 12:50:33 GMT-0300 (Hora oficial do Bra[...] Found : user_pref("CT2567694.FeedLastCount129132863020934308", 173); Found : user_pref("CT2567694.FeedPollDate128746790824594437", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Found : user_pref("CT2567694.FeedPollDate128746790988031938", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Found : user_pref("CT2567694.FeedPollDate128746791145844439", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Found : user_pref("CT2567694.FeedPollDate128746791280844460", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Found : user_pref("CT2567694.FeedPollDate128746791444750814", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Found : user_pref("CT2567694.FeedPollDate128746791615375007", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Found : user_pref("CT2567694.FeedPollDate128746791787562545", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...] Found : user_pref("CT2567694.FeedPollDate128746791931312886", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...] Found : user_pref("CT2567694.FeedPollDate128746792089906714", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...] Found : user_pref("CT2567694.FeedPollDate128746792196156845", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...] Found : user_pref("CT2567694.FeedTTL128746791787562545", 5); Found : user_pref("CT2567694.FeedTTL128746792089906714", 30); Found : user_pref("CT2567694.FeedTTL128746792196156845", 30); Found : user_pref("CT2567694.FirstServerDate", "15-6-2010"); Found : user_pref("CT2567694.FirstTime", true); Found : user_pref("CT2567694.FirstTimeFF3", true); Found : user_pref("CT2567694.FirstTimeSettingsDone", true); Found : user_pref("CT2567694.FixPageNotFoundErrors", true); Found : user_pref("CT2567694.GroupingServerCheckInterval", 1440); Found : user_pref("CT2567694.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2567694.Initialize", true); Found : user_pref("CT2567694.InitializeCommonPrefs", true); Found : user_pref("CT2567694.InstallationAndCookieDataSentCount", 1); Found : user_pref("CT2567694.InstallationType", "UnknownIntegration"); Found : user_pref("CT2567694.InstalledDate", "Tue Jun 15 2010 12:50:31 GMT-0300 (Hora oficial do Brasil)"); Found : user_pref("CT2567694.InvalidateCache", false); Found : user_pref("CT2567694.IsGrouping", false); Found : user_pref("CT2567694.IsMulticommunity", false); Found : user_pref("CT2567694.IsOpenThankYouPage", false); Found : user_pref("CT2567694.IsOpenUninstallPage", true); Found : user_pref("CT2567694.LanguagePackLastCheckTime", "Tue Jun 15 2010 12:50:39 GMT-0300 (Hora oficial do[...] Found : user_pref("CT2567694.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2567694.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2567694.LastLogin_2.6.0.15", "Tue Jun 15 2010 12:50:31 GMT-0300 (Hora oficial do Brasil[...] Found : user_pref("CT2567694.LatestVersion", "2.1.0.18"); Found : user_pref("CT2567694.Locale", "pt"); Found : user_pref("CT2567694.LoginCache", 4); Found : user_pref("CT2567694.MCDetectTooltipHeight", "83"); Found : user_pref("CT2567694.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2567694.MCDetectTooltipWidth", "295"); Found : user_pref("CT2567694.RadioIsPodcast", false); Found : user_pref("CT2567694.RadioLastCheckTime", "Tue Jun 15 2010 12:50:35 GMT-0300 (Hora oficial do Brasil[...] Found : user_pref("CT2567694.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2567694.RadioLastUpdateServer", "3"); Found : user_pref("CT2567694.RadioMediaID", "9962"); Found : user_pref("CT2567694.RadioMediaType", "Media Player"); Found : user_pref("CT2567694.RadioMenuSelectedID", "EBRadioMenu_CT25676949962"); Found : user_pref("CT2567694.RadioStationName", "California%20Rock"); Found : user_pref("CT2567694.RadioStationURL", "hxxp://feedlive.net/california.asx"); Found : user_pref("CT2567694.SHRINK_TOOLBAR", 1); Found : user_pref("CT2567694.SavedHomepage", "www.google.com.br"); Found : user_pref("CT2567694.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM[...] Found : user_pref("CT2567694.SearchFromAddressBarIsInit", true); Found : user_pref("CT2567694.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256[...] Found : user_pref("CT2567694.SearchInNewTabEnabled", true); Found : user_pref("CT2567694.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2567694.SearchInNewTabLastCheckTime", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora oficial [...] Found : user_pref("CT2567694.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2567694.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2567694.SettingsCheckIntervalMin", 120); Found : user_pref("CT2567694.SettingsLastCheckTime", "Tue Jun 15 2010 12:50:27 GMT-0300 (Hora oficial do Bra[...] Found : user_pref("CT2567694.SettingsLastUpdate", "1276614603"); Found : user_pref("CT2567694.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2567694.ThirdPartyComponentsLastCheck", "Tue Jun 15 2010 12:50:26 GMT-0300 (Hora oficia[...] Found : user_pref("CT2567694.ThirdPartyComponentsLastUpdate", "1276614603"); Found : user_pref("CT2567694.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Found : user_pref("CT2567694.UserID", "UN41943131171878867"); Found : user_pref("CT2567694.WeatherNetwork", ""); Found : user_pref("CT2567694.WeatherPollDate", "Tue Jun 15 2010 12:50:40 GMT-0300 (Hora oficial do Brasil)")[...] Found : user_pref("CT2567694.WeatherUnit", "C"); Found : user_pref("CT2567694.alertChannelId", "960559"); Found : user_pref("CT2567694.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Found : user_pref("CT2567694.clientLogIsEnabled", true); Found : user_pref("CT2567694.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Found : user_pref("CT2567694.myStuffEnabled", true); Found : user_pref("CT2567694.myStuffPublihserMinWidth", 400); Found : user_pref("CT2567694.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2567694.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2567694.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2567694.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Found : user_pref("CT2905346..clientLogIsEnabled", true); Found : user_pref("CT2905346..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2905346..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2905346.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2905346.CTID", "CT2905346"); Found : user_pref("CT2905346.CurrentServerDate", "29-6-2011"); Found : user_pref("CT2905346.DialogsAlignMode", "LTR"); Found : user_pref("CT2905346.DownloadReferralCookieData", ""); Found : user_pref("CT2905346.FirstServerDate", "2-4-2011"); Found : user_pref("CT2905346.FirstTime", true); Found : user_pref("CT2905346.FirstTimeFF3", true); Found : user_pref("CT2905346.FixPageNotFoundErrors", true); Found : user_pref("CT2905346.GroupingServerCheckInterval", 1440); Found : user_pref("CT2905346.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2905346.HasUserGlobalKeys", true); Found : user_pref("CT2905346.Initialize", true); Found : user_pref("CT2905346.InitializeCommonPrefs", true); Found : user_pref("CT2905346.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2905346.InstallationId", "Messenger_Plus_BR.exe"); Found : user_pref("CT2905346.InstallationType", "ConduitIntegration"); Found : user_pref("CT2905346.InstalledDate", "Sat Apr 02 2011 10:13:59 GMT-0300 (Hora oficial do Brasil)"); Found : user_pref("CT2905346.InvalidateCache", false); Found : user_pref("CT2905346.IsGrouping", false); Found : user_pref("CT2905346.IsMulticommunity", false); Found : user_pref("CT2905346.IsOpenThankYouPage", false); Found : user_pref("CT2905346.IsOpenUninstallPage", true); Found : user_pref("CT2905346.LanguagePackLastCheckTime", "Wed Jun 29 2011 15:04:42 GMT-0300 (Hora oficial do[...] Found : user_pref("CT2905346.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2905346.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2905346.LastLogin_3.2.5.2", "Wed Jun 29 2011 15:04:40 GMT-0300 (Hora oficial do Brasil)[...] Found : user_pref("CT2905346.LatestVersion", "3.3.3.2"); Found : user_pref("CT2905346.Locale", "pt-br"); Found : user_pref("CT2905346.MCDetectTooltipHeight", "83"); Found : user_pref("CT2905346.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2905346.MCDetectTooltipWidth", "295"); Found : user_pref("CT2905346.RadioIsPodcast", false); Found : user_pref("CT2905346.RadioLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora oficial do Brasil[...] Found : user_pref("CT2905346.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2905346.RadioLastUpdateServer", "129430458341500000"); Found : user_pref("CT2905346.RadioMediaID", "21796068"); Found : user_pref("CT2905346.RadioMediaType", "Media Player"); Found : user_pref("CT2905346.RadioMenuSelectedID", "EBRadioMenu_CT290534621796068"); Found : user_pref("CT2905346.RadioStationName", "Radio%20Maria%20Brazil"); Found : user_pref("CT2905346.RadioStationURL", "hxxp://www.radiomaria.org/media/brazil.asx"); Found : user_pref("CT2905346.SearchFromAddressBarIsInit", true); Found : user_pref("CT2905346.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT290[...] Found : user_pref("CT2905346.SearchInNewTabEnabled", true); Found : user_pref("CT2905346.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2905346.SearchInNewTabLastCheckTime", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficial [...] Found : user_pref("CT2905346.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2905346.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2905346.ServiceMapLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora oficial do B[...] Found : user_pref("CT2905346.SettingsLastCheckTime", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficial do Bra[...] Found : user_pref("CT2905346.SettingsLastUpdate", "1309176169"); Found : user_pref("CT2905346.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2905346.ThirdPartyComponentsLastCheck", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficia[...] Found : user_pref("CT2905346.ThirdPartyComponentsLastUpdate", "1256047550"); Found : user_pref("CT2905346.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID"); Found : user_pref("CT2905346.UserID", "UN00974565984043984"); Found : user_pref("CT2905346.alertChannelId", "1297271"); Found : user_pref("CT2905346.backendstorage._fb_dailyactivity", "31333031373733363036393234"); Found : user_pref("CT2905346.backendstorage._fb_lifetimesent", "54525545"); Found : user_pref("CT2905346.backendstorage.facebook_ctid_connect_send", "73656E646564"); Found : user_pref("CT2905346.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Found : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_affid", "42525F4E6577")[...] Found : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_bguid", "42525F4E65772D[...] Found : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_lba", "3231383037303639[...] Found : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_lba1", "323031312D362D3[...] Found : user_pref("CT2905346.myStuffEnabled", true); Found : user_pref("CT2905346.myStuffPublihserMinWidth", 400); Found : user_pref("CT2905346.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2905346.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2905346.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2905346.testingCtid", ""); Found : user_pref("CT2905346.toolbarAppMetaDataLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora ofic[...] Found : user_pref("CT2905346.toolbarContextMenuLastCheckTime", "Sat Apr 02 2011 10:14:06 GMT-0300 (Hora ofic[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1297271/1292942/BR", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/960559/956327/BR", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2905346", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63443493058760[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2905346/CT2905346[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/minimize.gif[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/play.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stop.gif", "[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stopped.GIF"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/vol.gif", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"[...] Found : user_pref("CommunityToolbar.EngineOwner", "CT2905346"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{1d80d668-2160-46a2-b3a7-e166795b0b28}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "messenger_plus_br"); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2905346"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1d80d668-2160-46a2-b3a7-e166795b0b28}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "messenger_plus_br"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT1210541,CT2567694,ConduitEngine,CT2905346"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1210541,CT2567694,CT2905346"); Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Mar 25 2012 14:45:22 GMT-0300 (Hora [...] Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Mar 25 2012 14:45:22 GMT-0300 (Hora ofic[...] Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "{e2524fc4-1f06-4334-9e95-b8f8db1fc6a6}"); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2567694"); Found : user_pref("ConduitEngine.FirstServerDate", "04/02/2011 16"); Found : user_pref("ConduitEngine.FirstTime", true); Found : user_pref("ConduitEngine.FirstTimeFF3", true); Found : user_pref("ConduitEngine.HasUserGlobalKeys", true); Found : user_pref("ConduitEngine.Initialize", true); Found : user_pref("ConduitEngine.InitializeCommonPrefs", true); Found : user_pref("ConduitEngine.InstalledDate", "Sat Apr 02 2011 10:13:58 GMT-0300 (Hora oficial do Brasil)[...] Found : user_pref("ConduitEngine.IsMulticommunity", false); Found : user_pref("ConduitEngine.IsOpenThankYouPage", false); Found : user_pref("ConduitEngine.IsOpenUninstallPage", true); Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jun 29 2011 15:04:52 GMT-0300 (Hora oficia[...] Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Jun 29 2011 15:04:48 GMT-0300 (Hora oficial do Bra[...] Found : user_pref("ConduitEngine.PublisherContainerWidth", 0); Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Jun 29 2011 15:04:44 GMT-0300 (Hora oficial do[...] Found : user_pref("ConduitEngine.UserID", "UN73270765339907417"); Found : user_pref("ConduitEngine.engineLocale", "pt-BR"); Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jun 29 2011 15:04:41 GMT-0300 (Hora [...] Found : user_pref("ConduitEngine.initDone", true); Found : user_pref("browser.search.defaultthis.engineName", "Messenger Plus Live Brazil Customized Web Search[...] Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&Sea[...] Found : user_pref("browser.search.selectedEngine", "Search The Web"); Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q="); ************************* AdwCleaner[R1].txt - [31210 octets] - [05/04/2012 14:56:48] ########## EOF - C:\AdwCleaner[R1].txt - [31339 octets] ########## Aqui o relatório que surgiu após o reinício do sistema: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1d80d668-2160-46a2-b3a7-e166795b0b28} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d80d668-2160-46a2-b3a7-e166795b0b28}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:2.6.0.15 removed from extensions.enabledItems Prefs.js: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems Prefs.js: {1d80d668-2160-46a2-b3a7-e166795b0b28}:3.2.5.2 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=" removed from keyword.URL 127.0.0.1 static3.cdn.ubi.com removed from HOSTS file successfully 127.0.0.1 ubisoft-orbit.s3.amazonaws.com removed from HOSTS file successfully 127.0.0.1 onlineconfigservice.ubi.com removed from HOSTS file successfully 127.0.0.1 orbitservice.ubi.com removed from HOSTS file successfully 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com removed from HOSTS file successfully Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1D80D668-2160-46A2-B3A7-E166795B0B28} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D80D668-2160-46A2-B3A7-E166795B0B28}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully. Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F} C:\Windows\Downloaded Program Files\sysreqlabdetect.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-3796026459-2530574266-2461488858-1003\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found. File I:\erpvmq.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found. File I:\erpvmq.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found. File I:\erpvmq.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found. File I:\erpvmq.exe not found. C:\Windows\System32\ConduitEngine.tmp deleted successfully. C:\Windows\System32\tmp85CA.tmp deleted successfully. C:\Windows\System32\tmp86B5.tmp deleted successfully. C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully. C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully. C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP\WiseCustomCalla.dll deleted successfully. C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully. C:\Windows\msdownld.tmp folder deleted successfully. ========== FILES ========== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796026459-2530574266-2461488858-1000UA.job moved successfully. C:\Users\Sidnei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\LinhaDefensiva\rotinas\remocao folder moved successfully. C:\LinhaDefensiva\rotinas folder moved successfully. C:\LinhaDefensiva\relatorios folder moved successfully. C:\LinhaDefensiva\reflist folder moved successfully. C:\LinhaDefensiva\QUA\Pastas folder moved successfully. C:\LinhaDefensiva\QUA\Arquivos folder moved successfully. C:\LinhaDefensiva\QUA folder moved successfully. C:\LinhaDefensiva\lang\vb folder moved successfully. C:\LinhaDefensiva\lang\init folder moved successfully. C:\LinhaDefensiva\lang\bat folder moved successfully. C:\LinhaDefensiva\lang folder moved successfully. C:\LinhaDefensiva\func folder moved successfully. C:\LinhaDefensiva\exec folder moved successfully. C:\LinhaDefensiva\credits folder moved successfully. C:\LinhaDefensiva folder moved successfully. ========== REGISTRY ========== Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Sidnei ->Temp folder emptied: 184417768 bytes ->Temporary Internet Files folder emptied: 51602778 bytes ->Java cache emptied: 33738233 bytes ->FireFox cache emptied: 71239533 bytes ->Google Chrome cache emptied: 381550779 bytes ->Flash cache emptied: 82177 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 343138 bytes RecycleBin emptied: 719267846 bytes Total Files Cleaned = 1.376,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Sidnei ->Flash cache emptied: 0 bytes User: UpdatusUser ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04052012_150346 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot. Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 5, 2012 Boa Tarde! Syperry |- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme! |- Ps: O computador irá reiniciar! ///°°°/// |- Lance,novamente,AdwCleaner e clique em "Delete" ou "Suppression". |- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt ///°°°/// |- Baixe: < > < > ( ... de Nicolas Coolman ) |- Estando na página,clique em: < > |- Salve-o no disco local e descompacte-o para o desktop! < > |- Desabilite seu antivírus e execute "ZHPDiag2.exe". |- Confirme todos os passos,ao instalar ZHPDiag. |- Finalize a instalação,clicando em "Termine". |- Abra a ferramenta,clicando no ícone do pergaminho. < > |- Atualize-a,clicando na seta verde,no topo à direita. |- A atualização estará completa,ao termos a mensagem: |- Habilite todas as opções de diagnóstico,clicando em ( Ícone da chave de fenda ) |- Clique em All. |- Dê início ao diagnóstico ( Diag ),clicando no ícone da lupa. |- Ao concluir,clique no ícone da máquina fotográfica ou "Save Report",para dispormos do relatório. |- Salve-o em um local conveniente! |- Caso queira salvar o log no Bloco de Notas,clique no ícone da máquina fotográfica e cole-o no BN. |- Anexe,na sua resposta: ZHPDiag.txt <- Coloque-o em um zip! |- Ps: Não recomendo postar,diretamente,esse arquivo texto. |- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < > |- Ou acesse: < > |- Maiores informações: < |Link| > Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Syperrj 0 Denunciar post Postado Abril 5, 2012 Aqui o relatório do AdwCleaner[s1]: # AdwCleaner v1.504 - Logfile created 04/05/2012 at 19:12:04 # Updated 01/04/2012 by Xplode # Operating system : Windows Vista Ultimate Service Pack 2 (32 bits) # User : Sidnei - SIDNEI-GAME # Running from : C:\Users\Sidnei\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Sidnei\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Sidnei\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Sidnei\AppData\LocalLow\PriceGong Folder Deleted : C:\Program Files\ConduitEngine Folder Deleted : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\Conduit Folder Deleted : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\ConduitEngine Folder Deleted : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\extensions\engine@conduit.com File Deleted : C:\Program Files\Mozilla Firefox\.autoreg File Deleted : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\searchplugins\Askcom.xml File Deleted : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\searchplugins\Conduit.xml ***** [H. Navipromo] ***** ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1210541 [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2567694 [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2905346 Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\conduitEngine Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19154 [OK] Registry is clean. -\\ Mozilla Firefox v3.6.8 (pt-BR) Profile name : default File : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\prefs.js Deleted : user_pref("CT1210541.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT1210541.CTID", "CT1210541"); Deleted : user_pref("CT1210541.Chat.Meebo.ServerLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.Chat.Meebo.ServerLastResponseTime", "Tue Jun 08 2010 20:09:13 GMT-0300 (Hora of[...] Deleted : user_pref("CT1210541.Chat.Meebo.rooms.2030dff2c5edb1", 6); Deleted : user_pref("CT1210541.Chat.Meebo.rooms.entertainmentc0ed09fb", 6); Deleted : user_pref("CT1210541.Chat.Meebo.rooms.health3693b665", 0); Deleted : user_pref("CT1210541.Chat.Meebo.rooms.musicj375cf270", 4); Deleted : user_pref("CT1210541.Chat.Meebo.rooms.newsxu117b840d", 23); Deleted : user_pref("CT1210541.Chat.Meebo.rooms.p2ptorrentcommunitychat77903f5f", 2); Deleted : user_pref("CT1210541.Chat.Meebo.rooms.recreationab17d1f9", 0); Deleted : user_pref("CT1210541.Chat.Meebo.rooms.sports522528d3", 2); Deleted : user_pref("CT1210541.Chat.Meebo.rooms.technology8bb9fd5b", 2); Deleted : user_pref("CT1210541.Chat.Meebo.rooms.teenagers833b8249", 17); Deleted : user_pref("CT1210541.Chat.Meebo.rooms.travel8c2e48db", 2); Deleted : user_pref("CT1210541.Chat.Meebo.rooms.videogames2fe066e0", 5); Deleted : user_pref("CT1210541.Chat.ServerLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial do [...] Deleted : user_pref("CT1210541.CommunitiesChangesLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora ofic[...] Deleted : user_pref("CT1210541.CommunityChanged", true); Deleted : user_pref("CT1210541.DialogsAlignMode", "LTR"); Deleted : user_pref("CT1210541.DownloadDomainsCheckInterval", "168"); Deleted : user_pref("CT1210541.DownloadDomainsListLastCheckTime", "Sat Jun 05 2010 16:35:08 GMT-0300 (Hora ofi[...] Deleted : user_pref("CT1210541.DownloadDomainsListLastServerUpdateTime", "1201073583"); Deleted : user_pref("CT1210541.EMailNotifierPollDate", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora oficial do Bra[...] Deleted : user_pref("CT1210541.FeedLastCount128333674102944076", 194); Deleted : user_pref("CT1210541.FeedLastCount128338056328344243", 0); Deleted : user_pref("CT1210541.FeedPollDate128362477949513467", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128362477949513468", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128362477949513469", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128362477949513470", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128362477949513471", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128428944348862621", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128428944348862623", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128428944348862625", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128428944348862626", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128428944348862628", "Mon May 17 2010 15:13:48 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128547301936719331", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128580336206875491", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128580337504375114", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128580338582031818", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128580339914219220", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FeedPollDate128795106830100273", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT1210541.FirstTime", true); Deleted : user_pref("CT1210541.FirstTimeFF3", true); Deleted : user_pref("CT1210541.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT1210541.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT1210541.Initialize", true); Deleted : user_pref("CT1210541.InitializeCommonPrefs", true); Deleted : user_pref("CT1210541.InstalledDate", "Wed Jan 27 2010 14:07:48 GMT-0200"); Deleted : user_pref("CT1210541.InvalidateCache", false); Deleted : user_pref("CT1210541.IsGrouping", false); Deleted : user_pref("CT1210541.IsMulticommunity", true); Deleted : user_pref("CT1210541.IsOpenThankYouPage", true); Deleted : user_pref("CT1210541.IsOpenUninstallPage", true); Deleted : user_pref("CT1210541.LanguagePackLastCheckTime", "Tue Jun 08 2010 20:09:25 GMT-0300 (Hora oficial do[...] Deleted : user_pref("CT1210541.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT1210541.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT1210541.LastLogin_2.4.0.4", "Sat Jun 05 2010 16:35:16 GMT-0300 (Hora oficial do Brasil)[...] Deleted : user_pref("CT1210541.LatestVersion", "2.1.0.18"); Deleted : user_pref("CT1210541.Locale", "en-us"); Deleted : user_pref("CT1210541.LoginCache", 4); Deleted : user_pref("CT1210541.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT1210541.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT1210541.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT1210541.RadioIsPodcast", false); Deleted : user_pref("CT1210541.RadioLastCheckTime", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora oficial do Brasil[...] Deleted : user_pref("CT1210541.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT1210541.RadioLastUpdateServer", "128929877726170000"); Deleted : user_pref("CT1210541.RadioMediaID", "5534206"); Deleted : user_pref("CT1210541.RadioMediaType", "Media Player"); Deleted : user_pref("CT1210541.RadioMenuSelectedID", "EBRadioMenu_CT12105415534206"); Deleted : user_pref("CT1210541.RadioStationName", "Classic%20RAp"); Deleted : user_pref("CT1210541.RadioStationURL", "hxxp://www.sky.fm/wma/classicrap.asx"); Deleted : user_pref("CT1210541.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT1210541.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT1210541.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT1210541.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT121[...] Deleted : user_pref("CT1210541.SearchInNewTabEnabled", true); Deleted : user_pref("CT1210541.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT1210541.SearchInNewTabLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial [...] Deleted : user_pref("CT1210541.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT1210541.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT1210541.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT1210541.SettingsLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial do Bra[...] Deleted : user_pref("CT1210541.SettingsLastUpdate", "1273848391"); Deleted : user_pref("CT1210541.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT1210541.ThirdPartyComponentsLastCheck", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficia[...] Deleted : user_pref("CT1210541.ThirdPartyComponentsLastUpdate", "1273848391"); Deleted : user_pref("CT1210541.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT1210541.UserID", "UN40162500994612867"); Deleted : user_pref("CT1210541.ValidationData_Toolbar", 0); Deleted : user_pref("CT1210541.WeatherNetwork", ""); Deleted : user_pref("CT1210541.WeatherPollDate", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora oficial do Brasil)")[...] Deleted : user_pref("CT1210541.WeatherUnit", "C"); Deleted : user_pref("CT1210541.clientLogIsEnabled", false); Deleted : user_pref("CT1210541.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT1210541.myStuffEnabled", true); Deleted : user_pref("CT1210541.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT1210541.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT1210541.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT1210541.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT1210541.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CT2567694.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2567694.CTID", "CT2567694"); Deleted : user_pref("CT2567694.CurrentServerDate", "15-6-2010"); Deleted : user_pref("CT2567694.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2567694.DownloadReferralCookieData", ""); Deleted : user_pref("CT2567694.EMailNotifierPollDate", "Tue Jun 15 2010 12:50:33 GMT-0300 (Hora oficial do Bra[...] Deleted : user_pref("CT2567694.FeedLastCount129132863020934308", 173); Deleted : user_pref("CT2567694.FeedPollDate128746790824594437", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT2567694.FeedPollDate128746790988031938", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT2567694.FeedPollDate128746791145844439", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT2567694.FeedPollDate128746791280844460", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT2567694.FeedPollDate128746791444750814", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT2567694.FeedPollDate128746791615375007", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT2567694.FeedPollDate128746791787562545", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT2567694.FeedPollDate128746791931312886", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT2567694.FeedPollDate128746792089906714", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT2567694.FeedPollDate128746792196156845", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...] Deleted : user_pref("CT2567694.FeedTTL128746791787562545", 5); Deleted : user_pref("CT2567694.FeedTTL128746792089906714", 30); Deleted : user_pref("CT2567694.FeedTTL128746792196156845", 30); Deleted : user_pref("CT2567694.FirstServerDate", "15-6-2010"); Deleted : user_pref("CT2567694.FirstTime", true); Deleted : user_pref("CT2567694.FirstTimeFF3", true); Deleted : user_pref("CT2567694.FirstTimeSettingsDone", true); Deleted : user_pref("CT2567694.FixPageNotFoundErrors", true); Deleted : user_pref("CT2567694.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2567694.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2567694.Initialize", true); Deleted : user_pref("CT2567694.InitializeCommonPrefs", true); Deleted : user_pref("CT2567694.InstallationAndCookieDataSentCount", 1); Deleted : user_pref("CT2567694.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2567694.InstalledDate", "Tue Jun 15 2010 12:50:31 GMT-0300 (Hora oficial do Brasil)"); Deleted : user_pref("CT2567694.InvalidateCache", false); Deleted : user_pref("CT2567694.IsGrouping", false); Deleted : user_pref("CT2567694.IsMulticommunity", false); Deleted : user_pref("CT2567694.IsOpenThankYouPage", false); Deleted : user_pref("CT2567694.IsOpenUninstallPage", true); Deleted : user_pref("CT2567694.LanguagePackLastCheckTime", "Tue Jun 15 2010 12:50:39 GMT-0300 (Hora oficial do[...] Deleted : user_pref("CT2567694.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2567694.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2567694.LastLogin_2.6.0.15", "Tue Jun 15 2010 12:50:31 GMT-0300 (Hora oficial do Brasil[...] Deleted : user_pref("CT2567694.LatestVersion", "2.1.0.18"); Deleted : user_pref("CT2567694.Locale", "pt"); Deleted : user_pref("CT2567694.LoginCache", 4); Deleted : user_pref("CT2567694.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2567694.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2567694.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2567694.RadioIsPodcast", false); Deleted : user_pref("CT2567694.RadioLastCheckTime", "Tue Jun 15 2010 12:50:35 GMT-0300 (Hora oficial do Brasil[...] Deleted : user_pref("CT2567694.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2567694.RadioLastUpdateServer", "3"); Deleted : user_pref("CT2567694.RadioMediaID", "9962"); Deleted : user_pref("CT2567694.RadioMediaType", "Media Player"); Deleted : user_pref("CT2567694.RadioMenuSelectedID", "EBRadioMenu_CT25676949962"); Deleted : user_pref("CT2567694.RadioStationName", "California%20Rock"); Deleted : user_pref("CT2567694.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT2567694.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT2567694.SavedHomepage", "www.google.com.br"); Deleted : user_pref("CT2567694.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM[...] Deleted : user_pref("CT2567694.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2567694.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256[...] Deleted : user_pref("CT2567694.SearchInNewTabEnabled", true); Deleted : user_pref("CT2567694.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2567694.SearchInNewTabLastCheckTime", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora oficial [...] Deleted : user_pref("CT2567694.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2567694.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2567694.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2567694.SettingsLastCheckTime", "Tue Jun 15 2010 12:50:27 GMT-0300 (Hora oficial do Bra[...] Deleted : user_pref("CT2567694.SettingsLastUpdate", "1276614603"); Deleted : user_pref("CT2567694.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2567694.ThirdPartyComponentsLastCheck", "Tue Jun 15 2010 12:50:26 GMT-0300 (Hora oficia[...] Deleted : user_pref("CT2567694.ThirdPartyComponentsLastUpdate", "1276614603"); Deleted : user_pref("CT2567694.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT2567694.UserID", "UN41943131171878867"); Deleted : user_pref("CT2567694.WeatherNetwork", ""); Deleted : user_pref("CT2567694.WeatherPollDate", "Tue Jun 15 2010 12:50:40 GMT-0300 (Hora oficial do Brasil)")[...] Deleted : user_pref("CT2567694.WeatherUnit", "C"); Deleted : user_pref("CT2567694.alertChannelId", "960559"); Deleted : user_pref("CT2567694.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Deleted : user_pref("CT2567694.clientLogIsEnabled", true); Deleted : user_pref("CT2567694.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT2567694.myStuffEnabled", true); Deleted : user_pref("CT2567694.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2567694.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2567694.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2567694.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2567694.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CT2905346..clientLogIsEnabled", true); Deleted : user_pref("CT2905346..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2905346..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2905346.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2905346.CTID", "CT2905346"); Deleted : user_pref("CT2905346.CurrentServerDate", "29-6-2011"); Deleted : user_pref("CT2905346.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2905346.DownloadReferralCookieData", ""); Deleted : user_pref("CT2905346.FirstServerDate", "2-4-2011"); Deleted : user_pref("CT2905346.FirstTime", true); Deleted : user_pref("CT2905346.FirstTimeFF3", true); Deleted : user_pref("CT2905346.FixPageNotFoundErrors", true); Deleted : user_pref("CT2905346.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2905346.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2905346.HasUserGlobalKeys", true); Deleted : user_pref("CT2905346.Initialize", true); Deleted : user_pref("CT2905346.InitializeCommonPrefs", true); Deleted : user_pref("CT2905346.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2905346.InstallationId", "Messenger_Plus_BR.exe"); Deleted : user_pref("CT2905346.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT2905346.InstalledDate", "Sat Apr 02 2011 10:13:59 GMT-0300 (Hora oficial do Brasil)"); Deleted : user_pref("CT2905346.InvalidateCache", false); Deleted : user_pref("CT2905346.IsGrouping", false); Deleted : user_pref("CT2905346.IsMulticommunity", false); Deleted : user_pref("CT2905346.IsOpenThankYouPage", false); Deleted : user_pref("CT2905346.IsOpenUninstallPage", true); Deleted : user_pref("CT2905346.LanguagePackLastCheckTime", "Wed Jun 29 2011 15:04:42 GMT-0300 (Hora oficial do[...] Deleted : user_pref("CT2905346.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2905346.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2905346.LastLogin_3.2.5.2", "Wed Jun 29 2011 15:04:40 GMT-0300 (Hora oficial do Brasil)[...] Deleted : user_pref("CT2905346.LatestVersion", "3.3.3.2"); Deleted : user_pref("CT2905346.Locale", "pt-br"); Deleted : user_pref("CT2905346.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2905346.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2905346.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2905346.RadioIsPodcast", false); Deleted : user_pref("CT2905346.RadioLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora oficial do Brasil[...] Deleted : user_pref("CT2905346.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2905346.RadioLastUpdateServer", "129430458341500000"); Deleted : user_pref("CT2905346.RadioMediaID", "21796068"); Deleted : user_pref("CT2905346.RadioMediaType", "Media Player"); Deleted : user_pref("CT2905346.RadioMenuSelectedID", "EBRadioMenu_CT290534621796068"); Deleted : user_pref("CT2905346.RadioStationName", "Radio%20Maria%20Brazil"); Deleted : user_pref("CT2905346.RadioStationURL", "hxxp://www.radiomaria.org/media/brazil.asx"); Deleted : user_pref("CT2905346.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2905346.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT290[...] Deleted : user_pref("CT2905346.SearchInNewTabEnabled", true); Deleted : user_pref("CT2905346.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2905346.SearchInNewTabLastCheckTime", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficial [...] Deleted : user_pref("CT2905346.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2905346.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2905346.ServiceMapLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora oficial do B[...] Deleted : user_pref("CT2905346.SettingsLastCheckTime", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficial do Bra[...] Deleted : user_pref("CT2905346.SettingsLastUpdate", "1309176169"); Deleted : user_pref("CT2905346.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2905346.ThirdPartyComponentsLastCheck", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficia[...] Deleted : user_pref("CT2905346.ThirdPartyComponentsLastUpdate", "1256047550"); Deleted : user_pref("CT2905346.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID"); Deleted : user_pref("CT2905346.UserID", "UN00974565984043984"); Deleted : user_pref("CT2905346.alertChannelId", "1297271"); Deleted : user_pref("CT2905346.backendstorage._fb_dailyactivity", "31333031373733363036393234"); Deleted : user_pref("CT2905346.backendstorage._fb_lifetimesent", "54525545"); Deleted : user_pref("CT2905346.backendstorage.facebook_ctid_connect_send", "73656E646564"); Deleted : user_pref("CT2905346.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E"); Deleted : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_affid", "42525F4E6577")[...] Deleted : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_bguid", "42525F4E65772D[...] Deleted : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_lba", "3231383037303639[...] Deleted : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_lba1", "323031312D362D3[...] Deleted : user_pref("CT2905346.myStuffEnabled", true); Deleted : user_pref("CT2905346.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2905346.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2905346.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2905346.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2905346.testingCtid", ""); Deleted : user_pref("CT2905346.toolbarAppMetaDataLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora ofic[...] Deleted : user_pref("CT2905346.toolbarContextMenuLastCheckTime", "Sat Apr 02 2011 10:14:06 GMT-0300 (Hora ofic[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1297271/1292942/BR", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/960559/956327/BR", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2905346", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63443493058760[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2905346/CT2905346[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/minimize.gif[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/play.gif", "[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stop.gif", "[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stopped.GIF"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/vol.gif", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"[...] Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2905346"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1d80d668-2160-46a2-b3a7-e166795b0b28}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "messenger_plus_br"); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2905346"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1d80d668-2160-46a2-b3a7-e166795b0b28}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "messenger_plus_br"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1210541,CT2567694,ConduitEngine,CT2905346"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1210541,CT2567694,CT2905346"); Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Mar 25 2012 14:45:22 GMT-0300 (Hora [...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Mar 25 2012 14:45:22 GMT-0300 (Hora ofic[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "{e2524fc4-1f06-4334-9e95-b8f8db1fc6a6}"); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2567694"); Deleted : user_pref("ConduitEngine.FirstServerDate", "04/02/2011 16"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Apr 02 2011 10:13:58 GMT-0300 (Hora oficial do Brasil)[...] Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jun 29 2011 15:04:52 GMT-0300 (Hora oficia[...] Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Jun 29 2011 15:04:48 GMT-0300 (Hora oficial do Bra[...] Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0); Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Jun 29 2011 15:04:44 GMT-0300 (Hora oficial do[...] Deleted : user_pref("ConduitEngine.UserID", "UN73270765339907417"); Deleted : user_pref("ConduitEngine.engineLocale", "pt-BR"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jun 29 2011 15:04:41 GMT-0300 (Hora [...] Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("browser.search.defaultthis.engineName", "Messenger Plus Live Brazil Customized Web Search[...] Deleted : user_pref("browser.search.selectedEngine", "Search The Web"); ************************* AdwCleaner[R1].txt - [31341 octets] - [05/04/2012 14:56:48] AdwCleaner[s1].txt - [31175 octets] - [05/04/2012 19:12:04] ########## EOF - C:\AdwCleaner[s1].txt - [31304 octets] ########## Compartilhar este post Link para o post Compartilhar em outros sites
Syperrj 0 Denunciar post Postado Abril 6, 2012 Aqui o relatório do ZHPdiag: Rapport de ZHPDiag v1.28.34 par Nicolas Coolman, Update du 06/03/2012 Run by Sidnei at 05/04/2012 19:50:39 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html Web site : http://nicolascoolman.skyrock.com/ Windows Vista Ultimate Edition, 32-bit Service Pack 2 (Build 6002) State : A new version is available. Boot mode: Normal (Normal boot) Logged in as Administrator ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.19154 MFIE: Mozilla Firefox v3.6.8 (pt-BR) GCIE: Google Chrome (Defaut) ---\\ Running Processes [MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.3576] [MD5.56F676060D70BA066459478824510BEA] - (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [56928] [PID.3616] [MD5.C72FB9CC856ECFF3B6459B27CB674638] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\PAC207\Monitor.exe [323584] [PID.3692] [MD5.C983E62B6FB74457D173BA93F66F6068] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768] [PID.3720] [MD5.6BD8E97CA7DB46E795D3772866A40CEC] - (.Yuna Software - Messenger Plus! 5.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe [801792] [PID.3772] [MD5.F15E6014E812A5E2CD469FCF5682C0E1] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056] [PID.3780] [MD5.98A078F838A70F84E1BD490D7C7675F4] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.3792] [MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3896] [MD5.67384147DD005E54D2C0A20408E28579] - (.Valve Corporation - Steam.) -- C:\Program Files\Steam\Steam.exe [1242448] [PID.3952] [MD5.094F1705ADBCD41E86E2E7F823C933BF] - (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4527424] [PID.3980] [MD5.B2BCB4A5553E137B026F095D5260EDFC] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [373864] [PID.4008] [MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.4084] [MD5.1AA28078F59CF3942DF139B72B455A72] - (.KoshyJohn.com - MemoryCleaner.) -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe [785489] [PID.3088] [MD5.271C017E3220E281827FE204FF98C6A8] - (.Memory Improve Master Studio - Memory Improve Master.) -- C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe [5095424] [PID.3648] [MD5.F5143A7CA66EB913B5463BED3D3DD8D2] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [3120448] [PID.2488] [MD5.888A8AF571C0F56D5B103B0976C6603E] - (.Google Inc. - Google Chrome.) -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe [1224176] [PID.4408] [MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.5992] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5020] [MD5.46AE705AC463F50AC714C8084A09A2A3] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Just Cause 2\ZHPDiag\ZHPDiag.exe [2211328] [PID.2888] [MD5.26DB28B32E8D2F57CB5065A4A053801A] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) -- C:\Windows\system32\nvvsvc.exe [599144] [PID.] [MD5.9BF7E58D9113CE15CF4F1E1B18CEFF83] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [379496] [PID.] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Serviço de Licenciamento de Software Micros.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.] [MD5.1D70198EB53348374F211BEB62F4F8DC] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [812648] [PID.] [MD5.B4837FE56D76B2E9EA90E5365CF6A2BE] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360] [PID.] [MD5.DF5A3016052755C910A206058B4A1729] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480] [PID.] [MD5.B05640AC812FCCB488328DF34E7F663A] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392] [PID.] [MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.] [MD5.1713D9DE407313138118D501B0E3C05B] - (...) -- C:\Windows\system32\PnkBstrA.exe [75136] [PID.] [MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.Unknown owner - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936] [PID.] [MD5.637A0F23F9012358E92E6F99835494D1] - (.Microsoft Corporation - SQL Server VSS Writer.) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840] [PID.] [MD5.A19BBE1E3E3FEF50B94CA07DCC0FB776] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2255464] [PID.] [MD5.D2E35B408F1B78CC166A9F869BB4CCF5] - (.Valve Corporation - Steam Client Service (buildbot_winslave04_s.) -- C:\Program Files\Common Files\Steam\SteamService.exe [489256] [PID.] ~ Scan Processes Running in 00mn 01s ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [user Data\Default] None G0 - GCSP: Preference [user Data\Default][HomePage] http://www.google.com ~ Scan Google Browser in 00mn 00s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\Sidnei\AppData\Roaming\Mozilla\Firefox\Profiles\6dsamkzh.default\prefs.js M3 - MFPP: Plugins - [sidnei] -- C:\Users\Sidnei\AppData\Roaming\Mozilla\Firefox\Profiles\6dsamkzh.default\searchplugins\daemon-search.xml M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\buscape.xml M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\mercadolivre.xml M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\search.xml M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-br.xml M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml M0 - MFSP: prefs.js [sidnei - 6dsamkzh.default] www.google.com.br M2 - MFEP: prefs.js [sidnei - 6dsamkzh.default\redshift_V2@shift-themes.com] [] RedShift V3.6 v3.6 (.C. Nicks.) M2 - MFEP: prefs.js [sidnei - 6dsamkzh.default\{1d80d668-2160-46a2-b3a7-e166795b0b28}] [] Messenger Plus BR Community Toolbar v3.2.5.2 (.Conduit Ltd..) M2 - MFEP: prefs.js [sidnei - 6dsamkzh.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.) M2 - MFEP: prefs.js [sidnei - 6dsamkzh.default\{bc4be15d-6a34-4356-9e97-79e43da32b1d}] [] P2P Torrent Toolbar v2.4.0.4 (.Conduit Ltd..) M2 - MFEP: prefs.js [sidnei - 6dsamkzh.default\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}] [] Messenger Plus Live Brazil Toolbar v2.6.0.15 (.Conduit Ltd..) P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprjplug.dll P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - 15.0.0.198.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpjplug.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.6.3.633.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_31 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60831.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll P2 - FPN: [HKLM] [@real.com/nppl3260;version=15.0.0.198] - (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll P2 - FPN: [HKLM] [@real.com/nprjplug;version=15.0.0.198] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll P2 - FPN: [HKLM] [@real.com/nprpchromebrowserrecordext;version=12.0.1.669] - (.RealNetworks, Inc. - RealNetworks RealPlayer Chrome Background Extension Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserre P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=15.0.0.198] - (.RealNetworks, Inc. - RealPlayer HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll P2 - FPN: [HKLM] [@real.com/nprpjplug;version=15.0.0.198] - (.RealNetworks, Inc. - 15.0.0.198.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll P2 - FPN: [HKLM] [@research.microsoft.com/HDView] - (.Microsoft Research - HD View 3.3.0.0 Mozilla plugin.) -- C:\Program Files\Microsoft Research\HD View\nphdview.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\Sidnei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\Sidnei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (.Unity Technologies ApS - Unity Player 2.6.1f3.) -- C:\Users\Sidnei\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\System32\ieframe.dll R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Changed inifile Value, Mapped to Registry (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Scan Keys in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 1 ---\\ Browser Helper Objects (O2) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll ~ Scan BHO in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - HKLM\..\Run: [RemoteControl] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] . (.Unknown owner - Language Application.) -- C:\Program Files\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PAC207_Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 5.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe O4 - HKCU\..\Run: [steam] . (.Valve Corporation - Steam.) -- C:\Program Files\Steam\Steam.exe O4 - HKCU\..\Run: [Memory Cleaner] . (.KoshyJohn.com - MemoryCleaner.) -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe O4 - HKCU\..\Run: [Memory Improve Master] . (.Memory Improve Master Studio - Memory Improve Master.) -- C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [steam] . (.Valve Corporation - Steam.) -- C:\Program Files\Steam\Steam.exe O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [Memory Cleaner] . (.KoshyJohn.com - MemoryCleaner.) -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [Memory Improve Master] . (.Memory Improve Master Studio - Memory Improve Master.) -- C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe ~ Scan Application in 00mn 00s ---\\ Other User Links (O4) O4 - Global Startup: C:\Users\UpdatusUser\Desktop\Memory Improve Master.lnk . (.Memory Improve Master Studio.) -- C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouTube - YouTube de fodasticman.lnk . (.Google Inc..) -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\ASSASSIN'S CREED II.lnk . (.Ubisoft.) -- C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\Assassin's Creed Revelations.lnk . (...) -- C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRSP.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\ASSASSIN'S CREED.lnk . (.Ubisoft.) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Game.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\ASSASSINS'S CREED BROTHERHOOD.lnk . (...) -- C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\BATMAN ARKHAM ASYLUM.lnk . (.Rocksteady Studios Ltd.) -- C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\BmLauncher.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\Batman Arkham City.lnk . (.Rocksteady Studios Ltd.) -- C:\Users\Sidnei\Documents\4RKC1B4.www.baixatudogames.com\Binaries\Win32\BmLauncher.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\CALL OF DUTY 4 - MODERN WARFARE.lnk . (...) -- C:\Users\Sidnei\Documents\jogos\CALL OF DUTY 4\kog_chetire_RIP_LOOKsZONE.RU_EPIDEM.RU\Call of Duty 4 - Modern Warfare\iw3sp.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\CALL OF DUTY 4 - MP.lnk . (...) -- C:\Users\Sidnei\Documents\jogos\CALL OF DUTY 4\kog_chetire_RIP_LOOKsZONE.RU_EPIDEM.RU\Call of Duty 4 - Modern Warfare\iw3mp.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\Call of Duty Modern Warfare 3 SP.lnk . (...) -- C:\Users\Sidnei\Documents\Modern Warfare 3\Call_of_Duty_Modern_Warfare_3_Setup\iw5sp.exe (.not file.) O4 - Global Startup: C:\Users\Sidnei\Desktop\Find Drivers with DriverAgent.lnk . (.Copyright © 2010 eSupport.com. All Rights R.) -- C:\Users\Sidnei\AppData\Local\eSupport.com\driveragent-987.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\JDownloader.lnk . (.AppWork UG (haftungsbeschränkt).) -- C:\Program Files\JDownloader\JDownloader.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\Memory Cleaner.lnk . (.KoshyJohn.com.) -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\Memory Improve Master.lnk . (.Memory Improve Master Studio.) -- C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\NEED FOR SPEED SHIFT.lnk . (...) -- C:\Program Files\Electronic Arts\Need for Speed SHIFT\shift.exe (.not file.) O4 - Global Startup: C:\Users\Sidnei\Desktop\NFS11 - Atalho.lnk . (.Electronic Arts.) -- C:\Program Files\Electronic Arts\Need for Speed Hot Pursuit\NFS11.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\PES 2010.lnk . (.Konami Digital Entertainment Co., Ltd..) -- C:\Program Files\PES.2010-KaOs\pes2010.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\PES 2011.lnk . (.Konami Digital Entertainment Co., Ltd..) -- C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\SPIDER MAN SHATTERED DIMENSIONS.lnk . (...) -- C:\Program Files\R.G. Cracker's\Spider-Man Shattered Dimensions Repack\Game.exe (.not file.) O4 - Global Startup: C:\Users\Sidnei\Desktop\VB EXPRESS.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe O4 - Global Startup: C:\Users\Sidnei\Desktop\Windows Live Messenger .lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet - Atalho.lnk - Orphean Key O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk . (.Microsoft Corporation.) -- C:\Windows\explorer.exe O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe ~ Scan Global Startup in 00mn 00s ---\\ Extra items in the IE right-click menu (O8) O8 - Extra context menu item: E&xportar para o Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: Skype add-on for Internet Explorer - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\System32\NapiNSP.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\System32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll ~ Scan Winsock in 00mn 00s ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} () - http://c6.community.alice.it/download/DownloaderActiveX.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab ~ Scan Objets ActiveX in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{F6DD7A2D-6839-4820-93D7-45D6FE210907}: NameServer = 10.10.2.1,10.10.5.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{F6DD7A2D-6839-4820-93D7-45D6FE210907}: NameServer = 10.10.2.1,10.10.5.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{F6DD7A2D-6839-4820-93D7-45D6FE210907}: NameServer = 10.10.2.1,10.10.5.1 ~ Scan Domain in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Monitor de Sites.) -- C:\Windows\System32\webcheck.dll ~ Scan SSODL in 00mn 00s ---\\ SharedTaskScheduler (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\Windows\system32\browseui.dll ~ Scan STS/SSO in 00mn 00s ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Unknown owner - RichVideo Module.) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ~ Scan Services in 00mn 00s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe ~ Scan Desktop Component in 00mn 00s End of the scan (334 lines in 00mn 04s)(0) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2012 Boa Noite! Syperrj |- O relatório de ZHPDiag,está incorreto! |- Foi postado o "Pseudo HijackThis",que é incompleto. ///°°°/// |- Baixe: < RogueKiller > ( ... par tigzy ) |- Salve-o no desktop! |- Feche aplicativos que estejam abertos! |- Ps: Para Windows Vista ou 7,execute RogueKiller.exe como administrador. |- Aguarde a finalização de seu Prescan. |- Para antigas versões,clique em "Sim" para o update. |- Dê início ao diagnóstico,clicando no botão "Scan". |- Poste o relatório: RKreport[1].txt ///°°°/// |- Abra a ferramenta ZHPDiag. |- Atualize-a,clicando na seta verde e siga novamente,o procedimento de instalação. |- < > |- Clique no ícone do 'capetinha!' < > |- Poste o relatório: Rapport de ZHPScan Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Syperrj 0 Denunciar post Postado Abril 6, 2012 Há um problema em relação ao ZHPDiag. Eu coloco o programa para atualizar, instalo novamente, e quando abro o programa novamente, não aparece a mensagem indicando que ele está completamente atualizado ("Votre version est à jour"), ao invés disso, ele só mostra a mensagem "A new version is available". Quando me for dada uma solução, eu posto o relatório do ZHPDiag. De qualquer forma, aqui está o relatório do RogueKiller: RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: Sidnei [Admin rights] Mode: Scan -- Date: 04/05/2012 23:23:30 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> FOUND [DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[75] : NtCreateSection @ 0x81E49DE5 -> HOOKED (Unknown @ 0x8A9EC6BE) SSDT[289] : NtSetContextThread @ 0x81EAA883 -> HOOKED (Unknown @ 0x8A9EC6C3) SSDT[334] : NtTerminateProcess @ 0x81E09143 -> HOOKED (Unknown @ 0x8A9EC65F) S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8A9EC6C8) S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8A9EC6CD) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD502HI ATA Device +++++ --- User --- [MBR] 5ffdb1f9b23fe7965b9f3897b2a6ad20 [bSP] 468c8d58ee113b95f9da8d9302f52fcd : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 319997 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 655355610 | Size: 156931 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2012 Boa Noite! Syperrj Há um problema em relação ao ZHPDiag. Eu coloco o programa para atualizar, instalo novamente, e quando abro o programa novamente, não aparece a mensagem indicando que ele está completamente atualizado ("Votre version est à jour"), ao invés disso, ele só mostra a mensagem "A new version is available". Quando me for dada uma solução, eu posto o relatório do ZHPDiag. |- Ok! É um bug na ferramenta,que podemos ignorar,pois à cada dia 6 ocorre sua atualização. |- Portanto,pode ser aceito a atualização do mês anterior. ( Rapport de ZHPDiag v1.28.34 par Nicolas Coolman, Update du 06/03/2012 ) ///°°°/// |- Abra,novamente,a ferramenta RogueKiller. |- Clique em "Scan". |- Clique em "Registry". |- Ps: Ao apresentar entradas assinalada(s) ( FOUND ),clique em "Delete". |- Poste o relatório! ( RKreport[2].txt ) |- Faça o mesmo para "Driver" e tente a restauração da index "SSDT". |- Clique direito na linha selecionada e em "Restore". Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Syperrj 0 Denunciar post Postado Abril 6, 2012 Aqui está o relatório RKreport[2].txt, do RogueKiller: RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: Sidnei [Admin rights] Mode: Scan -- Date: 04/06/2012 00:51:44 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> FOUND [DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[75] : NtCreateSection @ 0x81E49DE5 -> HOOKED (Unknown @ 0x8A9EC6BE) SSDT[289] : NtSetContextThread @ 0x81EAA883 -> HOOKED (Unknown @ 0x8A9EC6C3) SSDT[334] : NtTerminateProcess @ 0x81E09143 -> HOOKED (Unknown @ 0x8A9EC65F) S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8A9EC6C8) S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8A9EC6CD) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD502HI ATA Device +++++ --- User --- [MBR] 5ffdb1f9b23fe7965b9f3897b2a6ad20 [bSP] 468c8d58ee113b95f9da8d9302f52fcd : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 319997 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 655355610 | Size: 156931 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt _____________________________________ Aqui o relatório do Rapport de ZHPScan: Rapport de ZHPScan 1.28.34 par Nicolas Coolman, Update du 06/03/2012 Run by Sidnei at 06/04/2012 00:48:29 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html Web site : http://nicolascoolman.skyrock.com/ ---\\ Clés de Registre trouvées (Registry Keys found) [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell =>Hijack.Shell.Gen ---\\ Clés de Registre génériques trouvées (Generic Registry Keys found) ---\\ Valeurs de clé de Registre trouvées (Registry Values found) *** None *** ---\\ Dossiers trouvés (Directories found) C:\Program Files\DAEMON Tools Toolbar =>Toolbar.Agent C:\Users\Sidnei\AppData\Local\Conduit =>Toolbar.Conduit ---\\ Fichiers Firefox trouvés (Files found) *** None *** ---\\ Fichiers trouvés (Files found) *** None *** ---\\ Bilan de la recherche (Scan Result) Database Version : 9067 - (06/03/2012) Clés trouvées (Keys found) : 1 Valeurs de clé trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 3 Fichiers trouvés (Files found) : 0 End of the scan in 00mn 07s Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2012 Bom Dia! Syperrj Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal mode User: Sidnei [Admin rights] Mode: Scan -- Date: 04/06/2012 00:51:44 |- Este relatório de RogueKiller é o de diagnóstico. |- Execute-o,novamente,e poste a ação solicitada. ( Mode: Delete ) |- Desabilite a UAC,antes do procedimento. |- Ps: Somente para "Driver",temos o clique direito e,à seguir,"Restore". |- Tente o procedimento,para cada linha em "Driver". |- Não utilize a opção "DNS" e/ou "Shortcuts". |- Ao concluir todos os procedimentos,volte a habilitar a "UAC". ///°°°/// |- Feche programas/pastas que estejam abertas. |- Para Windows Vista,desabilite a UAC. |- Dê um duplo clique em ZHPFix. |- Clique no menu,H < > [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell C:\Program Files\DAEMON Tools Toolbar C:\Users\Sidnei\AppData\Local\Conduit emptytemp emptyflash firewallraz sysrestore |- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix. |- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote. |- Clique em GO -> Oui. |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt Abraços! ( Ps: Devido à contra-tempo,somente,à noite,poderei lhe atender! ) Compartilhar este post Link para o post Compartilhar em outros sites
Syperrj 0 Denunciar post Postado Abril 6, 2012 Aqui está o relatório ZHPFix[R1]: Rapport de ZHPFix 1.12.3381 par Nicolas Coolman, Update du 08/02/2011 Fichier d'export Registre : Run by Sidnei at 06/04/2012 11:51:28 Windows Vista Ultimate Edition, 32-bit Service Pack 2 (Build 6002) Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html Web site : http://nicolascoolman.skyrock.com/ ========== Registry Value ========== DELETED [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell No Value in Standard Profile Register Key FirewallRaz : No Value in Domain Profile Register Key FirewallRaz : No Value in Firewall Exception Register Key (FirewallRaz) ========== Repertory ========== DELETE on Reboot Folder**: c:\program files\daemon tools toolbar DELETED Folder: c:\users\sidnei\appdata\local\conduit DELETED Window Temporary: : 84 DELETED Flash Cookies: 2 ========== File ========== DELETED Window Temporary: : 26 DELETED Flash Cookies: 1 ========== Restoration ========== Restore System Point not created ========== Summary ========== 4 : Registry Value 4 : Repertory 2 : File 1 : Restoration End of clean in 00mn 06s ========== Report File ========== C:\ZHP\ZHPFix[R1].txt - 06/04/2012 11:51:28 [1150] Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 7, 2012 Bom Dia! Syperrj |- Desinstale: C:\Program Files\Memory Improve Master <- |- Desinstale,também,o Memory Cleaner. ///°°°/// |- Restou postar o relatório de RogueKiller,na função "Delete" e nas opções em destaque. |- Ps: Como relatado,anteriormente,a opção "Driver" possui ação diferenciada. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Syperrj 0 Denunciar post Postado Abril 7, 2012 |- Restou postar o relatório de RogueKiller,na função "Delete" e nas opções em destaque. Desculpe a ignorância, mas o RogueKiller gerou muitos relatórios (oito, para ser exato), todos nomeados RKreport[1]"até"[8]. Qual desses relatórios é o da função "delete"? Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 7, 2012 Desculpe a ignorância, mas o RogueKiller gerou muitos relatórios (oito, para ser exato), todos nomeados RKreport[1]"até"[8]. Qual desses relatórios é o da função "delete"? Boa Tarde! Syperrj Mode: Scan -- Date: 04/06/2012 00:51:44 |- Poste todos os relatórios que não contenham a inscrição "Scan",no cabeçalho dos relatórios. |- Ps: Se for os 8,não se acanhe e pode postá-los! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Syperrj 0 Denunciar post Postado Abril 7, 2012 Aqui estão os relatórios do RogueKiller que não contêm o Mode: Scan. Esses relatórios têm no cabeçalho: Mode: Remove: Relatório RKreport[3]: RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: Sidnei [Admin rights] Mode: Remove -- Date: 04/06/2012 00:52:24 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[75] : NtCreateSection @ 0x81E49DE5 -> HOOKED (Unknown @ 0x8A9EC6BE) SSDT[289] : NtSetContextThread @ 0x81EAA883 -> HOOKED (Unknown @ 0x8A9EC6C3) SSDT[334] : NtTerminateProcess @ 0x81E09143 -> HOOKED (Unknown @ 0x8A9EC65F) S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8A9EC6C8) S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8A9EC6CD) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD502HI ATA Device +++++ --- User --- [MBR] 5ffdb1f9b23fe7965b9f3897b2a6ad20 [bSP] 468c8d58ee113b95f9da8d9302f52fcd : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 319997 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 655355610 | Size: 156931 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt __________________________________________ Relatório RKreport[8]: RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: Sidnei [Admin rights] Mode: Remove -- Date: 04/07/2012 13:43:53 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8A9EC6C8) S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8A9EC6CD) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD502HI ATA Device +++++ --- User --- [MBR] 5ffdb1f9b23fe7965b9f3897b2a6ad20 [bSP] 468c8d58ee113b95f9da8d9302f52fcd : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 319997 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 655355610 | Size: 156931 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[8].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 7, 2012 Boa Tarde! Syperrj ¤¤¤ Registry Entries: 2 ¤¤¤[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX [DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX |- Essa configuração de DNS,foi de sua escolha? |- Você tem problemas de conexão? Ela é rápida? ¤¤¤ Driver: [LOADED] ¤¤¤S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8A9EC6C8) S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8A9EC6CD) |- Restaram estes que não puderam ser restaurados. |- Ps: Executou o procedimento do "clique-direito" nessas linhas? |- Muitas delas são adicionadas por antivírus ou Firewall,mas também são adicionadas por Rogues,para fins maliciosos. |- Tente,novamente,a Restauração e poste o relatório! |- Ps: Como está seu computador,houve melhoras? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Syperrj 0 Denunciar post Postado Abril 7, 2012 |- Essa configuração de DNS,foi de sua escolha?|- Você tem problemas de conexão? Ela é rápida? Não, a configuração não foi de escolha minha. Tenho, minha conexão apesar de ser razoavelmente rápida, sofre muito com oscilações. |- Restaram estes que não puderam ser restaurados.|- Ps: Executou o procedimento do "clique-direito" nessas linhas? |- Muitas delas são adicionadas por antivírus ou Firewall,mas também são adicionadas por Rogues,para fins maliciosos. |- Tente,novamente,a Restauração e poste o relatório! |- Ps: Como está seu computador,houve melhoras? Sim, eu executei o procedimento. Tentei novamente a restauração das duas linhas S_SSDT, porém não consegui restaurar. Apareceu a mensagem: Cannot fix shadow SSDT. Sim, houveram melhoras na performance do meu computador. Compartilhar este post Link para o post Compartilhar em outros sites
