Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Syperrj

[Resolvido] &nbspMeu PC está lento

Recommended Posts

Meu PC está sofrendo lentidão e acusa toda hora de estar com a memória virtual baixa. Mantenho meu HD com bastante espaço, faço limpezas periodicamente, mas ainda assim está acusando. Acredito que sejam vírus. Gostaria que me ajudassem o mais rápido possível.

 

Aqui o Log do Hijack This, realizado no dia 04/04, às 10:03:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:03:19, on 04/04/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19154)

Boot mode: Normal

 

Running processes:

C:\Program Files\Spyware Terminator\st_rsser.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Windows\PixArt\PAC207\Monitor.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\DAEMON Tools Pro\DTAgent.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe

C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe

C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sidnei\Documents\Hijack this\HijackThis.exe

C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - (no file)

R3 - URLSearchHook: (no name) - {1d80d668-2160-46a2-b3a7-e166795b0b28} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [spywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

O4 - HKLM\..\Run: [spywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Memory Cleaner] C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [Memory Improve Master] C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe /autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab

O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} - http://c6.community.alice.it/download/DownloaderActiveX.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6DD7A2D-6839-4820-93D7-45D6FE210907}: NameServer = 10.10.2.1,10.10.5.1

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

 

--

End of file - 10300 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Syperrj

 

|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )

 

|- Clique em Salvar! < 0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg >

 

|- Salve-o no desktop! < 98c0f1ab3823c58ea05c695fd153839feac6fb6b44aaa3f7f5a2cd4a87354c946g.jpg >

 

|- Duplo clique em OTL.exe --> Executar: c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg

 

|- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida )

|- Ps: Para Windows 7,clique direito e execute-o como "Administrador".

|- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log )

|- Poste,também,o relatório "Extras".

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está o relatório do OLT:

 

 

OTL logfile created on: 05/04/2012 11:19:17 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sidnei\Desktop

Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19154)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 53,87% Memory free

4,24 Gb Paging File | 1,75 Gb Available in Paging File | 41,35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 312,50 Gb Total Space | 62,97 Gb Free Space | 20,15% Space Free | Partition Type: NTFS

Drive D: | 153,25 Gb Total Space | 147,77 Gb Free Space | 96,42% Space Free | Partition Type: NTFS

 

Computer Name: SIDNEI-GAME | User Name: Sidnei | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/04/05 11:17:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sidnei\Desktop\OTL.exe

PRC - [2012/03/23 20:48:25 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Arquivos de programas\Common Files\Steam\SteamService.exe

PRC - [2012/02/29 12:25:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\javaw.exe

PRC - [2012/02/20 06:51:18 | 003,669,680 | ---- | M] (Crawler.com) -- C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

PRC - [2012/02/20 06:51:08 | 002,786,480 | ---- | M] (Crawler.com) -- C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

PRC - [2012/02/07 11:21:25 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

PRC - [2011/12/06 01:18:36 | 000,785,489 | ---- | M] (KoshyJohn.com) -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe

PRC - [2011/12/04 16:39:05 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Real\RealPlayer\Update\realsched.exe

PRC - [2011/11/02 23:00:22 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Arquivos de programas\Steam\Steam.exe

PRC - [2011/09/28 02:16:08 | 000,482,992 | ---- | M] (Crawler.com) -- C:\Arquivos de programas\Spyware Terminator\st_rsser.exe

PRC - [2011/08/17 04:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Arquivos de programas\DAEMON Tools Pro\DTAgent.exe

PRC - [2011/08/17 04:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Arquivos de programas\DAEMON Tools Pro\DTShellHlp.exe

PRC - [2011/08/08 05:00:00 | 005,547,008 | ---- | M] (MPC-HC Team) -- C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe

PRC - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/06/30 14:31:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/04/27 12:23:12 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

PRC - [2010/11/03 13:29:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/08/18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009/08/18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009/04/10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Sidebar\sidebar.exe

PRC - [2009/04/10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

PRC - [2009/03/16 11:05:30 | 005,095,424 | ---- | M] (Memory Improve Master Studio) -- C:\Arquivos de programas\Memory Improve Master\MemoryImproveMaster.exe

PRC - [2009/03/08 08:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\ielowutil.exe

PRC - [2008/07/10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2008/01/18 22:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Defender\MSASCui.exe

PRC - [2007/12/10 18:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe

PRC - [1999/12/31 21:00:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [1999/12/31 21:00:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [1999/12/31 21:00:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\Display\nvtray.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/03/26 23:28:43 | 000,444,400 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll

MOD - [2012/03/26 23:28:42 | 003,915,248 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll

MOD - [2012/03/26 23:27:17 | 000,122,880 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\avutil-51.dll

MOD - [2012/03/26 23:27:16 | 000,220,672 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\avformat-53.dll

MOD - [2012/03/26 23:27:14 | 001,747,456 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll

MOD - [2012/03/26 22:37:41 | 008,747,168 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll

MOD - [2012/03/26 22:37:41 | 008,747,168 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\Google\Chrome\APPLIC~1\180102~1.142\gcswf32.dll

MOD - [2012/03/23 20:48:25 | 020,297,512 | ---- | M] () -- C:\Arquivos de programas\Steam\bin\libcef.dll

MOD - [2012/03/23 20:48:24 | 001,099,576 | ---- | M] () -- C:\Arquivos de programas\Steam\bin\avcodec-53.dll

MOD - [2012/03/23 20:48:24 | 000,907,048 | ---- | M] () -- C:\Arquivos de programas\Steam\bin\chromehtml.dll

MOD - [2012/03/23 20:48:24 | 000,190,776 | ---- | M] () -- C:\Arquivos de programas\Steam\bin\avformat-53.dll

MOD - [2012/03/23 20:48:24 | 000,123,192 | ---- | M] () -- C:\Arquivos de programas\Steam\bin\avutil-51.dll

MOD - [2011/08/08 05:00:00 | 003,852,288 | ---- | M] () -- C:\Arquivos de programas\K-Lite Codec Pack\ffdshow\ffmpeg.dll

MOD - [2011/08/08 05:00:00 | 003,577,856 | ---- | M] () -- C:\Arquivos de programas\K-Lite Codec Pack\ffdshow\ffdshow.ax

MOD - [2011/08/08 05:00:00 | 000,145,920 | ---- | M] () -- C:\Arquivos de programas\K-Lite Codec Pack\ffdshow\ff_libmad.dll

MOD - [2008/09/10 01:20:08 | 000,294,912 | ---- | M] () -- C:\Arquivos de programas\Memory Improve Master\MemIM.dll

MOD - [2008/08/08 08:03:36 | 000,126,976 | ---- | M] () -- C:\Arquivos de programas\Memory Improve Master\MemIMReg.dll

MOD - [2006/06/16 15:20:54 | 000,126,464 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2012/03/23 20:48:25 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/09/28 02:16:08 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Arquivos de Programas\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)

SRV - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/07/20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011/06/30 14:31:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de Programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/27 12:23:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de Programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/08/18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009/07/23 00:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)

SRV - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)

SRV - [2009/03/30 02:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2009/03/30 02:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)

SRV - [2008/07/10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [1999/12/31 21:00:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdLLD.sys -- (AmdLLD)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aa4mzmtq)

DRV - [2012/01/27 18:14:44 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)

DRV - [2011/12/09 21:14:44 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011/11/29 12:16:34 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2011/11/08 15:26:17 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)

DRV - [2011/06/30 14:31:22 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/06/30 14:31:22 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/06/21 10:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)

DRV - [2009/12/12 12:22:56 | 000,240,128 | ---- | M] (PARADOX) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\royal.sys -- (OemBiosDevice)

DRV - [2009/12/12 12:01:42 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)

DRV - [2008/12/10 05:37:46 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008/02/13 16:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)

DRV - [1999/12/31 21:00:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2567694

IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {1d80d668-2160-46a2-b3a7-e166795b0b28} - No CLSID value found

IE - HKCU\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=PF&o=&src=crm&q={searchTerms}&locale=

IE - HKCU\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}

IE - HKCU\..\SearchScopes\{33D59858-89D9-4AC2-A956-93875EB02323}: "URL" = http://search.localstrike.com.ar/?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.com/results.php?pr=pando&id=pandoleveluptb&v=1_0&gen=ms&ent=ch&q={searchTerms}

IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2567694

IE - HKCU\..\SearchScopes\{C85BDB30-7E46-42C1-A985-5D4E73F93D80}: "URL" = http://www.google.com.br/search?hl=pt-BR&q={searchTerms}&meta=

IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_br&p={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Brazil Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Search The Web"

FF - prefs.js..browser.startup.homepage: "www.google.com.br"

FF - prefs.js..extensions.enabledItems: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:2.6.0.15

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: {1d80d668-2160-46a2-b3a7-e166795b0b28}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31

FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files\Microsoft Research\HD View\nphdview.dll (Microsoft Research)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sidnei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sidnei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sidnei\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/04 16:40:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 16:39:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/04 16:42:03 | 000,000,000 | ---D | M]

 

[2010/01/13 21:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Extensions

[2012/03/25 14:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions

[2011/03/22 08:37:10 | 000,000,000 | ---D | M] (Messenger Plus BR Community Toolbar) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\{1d80d668-2160-46a2-b3a7-e166795b0b28}

[2010/07/01 17:45:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/27 13:07:31 | 000,000,000 | ---D | M] (P2P Torrent Toolbar) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\{bc4be15d-6a34-4356-9e97-79e43da32b1d}

[2010/06/15 09:22:54 | 000,000,000 | ---D | M] (Messenger Plus Live Brazil Toolbar) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}

[2011/03/22 08:37:10 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\engine@conduit.com

[2012/02/16 13:31:37 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Users\Sidnei\AppData\Roaming\mozilla\Firefox\Profiles\6dsamkzh.default\extensions\redshift_V2@shift-themes.com

[2009/07/10 17:26:08 | 000,002,257 | ---- | M] () -- C:\Users\Sidnei\AppData\Roaming\Mozilla\Firefox\Profiles\6dsamkzh.default\searchplugins\askcom.xml

[2010/04/21 12:06:34 | 000,000,955 | ---- | M] () -- C:\Users\Sidnei\AppData\Roaming\Mozilla\Firefox\Profiles\6dsamkzh.default\searchplugins\conduit.xml

[2010/04/19 13:36:18 | 000,002,059 | ---- | M] () -- C:\Users\Sidnei\AppData\Roaming\Mozilla\Firefox\Profiles\6dsamkzh.default\searchplugins\daemon-search.xml

[2012/02/29 12:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions

[2011/04/02 10:11:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/07/31 00:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2012/02/29 12:25:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2010/02/22 19:35:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2011/04/02 10:11:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/07/31 00:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2012/02/29 12:25:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2011/12/04 16:40:07 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2012/02/29 12:25:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/07/16 22:33:04 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml

[2010/07/16 22:33:04 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml

[2011/04/14 00:29:02 | 000,002,281 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

[2010/07/16 22:33:04 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml

[2010/07/16 22:33:04 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: HD View (Enabled) = C:\Program Files\Microsoft Research\HD View\nphdview.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Sidnei\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - Extension: YouTube = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Pesquisa do Google = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: AT_DJTiesto = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2_0\

CHR - Extension: Gmail = C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/03/14 12:15:09 | 000,000,985 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com

O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com

O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com

O1 - Hosts: 127.0.0.1 orbitservice.ubi.com

O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1D80D668-2160-46A2-B3A7-E166795B0B28} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - No CLSID value found.

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de Programas\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [PlusService] C:\Arquivos de Programas\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)

O4 - HKLM..\Run: [spywareTerminatorShield] C:\Arquivos de Programas\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)

O4 - HKLM..\Run: [spywareTerminatorUpdater] C:\Arquivos de Programas\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED File not found

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Memory Cleaner] C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe (KoshyJohn.com)

O4 - HKCU..\Run: [Memory Improve Master] C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe (Memory Improve Master Studio)

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de Programas\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} http://c6.community.alice.it/download/DownloaderActiveX.cab (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907}: NameServer = 10.10.2.1,10.10.5.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel de Parede da Galeria de Fotos do Windows.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\AUtoplAy\command - "" = I:\erpvmq.exe

O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\AutoRun\command - "" = I:\erpvmq.exe

O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\expLorE\CoMmanD - "" = I:\erpvmq.exe

O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\Open\CommaNd - "" = I:\erpvmq.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/04/05 11:17:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Sidnei\Desktop\OTL.exe

[2012/03/25 17:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memory Improve Master

[2012/03/25 17:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Memory Improve Master

[2012/03/14 12:13:32 | 000,000,000 | ---D | C] -- C:\LinhaDefensiva

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/04/05 11:17:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sidnei\Desktop\OTL.exe

[2012/04/05 11:16:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{61EC2A35-5569-44D9-A816-87E82FAB20BF}.job

[2012/04/05 11:05:21 | 000,058,880 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/05 10:54:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/05 10:32:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796026459-2530574266-2461488858-1000UA.job

[2012/04/05 09:57:26 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/05 09:57:26 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/04 20:03:57 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/04 19:55:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/04 11:32:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796026459-2530574266-2461488858-1000Core.job

[2012/04/03 20:06:21 | 000,754,056 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2012/04/03 20:06:21 | 000,702,266 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/04/03 20:06:21 | 000,170,746 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2012/04/03 20:06:21 | 000,145,334 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/03/30 20:03:36 | 000,002,047 | ---- | M] () -- C:\Users\Sidnei\Desktop\Google Chrome.lnk

[2012/03/29 21:13:08 | 2143,838,208 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/28 22:57:28 | 000,009,400 | -HS- | M] () -- C:\Users\Sidnei\Documents\Folder.jpg

[2012/03/28 22:57:28 | 000,009,400 | -HS- | M] () -- C:\Users\Sidnei\Documents\AlbumArt_{8454A573-188D-4510-9C69-A612A60D1FE8}_Large.jpg

[2012/03/28 22:57:26 | 000,002,526 | -HS- | M] () -- C:\Users\Sidnei\Documents\AlbumArtSmall.jpg

[2012/03/28 22:57:26 | 000,002,526 | -HS- | M] () -- C:\Users\Sidnei\Documents\AlbumArt_{8454A573-188D-4510-9C69-A612A60D1FE8}_Small.jpg

[2012/03/25 17:05:01 | 000,000,872 | ---- | M] () -- C:\Users\Sidnei\Desktop\Memory Improve Master.lnk

[2012/03/14 10:13:50 | 000,000,000 | -H-- | M] () -- C:\Users\Sidnei\AppData\Roaming\tGlt1fFyD6G1

[2012/03/06 22:31:30 | 000,000,680 | ---- | M] () -- C:\Users\Sidnei\AppData\Local\d3d9caps.dat

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/03/28 22:57:34 | 000,009,400 | -HS- | C] () -- C:\Users\Sidnei\Documents\AlbumArt_{8454A573-188D-4510-9C69-A612A60D1FE8}_Large.jpg

[2012/03/28 22:57:34 | 000,002,526 | -HS- | C] () -- C:\Users\Sidnei\Documents\AlbumArt_{8454A573-188D-4510-9C69-A612A60D1FE8}_Small.jpg

[2012/03/25 17:05:01 | 000,000,872 | ---- | C] () -- C:\Users\Sidnei\Desktop\Memory Improve Master.lnk

[2012/03/14 10:13:50 | 000,000,000 | -H-- | C] () -- C:\Users\Sidnei\AppData\Roaming\tGlt1fFyD6G1

[2011/11/08 15:36:58 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys

[2011/11/08 12:39:23 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/11/08 12:39:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011/11/08 12:38:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011/11/08 12:38:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011/11/07 19:30:40 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en

[2011/11/07 13:26:16 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys

[2011/08/11 23:36:08 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/08/11 23:36:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/08/11 23:36:06 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/08/11 23:36:06 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011/08/03 14:23:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2011/05/29 15:02:47 | 000,000,118 | ---- | C] () -- C:\Windows\Video To Audio Converter.ini

[2011/05/29 14:59:40 | 000,000,102 | ---- | C] () -- C:\Windows\pro Video To Audio Converter.ini

[2011/05/29 14:59:29 | 000,000,001 | ---- | C] () -- C:\Windows\System32\Video To Audio Converter.dat

[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010/08/29 11:44:28 | 000,000,094 | ---- | C] () -- C:\Users\Sidnei\AppData\Local\fusioncache.dat

[2010/08/29 08:28:38 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2010/08/29 08:28:37 | 000,022,328 | ---- | C] () -- C:\Users\Sidnei\AppData\Roaming\PnkBstrK.sys

[2010/08/29 08:28:23 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2010/08/29 08:28:20 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2010/08/29 08:28:20 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2010/07/09 11:13:56 | 000,000,012 | ---- | C] () -- C:\Users\Sidnei\AppData\Roaming\hwzypv.dat

[2010/07/09 11:04:23 | 000,000,004 | ---- | C] () -- C:\Users\Sidnei\AppData\Roaming\avdrn.dat

[2010/06/19 13:12:58 | 000,000,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/04/15 20:33:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

 

========== LOP Check ==========

 

[2010/07/30 07:51:50 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\Audacity

[2010/05/03 14:49:24 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\AVG9

[2011/06/04 17:19:03 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/02/18 23:12:34 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\cYo

[2012/01/04 12:53:07 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\DAEMON Tools Lite

[2012/04/04 20:40:28 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\DAEMON Tools Pro

[2010/02/03 09:14:10 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\DMCache

[2011/05/16 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\FreeAudioPack

[2011/05/17 08:48:30 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\FreeCDRipper

[2010/02/03 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\IDM

[2012/02/10 17:47:46 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com

[2009/12/12 14:53:31 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\PeerNetworking

[2011/04/03 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\PunkBuster

[2011/11/07 13:26:12 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\Spyware Terminator

[2010/04/04 20:45:23 | 000,000,000 | ---D | M] -- C:\Users\Sidnei\AppData\Roaming\Ubisoft

[2012/03/28 12:18:23 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/04/05 11:16:56 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{61EC2A35-5569-44D9-A816-87E82FAB20BF}.job

 

========== Purity Check ==========

 

 

 

< End of report >

 

Aqui os extras:

 

OTL Extras logfile created on: 05/04/2012 11:19:17 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sidnei\Desktop

Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19154)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 53,87% Memory free

4,24 Gb Paging File | 1,75 Gb Available in Paging File | 41,35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 312,50 Gb Total Space | 62,97 Gb Free Space | 20,15% Space Free | Partition Type: NTFS

Drive D: | 153,25 Gb Total Space | 147,77 Gb Free Space | 96,42% Space Free | Partition Type: NTFS

 

Computer Name: SIDNEI-GAME | User Name: Sidnei | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3318E50D-78F0-40B1-9578-D71A9FA712ED}" = lport=2869 | protocol=6 | dir=in | app=system |

"{416BD81F-DBD5-4752-BA86-C7C142E10259}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{5DDAD886-C584-4036-B248-EC9A82B70401}" = lport=58907 | protocol=17 | dir=in | name=pando media booster |

"{70A79345-0D51-4079-A8C4-FC8223FD7D48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8E7456C2-AD18-4095-9671-3DDD2FCF4C3C}" = lport=58907 | protocol=6 | dir=in | name=pando media booster |

"{B17A2850-0D5C-43FB-AA81-8A2AD4A84239}" = lport=58907 | protocol=17 | dir=in | name=pando media booster |

"{C90AD126-145F-4CBD-B725-25D8ABB40557}" = lport=58907 | protocol=6 | dir=in | name=pando media booster |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{040615F3-796C-43FD-8CF3-8D46A54B0013}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrmp.exe |

"{04D31705-4AC0-4FF7-80B8-8A4118064DDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0A7CFE71-6E76-45BA-8A07-60FD95710E75}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{153297E8-3B80-4693-BBEA-F325E4BCF00C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{16C85B3F-59F1-49D3-95E9-F27806C13311}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |

"{1AB9668E-F422-4B6F-8595-511071A134C3}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed hot pursuit\launcher.exe |

"{222D9D9E-FCE9-4F99-B7F4-0D3E739E00D3}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

"{23CEDE6F-1BFA-461D-AE3B-B158132522BE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{2766190F-E4FB-48D9-BA8F-B612FBA20AE5}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |

"{2D2C617D-CD43-43AD-BC19-8941AFA35F08}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe |

"{2EFB99C8-875B-415C-8E91-1AF34E41AB61}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

"{30C09AFD-4723-4573-B5DD-2AE96253E1C0}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |

"{35B01A89-0270-4D86-9D2D-213EF52F0ED0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{38BCCD1E-8E8C-4667-90EB-AE2F5B6F96D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{42E5D385-3BAD-4A45-B504-4465695EE7E2}" = protocol=6 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"{43AE5A31-8CCF-4308-9663-6E042276C4EA}" = protocol=17 | dir=in | app=c:\program files\pes.2010-kaos\pes2010.exe |

"{446221AC-3259-4186-B86E-C2BCEF35B634}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |

"{4A49F6EF-EBFA-4821-B3D0-24EFEE6C0B14}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{4ADC4F76-DECA-4D23-B9CB-C29F6A419633}" = protocol=6 | dir=in | app=c:\program files\pes.2010-kaos\pes2010.exe |

"{5025BDCA-AB7F-4A77-9CD8-508C39E007A7}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed hot pursuit\launcher.exe |

"{50900F5A-9F0B-4771-AC5B-E9CF06B59DCE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |

"{53C69CBC-1ECD-41E1-BDDE-21A2EBF55368}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{59BFABD4-5CEE-4E6C-8B45-FA9CB06C33F7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{59C82F61-D1B1-44DB-BA80-59DACD8A5E47}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrmp.exe |

"{5C711547-6CDE-4A2F-92A8-A08E9E686A77}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |

"{5DA4BF43-88E2-4E38-A2FA-47D93013860F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{678E6905-4B5C-4D26-80D3-49C1F4E11C22}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{6D049FC1-DD04-4122-8DD0-49AD2A8197A3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{6E4130C6-6F20-4A75-ACE2-909D662414D4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |

"{7399A8B9-8839-46EC-93CE-9205864CC40E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe |

"{7AB6A1D5-B718-447D-B248-66D1CCA689BC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{87028F9F-C6F3-41FB-A12C-EFFB5FF3EFE2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{87824D9F-886E-4E44-8891-A8E342BFDABC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |

"{9041852E-F923-4F23-9822-997D3D781D2B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |

"{945B2947-D0ED-46AD-BB81-23A5886ACBA8}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{9C3B132A-ADAB-4967-BB48-6188DB3B750F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |

"{9F5B9EA8-D182-45DA-BB38-6822A5F90725}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe |

"{A7310642-1BE6-4DDE-8F22-09AB48C5922C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |

"{AB147672-8980-40BA-82B0-3ED3E26A692B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |

"{AB31C374-335B-44B2-ADAA-37A13D97B962}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrsp.exe |

"{BB938F46-A5A2-4384-B4E5-B0F0067F0FD8}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{BCEAFD40-B6E0-4A1E-AF5B-54354CAF49EB}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |

"{C30F9B51-8CA9-4F9B-B457-26C1D2399A66}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\acrsp.exe |

"{CB8C7B1C-1879-4663-832D-A2C22080854E}" = protocol=17 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"{CBDC4EBF-971E-4504-9EED-F0E6CC6622B2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{CC7ADE29-52E8-4DAA-8347-C655CAED2806}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |

"{D02EBC54-863C-4F44-A8E8-07771F94223D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{D1A37712-3D4C-4CB6-953F-C471CDAC604F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |

"{E246CA89-075A-4D55-9FE3-EA4B290FB099}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |

"{EBAC49D3-3D88-4B4E-864F-839D9F4F14A7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe |

"{EDA2BB7B-AB8E-4CBE-8A57-6DFC88D1465D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |

"{F0FB9563-0BC7-47A5-88CC-A72FDB8DC1E9}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |

"{F6AF2EF5-9EC7-4D03-82D5-A875D2757383}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{FE8B75E4-C8CD-47EC-A9AC-0173349035E4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |

"{FE9D4259-81DC-4AD3-B28B-E606D0FADD9C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |

"{FFC18F13-DF74-484A-A024-2A737AC1405D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |

"TCP Query User{05E5AF76-6260-4ED1-92BE-82E7E725BF08}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"TCP Query User{07BD0271-CB3C-4DA4-B74F-EA91BCC3B529}C:\program files\real\realplayer\update\realsched.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\update\realsched.exe |

"TCP Query User{0B9E64D8-1BDB-4197-8195-C679E2290758}C:\users\sidnei\documents\modern warfare 3\call_of_duty_modern_warfare_3_setup\iw5mp_server.exe" = protocol=6 | dir=in | app=c:\users\sidnei\documents\modern warfare 3\call_of_duty_modern_warfare_3_setup\iw5mp_server.exe |

"TCP Query User{0C566CC3-23E1-45A7-8760-D7996433D191}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"TCP Query User{0D764E73-6648-4849-B345-BC76DB10E94E}C:\users\sidnei\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\sidnei\appdata\local\google\update\googleupdate.exe |

"TCP Query User{132CFE85-B5EC-4893-99ED-F05727670BBD}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |

"TCP Query User{164C2035-4629-4CA6-B624-409608C42C77}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe |

"TCP Query User{1A15BCB8-9CF2-45B6-AD92-11558EAA14A2}C:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"TCP Query User{1EC9EE99-B795-4720-A006-66547F33AF3B}C:\program files\pes.2010-kaos\pes2010.exe" = protocol=6 | dir=in | app=c:\program files\pes.2010-kaos\pes2010.exe |

"TCP Query User{2311C076-169E-4BCD-B976-1DEA841BA5E0}C:2\mmqmca.pif" = protocol=6 | dir=in | app=c:2\mmqmca.pif |

"TCP Query User{242831CE-52C1-489D-9AE2-24E6AE4F146B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |

"TCP Query User{286963FB-86D4-4042-AF59-56F33BA7BEE6}C:\program files\cyberlink\powerdvd\pdvdserv.exe" = protocol=6 | dir=in | app=c:\program files\cyberlink\powerdvd\pdvdserv.exe |

"TCP Query User{3D9764C3-85BD-4565-97D0-15E464BAA5D3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{419BEE7B-9AE9-4886-8570-224F070DDB66}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |

"TCP Query User{4537963C-76F0-4C24-94D2-0BA7C61D92EF}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |

"TCP Query User{45CF5508-202B-444B-8B7B-800537F2BE95}C:\program files\electronic arts\need for speed hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed hot pursuit\nfs11.exe |

"TCP Query User{4F97A771-BCD6-4CA7-AB9B-AAAF3D0A120E}C:\users\sidnei\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\sidnei\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{53B6EB79-3CFE-48C2-B27B-9C6758D1CF5D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{5A812A9A-902E-44CD-97EE-6347B815EF2C}C:\users\sidnei\appdata\roaming\mxsysk.exe" = protocol=6 | dir=in | app=c:\users\sidnei\appdata\roaming\mxsysk.exe |

"TCP Query User{6CD85EEE-98E2-438F-BE03-3DD9B809263C}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |

"TCP Query User{79D3E8FA-9EA9-479E-8BDD-1E7DCAA16190}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |

"TCP Query User{884445D0-6AC6-44B7-9FED-0F6142BDD819}C:\users\sidnei\documents\minhas coisas\arquivos sem definição\drm\server.exe" = protocol=6 | dir=in | app=c:\users\sidnei\documents\minhas coisas\arquivos sem definição\drm\server.exe |

"TCP Query User{A1C772A6-8B2F-40E6-9CAE-FD1F316249EF}C:\program files\daemon tools pro\dtagent.exe" = protocol=6 | dir=in | app=c:\program files\daemon tools pro\dtagent.exe |

"TCP Query User{BAA830D9-2A61-40CF-8299-7ACC9C03FF43}C:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe |

"TCP Query User{D385FC9D-AFF6-4FCD-B93D-4BDB931358DE}C:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe |

"TCP Query User{D4C0491F-F16C-4C0A-A408-C51E558FFCA4}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |

"TCP Query User{E270831D-D12B-45E6-8A3B-EE9C9D3F02B8}J:\recycler\f4448e25.exe" = protocol=6 | dir=in | app=j:\recycler\f4448e25.exe |

"TCP Query User{EED7D8EE-D6D5-4E87-9169-FDAA55263293}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{F7285C72-4447-422F-8C51-6301516AAEB4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{FBD0FB1F-CB4F-441D-A933-CB026E2DD718}C:\program files\nvidia corporation\display\nvtray.exe" = protocol=6 | dir=in | app=c:\program files\nvidia corporation\display\nvtray.exe |

"TCP Query User{FF3E2388-5FB7-45C1-951B-DD92C2B6C0B8}C:\users\sidnei\documents\4rkc1b4.www.baixatudogames.com\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\users\sidnei\documents\4rkc1b4.www.baixatudogames.com\binaries\win32\batmanac.exe |

"UDP Query User{09080143-F5C0-434B-9509-46699EC91250}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{1068475C-78EE-444A-B3DE-0E26A0CB133A}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |

"UDP Query User{16F42385-42F2-4E9A-B0B1-20FBF10397BF}C:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe |

"UDP Query User{29EADD8D-9380-4A23-AC58-8BD2FE324CB6}C:\program files\real\realplayer\update\realsched.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\update\realsched.exe |

"UDP Query User{33E65BBD-D3B3-4784-A5C0-AB3F50C4D124}C:\program files\daemon tools pro\dtagent.exe" = protocol=17 | dir=in | app=c:\program files\daemon tools pro\dtagent.exe |

"UDP Query User{376BA6C2-F3E3-4DB9-9192-BA5947506DDB}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |

"UDP Query User{497D759A-B9AF-4231-B850-8CD47862D9D0}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"UDP Query User{4EDF724B-4CEF-486D-80B2-BFDE5D871E16}C:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"UDP Query User{520BA082-7B89-4181-89EE-ACE3714E17D6}C:\users\sidnei\appdata\roaming\mxsysk.exe" = protocol=17 | dir=in | app=c:\users\sidnei\appdata\roaming\mxsysk.exe |

"UDP Query User{5392214E-79CD-42E5-925F-FF5DB68B7FDB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{56C92023-39C2-412F-AF77-828FE3944890}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |

"UDP Query User{571EEF3A-0BC1-4C19-A58B-838E552BA5CA}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |

"UDP Query User{673D961F-A046-405E-BA56-4B5A1F2FF959}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"UDP Query User{67CF4931-FC82-4E81-96D9-2DDCA3D350BD}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe |

"UDP Query User{6B0304A4-F01B-4FB1-9454-D950B169AE0A}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |

"UDP Query User{84C5FA2E-F5DB-433F-AEAD-BB45EA7F5A80}C:\program files\cyberlink\powerdvd\pdvdserv.exe" = protocol=17 | dir=in | app=c:\program files\cyberlink\powerdvd\pdvdserv.exe |

"UDP Query User{8E03872E-8429-4F99-AB5F-F1E59E69D750}J:\recycler\f4448e25.exe" = protocol=17 | dir=in | app=j:\recycler\f4448e25.exe |

"UDP Query User{9773936C-1950-4B03-86C6-953288278A24}C:\users\sidnei\documents\modern warfare 3\call_of_duty_modern_warfare_3_setup\iw5mp_server.exe" = protocol=17 | dir=in | app=c:\users\sidnei\documents\modern warfare 3\call_of_duty_modern_warfare_3_setup\iw5mp_server.exe |

"UDP Query User{A38EC5E5-96E2-4EAF-8D3F-F19C88137B43}C:\users\sidnei\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\sidnei\appdata\local\google\update\googleupdate.exe |

"UDP Query User{D5A3D16D-3702-4F98-80FF-549F4A03DA71}C:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\sidnei\documents\jogos\call of duty 4\kog_chetire_rip_lookszone.ru_epidem.ru\call of duty 4 - modern warfare\iw3mp.exe |

"UDP Query User{D690D8BE-E18D-4D6D-BA77-98AFBAB03635}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |

"UDP Query User{DC471D60-39DA-4848-945B-5636148DF300}C:\program files\nvidia corporation\display\nvtray.exe" = protocol=17 | dir=in | app=c:\program files\nvidia corporation\display\nvtray.exe |

"UDP Query User{E1FAC1B6-1ADD-48B5-A40C-53A9D2F18175}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |

"UDP Query User{E58AACED-2B04-4685-A02D-EC0BEFD06BF6}C:\users\sidnei\documents\minhas coisas\arquivos sem definição\drm\server.exe" = protocol=17 | dir=in | app=c:\users\sidnei\documents\minhas coisas\arquivos sem definição\drm\server.exe |

"UDP Query User{E778BB5B-681E-45C9-9820-AE26FB11EB73}C:\users\sidnei\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\sidnei\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{ED7665F9-25C8-47B5-867E-6C19C3694D6C}C:\program files\pes.2010-kaos\pes2010.exe" = protocol=17 | dir=in | app=c:\program files\pes.2010-kaos\pes2010.exe |

"UDP Query User{F387F190-17C0-401F-BAC1-C2FB80E702AF}C:\users\sidnei\documents\4rkc1b4.www.baixatudogames.com\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\users\sidnei\documents\4rkc1b4.www.baixatudogames.com\binaries\win32\batmanac.exe |

"UDP Query User{F6EB1C61-0433-4C1A-96C4-6DB22F241146}C:2\mmqmca.pif" = protocol=17 | dir=in | app=c:2\mmqmca.pif |

"UDP Query User{F72E4C6A-4058-45FB-B8C6-1807B2A5773D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{F88370E0-96C0-4885-8F0D-8F1F3B9FB1A5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{F8EAB99F-3D91-48BC-8392-6FA681EAE774}C:\program files\electronic arts\need for speed hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed hot pursuit\nfs11.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in

"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types

"{2DF215E0-BD3C-4C98-8616-AFEF09747285}" = Windows Live Sync

"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations

"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum

"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects

"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client

"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services

"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{67CDD5A0-C572-4D2C-A354-6492B51F4138}" = SlimDrivers

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed Hot Pursuit

"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{8550BF64-851E-4ABA-967D-DF1AEF55C75B}" = USB Dual Vibration Joystick_Vista

"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II

"{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}" = Windows Live Galeria de Fotos

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed

"{8DA83EA6-E731-4722-958D-613399AE1046}" = Nero 7 Essentials

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}" = Pro Evolution Soccer 2011

"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{AC76BA86-7AD7-1046-7B44-A81200000003}" = Adobe Reader 8.1.2 - Português

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver do 3D Vision 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Painel de controle da NVIDIA 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver de gráficos 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver de controle do 3D Vision 280.19

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software do sistema PhysX 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Atualizações da NVIDIA 1.4.28

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood

"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX

"{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files

"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F58E04CD-6E76-43C8-AAF1-482225C2910E}" = Xml Viewer

"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)

"{FF29527A-44CD-3422-945E-981A13584000}" = você Runtimes MSI

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"ComicRack" = ComicRack v0.9.149

"conduitEngine" = Conduit Engine

"CursorFX" = CursorFX

"DAEMON Tools Pro" = DAEMON Tools Pro

"DriverAgent.exe" = DriverAgent by eSupport.com

"ENTERPRISE" = Microsoft Office Enterprise 2007

"InstallShield_{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.6.0

"Memory Improve Master Free Version_is1" = Memory Improve Master Free Version v6.1.2.369

"Messenger Plus!" = Messenger Plus! 5

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"PunkBusterSvc" = PunkBuster Services

"Sonic Generations_is1" = Sonic Generations

"SopCast" = SopCast 3.0.3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Tradução PES2010 By Werther" = Tradução PES2010 By Werther

"UnityWebPlayer" = Unity Web Player

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Syperrj

 

|- Desinstale: C:\Program Files\Spyware Terminator

 

///°°°///

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Clique na imagem: < AdwCleaner_Tlcharger.jpg >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

 

|- Dê início ao scan,clicando em "Recherche" < AdwCleaner_Recherche.jpg >

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[R].txt

 

///°°°///

 

|- Execute o OTL.exe.

|- Para Windows Vista,desabilite a UAC.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2567694

IE - HKCU\..\URLSearchHook: {1d80d668-2160-46a2-b3a7-e166795b0b28} - No CLSID value found

IE - HKCU\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - No CLSID value found

IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.c...q={searchTerms}

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2567694

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}"

FF - prefs.js..extensions.enabledItems: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:2.6.0.15

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: {1d80d668-2160-46a2-b3a7-e166795b0b28}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q="

FF - user.js - File not found

O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com

O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com

O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com

O1 - Hosts: 127.0.0.1 orbitservice.ubi.com

O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1D80D668-2160-46A2-B3A7-E166795B0B28} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - No CLSID value found.

O4 - HKCU..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED File not found

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)

O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\AUtoplAy\command - "" = I:\erpvmq.exe

O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\AutoRun\command - "" = I:\erpvmq.exe

O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\expLorE\CoMmanD - "" = I:\erpvmq.exe

O33 - MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\Shell\Open\CommaNd - "" = I:\erpvmq.exe

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

:Files

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796026459-2530574266-2461488858-1000UA.job

C:\Users\Sidnei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\LinhaDefensiva

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" =-

"VistaSp2" =-

 

:Commands

[createrestorepoint]

[resethosts]

[emptytemp]

[emptyflash]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui o relatório do AdwCleaner:

 

 

# AdwCleaner v1.504 - Logfile created 04/05/2012 at 14:56:48

# Updated 01/04/2012 by Xplode

# Operating system : Windows Vista Ultimate Service Pack 2 (32 bits)

# User : Sidnei - SIDNEI-GAME

# Running from : C:\Users\Sidnei\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Users\Sidnei\AppData\LocalLow\Conduit

Folder Found : C:\Users\Sidnei\AppData\LocalLow\ConduitEngine

Folder Found : C:\Users\Sidnei\AppData\LocalLow\PriceGong

Folder Found : C:\Program Files\ConduitEngine

Folder Found : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\Conduit

Folder Found : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\ConduitEngine

Folder Found : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\extensions\engine@conduit.com

File Found : C:\Program Files\Mozilla Firefox\.autoreg

File Found : C:\Windows\system32\conduitEngine.tmp

File Found : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\searchplugins\Askcom.xml

File Found : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\searchplugins\Conduit.xml

 

***** [H. Navipromo] *****

 

 

***** [Registry] *****

 

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1210541

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2567694

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2905346

Key Found : HKCU\Software\Ask.com

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\Toolbar

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\conduitEngine

Key Found : HKLM\SOFTWARE\Software

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.19154

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v3.6.8 (pt-BR)

 

Profile name : default

File : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\prefs.js

 

Found : user_pref("CT1210541.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT1210541.CTID", "CT1210541");

Found : user_pref("CT1210541.Chat.Meebo.ServerLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.Chat.Meebo.ServerLastResponseTime", "Tue Jun 08 2010 20:09:13 GMT-0300 (Hora of[...]

Found : user_pref("CT1210541.Chat.Meebo.rooms.2030dff2c5edb1", 6);

Found : user_pref("CT1210541.Chat.Meebo.rooms.entertainmentc0ed09fb", 6);

Found : user_pref("CT1210541.Chat.Meebo.rooms.health3693b665", 0);

Found : user_pref("CT1210541.Chat.Meebo.rooms.musicj375cf270", 4);

Found : user_pref("CT1210541.Chat.Meebo.rooms.newsxu117b840d", 23);

Found : user_pref("CT1210541.Chat.Meebo.rooms.p2ptorrentcommunitychat77903f5f", 2);

Found : user_pref("CT1210541.Chat.Meebo.rooms.recreationab17d1f9", 0);

Found : user_pref("CT1210541.Chat.Meebo.rooms.sports522528d3", 2);

Found : user_pref("CT1210541.Chat.Meebo.rooms.technology8bb9fd5b", 2);

Found : user_pref("CT1210541.Chat.Meebo.rooms.teenagers833b8249", 17);

Found : user_pref("CT1210541.Chat.Meebo.rooms.travel8c2e48db", 2);

Found : user_pref("CT1210541.Chat.Meebo.rooms.videogames2fe066e0", 5);

Found : user_pref("CT1210541.Chat.ServerLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial do [...]

Found : user_pref("CT1210541.CommunitiesChangesLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora ofic[...]

Found : user_pref("CT1210541.CommunityChanged", true);

Found : user_pref("CT1210541.DialogsAlignMode", "LTR");

Found : user_pref("CT1210541.DownloadDomainsCheckInterval", "168");

Found : user_pref("CT1210541.DownloadDomainsListLastCheckTime", "Sat Jun 05 2010 16:35:08 GMT-0300 (Hora ofi[...]

Found : user_pref("CT1210541.DownloadDomainsListLastServerUpdateTime", "1201073583");

Found : user_pref("CT1210541.EMailNotifierPollDate", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora oficial do Bra[...]

Found : user_pref("CT1210541.FeedLastCount128333674102944076", 194);

Found : user_pref("CT1210541.FeedLastCount128338056328344243", 0);

Found : user_pref("CT1210541.FeedPollDate128362477949513467", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128362477949513468", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128362477949513469", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128362477949513470", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128362477949513471", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128428944348862621", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128428944348862623", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128428944348862625", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128428944348862626", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128428944348862628", "Mon May 17 2010 15:13:48 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128547301936719331", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128580336206875491", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128580337504375114", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128580338582031818", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128580339914219220", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FeedPollDate128795106830100273", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora ofici[...]

Found : user_pref("CT1210541.FirstTime", true);

Found : user_pref("CT1210541.FirstTimeFF3", true);

Found : user_pref("CT1210541.GroupingServerCheckInterval", 1440);

Found : user_pref("CT1210541.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT1210541.Initialize", true);

Found : user_pref("CT1210541.InitializeCommonPrefs", true);

Found : user_pref("CT1210541.InstalledDate", "Wed Jan 27 2010 14:07:48 GMT-0200");

Found : user_pref("CT1210541.InvalidateCache", false);

Found : user_pref("CT1210541.IsGrouping", false);

Found : user_pref("CT1210541.IsMulticommunity", true);

Found : user_pref("CT1210541.IsOpenThankYouPage", true);

Found : user_pref("CT1210541.IsOpenUninstallPage", true);

Found : user_pref("CT1210541.LanguagePackLastCheckTime", "Tue Jun 08 2010 20:09:25 GMT-0300 (Hora oficial do[...]

Found : user_pref("CT1210541.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT1210541.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT1210541.LastLogin_2.4.0.4", "Sat Jun 05 2010 16:35:16 GMT-0300 (Hora oficial do Brasil)[...]

Found : user_pref("CT1210541.LatestVersion", "2.1.0.18");

Found : user_pref("CT1210541.Locale", "en-us");

Found : user_pref("CT1210541.LoginCache", 4);

Found : user_pref("CT1210541.MCDetectTooltipHeight", "83");

Found : user_pref("CT1210541.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT1210541.MCDetectTooltipWidth", "295");

Found : user_pref("CT1210541.RadioIsPodcast", false);

Found : user_pref("CT1210541.RadioLastCheckTime", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora oficial do Brasil[...]

Found : user_pref("CT1210541.RadioLastUpdateIPServer", "3");

Found : user_pref("CT1210541.RadioLastUpdateServer", "128929877726170000");

Found : user_pref("CT1210541.RadioMediaID", "5534206");

Found : user_pref("CT1210541.RadioMediaType", "Media Player");

Found : user_pref("CT1210541.RadioMenuSelectedID", "EBRadioMenu_CT12105415534206");

Found : user_pref("CT1210541.RadioStationName", "Classic%20RAp");

Found : user_pref("CT1210541.RadioStationURL", "hxxp://www.sky.fm/wma/classicrap.asx");

Found : user_pref("CT1210541.SHRINK_TOOLBAR", 1);

Found : user_pref("CT1210541.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]

Found : user_pref("CT1210541.SearchFromAddressBarIsInit", true);

Found : user_pref("CT1210541.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT121[...]

Found : user_pref("CT1210541.SearchInNewTabEnabled", true);

Found : user_pref("CT1210541.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT1210541.SearchInNewTabLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial [...]

Found : user_pref("CT1210541.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT1210541.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Found : user_pref("CT1210541.SettingsCheckIntervalMin", 120);

Found : user_pref("CT1210541.SettingsLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial do Bra[...]

Found : user_pref("CT1210541.SettingsLastUpdate", "1273848391");

Found : user_pref("CT1210541.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT1210541.ThirdPartyComponentsLastCheck", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficia[...]

Found : user_pref("CT1210541.ThirdPartyComponentsLastUpdate", "1273848391");

Found : user_pref("CT1210541.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]

Found : user_pref("CT1210541.UserID", "UN40162500994612867");

Found : user_pref("CT1210541.ValidationData_Toolbar", 0);

Found : user_pref("CT1210541.WeatherNetwork", "");

Found : user_pref("CT1210541.WeatherPollDate", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora oficial do Brasil)")[...]

Found : user_pref("CT1210541.WeatherUnit", "C");

Found : user_pref("CT1210541.clientLogIsEnabled", false);

Found : user_pref("CT1210541.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Found : user_pref("CT1210541.myStuffEnabled", true);

Found : user_pref("CT1210541.myStuffPublihserMinWidth", 400);

Found : user_pref("CT1210541.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT1210541.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT1210541.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT1210541.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Found : user_pref("CT2567694.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT2567694.CTID", "CT2567694");

Found : user_pref("CT2567694.CurrentServerDate", "15-6-2010");

Found : user_pref("CT2567694.DialogsAlignMode", "LTR");

Found : user_pref("CT2567694.DownloadReferralCookieData", "");

Found : user_pref("CT2567694.EMailNotifierPollDate", "Tue Jun 15 2010 12:50:33 GMT-0300 (Hora oficial do Bra[...]

Found : user_pref("CT2567694.FeedLastCount129132863020934308", 173);

Found : user_pref("CT2567694.FeedPollDate128746790824594437", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Found : user_pref("CT2567694.FeedPollDate128746790988031938", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Found : user_pref("CT2567694.FeedPollDate128746791145844439", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Found : user_pref("CT2567694.FeedPollDate128746791280844460", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Found : user_pref("CT2567694.FeedPollDate128746791444750814", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Found : user_pref("CT2567694.FeedPollDate128746791615375007", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Found : user_pref("CT2567694.FeedPollDate128746791787562545", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...]

Found : user_pref("CT2567694.FeedPollDate128746791931312886", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...]

Found : user_pref("CT2567694.FeedPollDate128746792089906714", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...]

Found : user_pref("CT2567694.FeedPollDate128746792196156845", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...]

Found : user_pref("CT2567694.FeedTTL128746791787562545", 5);

Found : user_pref("CT2567694.FeedTTL128746792089906714", 30);

Found : user_pref("CT2567694.FeedTTL128746792196156845", 30);

Found : user_pref("CT2567694.FirstServerDate", "15-6-2010");

Found : user_pref("CT2567694.FirstTime", true);

Found : user_pref("CT2567694.FirstTimeFF3", true);

Found : user_pref("CT2567694.FirstTimeSettingsDone", true);

Found : user_pref("CT2567694.FixPageNotFoundErrors", true);

Found : user_pref("CT2567694.GroupingServerCheckInterval", 1440);

Found : user_pref("CT2567694.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT2567694.Initialize", true);

Found : user_pref("CT2567694.InitializeCommonPrefs", true);

Found : user_pref("CT2567694.InstallationAndCookieDataSentCount", 1);

Found : user_pref("CT2567694.InstallationType", "UnknownIntegration");

Found : user_pref("CT2567694.InstalledDate", "Tue Jun 15 2010 12:50:31 GMT-0300 (Hora oficial do Brasil)");

Found : user_pref("CT2567694.InvalidateCache", false);

Found : user_pref("CT2567694.IsGrouping", false);

Found : user_pref("CT2567694.IsMulticommunity", false);

Found : user_pref("CT2567694.IsOpenThankYouPage", false);

Found : user_pref("CT2567694.IsOpenUninstallPage", true);

Found : user_pref("CT2567694.LanguagePackLastCheckTime", "Tue Jun 15 2010 12:50:39 GMT-0300 (Hora oficial do[...]

Found : user_pref("CT2567694.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT2567694.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT2567694.LastLogin_2.6.0.15", "Tue Jun 15 2010 12:50:31 GMT-0300 (Hora oficial do Brasil[...]

Found : user_pref("CT2567694.LatestVersion", "2.1.0.18");

Found : user_pref("CT2567694.Locale", "pt");

Found : user_pref("CT2567694.LoginCache", 4);

Found : user_pref("CT2567694.MCDetectTooltipHeight", "83");

Found : user_pref("CT2567694.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT2567694.MCDetectTooltipWidth", "295");

Found : user_pref("CT2567694.RadioIsPodcast", false);

Found : user_pref("CT2567694.RadioLastCheckTime", "Tue Jun 15 2010 12:50:35 GMT-0300 (Hora oficial do Brasil[...]

Found : user_pref("CT2567694.RadioLastUpdateIPServer", "3");

Found : user_pref("CT2567694.RadioLastUpdateServer", "3");

Found : user_pref("CT2567694.RadioMediaID", "9962");

Found : user_pref("CT2567694.RadioMediaType", "Media Player");

Found : user_pref("CT2567694.RadioMenuSelectedID", "EBRadioMenu_CT25676949962");

Found : user_pref("CT2567694.RadioStationName", "California%20Rock");

Found : user_pref("CT2567694.RadioStationURL", "hxxp://feedlive.net/california.asx");

Found : user_pref("CT2567694.SHRINK_TOOLBAR", 1);

Found : user_pref("CT2567694.SavedHomepage", "www.google.com.br");

Found : user_pref("CT2567694.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM[...]

Found : user_pref("CT2567694.SearchFromAddressBarIsInit", true);

Found : user_pref("CT2567694.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256[...]

Found : user_pref("CT2567694.SearchInNewTabEnabled", true);

Found : user_pref("CT2567694.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT2567694.SearchInNewTabLastCheckTime", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora oficial [...]

Found : user_pref("CT2567694.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT2567694.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Found : user_pref("CT2567694.SettingsCheckIntervalMin", 120);

Found : user_pref("CT2567694.SettingsLastCheckTime", "Tue Jun 15 2010 12:50:27 GMT-0300 (Hora oficial do Bra[...]

Found : user_pref("CT2567694.SettingsLastUpdate", "1276614603");

Found : user_pref("CT2567694.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT2567694.ThirdPartyComponentsLastCheck", "Tue Jun 15 2010 12:50:26 GMT-0300 (Hora oficia[...]

Found : user_pref("CT2567694.ThirdPartyComponentsLastUpdate", "1276614603");

Found : user_pref("CT2567694.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]

Found : user_pref("CT2567694.UserID", "UN41943131171878867");

Found : user_pref("CT2567694.WeatherNetwork", "");

Found : user_pref("CT2567694.WeatherPollDate", "Tue Jun 15 2010 12:50:40 GMT-0300 (Hora oficial do Brasil)")[...]

Found : user_pref("CT2567694.WeatherUnit", "C");

Found : user_pref("CT2567694.alertChannelId", "960559");

Found : user_pref("CT2567694.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");

Found : user_pref("CT2567694.clientLogIsEnabled", true);

Found : user_pref("CT2567694.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Found : user_pref("CT2567694.myStuffEnabled", true);

Found : user_pref("CT2567694.myStuffPublihserMinWidth", 400);

Found : user_pref("CT2567694.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT2567694.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT2567694.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT2567694.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Found : user_pref("CT2905346..clientLogIsEnabled", true);

Found : user_pref("CT2905346..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT2905346..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT2905346.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT2905346.CTID", "CT2905346");

Found : user_pref("CT2905346.CurrentServerDate", "29-6-2011");

Found : user_pref("CT2905346.DialogsAlignMode", "LTR");

Found : user_pref("CT2905346.DownloadReferralCookieData", "");

Found : user_pref("CT2905346.FirstServerDate", "2-4-2011");

Found : user_pref("CT2905346.FirstTime", true);

Found : user_pref("CT2905346.FirstTimeFF3", true);

Found : user_pref("CT2905346.FixPageNotFoundErrors", true);

Found : user_pref("CT2905346.GroupingServerCheckInterval", 1440);

Found : user_pref("CT2905346.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT2905346.HasUserGlobalKeys", true);

Found : user_pref("CT2905346.Initialize", true);

Found : user_pref("CT2905346.InitializeCommonPrefs", true);

Found : user_pref("CT2905346.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT2905346.InstallationId", "Messenger_Plus_BR.exe");

Found : user_pref("CT2905346.InstallationType", "ConduitIntegration");

Found : user_pref("CT2905346.InstalledDate", "Sat Apr 02 2011 10:13:59 GMT-0300 (Hora oficial do Brasil)");

Found : user_pref("CT2905346.InvalidateCache", false);

Found : user_pref("CT2905346.IsGrouping", false);

Found : user_pref("CT2905346.IsMulticommunity", false);

Found : user_pref("CT2905346.IsOpenThankYouPage", false);

Found : user_pref("CT2905346.IsOpenUninstallPage", true);

Found : user_pref("CT2905346.LanguagePackLastCheckTime", "Wed Jun 29 2011 15:04:42 GMT-0300 (Hora oficial do[...]

Found : user_pref("CT2905346.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT2905346.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT2905346.LastLogin_3.2.5.2", "Wed Jun 29 2011 15:04:40 GMT-0300 (Hora oficial do Brasil)[...]

Found : user_pref("CT2905346.LatestVersion", "3.3.3.2");

Found : user_pref("CT2905346.Locale", "pt-br");

Found : user_pref("CT2905346.MCDetectTooltipHeight", "83");

Found : user_pref("CT2905346.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT2905346.MCDetectTooltipWidth", "295");

Found : user_pref("CT2905346.RadioIsPodcast", false);

Found : user_pref("CT2905346.RadioLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora oficial do Brasil[...]

Found : user_pref("CT2905346.RadioLastUpdateIPServer", "3");

Found : user_pref("CT2905346.RadioLastUpdateServer", "129430458341500000");

Found : user_pref("CT2905346.RadioMediaID", "21796068");

Found : user_pref("CT2905346.RadioMediaType", "Media Player");

Found : user_pref("CT2905346.RadioMenuSelectedID", "EBRadioMenu_CT290534621796068");

Found : user_pref("CT2905346.RadioStationName", "Radio%20Maria%20Brazil");

Found : user_pref("CT2905346.RadioStationURL", "hxxp://www.radiomaria.org/media/brazil.asx");

Found : user_pref("CT2905346.SearchFromAddressBarIsInit", true);

Found : user_pref("CT2905346.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT290[...]

Found : user_pref("CT2905346.SearchInNewTabEnabled", true);

Found : user_pref("CT2905346.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT2905346.SearchInNewTabLastCheckTime", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficial [...]

Found : user_pref("CT2905346.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT2905346.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Found : user_pref("CT2905346.ServiceMapLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora oficial do B[...]

Found : user_pref("CT2905346.SettingsLastCheckTime", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficial do Bra[...]

Found : user_pref("CT2905346.SettingsLastUpdate", "1309176169");

Found : user_pref("CT2905346.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT2905346.ThirdPartyComponentsLastCheck", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficia[...]

Found : user_pref("CT2905346.ThirdPartyComponentsLastUpdate", "1256047550");

Found : user_pref("CT2905346.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");

Found : user_pref("CT2905346.UserID", "UN00974565984043984");

Found : user_pref("CT2905346.alertChannelId", "1297271");

Found : user_pref("CT2905346.backendstorage._fb_dailyactivity", "31333031373733363036393234");

Found : user_pref("CT2905346.backendstorage._fb_lifetimesent", "54525545");

Found : user_pref("CT2905346.backendstorage.facebook_ctid_connect_send", "73656E646564");

Found : user_pref("CT2905346.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");

Found : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_affid", "42525F4E6577")[...]

Found : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_bguid", "42525F4E65772D[...]

Found : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_lba", "3231383037303639[...]

Found : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_lba1", "323031312D362D3[...]

Found : user_pref("CT2905346.myStuffEnabled", true);

Found : user_pref("CT2905346.myStuffPublihserMinWidth", 400);

Found : user_pref("CT2905346.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT2905346.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT2905346.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT2905346.testingCtid", "");

Found : user_pref("CT2905346.toolbarAppMetaDataLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora ofic[...]

Found : user_pref("CT2905346.toolbarContextMenuLastCheckTime", "Sat Apr 02 2011 10:14:06 GMT-0300 (Hora ofic[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1297271/1292942/BR", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/960559/956327/BR", "\"0\"")[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2905346", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63443493058760[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2905346/CT2905346[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/minimize.gif[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/play.gif", "[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stop.gif", "[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stopped.GIF"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/vol.gif", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"[...]

Found : user_pref("CommunityToolbar.EngineOwner", "CT2905346");

Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{1d80d668-2160-46a2-b3a7-e166795b0b28}");

Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "messenger_plus_br");

Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2905346");

Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1d80d668-2160-46a2-b3a7-e166795b0b28}");

Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "messenger_plus_br");

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Found : user_pref("CommunityToolbar.ToolbarsList", "CT1210541,CT2567694,ConduitEngine,CT2905346");

Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1210541,CT2567694,CT2905346");

Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Mar 25 2012 14:45:22 GMT-0300 (Hora [...]

Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);

Found : user_pref("CommunityToolbar.alert.locale", "en");

Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Mar 25 2012 14:45:22 GMT-0300 (Hora ofic[...]

Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");

Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.alert.userId", "{e2524fc4-1f06-4334-9e95-b8f8db1fc6a6}");

Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2567694");

Found : user_pref("ConduitEngine.FirstServerDate", "04/02/2011 16");

Found : user_pref("ConduitEngine.FirstTime", true);

Found : user_pref("ConduitEngine.FirstTimeFF3", true);

Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);

Found : user_pref("ConduitEngine.Initialize", true);

Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);

Found : user_pref("ConduitEngine.InstalledDate", "Sat Apr 02 2011 10:13:58 GMT-0300 (Hora oficial do Brasil)[...]

Found : user_pref("ConduitEngine.IsMulticommunity", false);

Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);

Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);

Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jun 29 2011 15:04:52 GMT-0300 (Hora oficia[...]

Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Jun 29 2011 15:04:48 GMT-0300 (Hora oficial do Bra[...]

Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);

Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Jun 29 2011 15:04:44 GMT-0300 (Hora oficial do[...]

Found : user_pref("ConduitEngine.UserID", "UN73270765339907417");

Found : user_pref("ConduitEngine.engineLocale", "pt-BR");

Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jun 29 2011 15:04:41 GMT-0300 (Hora [...]

Found : user_pref("ConduitEngine.initDone", true);

Found : user_pref("browser.search.defaultthis.engineName", "Messenger Plus Live Brazil Customized Web Search[...]

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&Sea[...]

Found : user_pref("browser.search.selectedEngine", "Search The Web");

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=");

 

*************************

 

AdwCleaner[R1].txt - [31210 octets] - [05/04/2012 14:56:48]

 

########## EOF - C:\AdwCleaner[R1].txt - [31339 octets] ##########

 

Aqui o relatório que surgiu após o reinício do sistema:

 

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1d80d668-2160-46a2-b3a7-e166795b0b28} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d80d668-2160-46a2-b3a7-e166795b0b28}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:2.6.0.15 removed from extensions.enabledItems

Prefs.js: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.0 removed from extensions.enabledItems

Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems

Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems

Prefs.js: {1d80d668-2160-46a2-b3a7-e166795b0b28}:3.2.5.2 removed from extensions.enabledItems

Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&q=" removed from keyword.URL

127.0.0.1 static3.cdn.ubi.com removed from HOSTS file successfully

127.0.0.1 ubisoft-orbit.s3.amazonaws.com removed from HOSTS file successfully

127.0.0.1 onlineconfigservice.ubi.com removed from HOSTS file successfully

127.0.0.1 orbitservice.ubi.com removed from HOSTS file successfully

127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com removed from HOSTS file successfully

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1D80D668-2160-46A2-B3A7-E166795B0B28} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D80D668-2160-46A2-B3A7-E166795B0B28}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully.

Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}

C:\Windows\Downloaded Program Files\sysreqlabdetect.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-3796026459-2530574266-2461488858-1003\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found.

File I:\erpvmq.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found.

File I:\erpvmq.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found.

File I:\erpvmq.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af400ce2-0e63-11df-9470-00241df81fc7}\ not found.

File I:\erpvmq.exe not found.

C:\Windows\System32\ConduitEngine.tmp deleted successfully.

C:\Windows\System32\tmp85CA.tmp deleted successfully.

C:\Windows\System32\tmp86B5.tmp deleted successfully.

C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.

C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.

C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP\WiseCustomCalla.dll deleted successfully.

C:\Windows\DD1865F0AD7340FBB23E1822E02396FF.TMP folder deleted successfully.

C:\Windows\msdownld.tmp folder deleted successfully.

========== FILES ==========

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796026459-2530574266-2461488858-1000UA.job moved successfully.

C:\Users\Sidnei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\LinhaDefensiva\rotinas\remocao folder moved successfully.

C:\LinhaDefensiva\rotinas folder moved successfully.

C:\LinhaDefensiva\relatorios folder moved successfully.

C:\LinhaDefensiva\reflist folder moved successfully.

C:\LinhaDefensiva\QUA\Pastas folder moved successfully.

C:\LinhaDefensiva\QUA\Arquivos folder moved successfully.

C:\LinhaDefensiva\QUA folder moved successfully.

C:\LinhaDefensiva\lang\vb folder moved successfully.

C:\LinhaDefensiva\lang\init folder moved successfully.

C:\LinhaDefensiva\lang\bat folder moved successfully.

C:\LinhaDefensiva\lang folder moved successfully.

C:\LinhaDefensiva\func folder moved successfully.

C:\LinhaDefensiva\exec folder moved successfully.

C:\LinhaDefensiva\credits folder moved successfully.

C:\LinhaDefensiva folder moved successfully.

========== REGISTRY ==========

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot.

========== COMMANDS ==========

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Sidnei

->Temp folder emptied: 184417768 bytes

->Temporary Internet Files folder emptied: 51602778 bytes

->Java cache emptied: 33738233 bytes

->FireFox cache emptied: 71239533 bytes

->Google Chrome cache emptied: 381550779 bytes

->Flash cache emptied: 82177 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 343138 bytes

RecycleBin emptied: 719267846 bytes

 

Total Files Cleaned = 1.376,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Sidnei

->Flash cache emptied: 0 bytes

 

User: UpdatusUser

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.39.2 log created on 04052012_150346

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 scheduled to be deleted on reboot.

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp2 scheduled to be deleted on reboot.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Syperry

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

///°°°///

 

|- Lance,novamente,AdwCleaner e clique em "Delete" ou "Suppression".

 

AdwCleaner_Suppression.jpg

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

///°°°///

 

|- Baixe: < 37ae6cbade5b149987c311d9597676e05d7fd887dbd3c7eff70cdbb46a8368c36g.jpg > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )

 

|- Estando na página,clique em: < Tlcharger_ZHPDiag.jpg >

 

|- Salve-o no disco local e descompacte-o para o desktop! < ZHPDiag2.jpg >

|- Desabilite seu antivírus e execute "ZHPDiag2.exe".

 

ZHPDiag_Installation.jpg

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Finalize a instalação,clicando em "Termine".

|- Abra a ferramenta,clicando no ícone do pergaminho. < ZHPDiag_Pergaminho.jpg >

|- Atualize-a,clicando na seta verde,no topo à direita.

|- A atualização estará completa,ao termos a mensagem: ZHPDiag_Version_est__jour.jpg

 

|- Habilite todas as opções de diagnóstico,clicando em ZHPDiag_Opes_Update.jpg ( Ícone da chave de fenda )

 

ZHPDiag_All.jpg

 

|- Clique em All.

|- Dê início ao diagnóstico ( Diag ),clicando no ícone da lupa.

|- Ao concluir,clique no ícone da máquina fotográfica ou "Save Report",para dispormos do relatório.

|- Salve-o em um local conveniente!

|- Caso queira salvar o log no Bloco de Notas,clique no ícone da máquina fotográfica e cole-o no BN.

|- Anexe,na sua resposta: ZHPDiag.txt <- Coloque-o em um zip!

|- Ps: Não recomendo postar,diretamente,esse arquivo texto.

 

|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < ZHPDiag_Pjjoint-1.jpg >

 

|- Ou acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui o relatório do AdwCleaner[s1]:

 

# AdwCleaner v1.504 - Logfile created 04/05/2012 at 19:12:04

# Updated 01/04/2012 by Xplode

# Operating system : Windows Vista Ultimate Service Pack 2 (32 bits)

# User : Sidnei - SIDNEI-GAME

# Running from : C:\Users\Sidnei\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\Sidnei\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Sidnei\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\Sidnei\AppData\LocalLow\PriceGong

Folder Deleted : C:\Program Files\ConduitEngine

Folder Deleted : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\Conduit

Folder Deleted : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\ConduitEngine

Folder Deleted : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\extensions\engine@conduit.com

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

File Deleted : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\searchplugins\Conduit.xml

 

***** [H. Navipromo] *****

 

 

***** [Registry] *****

 

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1210541

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2567694

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2905346

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\conduitEngine

Key Deleted : HKLM\SOFTWARE\Software

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.19154

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v3.6.8 (pt-BR)

 

Profile name : default

File : C:\Users\Sidnei\AppData\Roaming\Mozilla\FireFox\Profiles\6dsamkzh.default\prefs.js

 

Deleted : user_pref("CT1210541.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT1210541.CTID", "CT1210541");

Deleted : user_pref("CT1210541.Chat.Meebo.ServerLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.Chat.Meebo.ServerLastResponseTime", "Tue Jun 08 2010 20:09:13 GMT-0300 (Hora of[...]

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.2030dff2c5edb1", 6);

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.entertainmentc0ed09fb", 6);

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.health3693b665", 0);

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.musicj375cf270", 4);

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.newsxu117b840d", 23);

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.p2ptorrentcommunitychat77903f5f", 2);

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.recreationab17d1f9", 0);

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.sports522528d3", 2);

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.technology8bb9fd5b", 2);

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.teenagers833b8249", 17);

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.travel8c2e48db", 2);

Deleted : user_pref("CT1210541.Chat.Meebo.rooms.videogames2fe066e0", 5);

Deleted : user_pref("CT1210541.Chat.ServerLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial do [...]

Deleted : user_pref("CT1210541.CommunitiesChangesLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT1210541.CommunityChanged", true);

Deleted : user_pref("CT1210541.DialogsAlignMode", "LTR");

Deleted : user_pref("CT1210541.DownloadDomainsCheckInterval", "168");

Deleted : user_pref("CT1210541.DownloadDomainsListLastCheckTime", "Sat Jun 05 2010 16:35:08 GMT-0300 (Hora ofi[...]

Deleted : user_pref("CT1210541.DownloadDomainsListLastServerUpdateTime", "1201073583");

Deleted : user_pref("CT1210541.EMailNotifierPollDate", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT1210541.FeedLastCount128333674102944076", 194);

Deleted : user_pref("CT1210541.FeedLastCount128338056328344243", 0);

Deleted : user_pref("CT1210541.FeedPollDate128362477949513467", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128362477949513468", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128362477949513469", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128362477949513470", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128362477949513471", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128428944348862621", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128428944348862623", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128428944348862625", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128428944348862626", "Mon May 17 2010 15:13:47 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128428944348862628", "Mon May 17 2010 15:13:48 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128547301936719331", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128580336206875491", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128580337504375114", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128580338582031818", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128580339914219220", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FeedPollDate128795106830100273", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT1210541.FirstTime", true);

Deleted : user_pref("CT1210541.FirstTimeFF3", true);

Deleted : user_pref("CT1210541.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT1210541.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT1210541.Initialize", true);

Deleted : user_pref("CT1210541.InitializeCommonPrefs", true);

Deleted : user_pref("CT1210541.InstalledDate", "Wed Jan 27 2010 14:07:48 GMT-0200");

Deleted : user_pref("CT1210541.InvalidateCache", false);

Deleted : user_pref("CT1210541.IsGrouping", false);

Deleted : user_pref("CT1210541.IsMulticommunity", true);

Deleted : user_pref("CT1210541.IsOpenThankYouPage", true);

Deleted : user_pref("CT1210541.IsOpenUninstallPage", true);

Deleted : user_pref("CT1210541.LanguagePackLastCheckTime", "Tue Jun 08 2010 20:09:25 GMT-0300 (Hora oficial do[...]

Deleted : user_pref("CT1210541.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT1210541.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT1210541.LastLogin_2.4.0.4", "Sat Jun 05 2010 16:35:16 GMT-0300 (Hora oficial do Brasil)[...]

Deleted : user_pref("CT1210541.LatestVersion", "2.1.0.18");

Deleted : user_pref("CT1210541.Locale", "en-us");

Deleted : user_pref("CT1210541.LoginCache", 4);

Deleted : user_pref("CT1210541.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT1210541.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT1210541.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT1210541.RadioIsPodcast", false);

Deleted : user_pref("CT1210541.RadioLastCheckTime", "Tue Jun 08 2010 20:09:06 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT1210541.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT1210541.RadioLastUpdateServer", "128929877726170000");

Deleted : user_pref("CT1210541.RadioMediaID", "5534206");

Deleted : user_pref("CT1210541.RadioMediaType", "Media Player");

Deleted : user_pref("CT1210541.RadioMenuSelectedID", "EBRadioMenu_CT12105415534206");

Deleted : user_pref("CT1210541.RadioStationName", "Classic%20RAp");

Deleted : user_pref("CT1210541.RadioStationURL", "hxxp://www.sky.fm/wma/classicrap.asx");

Deleted : user_pref("CT1210541.SHRINK_TOOLBAR", 1);

Deleted : user_pref("CT1210541.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]

Deleted : user_pref("CT1210541.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT1210541.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT121[...]

Deleted : user_pref("CT1210541.SearchInNewTabEnabled", true);

Deleted : user_pref("CT1210541.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT1210541.SearchInNewTabLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial [...]

Deleted : user_pref("CT1210541.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT1210541.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Deleted : user_pref("CT1210541.SettingsCheckIntervalMin", 120);

Deleted : user_pref("CT1210541.SettingsLastCheckTime", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT1210541.SettingsLastUpdate", "1273848391");

Deleted : user_pref("CT1210541.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT1210541.ThirdPartyComponentsLastCheck", "Tue Jun 08 2010 20:09:05 GMT-0300 (Hora oficia[...]

Deleted : user_pref("CT1210541.ThirdPartyComponentsLastUpdate", "1273848391");

Deleted : user_pref("CT1210541.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]

Deleted : user_pref("CT1210541.UserID", "UN40162500994612867");

Deleted : user_pref("CT1210541.ValidationData_Toolbar", 0);

Deleted : user_pref("CT1210541.WeatherNetwork", "");

Deleted : user_pref("CT1210541.WeatherPollDate", "Tue Jun 08 2010 20:09:07 GMT-0300 (Hora oficial do Brasil)")[...]

Deleted : user_pref("CT1210541.WeatherUnit", "C");

Deleted : user_pref("CT1210541.clientLogIsEnabled", false);

Deleted : user_pref("CT1210541.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Deleted : user_pref("CT1210541.myStuffEnabled", true);

Deleted : user_pref("CT1210541.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT1210541.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT1210541.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT1210541.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT1210541.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Deleted : user_pref("CT2567694.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2567694.CTID", "CT2567694");

Deleted : user_pref("CT2567694.CurrentServerDate", "15-6-2010");

Deleted : user_pref("CT2567694.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2567694.DownloadReferralCookieData", "");

Deleted : user_pref("CT2567694.EMailNotifierPollDate", "Tue Jun 15 2010 12:50:33 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT2567694.FeedLastCount129132863020934308", 173);

Deleted : user_pref("CT2567694.FeedPollDate128746790824594437", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT2567694.FeedPollDate128746790988031938", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT2567694.FeedPollDate128746791145844439", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT2567694.FeedPollDate128746791280844460", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT2567694.FeedPollDate128746791444750814", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT2567694.FeedPollDate128746791615375007", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT2567694.FeedPollDate128746791787562545", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT2567694.FeedPollDate128746791931312886", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT2567694.FeedPollDate128746792089906714", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT2567694.FeedPollDate128746792196156845", "Tue Jun 15 2010 14:50:32 GMT-0300 (Hora ofici[...]

Deleted : user_pref("CT2567694.FeedTTL128746791787562545", 5);

Deleted : user_pref("CT2567694.FeedTTL128746792089906714", 30);

Deleted : user_pref("CT2567694.FeedTTL128746792196156845", 30);

Deleted : user_pref("CT2567694.FirstServerDate", "15-6-2010");

Deleted : user_pref("CT2567694.FirstTime", true);

Deleted : user_pref("CT2567694.FirstTimeFF3", true);

Deleted : user_pref("CT2567694.FirstTimeSettingsDone", true);

Deleted : user_pref("CT2567694.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2567694.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2567694.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2567694.Initialize", true);

Deleted : user_pref("CT2567694.InitializeCommonPrefs", true);

Deleted : user_pref("CT2567694.InstallationAndCookieDataSentCount", 1);

Deleted : user_pref("CT2567694.InstallationType", "UnknownIntegration");

Deleted : user_pref("CT2567694.InstalledDate", "Tue Jun 15 2010 12:50:31 GMT-0300 (Hora oficial do Brasil)");

Deleted : user_pref("CT2567694.InvalidateCache", false);

Deleted : user_pref("CT2567694.IsGrouping", false);

Deleted : user_pref("CT2567694.IsMulticommunity", false);

Deleted : user_pref("CT2567694.IsOpenThankYouPage", false);

Deleted : user_pref("CT2567694.IsOpenUninstallPage", true);

Deleted : user_pref("CT2567694.LanguagePackLastCheckTime", "Tue Jun 15 2010 12:50:39 GMT-0300 (Hora oficial do[...]

Deleted : user_pref("CT2567694.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2567694.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2567694.LastLogin_2.6.0.15", "Tue Jun 15 2010 12:50:31 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2567694.LatestVersion", "2.1.0.18");

Deleted : user_pref("CT2567694.Locale", "pt");

Deleted : user_pref("CT2567694.LoginCache", 4);

Deleted : user_pref("CT2567694.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2567694.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2567694.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2567694.RadioIsPodcast", false);

Deleted : user_pref("CT2567694.RadioLastCheckTime", "Tue Jun 15 2010 12:50:35 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2567694.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT2567694.RadioLastUpdateServer", "3");

Deleted : user_pref("CT2567694.RadioMediaID", "9962");

Deleted : user_pref("CT2567694.RadioMediaType", "Media Player");

Deleted : user_pref("CT2567694.RadioMenuSelectedID", "EBRadioMenu_CT25676949962");

Deleted : user_pref("CT2567694.RadioStationName", "California%20Rock");

Deleted : user_pref("CT2567694.RadioStationURL", "hxxp://feedlive.net/california.asx");

Deleted : user_pref("CT2567694.SHRINK_TOOLBAR", 1);

Deleted : user_pref("CT2567694.SavedHomepage", "www.google.com.br");

Deleted : user_pref("CT2567694.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM[...]

Deleted : user_pref("CT2567694.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2567694.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT256[...]

Deleted : user_pref("CT2567694.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2567694.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2567694.SearchInNewTabLastCheckTime", "Tue Jun 15 2010 12:50:32 GMT-0300 (Hora oficial [...]

Deleted : user_pref("CT2567694.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2567694.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Deleted : user_pref("CT2567694.SettingsCheckIntervalMin", 120);

Deleted : user_pref("CT2567694.SettingsLastCheckTime", "Tue Jun 15 2010 12:50:27 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT2567694.SettingsLastUpdate", "1276614603");

Deleted : user_pref("CT2567694.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2567694.ThirdPartyComponentsLastCheck", "Tue Jun 15 2010 12:50:26 GMT-0300 (Hora oficia[...]

Deleted : user_pref("CT2567694.ThirdPartyComponentsLastUpdate", "1276614603");

Deleted : user_pref("CT2567694.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]

Deleted : user_pref("CT2567694.UserID", "UN41943131171878867");

Deleted : user_pref("CT2567694.WeatherNetwork", "");

Deleted : user_pref("CT2567694.WeatherPollDate", "Tue Jun 15 2010 12:50:40 GMT-0300 (Hora oficial do Brasil)")[...]

Deleted : user_pref("CT2567694.WeatherUnit", "C");

Deleted : user_pref("CT2567694.alertChannelId", "960559");

Deleted : user_pref("CT2567694.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");

Deleted : user_pref("CT2567694.clientLogIsEnabled", true);

Deleted : user_pref("CT2567694.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]

Deleted : user_pref("CT2567694.myStuffEnabled", true);

Deleted : user_pref("CT2567694.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2567694.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2567694.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2567694.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2567694.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]

Deleted : user_pref("CT2905346..clientLogIsEnabled", true);

Deleted : user_pref("CT2905346..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2905346..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2905346.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2905346.CTID", "CT2905346");

Deleted : user_pref("CT2905346.CurrentServerDate", "29-6-2011");

Deleted : user_pref("CT2905346.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2905346.DownloadReferralCookieData", "");

Deleted : user_pref("CT2905346.FirstServerDate", "2-4-2011");

Deleted : user_pref("CT2905346.FirstTime", true);

Deleted : user_pref("CT2905346.FirstTimeFF3", true);

Deleted : user_pref("CT2905346.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2905346.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2905346.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2905346.HasUserGlobalKeys", true);

Deleted : user_pref("CT2905346.Initialize", true);

Deleted : user_pref("CT2905346.InitializeCommonPrefs", true);

Deleted : user_pref("CT2905346.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2905346.InstallationId", "Messenger_Plus_BR.exe");

Deleted : user_pref("CT2905346.InstallationType", "ConduitIntegration");

Deleted : user_pref("CT2905346.InstalledDate", "Sat Apr 02 2011 10:13:59 GMT-0300 (Hora oficial do Brasil)");

Deleted : user_pref("CT2905346.InvalidateCache", false);

Deleted : user_pref("CT2905346.IsGrouping", false);

Deleted : user_pref("CT2905346.IsMulticommunity", false);

Deleted : user_pref("CT2905346.IsOpenThankYouPage", false);

Deleted : user_pref("CT2905346.IsOpenUninstallPage", true);

Deleted : user_pref("CT2905346.LanguagePackLastCheckTime", "Wed Jun 29 2011 15:04:42 GMT-0300 (Hora oficial do[...]

Deleted : user_pref("CT2905346.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2905346.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2905346.LastLogin_3.2.5.2", "Wed Jun 29 2011 15:04:40 GMT-0300 (Hora oficial do Brasil)[...]

Deleted : user_pref("CT2905346.LatestVersion", "3.3.3.2");

Deleted : user_pref("CT2905346.Locale", "pt-br");

Deleted : user_pref("CT2905346.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2905346.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2905346.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2905346.RadioIsPodcast", false);

Deleted : user_pref("CT2905346.RadioLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora oficial do Brasil[...]

Deleted : user_pref("CT2905346.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT2905346.RadioLastUpdateServer", "129430458341500000");

Deleted : user_pref("CT2905346.RadioMediaID", "21796068");

Deleted : user_pref("CT2905346.RadioMediaType", "Media Player");

Deleted : user_pref("CT2905346.RadioMenuSelectedID", "EBRadioMenu_CT290534621796068");

Deleted : user_pref("CT2905346.RadioStationName", "Radio%20Maria%20Brazil");

Deleted : user_pref("CT2905346.RadioStationURL", "hxxp://www.radiomaria.org/media/brazil.asx");

Deleted : user_pref("CT2905346.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2905346.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT290[...]

Deleted : user_pref("CT2905346.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2905346.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2905346.SearchInNewTabLastCheckTime", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficial [...]

Deleted : user_pref("CT2905346.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2905346.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Deleted : user_pref("CT2905346.ServiceMapLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora oficial do B[...]

Deleted : user_pref("CT2905346.SettingsLastCheckTime", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("CT2905346.SettingsLastUpdate", "1309176169");

Deleted : user_pref("CT2905346.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2905346.ThirdPartyComponentsLastCheck", "Wed Jun 29 2011 15:04:38 GMT-0300 (Hora oficia[...]

Deleted : user_pref("CT2905346.ThirdPartyComponentsLastUpdate", "1256047550");

Deleted : user_pref("CT2905346.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");

Deleted : user_pref("CT2905346.UserID", "UN00974565984043984");

Deleted : user_pref("CT2905346.alertChannelId", "1297271");

Deleted : user_pref("CT2905346.backendstorage._fb_dailyactivity", "31333031373733363036393234");

Deleted : user_pref("CT2905346.backendstorage._fb_lifetimesent", "54525545");

Deleted : user_pref("CT2905346.backendstorage.facebook_ctid_connect_send", "73656E646564");

Deleted : user_pref("CT2905346.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");

Deleted : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_affid", "42525F4E6577")[...]

Deleted : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_bguid", "42525F4E65772D[...]

Deleted : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_lba", "3231383037303639[...]

Deleted : user_pref("CT2905346.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_lba1", "323031312D362D3[...]

Deleted : user_pref("CT2905346.myStuffEnabled", true);

Deleted : user_pref("CT2905346.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2905346.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2905346.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2905346.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2905346.testingCtid", "");

Deleted : user_pref("CT2905346.toolbarAppMetaDataLastCheckTime", "Wed Jun 29 2011 15:04:39 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CT2905346.toolbarContextMenuLastCheckTime", "Sat Apr 02 2011 10:14:06 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1297271/1292942/BR", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/960559/956327/BR", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2905346", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63443493058760[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2905346/CT2905346[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/minimize.gif[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/play.gif", "[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stop.gif", "[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stopped.GIF"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/vol.gif", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"[...]

Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2905346");

Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1d80d668-2160-46a2-b3a7-e166795b0b28}");

Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "messenger_plus_br");

Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2905346");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1d80d668-2160-46a2-b3a7-e166795b0b28}");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "messenger_plus_br");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1210541,CT2567694,ConduitEngine,CT2905346");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1210541,CT2567694,CT2905346");

Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Mar 25 2012 14:45:22 GMT-0300 (Hora [...]

Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);

Deleted : user_pref("CommunityToolbar.alert.locale", "en");

Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Mar 25 2012 14:45:22 GMT-0300 (Hora ofic[...]

Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.alert.userId", "{e2524fc4-1f06-4334-9e95-b8f8db1fc6a6}");

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2567694");

Deleted : user_pref("ConduitEngine.FirstServerDate", "04/02/2011 16");

Deleted : user_pref("ConduitEngine.FirstTime", true);

Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);

Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);

Deleted : user_pref("ConduitEngine.Initialize", true);

Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);

Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Apr 02 2011 10:13:58 GMT-0300 (Hora oficial do Brasil)[...]

Deleted : user_pref("ConduitEngine.IsMulticommunity", false);

Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);

Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);

Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jun 29 2011 15:04:52 GMT-0300 (Hora oficia[...]

Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Jun 29 2011 15:04:48 GMT-0300 (Hora oficial do Bra[...]

Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);

Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Jun 29 2011 15:04:44 GMT-0300 (Hora oficial do[...]

Deleted : user_pref("ConduitEngine.UserID", "UN73270765339907417");

Deleted : user_pref("ConduitEngine.engineLocale", "pt-BR");

Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jun 29 2011 15:04:41 GMT-0300 (Hora [...]

Deleted : user_pref("ConduitEngine.initDone", true);

Deleted : user_pref("browser.search.defaultthis.engineName", "Messenger Plus Live Brazil Customized Web Search[...]

Deleted : user_pref("browser.search.selectedEngine", "Search The Web");

 

*************************

 

AdwCleaner[R1].txt - [31341 octets] - [05/04/2012 14:56:48]

AdwCleaner[s1].txt - [31175 octets] - [05/04/2012 19:12:04]

 

########## EOF - C:\AdwCleaner[s1].txt - [31304 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui o relatório do ZHPdiag:

 

 

Rapport de ZHPDiag v1.28.34 par Nicolas Coolman, Update du 06/03/2012

Run by Sidnei at 05/04/2012 19:50:39

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Web site : http://nicolascoolman.skyrock.com/

Windows Vista Ultimate Edition, 32-bit Service Pack 2 (Build 6002)

State : A new version is available.

 

Boot mode: Normal (Normal boot)

Logged in as Administrator

 

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.19154

MFIE: Mozilla Firefox v3.6.8 (pt-BR)

GCIE: Google Chrome (Defaut)

 

---\\ Running Processes

[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.3576]

[MD5.56F676060D70BA066459478824510BEA] - (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [56928] [PID.3616]

[MD5.C72FB9CC856ECFF3B6459B27CB674638] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\PAC207\Monitor.exe [323584] [PID.3692]

[MD5.C983E62B6FB74457D173BA93F66F6068] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768] [PID.3720]

[MD5.6BD8E97CA7DB46E795D3772866A40CEC] - (.Yuna Software - Messenger Plus! 5.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe [801792] [PID.3772]

[MD5.F15E6014E812A5E2CD469FCF5682C0E1] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056] [PID.3780]

[MD5.98A078F838A70F84E1BD490D7C7675F4] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.3792]

[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3896]

[MD5.67384147DD005E54D2C0A20408E28579] - (.Valve Corporation - Steam.) -- C:\Program Files\Steam\Steam.exe [1242448] [PID.3952]

[MD5.094F1705ADBCD41E86E2E7F823C933BF] - (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4527424] [PID.3980]

[MD5.B2BCB4A5553E137B026F095D5260EDFC] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [373864] [PID.4008]

[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.4084]

[MD5.1AA28078F59CF3942DF139B72B455A72] - (.KoshyJohn.com - MemoryCleaner.) -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe [785489] [PID.3088]

[MD5.271C017E3220E281827FE204FF98C6A8] - (.Memory Improve Master Studio - Memory Improve Master.) -- C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe [5095424] [PID.3648]

[MD5.F5143A7CA66EB913B5463BED3D3DD8D2] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [3120448] [PID.2488]

[MD5.888A8AF571C0F56D5B103B0976C6603E] - (.Google Inc. - Google Chrome.) -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe [1224176] [PID.4408]

[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.5992]

[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5020]

[MD5.46AE705AC463F50AC714C8084A09A2A3] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Just Cause 2\ZHPDiag\ZHPDiag.exe [2211328] [PID.2888]

[MD5.26DB28B32E8D2F57CB5065A4A053801A] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) -- C:\Windows\system32\nvvsvc.exe [599144] [PID.]

[MD5.9BF7E58D9113CE15CF4F1E1B18CEFF83] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [379496] [PID.]

[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Serviço de Licenciamento de Software Micros.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.]

[MD5.1D70198EB53348374F211BEB62F4F8DC] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [812648] [PID.]

[MD5.B4837FE56D76B2E9EA90E5365CF6A2BE] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360] [PID.]

[MD5.DF5A3016052755C910A206058B4A1729] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480] [PID.]

[MD5.B05640AC812FCCB488328DF34E7F663A] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392] [PID.]

[MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.]

[MD5.1713D9DE407313138118D501B0E3C05B] - (...) -- C:\Windows\system32\PnkBstrA.exe [75136] [PID.]

[MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.Unknown owner - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936] [PID.]

[MD5.637A0F23F9012358E92E6F99835494D1] - (.Microsoft Corporation - SQL Server VSS Writer.) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840] [PID.]

[MD5.A19BBE1E3E3FEF50B94CA07DCC0FB776] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2255464] [PID.]

[MD5.D2E35B408F1B78CC166A9F869BB4CCF5] - (.Valve Corporation - Steam Client Service (buildbot_winslave04_s.) -- C:\Program Files\Common Files\Steam\SteamService.exe [489256] [PID.]

~ Scan Processes Running in 00mn 01s

 

 

 

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)

C:\Users\Sidnei\AppData\Local\Google\Chrome\User Data\Default\Preferences

G1 - GCS: Preference [user Data\Default] None

G0 - GCSP: Preference [user Data\Default][HomePage] http://www.google.com

~ Scan Google Browser in 00mn 00s

 

 

 

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

C:\Users\Sidnei\AppData\Roaming\Mozilla\Firefox\Profiles\6dsamkzh.default\prefs.js

M3 - MFPP: Plugins - [sidnei] -- C:\Users\Sidnei\AppData\Roaming\Mozilla\Firefox\Profiles\6dsamkzh.default\searchplugins\daemon-search.xml

M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\buscape.xml

M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\mercadolivre.xml

M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\search.xml

M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-br.xml

M3 - MFPP: Plugins - [sidnei] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml

M0 - MFSP: prefs.js [sidnei - 6dsamkzh.default] www.google.com.br

M2 - MFEP: prefs.js [sidnei - 6dsamkzh.default\redshift_V2@shift-themes.com] [] RedShift V3.6 v3.6 (.C. Nicks.)

M2 - MFEP: prefs.js [sidnei - 6dsamkzh.default\{1d80d668-2160-46a2-b3a7-e166795b0b28}] [] Messenger Plus BR Community Toolbar v3.2.5.2 (.Conduit Ltd..)

M2 - MFEP: prefs.js [sidnei - 6dsamkzh.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)

M2 - MFEP: prefs.js [sidnei - 6dsamkzh.default\{bc4be15d-6a34-4356-9e97-79e43da32b1d}] [] P2P Torrent Toolbar v2.4.0.4 (.Conduit Ltd..)

M2 - MFEP: prefs.js [sidnei - 6dsamkzh.default\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}] [] Messenger Plus Live Brazil Toolbar v2.6.0.15 (.Conduit Ltd..)

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll

P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll

P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprjplug.dll

P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - 15.0.0.198.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpjplug.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.6.3.633.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_31 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60831.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

P2 - FPN: [HKLM] [@real.com/nppl3260;version=15.0.0.198] - (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

P2 - FPN: [HKLM] [@real.com/nprjplug;version=15.0.0.198] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

P2 - FPN: [HKLM] [@real.com/nprpchromebrowserrecordext;version=12.0.1.669] - (.RealNetworks, Inc. - RealNetworks RealPlayer Chrome Background Extension Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserre

P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=15.0.0.198] - (.RealNetworks, Inc. - RealPlayer HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

P2 - FPN: [HKLM] [@real.com/nprpjplug;version=15.0.0.198] - (.RealNetworks, Inc. - 15.0.0.198.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

P2 - FPN: [HKLM] [@research.microsoft.com/HDView] - (.Microsoft Research - HD View 3.3.0.0 Mozilla plugin.) -- C:\Program Files\Microsoft Research\HD View\nphdview.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\Sidnei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\Sidnei\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (.Unity Technologies ApS - Unity Player 2.6.1f3.) -- C:\Users\Sidnei\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

~ Scan Firefox Browser in 00mn 00s

 

 

 

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\Windows\System32\ieframe.dll

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

~ Scan IE Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

 

 

 

---\\ Changed inifile Value, Mapped to Registry (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

~ Scan Keys in 00mn 00s

 

 

 

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 1

 

 

 

---\\ Browser Helper Objects (O2)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

~ Scan BHO in 00mn 00s

 

 

 

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - HKLM\..\Run: [RemoteControl] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] . (.Unknown owner - Language Application.) -- C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [PAC207_Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 5.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe

O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe

O4 - HKCU\..\Run: [steam] . (.Valve Corporation - Steam.) -- C:\Program Files\Steam\Steam.exe

O4 - HKCU\..\Run: [Memory Cleaner] . (.KoshyJohn.com - MemoryCleaner.) -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe

O4 - HKCU\..\Run: [Memory Improve Master] . (.Memory Improve Master Studio - Memory Improve Master.) -- C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll

O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [sidebar] . (.Microsoft Corporation - Barra Lateral do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe

O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [steam] . (.Valve Corporation - Steam.) -- C:\Program Files\Steam\Steam.exe

O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [Memory Cleaner] . (.KoshyJohn.com - MemoryCleaner.) -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe

O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe

O4 - HKUS\S-1-5-21-3796026459-2530574266-2461488858-1003-3796026459-2530574266-2461488858-1000\..\Run: [Memory Improve Master] . (.Memory Improve Master Studio - Memory Improve Master.) -- C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe

~ Scan Application in 00mn 00s

 

 

 

---\\ Other User Links (O4)

O4 - Global Startup: C:\Users\UpdatusUser\Desktop\Memory Improve Master.lnk . (.Memory Improve Master Studio.) -- C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe

O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe

O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe

O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouTube - YouTube de fodasticman.lnk . (.Google Inc..) -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\ASSASSIN'S CREED II.lnk . (.Ubisoft.) -- C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\Assassin's Creed Revelations.lnk . (...) -- C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRSP.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\ASSASSIN'S CREED.lnk . (.Ubisoft.) -- C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Game.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\ASSASSINS'S CREED BROTHERHOOD.lnk . (...) -- C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\BATMAN ARKHAM ASYLUM.lnk . (.Rocksteady Studios Ltd.) -- C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\BmLauncher.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\Batman Arkham City.lnk . (.Rocksteady Studios Ltd.) -- C:\Users\Sidnei\Documents\4RKC1B4.www.baixatudogames.com\Binaries\Win32\BmLauncher.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\CALL OF DUTY 4 - MODERN WARFARE.lnk . (...) -- C:\Users\Sidnei\Documents\jogos\CALL OF DUTY 4\kog_chetire_RIP_LOOKsZONE.RU_EPIDEM.RU\Call of Duty 4 - Modern Warfare\iw3sp.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\CALL OF DUTY 4 - MP.lnk . (...) -- C:\Users\Sidnei\Documents\jogos\CALL OF DUTY 4\kog_chetire_RIP_LOOKsZONE.RU_EPIDEM.RU\Call of Duty 4 - Modern Warfare\iw3mp.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\Call of Duty Modern Warfare 3 SP.lnk . (...) -- C:\Users\Sidnei\Documents\Modern Warfare 3\Call_of_Duty_Modern_Warfare_3_Setup\iw5sp.exe (.not file.)

O4 - Global Startup: C:\Users\Sidnei\Desktop\Find Drivers with DriverAgent.lnk . (.Copyright © 2010 eSupport.com. All Rights R.) -- C:\Users\Sidnei\AppData\Local\eSupport.com\driveragent-987.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Users\Sidnei\AppData\Local\Google\Chrome\Application\chrome.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\JDownloader.lnk . (.AppWork UG (haftungsbeschränkt).) -- C:\Program Files\JDownloader\JDownloader.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\Memory Cleaner.lnk . (.KoshyJohn.com.) -- C:\Users\Sidnei\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\Memory Improve Master.lnk . (.Memory Improve Master Studio.) -- C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\NEED FOR SPEED SHIFT.lnk . (...) -- C:\Program Files\Electronic Arts\Need for Speed SHIFT\shift.exe (.not file.)

O4 - Global Startup: C:\Users\Sidnei\Desktop\NFS11 - Atalho.lnk . (.Electronic Arts.) -- C:\Program Files\Electronic Arts\Need for Speed Hot Pursuit\NFS11.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\PES 2010.lnk . (.Konami Digital Entertainment Co., Ltd..) -- C:\Program Files\PES.2010-KaOs\pes2010.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\PES 2011.lnk . (.Konami Digital Entertainment Co., Ltd..) -- C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\SPIDER MAN SHATTERED DIMENSIONS.lnk . (...) -- C:\Program Files\R.G. Cracker's\Spider-Man Shattered Dimensions Repack\Game.exe (.not file.)

O4 - Global Startup: C:\Users\Sidnei\Desktop\VB EXPRESS.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe

O4 - Global Startup: C:\Users\Sidnei\Desktop\Windows Live Messenger .lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet - Atalho.lnk - Orphean Key

O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk . (.Microsoft Corporation.) -- C:\Windows\explorer.exe

O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - Global Startup: C:\Users\Sidnei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe

~ Scan Global Startup in 00mn 00s

 

 

 

---\\ Extra items in the IE right-click menu (O8)

O8 - Extra context menu item: E&xportar para o Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe

~ Scan IE Menu Contextuel in 00mn 00s

 

 

 

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)

O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico

O9 - Extra button: Skype add-on for Internet Explorer - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO

~ Scan IE Extra Buttons in 00mn 00s

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\System32\NapiNSP.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\System32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll

~ Scan Winsock in 00mn 00s

 

 

 

---\\ ActiveX Objects (Downloaded Program Files) (O16)

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} () - http://c6.community.alice.it/download/DownloaderActiveX.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

~ Scan Objets ActiveX in 00mn 00s

 

 

 

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6DD7A2D-6839-4820-93D7-45D6FE210907}: NameServer = 10.10.2.1,10.10.5.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{F6DD7A2D-6839-4820-93D7-45D6FE210907}: NameServer = 10.10.2.1,10.10.5.1

O17 - HKLM\System\CS3\Services\Tcpip\..\{F6DD7A2D-6839-4820-93D7-45D6FE210907}: NameServer = 10.10.2.1,10.10.5.1

~ Scan Domain in 00mn 00s

 

 

 

---\\ Extra protocols (O18)

O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\MSVidCtl.dll

O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll

O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll

O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll

O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll

O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\MSVidCtl.dll

O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll

~ Scan Protocole Additionnel in 00mn 00s

 

 

 

---\\ ShellServiceObjectDelayLoad (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Monitor de Sites.) -- C:\Windows\System32\webcheck.dll

~ Scan SSODL in 00mn 00s

 

 

 

---\\ SharedTaskScheduler (O22)

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\Windows\system32\browseui.dll

~ Scan STS/SSO in 00mn 00s

 

 

 

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 280.2.) - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Unknown owner - RichVideo Module.) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

~ Scan Services in 00mn 00s

 

 

 

---\\ Windows Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe

~ Scan Desktop Component in 00mn 00s

 

 

 

End of the scan (334 lines in 00mn 04s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Syperrj

 

|- O relatório de ZHPDiag,está incorreto!

|- Foi postado o "Pseudo HijackThis",que é incompleto.

 

///°°°///

 

|- Baixe: < RogueKiller > ( ... par tigzy )

 

|- Salve-o no desktop! RogueKiller_Logo.jpg

|- Feche aplicativos que estejam abertos!

 

RogueKiller_702.jpg

 

|- Ps: Para Windows Vista ou 7,execute RogueKiller.exe como administrador.

|- Aguarde a finalização de seu Prescan.

|- Para antigas versões,clique em "Sim" para o update.

 

RogueKiller_Scan2.jpg

 

|- Dê início ao diagnóstico,clicando no botão "Scan".

|- Poste o relatório: RKreport[1].txt

 

///°°°///

 

|- Abra a ferramenta ZHPDiag.

|- Atualize-a,clicando na seta verde e siga novamente,o procedimento de instalação.

 

|- < ZHPDiag_Opes_Update.jpg >

 

|- Clique no ícone do 'capetinha!' < ZHPDiag_Icone_diabinho.jpg >

|- Poste o relatório: Rapport de ZHPScan

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Há um problema em relação ao ZHPDiag. Eu coloco o programa para atualizar, instalo novamente, e quando abro o programa novamente, não aparece a mensagem indicando que ele está completamente atualizado ("Votre version est à jour"), ao invés disso, ele só mostra a mensagem "A new version is available". Quando me for dada uma solução, eu posto o relatório do ZHPDiag.

 

De qualquer forma, aqui está o relatório do RogueKiller:

 

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Sidnei [Admin rights]

Mode: Scan -- Date: 04/05/2012 23:23:30

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[75] : NtCreateSection @ 0x81E49DE5 -> HOOKED (Unknown @ 0x8A9EC6BE)

SSDT[289] : NtSetContextThread @ 0x81EAA883 -> HOOKED (Unknown @ 0x8A9EC6C3)

SSDT[334] : NtTerminateProcess @ 0x81E09143 -> HOOKED (Unknown @ 0x8A9EC65F)

S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8A9EC6C8)

S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8A9EC6CD)

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

ÿþ1

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD502HI ATA Device +++++

--- User ---

[MBR] 5ffdb1f9b23fe7965b9f3897b2a6ad20

[bSP] 468c8d58ee113b95f9da8d9302f52fcd : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 319997 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 655355610 | Size: 156931 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1].txt >>

RKreport[1].txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Syperrj

 

Há um problema em relação ao ZHPDiag. Eu coloco o programa para atualizar, instalo novamente, e quando abro o programa novamente, não aparece a mensagem indicando que ele está completamente atualizado ("Votre version est à jour"), ao invés disso, ele só mostra a mensagem "A new version is available". Quando me for dada uma solução, eu posto o relatório do ZHPDiag.

|- Ok! É um bug na ferramenta,que podemos ignorar,pois à cada dia 6 ocorre sua atualização.

|- Portanto,pode ser aceito a atualização do mês anterior. ( Rapport de ZHPDiag v1.28.34 par Nicolas Coolman, Update du 06/03/2012 )

 

///°°°///

 

|- Abra,novamente,a ferramenta RogueKiller.

 

RogueKiller_Registry.jpg

 

|- Clique em "Scan".

|- Clique em "Registry".

|- Ps: Ao apresentar entradas assinalada(s) ( FOUND ),clique em "Delete".

 

RogueKiller_Replaced.jpg

 

|- Poste o relatório! ( RKreport[2].txt )

 

RogueKiller_Driver.jpg

 

|- Faça o mesmo para "Driver" e tente a restauração da index "SSDT".

|- Clique direito na linha selecionada e em "Restore".

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está o relatório RKreport[2].txt, do RogueKiller:

 

 

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Sidnei [Admin rights]

Mode: Scan -- Date: 04/06/2012 00:51:44

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[75] : NtCreateSection @ 0x81E49DE5 -> HOOKED (Unknown @ 0x8A9EC6BE)

SSDT[289] : NtSetContextThread @ 0x81EAA883 -> HOOKED (Unknown @ 0x8A9EC6C3)

SSDT[334] : NtTerminateProcess @ 0x81E09143 -> HOOKED (Unknown @ 0x8A9EC65F)

S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8A9EC6C8)

S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8A9EC6CD)

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

ÿþ1

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD502HI ATA Device +++++

--- User ---

[MBR] 5ffdb1f9b23fe7965b9f3897b2a6ad20

[bSP] 468c8d58ee113b95f9da8d9302f52fcd : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 319997 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 655355610 | Size: 156931 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

 

_____________________________________

 

 

Aqui o relatório do Rapport de ZHPScan:

 

 

Rapport de ZHPScan 1.28.34 par Nicolas Coolman, Update du 06/03/2012

Run by Sidnei at 06/04/2012 00:48:29

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Web site : http://nicolascoolman.skyrock.com/

 

 

---\\ Clés de Registre trouvées (Registry Keys found)

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell =>Hijack.Shell.Gen

 

---\\ Clés de Registre génériques trouvées (Generic Registry Keys found)

 

---\\ Valeurs de clé de Registre trouvées (Registry Values found)

*** None ***

 

---\\ Dossiers trouvés (Directories found)

C:\Program Files\DAEMON Tools Toolbar =>Toolbar.Agent

C:\Users\Sidnei\AppData\Local\Conduit =>Toolbar.Conduit

 

 

---\\ Fichiers Firefox trouvés (Files found)

*** None ***

 

---\\ Fichiers trouvés (Files found)

*** None ***

 

---\\ Bilan de la recherche (Scan Result)

Database Version : 9067 - (06/03/2012)

Clés trouvées (Keys found) : 1

Valeurs de clé trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 3

Fichiers trouvés (Files found) : 0

 

End of the scan in 00mn 07s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Syperrj

 

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Sidnei [Admin rights]

Mode: Scan -- Date: 04/06/2012 00:51:44

|- Este relatório de RogueKiller é o de diagnóstico.

|- Execute-o,novamente,e poste a ação solicitada. ( Mode: Delete )

|- Desabilite a UAC,antes do procedimento.

|- Ps: Somente para "Driver",temos o clique direito e,à seguir,"Restore".

|- Tente o procedimento,para cada linha em "Driver".

|- Não utilize a opção "DNS" e/ou "Shortcuts".

|- Ao concluir todos os procedimentos,volte a habilitar a "UAC".

 

///°°°///

 

|- Feche programas/pastas que estejam abertas.

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_Logo.jpg

 

|- Dê um duplo clique em ZHPFix.

 

|- Clique no menu,H < ZHPFix_Icone_H.jpg >

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

 

C:\Program Files\DAEMON Tools Toolbar

C:\Users\Sidnei\AppData\Local\Conduit

 

emptytemp

emptyflash

firewallraz

sysrestore

|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.

|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.

|- Clique em GO -> Oui.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços! ( Ps: Devido à contra-tempo,somente,à noite,poderei lhe atender! )

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui está o relatório ZHPFix[R1]:

 

 

Rapport de ZHPFix 1.12.3381 par Nicolas Coolman, Update du 08/02/2011

Fichier d'export Registre :

Run by Sidnei at 06/04/2012 11:51:28

Windows Vista Ultimate Edition, 32-bit Service Pack 2 (Build 6002)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Registry Value ==========

DELETED [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Repertory ==========

DELETE on Reboot Folder**: c:\program files\daemon tools toolbar

DELETED Folder: c:\users\sidnei\appdata\local\conduit

DELETED Window Temporary: : 84

DELETED Flash Cookies: 2

 

========== File ==========

DELETED Window Temporary: : 26

DELETED Flash Cookies: 1

 

========== Restoration ==========

Restore System Point not created

 

 

========== Summary ==========

4 : Registry Value

4 : Repertory

2 : File

1 : Restoration

 

 

End of clean in 00mn 06s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 06/04/2012 11:51:28 [1150]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Syperrj

 

|- Desinstale: C:\Program Files\Memory Improve Master <-

 

Memory_Cleaner.jpg

 

|- Desinstale,também,o Memory Cleaner.

 

///°°°///

 

RogueKiller_tabs.jpg

 

|- Restou postar o relatório de RogueKiller,na função "Delete" e nas opções em destaque.

|- Ps: Como relatado,anteriormente,a opção "Driver" possui ação diferenciada.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
|- Restou postar o relatório de RogueKiller,na função "Delete" e nas opções em destaque.

 

Desculpe a ignorância, mas o RogueKiller gerou muitos relatórios (oito, para ser exato), todos nomeados RKreport[1]"até"[8]. Qual desses relatórios é o da função "delete"?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe a ignorância, mas o RogueKiller gerou muitos relatórios (oito, para ser exato), todos nomeados RKreport[1]"até"[8]. Qual desses relatórios é o da função "delete"?

Boa Tarde! Syperrj

 

Mode: Scan -- Date: 04/06/2012 00:51:44

|- Poste todos os relatórios que não contenham a inscrição "Scan",no cabeçalho dos relatórios.

|- Ps: Se for os 8,não se acanhe e pode postá-los!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui estão os relatórios do RogueKiller que não contêm o Mode: Scan. Esses relatórios têm no cabeçalho: Mode: Remove:

 

Relatório RKreport[3]:

 

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Sidnei [Admin rights]

Mode: Remove -- Date: 04/06/2012 00:52:24

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[75] : NtCreateSection @ 0x81E49DE5 -> HOOKED (Unknown @ 0x8A9EC6BE)

SSDT[289] : NtSetContextThread @ 0x81EAA883 -> HOOKED (Unknown @ 0x8A9EC6C3)

SSDT[334] : NtTerminateProcess @ 0x81E09143 -> HOOKED (Unknown @ 0x8A9EC65F)

S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8A9EC6C8)

S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8A9EC6CD)

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

ÿþ1

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD502HI ATA Device +++++

--- User ---

[MBR] 5ffdb1f9b23fe7965b9f3897b2a6ad20

[bSP] 468c8d58ee113b95f9da8d9302f52fcd : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 319997 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 655355610 | Size: 156931 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

 

__________________________________________

 

Relatório RKreport[8]:

 

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Sidnei [Admin rights]

Mode: Remove -- Date: 04/07/2012 13:43:53

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 2 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [LOADED] ¤¤¤

S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8A9EC6C8)

S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8A9EC6CD)

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

ÿþ1

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD502HI ATA Device +++++

--- User ---

[MBR] 5ffdb1f9b23fe7965b9f3897b2a6ad20

[bSP] 468c8d58ee113b95f9da8d9302f52fcd : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 319997 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 655355610 | Size: 156931 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[8].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Syperrj

 

¤¤¤ Registry Entries: 2 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F6DD7A2D-6839-4820-93D7-45D6FE210907} : NameServer (10.10.2.1,10.10.5.1) -> NOT REMOVED, USE DNSFIX

|- Essa configuração de DNS,foi de sua escolha?

|- Você tem problemas de conexão? Ela é rápida?

 

¤¤¤ Driver: [LOADED] ¤¤¤

S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8A9EC6C8)

S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8A9EC6CD)

|- Restaram estes que não puderam ser restaurados.

|- Ps: Executou o procedimento do "clique-direito" nessas linhas?

|- Muitas delas são adicionadas por antivírus ou Firewall,mas também são adicionadas por Rogues,para fins maliciosos.

|- Tente,novamente,a Restauração e poste o relatório!

|- Ps: Como está seu computador,houve melhoras?

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
|- Essa configuração de DNS,foi de sua escolha?

|- Você tem problemas de conexão? Ela é rápida?

 

Não, a configuração não foi de escolha minha. Tenho, minha conexão apesar de ser razoavelmente rápida, sofre muito com oscilações.

 

|- Restaram estes que não puderam ser restaurados.

|- Ps: Executou o procedimento do "clique-direito" nessas linhas?

|- Muitas delas são adicionadas por antivírus ou Firewall,mas também são adicionadas por Rogues,para fins maliciosos.

|- Tente,novamente,a Restauração e poste o relatório!

|- Ps: Como está seu computador,houve melhoras?

 

Sim, eu executei o procedimento. Tentei novamente a restauração das duas linhas S_SSDT, porém não consegui restaurar. Apareceu a mensagem: Cannot fix shadow SSDT.

 

Sim, houveram melhoras na performance do meu computador.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.