Tutorial Resolvendo problemas com sites ! [Arquivo]

Ver Versão Completa : Tutorial Resolvendo problemas com sites !

Serafan

18-11-2009, 14:29

Pessoal, criei este topico para evitar aqueles topicos repetitivos de :
"PROBLEMAS COM SITE" , "SITE NÃO PEGA" , "SITE NÃO ENTRA" , "TIBIA.COM BUGADO" e etc.
Estes procedimentos quase certamente resolverão o problema.

Desative o seu antivirus.

Porque devo desativar o meu antivírus?

- Os antivírus convencionais são usados para PROTEÇÃO, e não para CORREÇÃO de arquivos. Sim, eles podem ser usados para corrigir problemas mais simples como desprogramação por cavalo de troia, trojans e semelhantes, porém o nível de 80% deles é muito baixo no quisito correção. O ComboFix é um "programa" usado para correção de arquivos do sistema operacional, e algumas vezes ele identifica erros nos arquivos do sistema e os modifica. O seu antivirus irá entender como um virus tentando modificar o arquivo e o bloqueará, fazendo com que estes dois programas rodando simultanêamente entrem em conflito, tornando o seu desempenho inútil.
Baixe o ComboFix no baixaki;

-
Ainda com o seu antivirus desligado coloque o ComboFix na sua área de trabalho (OBRIGATÓRIAMENTE) ; Feche TODOS os outros programas em execução ; Execute o ComboFix e aguarde. Após executa-lo não mexa em mais nada, nem no mouse, nem no teclado, apenas se alguma confirmação for pedida. Não abra outros programas ; Se for nescessário reiniciar o seu computador, reinicie, se precisar atualizar o programa, atualize.
Após a verificação um log será gerado em C:/ComboFix.txt ' Se o problema persistir, cole o log aqui na sua proxima mensagem.

-

Girafales

18-11-2009, 18:56

Muita gente tem esse problema e essa solução quase sempre funciona. O tópico será fixado. Caso a solução exposta não funcione, poste seu problema aqui, ao invés de criar um novo tópico.

Tópico FIXO.

Serafan

18-11-2009, 23:25

Olha só ein, não achei que seria fixado tão rapidamente, embora a intenção nunca tenha sido essa, acredito que isso evitará os topicos repetitivos na seção de suporte.
Obrigado PG.

att:
Serafan*

bebiano

19-11-2009, 22:25

Sim aqui o problema persistiu o log apareceu so que eu o fechei aonde pego ele denovo ?

Serafan

20-11-2009, 06:05

Baixe o programa CCleaner em:
www.baixaki.com.br

Ou no link direto:
download.piriform.com/ccsetup224. exe <copie e cole no seu navegador e remova o espaço em . exe>

-
Para que este "HOW TO DO" tenha sucesso é preciso que você faça EXATAMENTE o que eu mandar, caso contrário erros podem acontecer danificando a sua máquina.

-
Execute o CCleaner ; Não mexa em nada ; Clique em Analisar ; Aguarde a Análise ser concluída ; Logo em seguida clique em Executar Limpeza ; Aguarde a limpeza ser concluída.
Na aba da direita clique em Registro ; Clique em Procurar Erros ; Aguarde a procura ser concluída ; Clique em Corrigir Erros Selecionados ; Na caixa de diálogo que apareceu clique em Não ; Clique em Corrigir Todos Os Erros Selecionados ; Clique em Não na caixa de diálogo que apareceu ; Feche o programa.

-

P.S¹: Caso não resolva cole o LOG do ComboFix que se encontra na pasta
C:/ComboFix.txt

att:
Serafan*

Osford

21-11-2009, 11:27

Serafan

21-11-2009, 19:26

Boa idéia para quem acha que a internet cai toda hora, e fica uma fera.

Gostei do tutorial, devia existir mais tutoriais nessa seção referente a solução mais aprofundada sobre lags e mais algumas coisas.

Continue assim.
Caro osford,

Muito obrigado pelo incentivo, sinto-me honrado de ver pessoas prestigiando o meu trabalho.
É isso, e somente isso, que me motiva a continuar dando suporte aqui no fórum.

Atenciosamente:
Serafanbtw.

Kamahl doido

21-11-2009, 19:44

como todos ja falaram,parabens pelo trabalho..eu msm estava tendo alguns problemas desses semana passada,mas era da net msm..mas se voltar a aparecer,certamente irei usar seu topico
mais uma vez,parabens

Serafan

21-11-2009, 20:40

Caro Kahmal,

Obrigado a você também pelo apoio, sou grato pelo seu reconhecimendo, e saiba que qualquer duvida que não for respondida neste topico, pode ser respondida por mensagem privada. Se você precisar de auxílio e suporte, sabe onde me encontrar. Um abraço.

Atenciosamente:
Serafanbtw.

Diego Nacena

23-11-2009, 16:32

Problema Resolvido, Obrigado. ;)

Serafan

23-11-2009, 18:25

Caro Diego,

Fico alegre em saber que o meu tópico está ajudando os membros aqui do fórum a solucionarem dúvidas e problemas que encomodam bastante no nosso dia-a-dia no tibia.
Fique sabendo que qualquer outra dúvida pode ser respondida aqui no fórum de suporte ou até mesmo clicando no link a baixo, por MP.

bebiano

28-11-2009, 01:27

Log

ComboFix 09-11-27.04 - Familia 28/11/2009 1:35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.233 [GMT -2:00]
Executando de: c:\documents and settings\Familia\Meus documentos\Downloads\ComboFix*****
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\twain_32.dll

----- BITS: Sites possivelmente infectados -----

hxxp://armmf.adobe.com
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-28 to 2009-11-28 ))))))))))))))))))))))))))))
.

2009-11-28 01:44 . 2009-11-26 15:02 58720 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Zwunzi\zwunzi129*****
2009-11-26 19:38 . 2009-11-26 19:48 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\MessengerDiscovery 2
2009-11-26 16:44 . 2009-11-28 03:30 -------- d-----w- c:\arquivos de programas\Zwunzi
2009-11-26 16:44 . 2009-11-28 01:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Zwunzi
2009-11-22 19:41 . 2009-11-22 19:46 -------- d-----w- c:\arquivos de programas\******** NG 8.50 ot
2009-11-22 06:25 . 2009-11-25 23:35 -------- d-----w- c:\arquivos de programas\Ot 8.50
2009-11-21 02:26 . 2009-11-21 04:05 -------- d-----w- c:\arquivos de programas\Conquer 2.0
2009-11-20 05:36 . 2009-11-26 21:49 -------- d-----w- C:\GunSoft
2009-11-20 02:50 . 2009-11-20 04:20 452464325 ----a-w- C:\KnightOnlineSetup_1708*****
2009-11-20 00:40 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-20 00:40 . 2008-04-13 18:40 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-19 15:04 . 2009-11-19 15:04 1 ----a-w- c:\documents and settings\Familia\Dados de aplicativos\BrOffice.org2\user\uno_packages\cache\ stamp.sys
2009-11-18 20:36 . 2009-11-18 20:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\EZB Systems
2009-11-18 20:36 . 2009-11-18 20:36 -------- d-----w- c:\arquivos de programas\UltraISO
2009-11-18 20:21 . 2009-11-18 20:21 -------- d-----w- c:\arquivos de programas\WinISO
2009-11-17 23:03 . 2009-11-19 07:34 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2009-11-17 20:05 . 2009-11-17 20:05 -------- d-----w- c:\arquivos de programas\MGTGames
2009-11-17 20:02 . 2000-01-14 15:14 101376 ----a-w- c:\windows\UniFish3*****
2009-11-17 20:01 . 2009-11-17 20:01 -------- d-----w- c:\arquivos de programas\Hasbro Interactive
2009-11-17 19:52 . 2009-11-17 19:52 -------- d-----w- c:\arquivos de programas\MyRealGames.com
2009-11-17 15:22 . 2009-11-18 00:07 -------- d-----w- c:\arquivos de programas\Tremulous
2009-11-17 11:56 . 2009-11-04 13:18 58872 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Findbasic\findbasic137*****
2009-11-17 02:39 . 2009-11-17 02:39 -------- d-----w- c:\arquivos de programas\Incanta
2009-11-17 02:37 . 2009-11-17 02:37 -------- d-----w- c:\documents and settings\Familia\WINDOWS
2009-11-16 19:58 . 2009-11-16 19:58 152576 ----a-w- c:\documents and settings\Familia\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-16 19:46 . 2009-11-16 19:57 79488 ----a-w- c:\documents and settings\Familia\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-14 14:23 . 2009-11-14 14:23 -------- d-----w- C:\Sierra
2009-11-14 13:41 . 2009-11-14 13:41 -------- d-----w- c:\arquivos de programas\Discador Digerati
2009-11-11 16:32 . 2009-11-24 20:06 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\sqlitestudio
2009-11-08 01:49 . 2009-11-08 01:49 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-07 01:41 . 2009-11-07 01:41 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\Nokia
2009-11-06 22:58 . 2009-11-06 22:58 -------- d-sh--w- c:\documents and settings\Familia\PrivacIE
2009-11-06 22:53 . 2009-11-06 22:53 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\DataLayer
2009-11-06 19:07 . 2009-11-16 20:34 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\MSN6
2009-11-02 16:17 . 2009-11-02 16:17 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\Ahead
2009-10-31 21:12 . 2009-11-08 01:49 -------- d-----w- c:\documents and settings\Familia\Phone Browser

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-28 02:44 . 2008-01-10 17:25 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-11-27 21:57 . 2009-07-15 00:53 -------- d-----w- c:\arquivos de programas\******** NG
2009-11-26 21:53 . 2009-10-16 21:40 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\VMNTOOLBAR
2009-11-23 15:22 . 2009-10-16 22:38 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\Tibia
2009-11-22 13:08 . 2008-03-12 13:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-11-22 05:59 . 2009-06-12 16:34 -------- d-----w- c:\arquivos de programas\No-IP
2009-11-21 12:01 . 2007-10-11 20:21 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-11-21 04:49 . 2009-08-15 19:11 -------- d--h--w- c:\arquivos de programas\updart
2009-11-20 00:59 . 2008-07-08 16:15 -------- d-----w- c:\arquivos de programas\FunWebProducts
2009-11-19 16:37 . 2009-10-25 01:03 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\BrOffice.org2
2009-11-17 23:03 . 2008-03-29 14:37 -------- d-----w- c:\arquivos de programas\Windows Live
2009-11-17 15:01 . 2009-10-03 23:12 -------- d-----w- c:\arquivos de programas\Findbasic
2009-11-17 12:19 . 2001-10-28 15:07 83264 ----a-w- c:\windows\system32\perfc016.dat
2009-11-17 12:19 . 2001-10-28 15:07 477488 ----a-w- c:\windows\system32\perfh016.dat
2009-11-17 11:56 . 2009-10-03 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Findbasic
2009-11-17 02:22 . 2009-10-04 19:23 -------- d-----w- c:\arquivos de programas\Tibia 8.500
2009-11-16 21:00 . 2009-01-14 18:04 -------- d-----w- c:\arquivos de programas\Tibia
2009-11-16 21:00 . 2009-07-29 07:29 -------- d-----w- c:\arquivos de programas\******** NG1
2009-11-16 21:00 . 2009-10-16 13:43 -------- d-----w- c:\arquivos de programas\******** NG 8.50
2009-11-16 19:59 . 2008-03-05 16:47 -------- d-----w- c:\arquivos de programas\Java
2009-11-04 14:30 . 2009-10-16 21:40 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\EmailNotifier
2009-10-27 23:48 . 2008-03-28 23:20 -------- d-----w- c:\arquivos de programas\Google
2009-10-25 01:08 . 2009-10-25 01:08 -------- d-----w- c:\arquivos de programas\Cresce.Net
2009-10-25 01:02 . 2009-10-25 01:02 -------- d-----w- c:\arquivos de programas\Phoenix Crew
2009-10-16 22:39 . 2009-10-16 22:39 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\Windows Live Writer
2009-10-16 22:33 . 2009-10-16 22:33 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\PC Suite
2009-10-16 21:54 . 2009-10-16 21:54 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\PC Suite
2009-10-16 01:14 . 2009-10-16 01:14 -------- d-----w- c:\arquivos de programas\Discador TopGames
2009-10-14 11:45 . 2009-09-06 21:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared
2009-10-11 06:17 . 2008-12-10 09:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 18:58 . 2009-10-07 18:58 28 ----a-w- c:\documents and settings\Bebiano\07102009.Dat
2009-10-07 13:59 . 2009-09-09 22:09 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\MPK
2009-10-06 16:10 . 2009-10-06 16:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\VMNTOOLBAR
2009-10-06 16:10 . 2009-10-06 16:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\EmailNotifier
2009-10-06 16:10 . 2009-10-06 16:10 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos\VMNTOOLBAR
2009-10-06 16:10 . 2009-10-06 16:10 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos\EmailNotifier
2009-10-06 16:00 . 2009-10-06 16:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite
2009-10-04 15:13 . 2009-10-04 15:13 28 ----a-w- c:\documents and settings\Bebiano\04102009.Dat
2009-10-04 15:05 . 2009-05-13 03:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8
2009-10-03 23:12 . 2009-10-03 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\EmailNotifier
2009-10-03 23:12 . 2009-10-03 23:12 -------- d-----w- c:\arquivos de programas\vmntoolbar
2009-10-03 23:12 . 2009-10-03 23:12 -------- d-----w- c:\arquivos de programas\CA VMN Anti-Spyware
2009-10-03 23:12 . 2009-10-03 23:12 -------- d-----w- c:\arquivos de programas\Common Files
2009-10-03 23:11 . 2009-10-03 23:11 -------- d-----w- c:\arquivos de programas\Free Screensavers
2009-09-30 15:31 . 2009-09-30 15:31 28 ----a-w- c:\documents and settings\Bebiano\30092009.Dat
2009-09-29 16:01 . 2009-09-29 16:01 28 ----a-w- c:\documents and settings\Bebiano\29092009.Dat
2009-09-27 15:50 . 2009-09-27 15:50 28 ----a-w- c:\documents and settings\Bebiano\27092009.Dat
2009-09-11 14:19 . 2002-09-09 17:07 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 00:30 . 2009-09-10 00:30 0 ----a-w- c:\windows\system32\drivers\usbkbd.sys
2009-09-10 00:30 . 2007-10-11 16:25 65536 ----a-w- c:\windows\DUMP83b6.tmp
2009-09-10 00:29 . 2007-10-11 16:25 65536 ----a-w- c:\windows\DUMP7a21.tmp
2009-09-09 21:58 . 2009-09-09 21:58 64000 ----a-w- c:\windows\system32\ssleay32.dll
2009-09-09 21:58 . 2009-09-09 21:58 290816 ----a-w- c:\windows\system32\libeay32.dll
2009-09-05 16:18 . 2009-09-05 16:18 2613248 ----a-w- c:\windows\system32\dxdsvr*****
2009-09-04 21:04 . 2001-10-28 15:07 58880 ----a-w- c:\windows\system32\msasn1.dll
1994-05-18 12:00 . 2006-02-08 11:30 19049 -csha-w- c:\windows\system32\BE*****
2004-12-19 14:32 . 2006-02-08 11:30 31232 --sha-w- c:\windows\system32\cmdow*****
2006-02-08 19:22 . 2006-02-08 13:59 136 -csha-w- c:\windows\system32\uninstall_otst.cmd
.

------- Sigcheck -------

[-] 2009-06-22 . 6F44A632CF9F90F5D499820E4DB3FBBF . 82944 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2006-05-19 . 33BAE2D63547096A41E278887F3FB6DE . 70656 . . [5.1.2600.1847] . . c:\windows\$NtUninstallKB922819_0$\ws2_32.dll
[7] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2001-10-28 . 4A95E7320199EC0E3A695494F140C69F . 75264 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB914388_0$\ws2_32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-20_01.05.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-28 03:30 . 2009-11-28 03:30 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2007-07-18 12:42 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange*****
- 2007-07-18 12:42 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange*****
+ 2009-11-25 22:00 . 2009-11-25 22:00 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon*****
+ 2009-11-25 22:00 . 2009-11-25 22:00 429568 c:\windows\Installer\1abd8b6.msi
+ 2009-07-21 02:03 . 2009-07-21 02:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf34 5378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-09-24 12:08 . 2009-07-31 12:03 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 02:05 . 2009-07-21 02:05 1348432 c:\windows\system32\msxml4.dll
+ 2007-10-13 16:07 . 2009-07-31 04:33 1172480 c:\windows\system32\msxml3.dll
+ 2008-09-24 12:08 . 2009-07-31 12:03 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-11-13 11:18 . 2009-07-31 04:33 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-11-22 13:08 . 2009-11-22 13:08 3957760 c:\windows\Installer\4a9056.msi
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 14:58 1107200 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr*****" [2009-07-26 3883840]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs*****" [2008-04-14 1695232]
"Discador Digerati"="c:\arquivos de programas\Discador Digerati\autoupdate*****" [2003-10-07 16384]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier*****" [2008-03-29 68856]
"Google Update"="c:\documents and settings\Familia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate*****" [2009-11-16 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2001-12-16 2899968]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2001-12-16 46080]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl*****" [2001-01-25 20480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck*****" [2001-07-09 155648]
"InCD"="c:\arquivos de programas\Ahead\InCD\InCD*****" [2005-05-13 1397760]
"FixCamera"="c:\windows\FixCamera*****" [2007-07-11 20480]
"tsnp325"="c:\windows\tsnp325*****" [2007-04-21 270336]
"snp325"="c:\windows\vsnp325*****" [2007-05-10 835584]
"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray*****" [2009-11-16 2028312]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched*****" [2009-06-11 198160]
"killer214"="c:\windows\system32\Tibia*****" [2009-07-04 45056]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched*****" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl*****" [2009-10-03 35696]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM*****" [2009-09-04 935288]
"nwiz"="nwiz*****" - c:\windows\system32\nwiz***** [2001-12-16 782336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON*****"="c:\windows\System32\CTFMON*****" [2008-04-14 15360]

c:\documents and settings\Mattheus.BEBIANO-P9TLQQR\Menu Iniciar\Programas\Inicializar\
BrOffice.org 2.3.lnk - c:\arquivos de programas\BrOffice.org 2.3\program\quickstart***** [2007-8-17 393216]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-08-26 13:13 352256 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 14:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr*****"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr*****"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync*****"=
"c:\\Documents and Settings\\Familia\\Desktop\\Downloads\\Styller Yourots 0.6.1 Rev 04 (8.50-8.52)\\Styller Yourots Rev 04*****"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/5/2009 01:07 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/5/2009 01:07 108552]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 14:53 8944]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [27/2/2007 13:39 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc***** [13/5/2009 01:07 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc***** [13/5/2009 01:07 297752]
R2 Zwunzi Service;Zwunzi Service;c:\documents and settings\All Users\Dados de aplicativos\Zwunzi\zwunzi129***** [27/11/2009 23:44 58720]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/3/2008 20:57 664064]
S2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\httpd*****" -k runservice --> c:\xampp\apache\bin\httpd***** [?]
S2 Findbasic Service;Findbasic Service;c:\documents and settings\All Users\Dados de aplicativos\Findbasic\findbasic137***** [17/11/2009 09:56 58872]
S2 SlimFTPd;SlimFTPd;"c:\otstriad\ftp\SlimFTPd*****" -service --> c:\otstriad\ftp\SlimFTPd***** [?]
S2 XAMPP;XAMPP Service;c:\xampp\service***** --> c:\xampp\service***** [?]
S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [16/2/2006 18:51 4096]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [18/2/2009 18:33 10394624]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [19/10/2007 11:46 29152]
S3 XDva076;XDva076;\??\c:\windows\system32\XDva076.sy s --> c:\windows\system32\XDva076.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-11-27 c:\windows\Tasks\Norton Security Scan for Bebiano.job
- c:\arquivos de programas\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss***** [2009-08-30 19:45]
.
.
------- Scan Suplementar -------
.
TCP: {2F8B96B8-66B0-4D7D-A0C1-EDD1AFD53413} = 208.67.222.222,208.67.220.220
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Familia\Dados de aplicativos\Mozilla\Firefox\Profiles\wrarxk0g.defa ult\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\com ponents\IGeared_tavgp_xputils2.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\com ponents\IGeared_tavgp_xputils3.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\com ponents\IGeared_tavgp_xputils35.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\com ponents\xpavgtbapi.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npkanevapatch.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-NVIDIA Display Driver - c:\windows\System32\nvudisp***** Uninstall
AddRemove-RealJukebox 1.0 - c:\arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst***** RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst***** RealNetworks|RealPlayer|6.0

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Fwww.gmer.net)
Rootkit scan 2009-11-28 01:52
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

************************************************** ************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\a67ae326-5297-6599-f032-36c8e64e324]
@Denied: (Full) (AuthenticatedUsers)
@Denied: (Full) (Administrators)
"1v0ek45gmdg1f"=hex:33,36,32,38,34,64,32,30,2d,32,31,39,31,2d,34, 32,32,36,2d,
38,34,31,66,2d,62,66,37,64,32,32,33,33,62,34,33,30
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon*****'(684)
c:\windows\system32\sknc.dll
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass*****'(740)
c:\windows\system32\sknc.dll
.
Tempo para conclusão: 2009-11-28 02:04
ComboFix-quarantined-files.txt 2009-11-28 04:04
ComboFix2.txt 2009-11-20 01:15

Pré-execução: 15 pasta(s) 44.523.646.976 bytes disponíveis
Pós execução: 18 pasta(s) 44.522.414.080 bytes disponíveis

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 71A07399060483772FC92B1B31BC5681

Serafan

28-11-2009, 13:33

Caro bebiano,

Baixe o MalwareBytes em www.baixaki.com.br (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Fwww.baixaki.com.b r) ou siga o link direto:
-
Instale o programa e execute-o;
Desative o seu AntiVírus;
Marque a opção verificação completa, e depois clique em verificar.

Certo, enquanto verifica, limparemos os cachês do seu navegador, faça o seguinte:
Baixe o programa CCleaner no baixaki ou siga o link direto em:

Execute o CCleaner ; Não mexa em nada ; Clique em Analisar ; Aguarde a Análise ser concluída ; Logo em seguida clique em Executar Limpeza ; Aguarde a limpeza ser concluída.
Na aba da direita clique em Registro ; Clique em Procurar Erros ; Aguarde a procura ser concluída ; Clique em Corrigir Erros Selecionados ; Na caixa de diálogo que apareceu clique em Não ; Clique em Corrigir Todos Os Erros Selecionados ; Clique em Não na caixa de diálogo que apareceu ; Feche o programa.
-
Abra o CMD clicando em Iniciar>Executar e escrevendo " cmd " na caixa de diálogo que abriu (sem aspas).

Digite: ipconfig /flushdns e aperte enter (repita esse passo 3x).
Feche o CMD escrevendo exit e apertando enter.

-

Após executar o malwarebytes, um log será gerado, copie e cole-o em sua próxima mensagem.

fedor02

01-12-2009, 11:59

Funciono certinho.
Thx :D

Serafan

01-12-2009, 16:52

Caro fedor02,

Sinta-se livre para usar o tópico para falar sobre assuntos relacionados, também para tirar suas dúvidas, caso o problema persista, estarei disposto a ajuda-lo por MP ou até mesmo por um post criado aqui na seção de suporte.

Pvp Original

04-12-2009, 00:46

olha,eu nao consegui,fiz tudo que falaram ai e nao deu certo.sendo q nao tenho anti virus nem nada.ME AJUDEM

LOG

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\ System.Windows.Forms.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\ System.Windows.Forms.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\ mscorlib.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\ mscoree.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\ System.Drawing.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\ System.EnterpriseServices.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\ Microsoft.JScript.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\ Microsoft.Vsa.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\ System.Drawing.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\ mscoree.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\ System.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\ System.EnterpriseServices.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\ Microsoft.JScript.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\ Microsoft.Vsa.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\ Microsoft.Vsa.Vb.CodeDOMProcessor.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\ mscorlib.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\ System.tlb"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\ Microsoft.Vsa.Vb.CodeDOMProcessor.tlb"=dword:00001000

[HKEY_CLASSES_ROOT\SysmonLogManager.Snapin]

[HKEY_CLASSES_ROOT\WMPCD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.0\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.5]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.5\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.cfg]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.cfg\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.elfc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.elfc\OpenWithList]
"a"="firefox*****"
"MRUList"="cab"
"b"="msmsgs*****"
"c"="Tibia Mc*****"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.elft]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.elft\OpenWithList]
"a"="Tibia Mc*****"
"MRUList"="ab"
"b"="firefox*****"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.fg]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.fg\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.lua]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.lua\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.part]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.part\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.prx]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.prx\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.rjt]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.rp]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.rt]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.s3db]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.s3db\OpenWithList]
"a"="sqlitestudio-1.0.1*****"
"MRUList"="ba"
"b"="sqlitestudio-1.0.0-b1*****"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.sav]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.sav\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.sdp]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.sgm]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.sgm\OpenWithList]
"a"="VisualBoyAdvance*****"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.srt]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.srt\OpenWithList]
"a"="sqlitestudio-1.0.0-b1*****"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.UV]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.UV\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.wpt]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\FileExts\.wpt\OpenWithList]

[HKEY_CLASSES_ROOT\Connection Manager Profile\DefaultIcon]
@="C:\\WINDOWS\\system32\\CMMGR32*****,1"

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open]

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open\command]
@="C:\\WINDOWS\\system32\\CMMGR32***** \"%1\""

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...]

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...\command]
@="C:\\WINDOWS\\system32\\CMMGR32***** /settings \"%1\""

[HKEY_CLASSES_ROOT\ots\shell\open]

[HKEY_CLASSES_ROOT\ots\shell\open\command]
@="\"C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\Tibia MULTI-ip changer*****\" %1"

[HKEY_CLASSES_ROOT\otserv\shell\open]

[HKEY_CLASSES_ROOT\otserv\shell\open\command]
@="\"C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\Tibia MULTI-ip changer*****\" %1"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}]
@="ActiveXPlugin Object"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Control]

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\InprocServer32]
@="C:\\WINDOWS\\system32\\plugin.ocx"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ProgID]
@="Microsoft.ActiveXPlugin.1"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ToolboxBitmap32]
@="C:\\WINDOWS\\system32\\plugin.ocx, 1"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\TypeLib]
@="{06DD38D0-D187-11CF-A80D-00C04FD74AD8}"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\VersionIndependentProgID]
@="Microsoft.ActiveXPlugin"

[HKEY_CLASSES_ROOT\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@="FlashProp Class"

[HKEY_CLASSES_ROOT\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="C:\\WINDOWS\\system32\\macromed\\flash\\flash.ocx"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{1B02BDDF-F6D2-4B36-ABBA-AD49EBC876A5}]

[HKEY_CLASSES_ROOT\CLSID\{1B02BDDF-F6D2-4B36-ABBA-AD49EBC876A5}\InprocServer32]
@="C:\\ARQUIV~1\\WINDOW~4\\MESSEN~1\\MSGSC8~1.DLL"

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}]
@="Microsoft TabStrip Control 6.0 (SP6)"

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Control]

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.TabStrip.2"

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX, 10"

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Version]
@="2.0"

[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.TabStrip"

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}]
@="Microsoft ImageList Control 6.0 (SP6)"

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Control]

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="165265"

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.ImageListCtrl.2"

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX, 3"

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Version]
@="2.0"

[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.ImageListCtrl"

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}]
@="Microsoft ProgressBar Control 6.0 (SP6)"

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Control]

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="172433"

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.ProgCtrl.2"

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX, 17"

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Version]
@="2.0"

[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.ProgCtrl"

[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}]
@="Common Dialog Font Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"

[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}]
@="Common Dialog Print Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"

[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}]
@="Common Dialog Help Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}]
@="Microsoft Toolbar Control 6.0 (SP6)"

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Control]

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="237969"

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.Toolbar.2"

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX, 12"

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Version]
@="2.0"

[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.Toolbar"

[HKEY_CLASSES_ROOT\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}]
@="Common Dialog Open Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"

[HKEY_CLASSES_ROOT\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}]
@="Common Dialog Color Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}]
@="Microsoft StatusBar Control 6.0 (SP6)"

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Control]

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="172433"

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.SBarCtrl.2"

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX, 1"

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Version]
@="2.0"

[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.SBarCtrl"

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}]
@="Microsoft ListView Control 6.0 (SP6)"

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Control]

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.ListViewCtrl.2"

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX, 4"

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Version]
@="2.0"

[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.ListViewCtrl"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}]
@="TreeView General Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}]
@="TabStrip General Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}]
@="Tab Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}]
@="ImageList General Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}]
@="Image Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}]
@="Toolbar General Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}]
@="Button Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}]
@="StatusBar General Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}]
@="Panel Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}]
@="Progress Bar General Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}]
@="Slider General Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}]
@="Slider Appearance Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}]
@="ListView General Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}]
@="ListView Sort Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}]
@="ListView Images Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}]
@="ListView Columns Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}]
@="ImageComboBox General Property Page Object"

[HKEY_CLASSES_ROOT\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}]
@="Microsoft TreeView Control 6.0 (SP6)"

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Control]

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.TreeCtrl.2"

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX, 2"

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Version]
@="2.0"

[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.TreeCtrl"

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}]
@="Microsoft ImageComboBox Control 6.0 (SP6)"

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Control]

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.ImageComboCtl.2"

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX, 1916"

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Version]
@="2.0"

[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.ImageComboCtl"

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}]
@="Microsoft Slider Control 6.0 (SP6)"

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Control]

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.Slider.2"

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\ \Trial Reset\\MSCOMCTL.OCX, 16"

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Version]
@="2.0"

[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.Slider"

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}]
@="Microsoft Common Dialog Control, version 6.0 (SP6)"

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Control]

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1]
@="132499"

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ProgID]
@="MSComDlg.CommonDialog.1"

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ToolboxBitmap32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX, 1"

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib]
@="{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version]
@="1.2"

[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\VersionIndependentProgID]
@="MSComDlg.CommonDialog"

[HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}]
@="IF3PopupMenu"

[HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib]
@="{E47CAEE0-DEEA-464A-9326-3F2801535A4D}"
"Version"="1.0"

[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}]
@="IUserHelper"

[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}\TypeLib]
@="{19D52A9A-379C-4720-BA00-3D396ECD24D7}"
"Version"="1.0"

[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}]
@="IiPodManagerUI"

[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}\TypeLib]
@="{19D52A9A-379C-4720-BA00-3D396ECD24D7}"
"Version"="1.0"

[HKEY_CLASSES_ROOT\Applications\moviemk*****]

[HKEY_CLASSES_ROOT\Applications\moviemk*****\shell]
"FriendlyCache"="Movie Maker"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\App Paths\cmmgr32*****]
@="C:\\WINDOWS\\system32\\cmmgr32*****"
"Path"="C:\\WINDOWS\\system32"
"CmstpExtensionDll"="C:\\WINDOWS\\system32\\cmcfg32.dll"
"CMInternalVersion"="1.2"
"CmNative"=dword:00000001
"ProfilesUpgraded"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\WINDOWS\\winsxs\\x86_Microsoft.VC80.CRT_1fc8b3 b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Internet Security 2009\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\Kaspersky Lab\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\TibiaLive\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\fr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\it\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\de\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\es\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\zh-Hans\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\zh-Hant\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\ja\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\ko\\"=""

[HKEY_CURRENT_USER\Software\shockwave.com]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpyEmergency"="C:\\Arquivos de programas\\NETGATE\\Spy Emergency 2008\\SpyEmergency*****"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\Ardamax Keylogger]
"Order"=hex:08,00,00,00,02,00,00,00,84,01,00,00,01,00,00, 00,03,00,00,00,8c,\
00,00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,6c,00,\
32,00,fa,01,00,00,83,3b,d1,63,20,00,41,52,44,41,4d ,41,7e,31,2e,4c,4e,4b,00,\
00,42,00,03,00,04,00,ef,be,83,3b,46,17,83,3b,d1,63 ,14,00,00,00,41,00,72,00,\
64,00,61,00,6d,00,61,00,78,00,20,00,4b,00,65,00,79 ,00,6c,00,6f,00,67,00,67,\
00,65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00 ,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,1c,00,00,00,00,00,00,00,00,00,6e,00,00 ,00,01,00,00,00,60,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,4e,00,32,00 ,ce,01,00,00,83,3b,d1,63,\
20,00,48,65,6c,70,2e,6c,6e,6b,00,00,28,00,03,00,04 ,00,ef,be,83,3b,46,17,83,\
3b,d1,63,14,00,00,00,48,00,65,00,6c,00,70,00,2e,00 ,6c,00,6e,00,6b,00,00,00,\
18,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,18,00,00 ,00,00,00,00,00,00,00,7e,\
00,00,00,02,00,00,00,70,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,5e,00,\
32,00,08,02,00,00,83,3b,d1,63,20,00,4c,4f,47,56,49 ,45,7e,31,2e,4c,4e,4b,00,\
00,34,00,03,00,04,00,ef,be,83,3b,46,17,83,3b,d1,63 ,14,00,00,00,4c,00,6f,00,\
67,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,2e ,00,6c,00,6e,00,6b,00,00,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00 ,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\avast! Antivirus]
"Order"=hex:08,00,00,00,02,00,00,00,8e,01,00,00,01,00,00, 00,03,00,00,00,70,\
00,00,00,00,00,00,00,62,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,50,00,\
32,00,c9,07,00,00,8a,3a,3b,93,20,00,41,6a,75,64,61 ,2e,6c,6e,6b,00,2a,00,03,\
00,04,00,ef,be,8a,3a,3b,93,d2,3a,35,5f,14,00,00,00 ,41,00,6a,00,75,00,64,00,\
61,00,2e,00,6c,00,6e,00,6b,00,00,00,18,00,0e,00,00 ,00,0a,00,ef,be,00,00,00,\
00,18,00,00,00,00,00,00,00,00,00,8a,00,00,00,01,00 ,00,00,7c,00,00,00,41,75,\
67,4d,02,00,00,00,01,00,00,00,6a,00,32,00,01,07,00 ,00,8a,3a,3b,93,20,00,41,\
56,41,53,54,21,7e,31,2e,4c,4e,4b,00,00,40,00,03,00 ,04,00,ef,be,8a,3a,3b,93,\
d2,3a,35,5f,14,00,00,00,61,00,76,00,61,00,73,00,74 ,00,21,00,20,00,41,00,6e,\
00,74,00,69,00,76,00,69,00,72,00,75,00,73,00,2e,00 ,6c,00,6e,00,6b,00,00,00,\
1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00 ,00,00,00,00,00,00,00,88,\
00,00,00,02,00,00,00,7a,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,68,00,\
32,00,57,00,00,00,8a,3a,3b,93,20,00,41,56,41,53,54 ,21,7e,31,2e,55,52,4c,00,\
00,3e,00,03,00,04,00,ef,be,8a,3a,3b,93,d2,3a,35,5f ,14,00,00,00,61,00,76,00,\
61,00,73,00,74,00,21,00,20,00,57,00,65,00,62,00,20 ,00,53,00,69,00,74,00,65,\
00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00 ,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\Avira]
"Order"=hex:08,00,00,00,02,00,00,00,88,00,00,00,01,00,00, 00,01,00,00,00,7c,\
00,00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,5c,00,\
31,00,00,00,00,00,5a,3b,52,26,10,00,41,4e,54,49,56 ,49,7e,31,00,00,36,00,03,\
00,04,00,ef,be,5a,3b,52,26,5d,3b,55,7f,14,00,00,00 ,41,00,6e,00,74,00,69,00,\
56,00,69,00,72,00,20,00,44,00,65,00,73,00,6b,00,74 ,00,6f,00,70,00,00,00,18,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,18,00,00,00 ,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\BMO WORLD]
"Order"=hex:08,00,00,00,02,00,00,00,24,03,00,00,01,00,00, 00,06,00,00,00,88,\
00,00,00,00,00,00,00,7a,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,68,00,\
32,00,7c,06,00,00,ac,3a,3b,82,20,00,41,43,43,4f,55 ,4e,7e,31,2e,4c,4e,4b,00,\
00,3e,00,03,00,04,00,ef,be,ac,3a,3b,82,d2,3a,35,5f ,14,00,00,00,41,00,63,00,\
63,00,6f,00,75,00,6e,00,74,00,20,00,53,00,69,00,67 ,00,6e,00,20,00,55,00,70,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00 ,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,7c,00,00,00,01,00,00 ,00,6e,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,5c,00,32,00,1b,06,00,00 ,ac,3a,3b,82,20,00,42,4d,\
4f,57,4f,52,7e,31,2e,4c,4e,4b,00,00,32,00,03,00,04 ,00,ef,be,ac,3a,3b,82,d2,\
3a,35,5f,14,00,00,00,42,00,4d,00,4f,00,20,00,57,00 ,4f,00,52,00,4c,00,44,00,\
2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a ,00,ef,be,00,00,00,00,1c,\
00,00,00,00,00,00,00,00,00,9a,00,00,00,02,00,00,00 ,8c,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,7a,00,32,00,4f,06,00,00,ac ,3a,3b,82,20,00,42,55,59,\
47,4f,4c,7e,31,2e,4c,4e,4b,00,00,50,00,03,00,04,00 ,ef,be,ac,3a,3b,82,d2,3a,\
35,5f,14,00,00,00,42,00,75,00,79,00,20,00,47,00,6f ,00,6c,00,64,00,20,00,50,\
00,72,00,65,00,6d,00,69,00,75,00,6d,00,20,00,41,00 ,63,00,63,00,6f,00,75,00,\
6e,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e ,00,00,00,0a,00,ef,be,00,\
00,00,00,1c,00,00,00,00,00,00,00,00,00,80,00,00,00 ,03,00,00,00,72,00,00,00,\
41,75,67,4d,02,00,00,00,01,00,00,00,60,00,32,00,36 ,06,00,00,ac,3a,3b,82,20,\
00,48,4f,57,54,4f,50,7e,31,2e,4c,4e,4b,00,00,36,00 ,03,00,04,00,ef,be,ac,3a,\
3b,82,d2,3a,35,5f,14,00,00,00,48,00,6f,00,77,00,20 ,00,54,00,6f,00,20,00,50,\
00,6c,00,61,00,79,00,2e,00,6c,00,6e,00,6b,00,00,00 ,1c,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,84 ,00,00,00,04,00,00,00,76,\
00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,64,00 ,32,00,27,06,00,00,ac,3a,\
3b,82,20,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,4b,00 ,00,3a,00,03,00,04,00,ef,\
be,ac,3a,3b,82,d2,3a,35,5f,14,00,00,00,55,00,6e,00 ,69,00,6e,00,73,00,74,00,\
61,00,6c,00,6c,00,20,00,42,00,4d,00,4f,00,2e,00,6c ,00,6e,00,6b,00,00,00,1c,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00 ,00,00,00,00,00,00,76,00,\
00,00,05,00,00,00,68,00,00,00,41,75,67,4d,02,00,00 ,00,01,00,00,00,56,00,32,\
00,20,06,00,00,ac,3a,3b,82,20,00,57,65,62,73,69,74 ,65,2e,6c,6e,6b,00,2e,00,\
03,00,04,00,ef,be,ac,3a,3b,82,d2,3a,35,5f,14,00,00 ,00,57,00,65,00,62,00,73,\
00,69,00,74,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00 ,1a,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\Garena]
"Order"=hex:08,00,00,00,02,00,00,00,80,00,00,00,01,00,00, 00,01,00,00,00,74,\
00,00,00,00,00,00,00,66,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,54,00,\
32,00,8f,05,00,00,3d,3b,65,ba,20,00,47,61,72,65,6e ,61,2e,6c,6e,6b,00,00,2c,\
00,03,00,04,00,ef,be,3d,3b,65,ba,70,3b,4a,40,14,00 ,00,00,47,00,61,00,72,00,\
65,00,6e,00,61,00,2e,00,6c,00,6e,00,6b,00,00,00,1a ,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\Lavalys]
"Order"=hex:08,00,00,00,02,00,00,00,9a,00,00,00,01,00,00, 00,01,00,00,00,8e,\
00,00,00,00,00,00,00,80,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,6e,00,\
31,00,00,00,00,00,89,3a,70,7a,10,00,45,56,45,52,45 ,53,7e,31,00,00,48,00,03,\
00,04,00,ef,be,89,3a,70,7a,d2,3a,2f,5f,14,00,00,00 ,45,00,56,00,45,00,52,00,\
45,00,53,00,54,00,20,00,55,00,6c,00,74,00,69,00,6d ,00,61,00,74,00,65,00,20,\
00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,00,00 ,18,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,18,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\Lavalys\EVEREST Ultimate Edition]
"Order"=hex:08,00,00,00,02,00,00,00,ba,02,00,00,01,00,00, 00,04,00,00,00,9a,\
00,00,00,00,00,00,00,8c,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,7a,00,\
32,00,4d,03,00,00,89,3a,70,7a,20,00,45,56,45,52,45 ,53,7e,31,2e,4c,4e,4b,00,\
00,50,00,03,00,04,00,ef,be,89,3a,70,7a,8a,3a,1a,91 ,14,00,00,00,45,00,56,00,\
45,00,52,00,45,00,53,00,54,00,20,00,55,00,6c,00,74 ,00,69,00,6d,00,61,00,74,\
00,65,00,20,00,45,00,64,00,69,00,74,00,69,00,6f,00 ,6e,00,2e,00,6c,00,6e,00,\
6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00 ,00,1c,00,00,00,00,00,00,\
00,00,00,b6,00,00,00,01,00,00,00,a8,00,00,00,41,75 ,67,4d,02,00,00,00,01,00,\
00,00,96,00,32,00,4d,03,00,00,89,3a,70,7a,20,00,45 ,56,45,52,45,53,7e,33,2e,\
4c,4e,4b,00,00,6c,00,03,00,04,00,ef,be,89,3a,70,7a ,8a,3a,1a,91,14,00,00,00,\
45,00,56,00,45,00,52,00,45,00,53,00,54,00,20,00,55 ,00,6c,00,74,00,69,00,6d,\
00,61,00,74,00,65,00,20,00,45,00,64,00,69,00,74,00 ,69,00,6f,00,6e,00,20,00,\
44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,61 ,00,74,00,69,00,6f,00,6e,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00 ,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,b0,00,00,00,02,00,00 ,00,a2,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,90,00,32,00,95,02,00,00 ,89,3a,70,7a,20,00,45,56,\
45,52,45,53,7e,32,2e,4c,4e,4b,00,00,66,00,03,00,04 ,00,ef,be,89,3a,70,7a,8a,\
3a,1a,91,14,00,00,00,45,00,56,00,45,00,52,00,45,00 ,53,00,54,00,20,00,55,00,\
6c,00,74,00,69,00,6d,00,61,00,74,00,65,00,20,00,45 ,00,64,00,69,00,74,00,69,\
00,6f,00,6e,00,20,00,6f,00,6e,00,20,00,74,00,68,00 ,65,00,20,00,57,00,65,00,\
62,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00 ,00,0a,00,ef,be,00,00,00,\
00,1c,00,00,00,00,00,00,00,00,00,ae,00,00,00,03,00 ,00,00,a0,00,00,00,41,75,\
67,4d,02,00,00,00,01,00,00,00,8e,00,32,00,54,03,00 ,00,89,3a,70,7a,20,00,55,\
4e,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,64,00,03,00 ,04,00,ef,be,89,3a,70,7a,\
8a,3a,1a,91,14,00,00,00,55,00,6e,00,69,00,6e,00,73 ,00,74,00,61,00,6c,00,6c,\
00,20,00,45,00,56,00,45,00,52,00,45,00,53,00,54,00 ,20,00,55,00,6c,00,74,00,\
69,00,6d,00,61,00,74,00,65,00,20,00,45,00,64,00,69 ,00,74,00,69,00,6f,00,6e,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00 ,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\Lavalys\EVEREST Ultimate Edition]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\mIRC]
"Order"=hex:08,00,00,00,02,00,00,00,7a,02,00,00,01,00,00, 00,05,00,00,00,84,\
00,00,00,00,00,00,00,76,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,64,00,\
32,00,11,03,00,00,cb,3a,bb,0d,20,00,49,52,43,49,4e ,54,7e,31,2e,4c,4e,4b,00,\
00,3a,00,03,00,04,00,ef,be,cb,3a,bb,0d,d2,3a,36,5f ,14,00,00,00,49,00,52,00,\
43,00,49,00,6e,00,74,00,72,00,6f,00,20,00,48,00,65 ,00,6c,00,70,00,2e,00,6c,\
00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be ,00,00,00,00,1c,00,00,00,\
00,00,00,00,00,00,6e,00,00,00,01,00,00,00,60,00,00 ,00,41,75,67,4d,02,00,00,\
00,01,00,00,00,4e,00,32,00,f9,02,00,00,cb,3a,bb,0d ,20,00,6d,49,52,43,2e,6c,\
6e,6b,00,00,28,00,03,00,04,00,ef,be,cb,3a,bb,0d,d2 ,3a,36,5f,14,00,00,00,6d,\
00,49,00,52,00,43,00,2e,00,6c,00,6e,00,6b,00,00,00 ,18,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,18,00,00,00,00,00,00,00,00,00,7c ,00,00,00,02,00,00,00,6e,\
00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00 ,32,00,f9,02,00,00,cb,3a,\
bb,0d,20,00,4d,49,52,43,48,45,7e,31,2e,4c,4e,4b,00 ,00,32,00,03,00,04,00,ef,\
be,cb,3a,bb,0d,d2,3a,36,5f,14,00,00,00,6d,00,49,00 ,52,00,43,00,20,00,48,00,\
65,00,6c,00,70,00,2e,00,6c,00,6e,00,6b,00,00,00,1c ,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,7e,00 ,00,00,03,00,00,00,70,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,32 ,00,05,03,00,00,cb,3a,bb,\
0d,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,00 ,34,00,03,00,04,00,ef,be,\
cb,3a,bb,0d,d2,3a,36,5f,14,00,00,00,52,00,65,00,61 ,00,64,00,6d,00,65,00,2e,\
00,74,00,78,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00 ,1c,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,82 ,00,00,00,04,00,00,00,74,\
00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,62,00 ,32,00,11,03,00,00,cb,3a,\
bb,0d,20,00,56,45,52,53,49,4f,7e,31,2e,4c,4e,4b,00 ,00,38,00,03,00,04,00,ef,\
be,cb,3a,bb,0d,d2,3a,36,5f,14,00,00,00,56,00,65,00 ,72,00,73,00,69,00,6f,00,\
6e,00,73,00,2e,00,74,00,78,00,74,00,2e,00,6c,00,6e ,00,6b,00,00,00,1c,00,0e,\
00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00 ,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\Rad Tibia Client Server 1 - v8.40 - www.RADBR.com] (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Fwww.RADBR.com%5D)
"Order"=hex:08,00,00,00,02,00,00,00,da,00,00,00,01,00,00, 00,01,00,00,00,ce,\
00,00,00,00,00,00,00,c0,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,ae,00,\
32,00,11,04,00,00,c9,3a,21,6e,20,00,55,4e,49,4e,53 ,54,7e,31,2e,4c,4e,4b,00,\
00,84,00,03,00,04,00,ef,be,c9,3a,21,6e,d2,3a,33,5f ,14,00,00,00,55,00,6e,00,\
69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,52 ,00,61,00,64,00,20,00,54,\
00,69,00,62,00,69,00,61,00,20,00,43,00,6c,00,69,00 ,65,00,6e,00,74,00,20,00,\
2d,00,20,00,76,00,38,00,2e,00,34,00,30,00,20,00,2d ,00,20,00,77,00,77,00,77,\
00,2e,00,52,00,41,00,44,00,42,00,52,00,2e,00,63,00 ,6f,00,6d,00,2e,00,6c,00,\
6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00 ,00,00,00,1c,00,00,00,00,\
00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\Spy Emergency 2008]
"Order"=hex:08,00,00,00,02,00,00,00,bc,03,00,00,01,00,00, 00,06,00,00,00,9c,\
00,00,00,00,00,00,00,8e,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,7c,00,\
32,00,30,03,00,00,8a,3a,48,93,20,00,44,45,53,49,4e ,53,7e,31,2e,4c,4e,4b,00,\
00,52,00,03,00,04,00,ef,be,8a,3a,48,93,8a,3a,48,93 ,14,00,00,00,44,00,65,00,\
73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,61,00,72 ,00,20,00,53,00,70,00,79,\
00,20,00,45,00,6d,00,65,00,72,00,67,00,65,00,6e,00 ,63,00,79,00,2e,00,6c,00,\
6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00 ,00,00,00,1c,00,00,00,00,\
00,00,00,00,00,8e,00,00,00,01,00,00,00,80,00,00,00 ,41,75,67,4d,02,00,00,00,\
01,00,00,00,6e,00,32,00,44,03,00,00,8a,3a,48,93,20 ,00,53,50,59,45,4d,45,7e,\
31,2e,4c,4e,4b,00,00,44,00,03,00,04,00,ef,be,8a,3a ,48,93,8a,3a,48,93,14,00,\
00,00,53,00,70,00,79,00,20,00,45,00,6d,00,65,00,72 ,00,67,00,65,00,6e,00,63,\
00,79,00,20,00,32,00,30,00,30,00,38,00,2e,00,6c,00 ,6e,00,6b,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00 ,00,00,00,00,00,a2,00,00,\
00,02,00,00,00,94,00,00,00,41,75,67,4d,02,00,00,00 ,01,00,00,00,82,00,32,00,\
51,00,00,00,8a,3a,48,93,20,00,53,50,59,45,4d,45,7e ,32,2e,55,52,4c,00,00,58,\
00,03,00,04,00,ef,be,8a,3a,48,93,8a,3a,48,93,14,00 ,00,00,53,00,70,00,79,00,\
20,00,45,00,6d,00,65,00,72,00,67,00,65,00,6e,00,63 ,00,79,00,20,00,32,00,30,\
00,30,00,38,00,20,00,2d,00,20,00,43,00,6f,00,6d,00 ,70,00,72,00,61,00,72,00,\
2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a ,00,ef,be,00,00,00,00,1c,\
00,00,00,00,00,00,00,00,00,9e,00,00,00,03,00,00,00 ,90,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,7e,00,32,00,44,03,00,00,8a ,3a,48,93,20,00,53,50,59,\
45,4d,45,7e,32,2e,4c,4e,4b,00,00,54,00,03,00,04,00 ,ef,be,8a,3a,48,93,8a,3a,\
48,93,14,00,00,00,53,00,70,00,79,00,20,00,45,00,6d ,00,65,00,72,00,67,00,65,\
00,6e,00,63,00,79,00,20,00,32,00,30,00,30,00,38,00 ,20,00,2d,00,20,00,47,00,\
75,00,69,00,64,00,65,00,2e,00,6c,00,6e,00,6b,00,00 ,00,1c,00,0e,00,00,00,0a,\
00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00 ,a0,00,00,00,04,00,00,00,\
92,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,80 ,00,32,00,24,03,00,00,8a,\
3a,48,93,20,00,53,50,59,45,4d,45,7e,33,2e,4c,4e,4b ,00,00,56,00,03,00,04,00,\
ef,be,8a,3a,48,93,8a,3a,48,93,14,00,00,00,53,00,70 ,00,79,00,20,00,45,00,6d,\
00,65,00,72,00,67,00,65,00,6e,00,63,00,79,00,20,00 ,32,00,30,00,30,00,38,00,\
20,00,2d,00,20,00,4d,00,61,00,6e,00,75,00,61,00,6c ,00,2e,00,6c,00,6e,00,6b,\
00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00 ,1c,00,00,00,00,00,00,00,\
00,00,a6,00,00,00,05,00,00,00,98,00,00,00,41,75,67 ,4d,02,00,00,00,01,00,00,\
00,86,00,32,00,36,00,00,00,8a,3a,48,93,20,00,53,50 ,59,45,4d,45,7e,31,2e,55,\
52,4c,00,00,5c,00,03,00,04,00,ef,be,8a,3a,48,93,8a ,3a,48,93,14,00,00,00,53,\
00,70,00,79,00,20,00,45,00,6d,00,65,00,72,00,67,00 ,65,00,6e,00,63,00,79,00,\
20,00,32,00,30,00,30,00,38,00,20,00,6e,00,61,00,20 ,00,49,00,6e,00,74,00,65,\
00,72,00,6e,00,65,00,74,00,2e,00,75,00,72,00,6c,00 ,00,00,1c,00,0e,00,00,00,\
0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00 ,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\******** NG]
"Order"=hex:08,00,00,00,02,00,00,00,46,02,00,00,01,00,00, 00,04,00,00,00,98,\
00,00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,78,00,\
32,00,81,02,00,00,33,3b,c3,89,20,00,44,45,53,49,4e ,53,7e,31,2e,4c,4e,4b,00,\
00,4e,00,03,00,04,00,ef,be,c7,3a,93,10,71,3b,91,66 ,14,00,00,00,44,00,65,00,\
73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,61,00,72 ,00,20,00,54,00,69,00,62,\
00,69,00,61,00,42,00,6f,00,74,00,20,00,4e,00,47,00 ,2e,00,6c,00,6e,00,6b,00,\
00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c ,00,00,00,00,00,00,00,00,\
00,80,00,00,00,01,00,00,00,72,00,00,00,41,75,67,4d ,02,00,00,00,01,00,00,00,\
60,00,32,00,75,02,00,00,33,3b,c3,89,20,00,54,49,42 ,49,41,42,7e,31,2e,4c,4e,\
4b,00,00,36,00,03,00,04,00,ef,be,c7,3a,93,10,71,3b ,91,66,14,00,00,00,54,00,\
69,00,62,00,69,00,61,00,42,00,6f,00,74,00,20,00,4e ,00,47,00,2e,00,6c,00,6e,\
00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00 ,00,00,1c,00,00,00,00,00,\
00,00,00,00,8a,00,00,00,02,00,00,00,7c,00,00,00,41 ,75,67,4d,02,00,00,00,01,\
00,00,00,6a,00,32,00,69,02,00,00,33,3b,c3,89,20,00 ,54,49,42,49,41,42,7e,32,\
2e,4c,4e,4b,00,00,40,00,03,00,04,00,ef,be,c7,3a,93 ,10,71,3b,91,66,14,00,00,\
00,54,00,69,00,62,00,69,00,61,00,42,00,6f,00,74,00 ,20,00,4e,00,47,00,20,00,\
48,00,65,00,6c,00,70,00,2e,00,6c,00,6e,00,6b,00,00 ,00,1c,00,0e,00,00,00,0a,\
00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00 ,98,00,00,00,03,00,00,00,\
8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78 ,00,32,00,75,02,00,00,33,\
3b,c3,89,20,00,54,49,42,49,41,42,7e,33,2e,4c,4e,4b ,00,00,4e,00,03,00,04,00,\
ef,be,c7,3a,93,10,71,3b,91,66,14,00,00,00,54,00,69 ,00,62,00,69,00,61,00,42,\
00,6f,00,74,00,20,00,4e,00,47,00,20,00,6e,00,61,00 ,20,00,49,00,6e,00,74,00,\
65,00,72,00,6e,00,65,00,74,00,2e,00,6c,00,6e,00,6b ,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00 ,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu2\Programs\TibiaLive]
"Order"=hex:08,00,00,00,02,00,00,00,62,01,00,00,01,00,00, 00,03,00,00,00,6e,\
00,00,00,00,00,00,00,60,00,00,00,41,75,67,4d,02,00 ,00,00,01,00,00,00,4e,00,\
32,00,97,02,00,00,52,3b,3d,28,20,00,50,6c,61,79,2e ,6c,6e,6b,00,00,28,00,03,\
00,04,00,ef,be,52,3b,2f,25,70,3b,4c,40,14,00,00,00 ,50,00,6c,00,61,00,79,00,\
2e,00,6c,00,6e,00,6b,00,00,00,18,00,0e,00,00,00,0a ,00,ef,be,00,00,00,00,18,\
00,00,00,00,00,00,00,00,00,74,00,00,00,01,00,00,00 ,66,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,54,00,32,00,a3,02,00,00,52 ,3b,3d,28,20,00,52,65,61,\
64,6d,65,2e,6c,6e,6b,00,00,2c,00,03,00,04,00,ef,be ,52,3b,2f,25,70,3b,4c,40,\
14,00,00,00,52,00,65,00,61,00,64,00,6d,00,65,00,2e ,00,6c,00,6e,00,6b,00,00,\
00,1a,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1a,00 ,00,00,00,00,00,00,00,00,\
74,00,00,00,02,00,00,00,66,00,00,00,41,75,67,4d,02 ,00,00,00,01,00,00,00,54,\
00,32,00,a3,02,00,00,52,3b,3d,28,20,00,52,65,63,6f ,72,64,2e,6c,6e,6b,00,00,\
2c,00,03,00,04,00,ef,be,52,3b,2f,25,70,3b,4c,40,14 ,00,00,00,52,00,65,00,63,\
00,6f,00,72,00,64,00,2e,00,6c,00,6e,00,6b,00,00,00 ,1a,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\MUICache]
"C:\\Documents and Settings\\Diogo\\Meus documentos\\Downloads\\AVI_ReComp_1.5.0_Setup*****"="The tool for re-encoding AVI clips"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\MUICache]
"C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\AviSynth_2.5. 8_ARC*****"="Avisynth installer"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\MUICache]
"C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Xvid_1.2.2_AR C*****"="AVI ReComp's Xvid installer"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\MUICache]
"C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\VobSub_2.23_A RC*****"="AVI ReComp's VobSub installer"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\MUICache]
"C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\IXP000.TMP\\P luginInstaller*****"="Windows Genuine Advantage validation plug-in installer"

Serafan

04-12-2009, 21:37

Caro Pvp,

Isso que dá baixar OT servers e hostea-los. Sua máquinha fica vulnerável. No seu caso o problema é vírus, trojans pra ser exato, faça uma verificação completa com o malwarebytes (encontrado no baixaki) e cole o log que será gerado após a verificação aqui no tópico em sua próxima mensagem.

Candiottis

20-12-2009, 20:19

te amo valeu
valeu

wGutooo

23-12-2009, 18:06

Log

ComboFix 09-12-22.09 - Gutooo 23/12/2009 18:54:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.767.420 [GMT -2:00]
Executando de: c:\documents and settings\Gutooo\Meus documentos\Downloads\ComboFix*****
.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-23 to 2009-12-23 ))))))))))))))))))))))))))))
.

2009-12-23 20:36 . 2009-12-23 20:36 -------- d-s---w- c:\documents and settings\Gutooo\UserData
2009-12-23 20:22 . 2009-12-23 20:22 -------- d-----w- c:\documents and settings\Gutooo\Dados de aplicativos\TeamViewer
2009-12-23 20:22 . 2009-12-23 20:22 -------- d-----w- c:\documents and settings\Gutooo\temp
2009-12-22 20:32 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2009-12-22 20:32 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2009-12-22 20:32 . 2008-05-09 10:55 430080 -c----w- c:\windows\system32\dllcache\vbscript.dll
2009-12-22 20:32 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2009-12-22 20:32 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript*****
2009-12-22 20:32 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\************
2009-12-22 20:29 . 2009-08-13 15:21 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2009-12-22 08:32 . 2009-12-22 08:32 -------- d-----w- c:\windows\l2schemas
2009-12-22 08:32 . 2009-12-22 08:32 -------- d-----w- c:\windows\system32\bits
2009-12-22 02:14 . 2009-12-22 08:26 -------- d-----w- c:\windows\ServicePackFiles
2009-12-22 02:10 . 2004-08-04 00:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-12-22 02:10 . 2004-08-04 00:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-12-22 02:10 . 2004-08-04 00:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-12-22 00:22 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-22 00:22 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-22 00:09 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse*****
2009-12-22 00:09 . 2009-08-05 00:57 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl*****
2009-12-22 00:09 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-22 00:09 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services*****
2009-12-22 00:09 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-22 00:09 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-22 00:09 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-22 00:09 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-22 00:09 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-22 00:09 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-22 00:09 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp*****
2009-12-22 00:09 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp*****
2009-12-22 00:03 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-21 23:51 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-21 23:51 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-21 23:45 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-21 23:42 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-21 23:36 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-21 23:35 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad*****
2009-12-21 23:31 . 2009-12-22 20:42 -------- d--h--w- c:\windows\$hf_mig$
2009-12-21 23:07 . 2009-08-06 21:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-21 23:07 . 2009-08-06 21:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-21 22:16 . 2009-12-21 22:16 -------- d-----w- c:\documents and settings\Gutooo\Dados de aplicativos\Yahoo!
2009-12-21 22:16 . 2009-12-21 22:21 -------- d-----w- c:\arquivos de programas\Yahoo!
2009-12-21 22:16 . 2009-12-21 22:16 -------- d-----w- c:\arquivos de programas\CCleaner
2009-12-21 22:11 . 2009-12-21 22:13 -------- d-----w- c:\documents and settings\Gutooo\Dados de aplicativos\Tibia
2009-12-21 22:08 . 2009-12-21 22:08 -------- d-----w- c:\arquivos de programas\Tibia
2009-12-21 22:00 . 2009-12-21 22:00 -------- d-----w- c:\arquivos de programas\Tibiacast
2009-12-21 21:42 . 2004-08-04 03:45 25600 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-20 22:25 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-12-20 22:25 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-12-20 22:25 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-12-20 22:25 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-12-20 22:25 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-12-20 22:25 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-12-20 22:25 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-12-20 22:25 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-12-20 22:25 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2009-12-20 22:25 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2009-12-20 22:25 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2009-12-20 22:24 . 2003-02-26 18:04 370048 ----a-r- c:\windows\system32\drivers\viaudios.sys
2009-12-20 22:24 . 2008-04-14 02:20 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-12-20 22:24 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-12-20 22:24 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-12-20 22:24 . 2009-12-20 22:24 -------- d-----w- c:\arquivos de programas\VIA Technologies, INC
2009-12-20 22:24 . 2003-02-26 18:04 765952 ----a-r- c:\windows\system\crlds3d.dll
2009-12-20 22:24 . 2003-02-26 18:04 720896 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2009-12-20 22:24 . 2003-02-26 18:04 720896 ----a-r- c:\windows\system32\a3d.dll
2009-12-20 22:24 . 2002-12-16 12:19 32768 ----a-w- c:\windows\system32\UnAudioNT.dll
2009-12-20 22:24 . 1998-10-09 19:56 327168 ----a-w- c:\windows\IsUn0416*****
2009-12-20 19:05 . 2006-06-29 15:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-20 19:05 . 2009-12-22 08:32 -------- d-----w- c:\windows\system32\pt-BR
2009-12-20 19:01 . 2009-12-20 19:01 -------- d-----w- c:\windows\system32\XPSViewer

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-12-23 16:49 . 2009-12-20 18:48 -------- d-----w- c:\arquivos de programas\Windows Live
2009-12-22 20:47 . 2001-10-28 18:07 80246 ----a-w- c:\windows\system32\perfc016.dat
2009-12-22 20:47 . 2001-10-28 18:07 473318 ----a-w- c:\windows\system32\perfh016.dat
2009-12-21 20:52 . 2009-12-20 18:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 19:01 . 2009-12-20 19:01 -------- d-----w- c:\arquivos de programas\MSBuild
2009-12-20 19:01 . 2009-12-20 19:01 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-12-20 18:56 . 2009-12-20 18:56 -------- d-----w- c:\arquivos de programas\MSXML 6.0
2009-12-20 18:48 . 2009-12-20 18:48 -------- d-----w- c:\arquivos de programas\Microsoft
2009-12-20 18:48 . 2009-12-20 18:48 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2009-12-20 18:37 . 2009-12-20 18:37 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2009-12-20 18:36 . 2009-12-20 18:36 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-12-20 18:35 . 2009-12-20 18:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2009-12-20 18:14 . 2009-12-20 18:14 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2009-12-20 18:11 . 2009-12-20 18:11 -------- d-----w- c:\arquivos de programas\Serviços on-line
2009-12-20 18:10 . 2009-12-20 18:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços
2009-12-20 18:09 . 2009-12-20 18:09 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 05:25 . 2004-08-04 03:45 669184 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 02:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-04 03:45 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-04 03:45 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:39 . 2004-08-04 03:45 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-25 05:36 . 2004-08-04 03:45 81920 ----a-w- c:\windows\system32\ieencode.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr*****" [2009-07-26 3883840]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs*****" [2008-04-14 1695232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON*****"="c:\windows\system32\CTFMON*****" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr*****"=
"c:\\Arquivos de programas\\Messenger\\msmsgs*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr*****"=
"%windir%\\Network Diagnostic\\xpnetdiag*****"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1863:UDP"= 1863:UDP:msnmsgr

.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.centralexpert.net/
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Fwww.gmer.net)
Rootkit scan 2009-12-23 18:58
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

************************************************** ************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer*****'(832)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2009-12-23 19:00:56
ComboFix-quarantined-files.txt 2009-12-23 21:00

Pré-execução: 5 pasta(s) 10.881.798.144 bytes disponíveis
Pós execução: 6 pasta(s) 10.948.034.560 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG*****
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - ECAF1FA6F234984E536207148955177E

anciet dragon

07-01-2010, 19:35

ComboFix 09-12-30.01 - NEWTONALMEIDA 31/12/2009 2:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1033.18.1982.1269 [GMT -2:00]
Executando de: c:\users\NEWTONALMEIDA\Downloads\ComboFix*****
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\$recycle.bin\S-1-5-21-3102239989-1682233996-76167453-500
c:\$recycle.bin\S-1-5-21-3599374952-3106861771-1934837511-500
c:\program files\ActivationManager
c:\program files\ActivationManager\Uninstall*****
c:\program files\ADSTechnology
c:\program files\ADSTechnology\Uninstall*****
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\ADSTechnology
c:\programdata\Microsoft\Windows\Start Menu\Programs\ADSTechnology\ADSTechnology.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ADSTechnology\Uninstall.lnk
c:\windows\Downloaded Program Files\poPCaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\SIntf16.dll

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-28 to 2009-12-31 ))))))))))))))))))))))))))))
.

2009-12-31 04:17 . 2009-12-31 04:18 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Local\temp
2009-12-31 04:17 . 2009-12-31 04:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-30 20:34 . 2009-06-30 11:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-30 20:32 . 2009-12-30 20:32 -------- d-----w- c:\program files\Panda Security
2009-12-30 04:20 . 2009-12-30 04:26 -------- d-----w- c:\program files\******** NG
2009-12-20 10:43 . 2009-12-20 10:42 2065688 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-12-10 03:11 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 03:11 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 03:11 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 19:04 . 2009-12-09 19:04 -------- d-----w- C:\Level Up! Games
2009-12-09 14:45 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 14:45 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-12-31 03:53 . 2009-07-18 16:20 34677 ---ha-w- C:\os503778.bin
2009-12-30 21:39 . 2008-11-05 00:23 -------- d-----w- c:\program files\Warcraft III
2009-12-30 00:17 . 2008-07-05 00:43 -------- d---a-w- c:\program files\Tibia
2009-12-24 19:47 . 2009-02-16 14:35 28599 ----a-w- c:\programdata\nvModes.dat
2009-12-20 17:02 . 2007-11-24 23:14 -------- d-----w- c:\program files\Google
2009-12-18 02:09 . 2009-01-08 00:23 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Roaming\Skype
2009-12-18 02:08 . 2009-01-08 00:25 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Roaming\skypePM
2009-12-10 11:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 03:11 . 2007-08-04 10:35 -------- d-----w- c:\programdata\Microsoft Help
2009-11-21 06:40 . 2009-12-09 15:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 15:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 15:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 15:20 133632 ----a-w- c:\windows\system32\ieUnatt*****
2009-11-19 15:59 . 2007-12-29 06:42 680 ----a-w- c:\users\NEWTONALMEIDA\AppData\Local\d3d9caps.dat
2009-11-18 01:43 . 2007-12-23 11:23 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Roaming\LimeWire
2009-11-14 11:46 . 2008-08-04 19:14 -------- d-----w- c:\programdata\avg8
2009-11-12 12:23 . 2009-11-10 23:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 23:10 . 2009-11-10 23:01 -------- d-----w- c:\program files\Microsoft
2009-11-10 23:10 . 2007-11-24 12:08 -------- d-----w- c:\program files\Windows Live
2009-11-10 23:10 . 2007-11-24 12:20 -------- d-----w- c:\program files\Windows Live Toolbar
2009-11-10 23:09 . 2009-11-10 23:09 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 23:04 . 2009-11-10 23:04 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-10 23:01 . 2009-11-10 23:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-10 22:38 . 2009-11-10 22:38 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-02 22:42 . 2009-10-02 22:54 195456 ------w- c:\windows\system32\MpSigStub*****
2009-11-02 03:41 . 2009-11-02 03:41 -------- d-----w- c:\program files\Haali
2009-11-01 05:16 . 2009-11-01 05:16 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-01 05:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-01 05:15 . 2009-11-01 05:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_ 00.Wdf
2009-10-29 09:17 . 2009-11-26 01:53 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-13 01:57 . 2009-10-13 01:58 286720 ----a-w- c:\windows\iun506*****
2009-10-12 05:10 . 2009-10-12 05:10 101 ----a-w- c:\users\NEWTONALMEIDA\AppData\Local\fusioncache.d at
2009-10-08 21:08 . 2009-11-01 05:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:08 . 2009-11-01 05:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:07 . 2009-11-01 05:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-06-11 66912]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-08-04 57344]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-06-11 03:27 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 14:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 16:37 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar*****" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel*****" [2007-04-19 484904]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor*****" [2007-03-20 1773568]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr*****" [2009-07-26 3883840]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer*****" [2009-03-05 2260480]
"ehTray*****"="c:\windows\ehome\ehTray*****" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG*****" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui*****" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh*****" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService*****" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl*****" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler*****" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain*****" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg*****" [2007-01-10 317128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched*****" [2007-12-31 180269]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray*****" [2009-12-20 2043160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier*****" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask*****" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper*****" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl*****" [2008-06-12 34672]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr*****" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2*****" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint*****" [2007-08-31 1037736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher*****" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F 81614F45A***** [2007-8-4 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^NEWTONALMEIDA^AppDat a^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\NEWTONALMEIDA\AppData\Roaming\Micros oft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-08-04 11:36 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched*****

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ad,94,86,23,ef,19,ca,01

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboo t.sys [30/12/2009 18:34 28552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [04/08/2008 17:19 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/02/2009 17:22 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc***** [23/06/2009 18:42 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc***** [23/06/2009 18:42 297752]
R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService***** [12/10/2009 02:24 267760]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [26/12/2007 17:51 715248]
S2 gupdate1ca09a1908fd57a;Google Update Service (gupdate1ca09a1908fd57a);c:\program files\Google\Update\GoogleUpdate***** [20/07/2009 23:21 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost***** -k LocalServiceAndNoImpersonation [20/09/2008 01:42 21504]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService*****" --> c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService***** [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - PAVBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce*****
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-12-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService***** [2007-11-24 01:18]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate***** [2009-07-21 01:21]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate***** [2009-07-21 01:21]

2009-12-28 c:\windows\Tasks\HPCeeScheduleForNEWTONALMEIDA.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE***** [2007-08-04 21:23]

2009-12-30 c:\windows\Tasks\User_Feed_Synchronization-{D14C4F9A-1C7A-425C-85F6-7E351C5DDC4A}.job
- c:\windows\system32\msfeedssync***** [2009-12-09 04:59]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Ffavorites.live.co m%2Fquickadd.aspx)
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL*****/3000
TCP: {1E9A579B-4901-4D13-9E69-1D567F37E9F1} = 200.204.0.10 200.204.0.138
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://www.powerchallenge.com/applet/PowerLoader.cab
FF - ProfilePath - c:\users\NEWTONALMEIDA\AppData\Roaming\Mozilla\Fir efox\Profiles\cejz0yq6.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.d ll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

URLSearchHooks-*{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
URLSearchHooks-*{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier*****
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon*****
AddRemove-15b35190-c6f9-11d9-9669-0800200c9a66_is1 - c:\program files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\Uninstall*****
AddRemove-62289540-dc30-11dc-95ff-0800200c9a66_is1 - c:\program files\Turbine\Turbine Download Manager\UninstallTDM*****
AddRemove-Lunia - c:\level up! games\Lunia\uninstall*****
AddRemove-Perfect World_is1 - c:\level up! games\Perfect World\unins000*****
AddRemove-Tales of Pirates Online_is1 - c:\program files\Tales of Pirates Online\unins000*****
AddRemove-The Duel_is1 - c:\level up! games\The Duel\unins000*****
AddRemove-Cate West - The Vanishing Files Deluxe - c:\users\NEWTONALMEIDA\AppData\Local\Zylom Games\Cate West - The Vanishing Files Deluxe\GameInstlr*****
AddRemove-Loucoserv - c:\program files\Loucoserv\Uninstal*****

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Fwww.gmer.net)
Rootkit scan 2009-12-31 02:18
Windows 6.0.6002 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tempo para conclusão: 2009-12-31 02:26:28
ComboFix-quarantined-files.txt 2009-12-31 04:26

Pré-execução: 18.960.920.576 bytes free
Pós execução: 21.716.312.064 bytes free

- - End Of File - - DAC7219D781773246FD1199A8C470274

ja possuo o ccleaner, o mawarebytes e passei ambos no meu pc e ainda n consigo acessar o meu char nem o tibia.com, se possivel gostaria de saber como desativar meu antivirus??

[refiz os logs e postei novamente]

Karpe Vu

13-01-2010, 00:56

Santo Tópico, pqp! Depois de anos tentando consertar isso, só esse tópico com esse programa pra me ajudar mesmo.

Valeu, broder. Valeu de verdade!!!!!!!!!!

Ótimo e admirável trabalho esse que você fez. Parabéns.

Serafan

13-01-2010, 02:38

Caro Karpe,

Muito obrigado pelo elogio, qualquer duvida posterior você pode clicar no link na minha sing que lhe direcionará diretamente para minha páginas de MP.

Jaiiritow

09-02-2010, 21:47

Esqueçam tudo que eu postei, eu tinha formatado o pc, baxei tibia e tentei entra.
Foi bem na hora do mass kick xP

anciet dragon

13-02-2010, 20:16

eu postei aqui e n fui respondido,consegui arrumar graças a um ip q um kra aki do forum postou a um mês atrás, porem meu pc resolveu parar de rodar tibia novamente, eu procurei o iip no forum e encontrei o post, porem desta vez, o IP n funcionou, passei o combo fix e deu este log :

ComboFix 10-02-12.01 - NEWTONALMEIDA 13/02/2010 19:26:29.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1033.18.1982.1107 [GMT -2:00]
Executando de: c:\users\NEWTONALMEIDA\Desktop\ComboFix*****
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-13 to 2010-02-13 ))))))))))))))))))))))))))))
.

2010-02-13 21:53 . 2010-02-13 21:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-13 21:53 . 2010-02-13 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-09 04:41 . 2010-02-09 04:51 -------- d-----w- c:\program files\Lame for Audacity
2010-02-09 04:37 . 2010-02-09 04:37 -------- d-----w- c:\program files\Audacity
2010-02-06 03:59 . 2010-02-13 00:07 -------- d-----w- c:\program files\WindMU
2010-02-04 18:43 . 2010-02-04 18:43 -------- d-----w- c:\users\NEWTONALMEIDA\.idlerc
2010-02-01 13:23 . 2010-02-13 04:25 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-01 02:50 . 2010-02-01 02:50 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Roaming\BitDefender
2010-02-01 02:48 . 2010-02-02 12:45 -------- d-----w- c:\programdata\BitDefender
2010-02-01 02:48 . 2010-02-01 02:48 -------- d-----w- c:\program files\BitDefender
2010-02-01 02:42 . 2010-02-01 02:49 -------- d-----w- c:\program files\Common Files\BitDefender
2010-01-31 01:26 . 2010-01-31 01:26 -------- d-----w- c:\programdata\McAfee Security Scan
2010-01-31 01:26 . 2010-01-31 01:26 -------- d-----w- c:\programdata\McAfee
2010-01-31 01:26 . 2010-02-01 00:58 -------- d-----w- c:\program files\McAfee Security Scan
2010-01-25 11:33 . 2010-01-25 11:33 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Local\Silver_Squirr el_Software_
2010-01-25 11:32 . 2010-01-25 11:36 -------- d-----w- c:\program files\Tibiacast

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-02-13 03:35 . 2007-12-29 06:42 7620 ----a-w- c:\users\NEWTONALMEIDA\AppData\Local\d3d9caps.dat
2010-02-13 02:50 . 2009-02-16 14:35 28599 ----a-w- c:\programdata\nvModes.dat
2010-02-10 13:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-04 18:56 . 2007-11-24 23:14 -------- d-----w- c:\program files\Google
2010-02-01 13:23 . 2009-04-15 17:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2010-01-31 14:52 . 2009-01-08 00:23 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Roaming\Skype
2010-01-31 10:09 . 2009-01-08 00:25 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Roaming\skypePM
2010-01-26 10:49 . 2010-01-26 10:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_0 0_00.Wdf
2010-01-20 00:15 . 2009-11-10 23:10 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 13:12 . 2009-10-02 22:54 181120 ------w- c:\windows\system32\MpSigStub*****
2010-01-10 20:34 . 2010-01-10 20:34 -------- d-----w- c:\program files\Iminent
2010-01-09 21:49 . 2007-12-23 11:23 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Roaming\LimeWire
2010-01-08 02:42 . 2009-12-31 05:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 00:43 . 2010-01-08 00:43 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup*****
2010-01-07 18:07 . 2009-12-31 05:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 18:07 . 2009-12-31 05:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 06:38 . 2010-01-22 13:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 13:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 13:07 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 13:07 133632 ----a-w- c:\windows\system32\ieUnatt*****
2009-12-31 05:14 . 2009-12-31 05:14 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Roaming\Malwarebyte s
2009-12-31 05:14 . 2009-12-31 05:14 -------- d-----w- c:\programdata\Malwarebytes
2009-12-31 03:53 . 2009-07-18 16:20 34677 ---ha-w- C:\os503778.bin
2009-12-30 21:39 . 2008-11-05 00:23 -------- d-----w- c:\program files\Warcraft III
2009-12-30 20:32 . 2009-12-30 20:32 -------- d-----w- c:\program files\Panda Security
2009-12-30 00:17 . 2008-07-05 00:43 -------- d---a-w- c:\program files\Tibia
2009-12-11 11:43 . 2010-02-09 20:26 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-09 20:26 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-09 20:26 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-09 20:26 3600456 ----a-w- c:\windows\system32\ntkrnlpa*****
2009-12-08 20:01 . 2010-02-09 20:26 3548216 ----a-w- c:\windows\system32\ntoskrnl*****
2009-12-08 17:26 . 2010-02-09 20:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-09 20:26 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-09 20:26 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-09 20:26 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-09 20:26 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-09 20:26 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-09 20:26 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-09 20:26 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-09 20:26 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-09 20:26 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-09 20:26 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-09 20:26 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-06-11 66912]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-08-04 57344]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-06-11 03:27 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar*****" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel*****" [2007-04-19 484904]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer*****" [2009-03-05 2260480]
"ehTray*****"="c:\windows\ehome\ehTray*****" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr*****" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui*****" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh*****" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService*****" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl*****" [2007-02-13 159744]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg*****" [2007-01-10 317128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched*****" [2007-12-31 180269]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier*****" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask*****" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper*****" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl*****" [2008-06-12 34672]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr*****" [2003-12-22 241664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint*****" [2007-08-31 1037736]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain*****" [2007-03-01 472776]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync*****" [2006-11-02 215552]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent*****" [2010-02-01 782336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher*****" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler***** [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.*******mmonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^NEWTONALMEIDA^AppDat a^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\NEWTONALMEIDA\AppData\Roaming\Micros oft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 18:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 18:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 18:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-08-04 11:36 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched*****

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):ad,94,86,23,ef,19,ca,01

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboo t.sys [30/12/2009 18:34 28552]
R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService***** [12/10/2009 02:24 267760]
R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [15/04/2009 15:13 146312]
S2 gupdate1ca09a1908fd57a;Google Update Service (gupdate1ca09a1908fd57a);c:\program files\Google\Update\GoogleUpdate***** [20/07/2009 23:21 133104]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService*****" --> c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService***** [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc***** [15/01/2010 10:49 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [26/12/2007 17:51 715248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce*****
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-02-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService***** [2007-11-24 01:18]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate***** [2009-07-21 01:21]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate***** [2009-07-21 01:21]

2010-02-08 c:\windows\Tasks\HPCeeScheduleForNEWTONALMEIDA.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE***** [2007-08-04 21:23]

2010-02-13 c:\windows\Tasks\User_Feed_Synchronization-{D14C4F9A-1C7A-425C-85F6-7E351C5DDC4A}.job
- c:\windows\system32\msfeedssync***** [2010-01-22 04:56]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Ffavorites.live.co m%2Fquickadd.aspx)
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL*****/3000
TCP: {5A6298B9-0038-4C47-95C8-C1B0757FAA61} = 200.204.0.10 200.204.0.138
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://www.powerchallenge.com/applet/PowerLoader.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
FF - ProfilePath - c:\users\NEWTONALMEIDA\AppData\Roaming\Mozilla\Fir efox\Profiles\cejz0yq6.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=4b96f7c9-43e5-4692-9f3a-a54e57f550c3&lcid=1046&ref=homepage
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.d ll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - c:\program files\Iminent\IMBooster\Iminent.LinkToContent.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-******** NG_is1 - c:\program files\******** NG\unins000*****

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Fwww.gmer.net)
Rootkit scan 2010-02-13 19:54
Windows 6.0.6002 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'Explorer*****'(1808)
c:\windows\system32\pnidui.dll
c:\windows\System32\SyncCenter.dll
.
Tempo para conclusão: 2010-02-13 20:06:52
ComboFix-quarantined-files.txt 2010-02-13 22:06
ComboFix2.txt 2009-12-31 04:26

Pré-execução: 21.183.938.560 bytes free
Pós execução: 21.152.284.672 bytes free

- - End Of File - - 03C200CB75C310C108A342F4484C7815

o log do malwarebytes :

Malwarebytes' Anti-Malware 1.44
Versão do banco de dados: 3717
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

14/02/2010 08:48:56
mbam-log-2010-02-14 (08-48-56).txt

Tipo de Verificação: Completa (C:\|D:\|E:\|)
Objetos verificados: 362819
Tempo decorrido: 2 hour(s), 15 minute(s), 57 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 1

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
C:\Program Files\Full Client\GameFort.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

ps ambos os programas foram rodados como administrador

esse eh o topico em q eu consegui o ip:

http://forums.tibiabr.com/showthread.php?t=360979

gostaria de saber o q esse ip fez com o meu computador para q o problema se resolvesse também, se possivel

Lens

14-02-2010, 18:14

To com o mesmo problema... no chrome(e no ie tambem) não entra na pagina de logon do tibia ai eu não consigo me logar!!!!!

Já tentei algumas coisas citadas aqui mas nada funcionou (nem o IP que cola no navegador!) porfavor!!!!! ajudem-me!!!

Noah Teen

01-03-2010, 22:47

Olha,
quando tava dando esse erro aqui em casa eu procurei um monte sopbre como arrumar
alguns links me mandaram aqui, outros falaram sobre DNS
mas toda vez que eu vinha aqui eu fechava, pois seria um processo muito demorado e que não iria adiantar nada
mas resolvi testar e deichei o ComboFix enquanto ia tomar banho
demorou bastante, mas valeu à pena
realmente funciona!
então se você pensa que não vai funcionar ou está com preguissa
TENTE!

anciet dragon

02-03-2010, 21:41

eu tentei passar o combofix 2 vezes no meu pc e o mawarebytes algumas vezes (perdi as contas de quantas vezes eu já fiz isso) já passei varios antivirus e antispywares, reinstalei o client do tibia, nada adianta já faz 1 mes que eu estou tentando jogar e nada adianta quero conseguir jogar pq logo irei comprar PT, por isso estou pedindo ajuda

DÁ PRA ALGUEM DAR UMA LUZ E ME DIZER COMO Q EU RODO TIBIA NO MEU PC????

Blubber

19-03-2010, 16:55

Gente , eu estava com a net vivo zap (é um liiiiiiiiiiiiiiiiiiiiiiiiiiiixo)
o meu é ilimita mas é um lixo , eu não consegui acesar a perte de login no tibia..

entao hoje chegou a minha net de 3 mega !
olha o que continua aparecendo..

URL=http://img192.imageshack.us/i/asdasna.jpg/]http://img192.imageshack.us/img192/1811/asdasna.jpg[/URL]

o que eu devo fazer?

looukoo

20-03-2010, 10:13

Gente , eu estava com a net vivo zap (é um liiiiiiiiiiiiiiiiiiiiiiiiiiiixo)
o meu é ilimita mas é um lixo , eu não consegui acesar a perte de login no tibia..

entao hoje chegou a minha net de 3 mega !
olha o que continua aparecendo..

<imagem>

o que eu devo fazer?

vc seguiu o tutorial postado no primeiro topico, baixou e usou o COMBOFIX?

El Indiozón

27-03-2010, 23:31

Fudeu? passeio combofix e perdi meu pc por 1 semana, ja que pelo oq o tecnico falou, ele danificou totalmente o meu windons :D

Serafan

31-03-2010, 00:58

Oi Astecks,

Impossível, o ComboFix não danifica o seu computador. Traduzindo de um inglês rústico e barato: Combo = Combo + Fix = Concertar, logo, ComboFix é um conjunto de ferramentas que trabalham simultâneamente (combo) para corrigir (fix) erros do seu computador.
Os erros corrigidos pelo ComboFix são em geral, cookies corrompidos, ou unidades de registro não utilizadas/danificadas. Tome cuidado antes de difamar o programa sem conhecimento sobre ele, e sugiro que você procure um novo técnico, porque este possui um nível de conhecimento muito inferior ao necessário para ser denominado profissional.

//

eu tentei passar o combofix 2 vezes no meu pc e o mawarebytes algumas vezes (perdi as contas de quantas vezes eu já fiz isso) já passei varios antivirus e antispywares, reinstalei o client do tibia, nada adianta já faz 1 mes que eu estou tentando jogar e nada adianta quero conseguir jogar pq logo irei comprar PT, por isso estou pedindo ajuda

DÁ PRA ALGUEM DAR UMA LUZ E ME DIZER COMO Q EU RODO TIBIA NO MEU PC????

Oi ancient,

Se você ler o título do tópico com cuidado, verá que esta é uma solução para quem está com problemas na hora de acessar algum SITE (no caso o do tibia.com), e não refere-se a problemas com o acesso ao cliente do jogo.

Activia

07-04-2010, 19:57

comigo ocorreu a mesmo situaçlão que o cara do outro tópico, fui hackeado e agora o site tibia.com tá bloqueado aqui com a mensagem 'It works!'

até mesmo o site do meu provedor de e-mail (gmail) foi bloquado após isso.
ajudem por favor

ps. ja tentei as sugestões de por www e os cambau.

Serafan

07-04-2010, 20:12

Oi Activia,

Segue os procedimentos listados na mainpage do tópico que certamente seu problema será resolvido.

_*Yh@nN*_

07-04-2010, 23:52

Olá amigos,

estou com o mesmo problema do Activia, o site oficial tibia.com simplesmente não abre! aparece apenas a mensagem "It works!".

NO ENTANDO, ao utilizar um servidor free proxy "www.freeproxy.ws" consegui acessar o www.tibia.com (http://www.tibia.com), o que me leva a crer na possibilidade de vírus.
Já me adiantei com o procedimento citado na main page, e nada resolveu!
CCleaner executado e ComboFix passado, com antivírus desativado, conforme recomendações.

Eis o log:

ComboFix 10-04-06.05 - Yhann Hafael 07/04/2010 23:15:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.575 [GMT -3:00]
Executando de: c:\documents and settings\Yhann Hafael\Desktop\ComboFix*****
AV: avast! antivirus 4.8.1368 [VPS 100407-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\windows\system32\SIntf16.dll
c:\windows\system32\sknc.dll

A cópia de c:\windows\system32\ws2_32.dll foi encontrada e desinfectada
Cópia restaurada de - c:\windows\system32\dllcache\ws2_32.dll

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-08 to 2010-04-08 ))))))))))))))))))))))))))))
.

2010-04-08 02:06 . 2010-04-08 02:07 -------- d-----w- c:\documents and settings\Yhann Hafael\Dados de aplicativos\GetRightToGo
2010-03-31 00:06 . 2010-03-31 00:06 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-03-28 19:41 . 2010-03-28 19:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
2010-03-24 21:56 . 2010-04-02 02:17 -------- d-----w- c:\documents and settings\Yhann Hafael\Dados de aplicativos\Tibia
2010-03-24 21:55 . 2010-03-24 21:55 -------- d-----w- c:\arquivos de programas\Tibia

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-03-31 00:06 . 2010-03-31 00:06 503808 ----a-w- c:\documents and settings\Yhann Hafael\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54 \1a209876-4d063d66-n\msvcp71.dll
2010-03-31 00:06 . 2010-03-31 00:06 499712 ----a-w- c:\documents and settings\Yhann Hafael\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54 \1a209876-4d063d66-n\jmc.dll
2010-03-31 00:06 . 2010-03-31 00:06 348160 ----a-w- c:\documents and settings\Yhann Hafael\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54 \1a209876-4d063d66-n\msvcr71.dll
2010-03-31 00:06 . 2010-03-31 00:06 61440 ----a-w- c:\documents and settings\Yhann Hafael\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17 \6d0ad391-10e9a22f-n\decora-sse.dll
2010-03-31 00:06 . 2010-03-31 00:06 12800 ----a-w- c:\documents and settings\Yhann Hafael\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17 \6d0ad391-10e9a22f-n\decora-d3d.dll
2010-03-31 00:06 . 2009-12-21 15:11 -------- d-----w- c:\arquivos de programas\Java
2010-03-30 14:03 . 2009-12-21 15:52 -------- d-----w- c:\documents and settings\Yhann Hafael\Dados de aplicativos\Skype
2010-03-30 13:59 . 2009-12-21 15:53 -------- d-----w- c:\documents and settings\Yhann Hafael\Dados de aplicativos\skypePM
2010-03-27 02:01 . 2010-01-07 21:31 -------- d-----w- c:\documents and settings\Yhann Hafael\Dados de aplicativos\BitTorrent
2010-03-27 01:36 . 2009-12-21 16:00 -------- d-----w- c:\arquivos de programas\Garena
2010-03-17 00:46 . 2010-02-13 14:59 -------- d-----w- c:\documents and settings\Yhann Hafael\Dados de aplicativos\Vso
2010-03-13 00:27 . 2009-12-21 14:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2010-03-09 07:28 . 2009-12-21 15:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-28 06:05 . 2008-04-14 12:00 48628 ----a-w- c:\windows\system32\perfc016.dat
2010-02-28 06:05 . 2008-04-14 12:00 344380 ----a-w- c:\windows\system32\perfh016.dat
2010-02-27 18:02 . 2009-12-21 21:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-02-20 16:38 . 2010-02-12 05:05 -------- d-----w- c:\arquivos de programas\Microsoft Works
2010-02-18 21:13 . 2010-01-28 21:49 -------- d-----w- c:\arquivos de programas\Diablo II
2010-02-14 01:14 . 2010-02-14 01:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vsosdk
2010-02-12 21:08 . 2010-02-12 21:08 -------- d-----w- c:\arquivos de programas\PluginLetras
2010-02-12 05:39 . 2009-12-21 16:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2010-02-12 05:05 . 2010-02-12 05:05 -------- d-----w- c:\arquivos de programas\MSBuild
2010-02-12 01:50 . 2010-02-12 01:50 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2010-02-05 16:16 . 2010-01-28 21:53 40620 ----a-w- c:\windows\DIIUnin.dat
2010-02-02 17:03 . 2010-01-29 05:37 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-01-29 05:28 . 2010-01-28 21:58 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-01-29 05:28 . 2010-01-28 21:58 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-01-28 21:53 . 2010-01-28 21:53 94208 ----a-w- c:\windows\DIIUnin*****
2010-01-28 21:53 . 2010-01-28 21:53 2829 ----a-w- c:\windows\DIIUnin.pif
2010-01-28 05:44 . 2010-01-28 05:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\documents and settings\Yhann Hafael\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate*****" [2009-12-21 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched*****" [2010-02-18 248040]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp*****" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl*****" [2009-12-22 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON*****"="c:\windows\system32\CTFMON*****" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 17:57 948672 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-21 15:00 135664 ----atw- c:\documents and settings\Yhann Hafael\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 13:44 31072 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2007-04-11 05:06 53248 ----a-w- c:\windows\system32\SiSPower.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag*****"=
"%windir%\\system32\\sessmgr*****"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM*****"=
"c:\\Arquivos de programas\\Garena\\Garena*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr*****"=
"c:\\Arquivos de programas\\Messenger\\msmsgs*****"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw*****"=
"c:\\Arquivos de programas\\BitTorrent\\bittorrent*****"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK*****"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE*****"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE*****"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype*****"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1577:TCP"= 1577:TCP:zygvpl

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/1/2010 02:44 691696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/1/2010 03:08 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [11/1/2010 03:08 20560]
S2 gwdmuk;Manager Boot;c:\windows\system32\svchost***** -k netsvcs [14/4/2008 09:00 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\YHANNH ~1\CONFIG~1\Temp\ARC15.tmp --> c:\docume~1\YHANNH~1\CONFIG~1\Temp\ARC15.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-04-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC***** [2009-08-03 17:07]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://google.com.br/
mStart Page = hxxp://search.localstrike.com.ar/
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL*****/3000
FF - ProfilePath - c:\documents and settings\Yhann Hafael\Dados de aplicativos\Mozilla\Firefox\Profiles\gh0ty4kg.defa ult\
FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-QuickTime Task - c:\arquivos de programas\QuickTime\QTTask*****

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Fwww.gmer.net)
Rootkit scan 2010-04-07 23:23
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Fwww.gmer.net)

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl***** CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spwi.sys >>UNKNOWN [0x8578F938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75b3f28
\Driver\ACPI -> ACPI.sys @ 0xf741bcb8
\Driver\atapi -> atapi.sys @ 0xf73b0b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl***** @ 0x805a0598
ParseProcedure -> ntoskrnl***** @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl***** @ 0x805a0598
ParseProcedure -> ntoskrnl***** @ 0x8056ea15
NDIS: SiS 900 PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf72cdb0a
PacketIndicateHandler -> NDIS.sys @ 0xf72d8a21
SendHandler -> NDIS.sys @ 0xf72cd949
user & kernel MBR OK

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\G arenaPEngine]
"ImagePath"="\??\c:\docume~1\YHANNH~1\CONFIG~1\Temp\ARC15.tmp"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer*****'(3212)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv*****
c:\arquivos de programas\Alwil Software\Avast4\ashServ*****
c:\windows\system32\sistray*****
c:\arquivos de programas\Java\jre6\bin\jqs*****
c:\arquivos de programas\Windows Media Player\WMPNetwk*****
c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv*****
c:\arquivos de programas\Alwil Software\Avast4\ashWebSv*****
.
************************************************** ************************
.
Tempo para conclusão: 2010-04-07 23:28:51 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-04-08 02:28

Pré-execução: 6 pasta(s) 55.161.634.816 bytes disponíveis
Pós execução: 8 pasta(s) 55.135.924.224 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG*****
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BB124DC98875695B98144962E2A910CA

Certo de vossa ajuda, e no aguardo,
Yhann.

Serafan

08-04-2010, 13:22

Oi _*Yh@nN*_,

Aparentemente o seu computador está normal, dei uma olhada por cima no log e as únicas anormalidades que eu encontrei são algumas entradas de registro corrompidas, que já foram corrigidas, mas que não interferem em nada no seu problema.

Talvez o problema possa ser sim algum rootkit, ou malware.
Seguiremos um procedimento padrão para remover tais pragas:

- Baixe o malwarebytes nesse link:
http://www.baixaki.com.br/download/malwarebytes-anti-malware.htm

- Baixe o RegSeeker nesse link:
http://www.baixaki.com.br/download/regseeker.htm

- Baixe o SpyBot - Search & Destroy nesse link:
http://www.baixaki.com.br/download/spybot-search-destroy.htm

Execute o RegSeeker, clique em Find in registry e na caixa de dialogo Search For escreva " tibia " sem as aspas e minusculo.
Serão encontrados inumeras chaves de registros. Selecione todas clicando em uma aleatoria e usando o comando CTRL + A (selecionar tudo) do seu teclado, clique em Action em baixo da tela, e logo em seguida em Delete selected items...

-

Execute o malwarebytes, marque a opção Verificação Completa, e clique em verificar. Aguarde até o procedimento ser concluído, se alguma praga for encontrada, exclua.

-

Insale o SpyBot, e execute-o.
Clique em Search for Updates, escolha um mirror e clique em continue, depois em Download, espere terminar e depois clique em Exit. Depois no menu da esquerda clique em Imunizar, e em Immunize. Quando terminar, clique em Search & Destroy, no mesmo menu da esquerda, e em Examinar. Quando terminar, marque todos os erros que aparecerão em vermelho, e clique em Corrigir erros selecionados.

Thyco heel

12-04-2010, 22:35

Obrigadão mesmo, resolveu!

Serafan

14-04-2010, 13:47

Oi Rikkx,

Sempre que precisar, pode voltar aqui que me manterei ativo no tópico (:
Se achar conveniente pode me mandar uma MP clicando no meu nome na SIGN abaixo.

Sparkz Senpai

23-06-2010, 11:50

aqui em casa o site do tibia funciona normal...

quando eu clico em login ele trava com todos os navegador....

ja fiz o que voce falou e não adiantou nada... =(

se alguem souber do meu problema vou agradeçer mt

Serafan

04-07-2010, 23:04

Seu problema pode estar na latência entre o servidor que hosteia o site do tibia, com o seu provedor.

Para tirar a prova se tal informação é ou não procedente, vá até iniciar > executar;
Na caixa de dialogo que apareceu, digite: cmd

Na janela que abriu, escreva: ping www.tibia.com

Se o resultado for: Esgotado tempo limite do pedido
Problema: A latência está alta, e você não está conseguindo uma boa comunicação com o servidor.
Solução: Aumentar a velocidade da sua internet ou checar se a mesma possui limite de banda. Para saber se a sua internet possui um limite de banda (quantidade de dados que você pode transferir em um determinado tempo, geralmente um mês) ligue para o 0800 da sua prestadora de serviços banda larga e se informe.

Se o resultado for: Resposta de [IP]: bytes=32 tempo<Xms TTL=Y
Onde X e Y são variáveis.
Problema: Nenhum, a culpa não é da sua internet, o problema pode ser com o seu dns, tente limpar o cachê dns. Faça o seguinte:

Ainda na janela do prompt de comando (cmd) digite: ipconfig /flushdns
Repita este procedimento 3 vezes e tente acessar o site.

Se isso não resolver o seu problema, volte a postar aqui, tentarei ajuda-lo de diferentes formas possíveis.

nathanFJV

13-07-2010, 12:50

Log

ComboFix 10-07-12.06 - Nathan 13/07/2010 12:20:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1007.517 [GMT -3:00]
Executando de: c:\documents and settings\Nathan\Desktop\ComboFix*****
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\documents and settings\All Users\Menu Iniciar\Programas\Ardamax Keylogger
c:\documents and settings\All Users\Menu Iniciar\Programas\Ardamax Keylogger\Ardamax Keylogger.lnk
c:\documents and settings\All Users\Menu Iniciar\Programas\Ardamax Keylogger\Help.lnk
c:\documents and settings\All Users\Menu Iniciar\Programas\Ardamax Keylogger\Log Viewer.lnk
c:\documents and settings\MuAwaY\muaway*****
c:\documents and settings\MuAwaY\mumsg.dll
c:\documents and settings\MuAwaY\npgwev.dll
c:\documents and settings\MuAwaY\wz_patch.dll
c:\documents and settings\MuAwaY\wz_text.dll
C:\Thumbs.db
c:\windows\obs.txt
c:\windows\system32\28463
c:\windows\system32\28463\akv.cfg
c:\windows\system32\28463\Jul_03_2010__19_26_36.jp g
c:\windows\system32\28463\Jul_03_2010__19_27_36.jp g
c:\windows\system32\28463\Jul_03_2010__19_29_48.jp g
c:\windows\system32\28463\Jul_03_2010__19_30_48.jp g
c:\windows\system32\28463\Jul_03_2010__19_31_48.jp g
c:\windows\system32\28463\Jul_03_2010__19_32_49.jp g
c:\windows\system32\28463\Jul_03_2010__19_33_49.jp g
c:\windows\system32\28463\Jun_15_2010__18_30_30.jp g
c:\windows\system32\28463\key.bin
c:\windows\system32\28463\NPRJ.001
c:\windows\system32\28463\NPRJ.005
c:\windows\system32\28463\OTSH.001
c:\windows\system32\28463\OTSH.002
c:\windows\system32\28463\OTSH.006
c:\windows\system32\28463\OTSH.007
c:\windows\system32\28463\SKQG.001
c:\windows\system32\28463\SKQG.002
c:\windows\system32\28463\SKQG.002.tmp
c:\windows\system32\28463\SKQG.005
c:\windows\system32\28463\SKQG.005.tmp
c:\windows\system32\28463\SKQG.009
c:\windows\system32\28463\SKQG.009.tmp
c:\windows\system32\28463\WRIL.001
c:\windows\system32\28463\WRIL.002
c:\windows\system32\28463\WRIL.005
c:\windows\system32\28463\WRIL.007
c:\windows\system32\Thumbs.db
c:\windows\system32\winio.vxd
c:\windows\wpe pro.INI

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-06-13 to 2010-07-13 ))))))))))))))))))))))))))))
.

2010-07-13 03:54 . 2010-07-13 03:54 -------- d-----w- c:\arquivos de programas\Pando Networks
2010-07-12 04:50 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-12 04:50 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-12 04:50 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-12 04:50 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-12 04:50 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-07-12 04:50 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-07-12 04:50 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-07-12 04:50 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS*****
2010-07-12 04:50 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot*****
2010-07-12 04:50 . 2010-07-12 04:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software
2010-07-12 04:50 . 2010-07-12 04:50 -------- d-----w- c:\arquivos de programas\Alwil Software
2010-07-12 03:37 . 2010-07-13 01:31 -------- d-----w- c:\documents and settings\Cópia de MuAwaY
2010-07-12 03:24 . 2010-07-12 03:24 -------- d-----w- c:\arquivos de programas\Opera
2010-07-11 20:42 . 2010-07-11 20:42 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-10 16:16 . 2010-07-11 20:42 -------- d-----w- c:\arquivos de programas\Charles
2010-07-06 04:30 . 2010-07-06 04:30 -------- d-----w- c:\arquivos de programas\Rockstar Games
2010-07-06 01:28 . 2010-07-06 02:26 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar
2010-07-06 01:28 . 2010-07-06 11:48 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite
2010-07-06 01:28 . 2010-07-06 01:33 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\DAEMON Tools Lite
2010-07-06 01:27 . 2010-07-06 01:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite
2010-07-01 05:57 . 2010-07-01 05:57 -------- d-----w- c:\arquivos de programas\Bonjour
2010-06-30 03:42 . 2010-06-30 03:42 -------- d-----w- c:\documents and settings\Nathan\temp
2010-06-30 01:52 . 2010-06-30 01:52 -------- d-----w- c:\arquivos de programas\Wisdom-soft AutoScreenRecorder 3 Free
2010-06-26 23:45 . 2010-06-26 23:45 -------- d-----w- C:\TopEvo3
2010-06-25 19:14 . 2010-06-25 19:14 -------- d-----w- c:\arquivos de programas\AmitySource
2010-06-25 06:14 . 2010-07-12 22:08 -------- d-----w- C:\Fraps
2010-06-24 20:22 . 2010-06-24 20:22 -------- d-----w- c:\documents and settings\taynna\Dados de aplicativos\Apple Computer
2010-06-24 18:30 . 2010-07-12 19:42 -------- d-----w- c:\documents and settings\taynna\Dados de aplicativos\uTorrent
2010-06-22 03:00 . 2010-06-22 03:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-22 02:46 . 2008-07-10 16:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2010-06-22 02:46 . 2010-06-22 02:46 -------- d-----w- c:\windows\system32\QuickTime
2010-06-22 02:46 . 2010-06-22 02:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TechSmith
2010-06-22 02:46 . 2010-06-22 02:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TechSmith Shared
2010-06-22 02:46 . 2010-06-22 02:46 -------- d-----w- c:\arquivos de programas\TechSmith
2010-06-20 20:52 . 2010-06-20 20:52 8854 ----a-r- c:\documents and settings\Nathan\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E34423 7A2D9D856464AD727*****
2010-06-20 20:52 . 2010-06-20 20:52 40960 ----a-r- c:\documents and settings\Nathan\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D85 6464AD727*****
2010-06-20 20:52 . 2010-06-20 20:52 40960 ----a-r- c:\documents and settings\Nathan\Dados de aplicativos\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON*****
2010-06-20 20:52 . 2010-06-20 20:58 -------- d-----w- c:\arquivos de programas\Project64 1.6
2010-06-20 03:41 . 2010-06-20 03:56 -------- d-----w- c:\arquivos de programas\zbattle.net
2010-06-17 00:51 . 2010-06-17 00:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
2010-06-16 23:46 . 2010-06-16 23:46 -------- d-----w- c:\documents and settings\MuAwaY\GameGuard
2010-06-16 23:43 . 2010-06-16 23:45 -------- d-----w- c:\documents and settings\MuAwaY\data
2010-06-16 23:43 . 2007-07-21 13:52 163840 ----a-w- c:\documents and settings\MuAwaY\unrar.dll
2010-06-16 23:43 . 2009-01-13 04:51 565248 ----a-w- c:\documents and settings\MuAwaY\jogar*****
2010-06-16 23:43 . 2008-08-26 05:02 73728 ----a-w- c:\documents and settings\MuAwaY\atualiza*****
2010-06-16 23:43 . 2007-11-07 04:19 655872 ----a-w- c:\documents and settings\MuAwaY\msvcr90.dll
2010-06-16 23:43 . 2010-07-13 15:24 -------- d-----w- c:\documents and settings\MuAwaY
2010-06-16 23:43 . 2010-06-16 23:45 262683 ----a-w- c:\documents and settings\MuAwaY\unins000.dat
2010-06-16 23:43 . 2010-06-16 23:42 712330 ----a-w- c:\documents and settings\MuAwaY\unins000*****
2010-06-16 22:25 . 2008-04-13 22:20 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-06-16 19:39 . 2010-07-12 19:42 -------- d-----w- c:\documents and settings\taynna\Dados de aplicativos\Orbit
2010-06-16 14:06 . 2010-06-16 14:06 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\GrabPro
2010-06-16 14:06 . 2010-06-16 14:06 -------- d-----w- c:\arquivos de programas\Orbitdownloader
2010-06-16 14:06 . 2010-07-13 15:12 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\Orbit
2010-06-15 06:34 . 2010-06-16 04:20 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\TeamViewer
2010-06-15 06:34 . 2010-06-30 03:43 -------- d-----w- c:\arquivos de programas\TeamViewer
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-14 19:02 . 2010-06-25 16:19 -------- d-----w- C:\output

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-13 15:12 . 2010-05-22 15:24 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\uTorrent
2010-07-13 15:06 . 2010-05-21 20:59 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\Skype
2010-07-13 14:27 . 2010-05-23 04:24 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\skypePM
2010-07-12 21:40 . 2010-05-23 21:41 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-07-11 19:23 . 2010-05-23 01:35 -------- d-----w- c:\arquivos de programas\Cópia de MuAwaY
2010-07-01 05:57 . 2010-05-30 11:27 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-06-25 19:29 . 2010-05-22 13:35 -------- d-----w- c:\arquivos de programas\PhotoScape
2010-06-24 18:30 . 2010-05-22 15:25 -------- d-----w- c:\arquivos de programas\uTorrent
2010-06-23 22:00 . 2010-05-21 21:31 -------- d-----w- c:\arquivos de programas\MuAwaY
2010-06-17 00:51 . 2010-05-20 21:43 -------- d-----r- c:\arquivos de programas\Skype
2010-06-17 00:51 . 2010-05-20 21:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
2010-06-16 06:18 . 2010-05-22 06:06 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-14 17:00 . 2010-05-20 22:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-06-14 14:40 . 2010-05-22 19:12 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\LimeWire
2010-06-12 05:52 . 2010-05-21 21:16 -------- d-----w- c:\arquivos de programas\DevilzMu
2010-06-11 05:00 . 2010-05-20 22:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2010-06-10 18:39 . 2010-06-10 18:39 -------- d-----w- c:\documents and settings\taynna\Dados de aplicativos\4shared Desktop
2010-06-10 05:51 . 2010-05-25 01:47 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-06-08 22:55 . 2010-06-08 22:48 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\GetRightToGo
2010-06-08 20:19 . 2010-06-08 20:19 -------- d-----w- c:\arquivos de programas\baidu
2010-06-06 18:22 . 2010-06-05 19:55 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\DAEMON Tools Pro
2010-06-05 19:55 . 2010-06-05 19:55 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-05 19:55 . 2010-06-05 19:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Pro
2010-06-05 19:41 . 2010-05-20 21:56 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\Ahead
2010-06-02 13:17 . 2001-10-28 14:07 50152 ----a-w- c:\windows\system32\perfc016.dat
2010-06-02 13:17 . 2001-10-28 14:07 347980 ----a-w- c:\windows\system32\perfh016.dat
2010-06-01 06:01 . 2010-06-01 06:01 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2010-05-30 17:35 . 2010-05-30 12:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet
2010-05-30 11:52 . 2010-05-30 11:52 -------- d-----w- c:\arquivos de programas\Adobe Media Player
2010-05-30 11:48 . 2010-05-30 11:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR
2010-05-30 11:42 . 2010-05-30 11:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared
2010-05-29 22:56 . 2010-05-20 22:02 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2010-05-29 22:56 . 2010-05-22 19:11 -------- d-----w- c:\arquivos de programas\LimeWire
2010-05-29 03:40 . 2010-05-20 21:57 -------- d-----w- c:\arquivos de programas\Google
2010-05-29 03:40 . 2010-05-27 03:30 -------- d-----w- c:\arquivos de programas\SpeederXP
2010-05-24 22:35 . 2010-05-22 13:45 -------- d-----w- c:\arquivos de programas\PhotoFiltre Studio X
2010-05-23 04:24 . 2010-05-23 04:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-22 19:04 . 2010-05-22 19:04 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\Apple Computer
2010-05-22 14:14 . 2010-05-21 20:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2010-05-22 05:07 . 2010-05-22 05:07 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\Media Player Classic
2010-05-21 20:41 . 2010-05-21 20:41 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\Avira
2010-05-21 00:55 . 2010-05-21 00:55 0 ----a-w- c:\windows\nsreg.dat
2010-05-20 22:12 . 2010-05-20 22:12 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\Corel
2010-05-20 22:10 . 2010-05-20 22:10 65536 ----a-r- c:\documents and settings\Nathan\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00 B0D0428C0C*****
2010-05-20 22:10 . 2010-05-20 22:10 10134 ----a-r- c:\documents and settings\Nathan\Dados de aplicativos\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON*****
2010-05-20 22:10 . 2010-05-20 22:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InstallShield
2010-05-20 22:09 . 2010-05-20 22:09 -------- d-----w- c:\arquivos de programas\Corel
2010-05-20 22:09 . 2010-05-20 22:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel
2010-05-20 22:05 . 2010-05-20 22:05 -------- d-----w- c:\arquivos de programas\Microsoft Works
2010-05-20 22:05 . 2010-05-20 22:05 -------- d-----w- c:\arquivos de programas\MSBuild
2010-05-20 21:59 . 2010-05-20 21:58 -------- d-----w- c:\arquivos de programas\QuickTime
2010-05-20 21:58 . 2010-05-20 21:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer
2010-05-20 21:58 . 2010-05-20 21:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple
2010-05-20 21:58 . 2010-05-20 21:58 -------- d-----w- c:\arquivos de programas\Apple Software Update
2010-05-20 21:58 . 2010-05-20 21:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple
2010-05-20 21:56 . 2010-05-20 21:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead
2010-05-20 21:56 . 2010-05-20 21:56 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2010-05-20 21:54 . 2010-05-20 21:54 -------- d-----w- c:\arquivos de programas\Nero
2010-05-20 21:53 . 2010-05-20 21:53 -------- d-----w- c:\documents and settings\Nathan\Dados de aplicativos\Foxit
2010-05-20 21:53 . 2010-05-20 21:53 -------- d-----w- c:\arquivos de programas\Foxit Software
2010-05-20 21:52 . 2010-05-20 21:52 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2010-05-20 21:46 . 2010-05-20 21:45 -------- d-----w- c:\arquivos de programas\Windows Live
2010-05-20 21:45 . 2010-05-20 21:45 -------- d-----w- c:\arquivos de programas\Microsoft
2010-05-20 21:45 . 2010-05-20 21:45 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2010-05-20 21:43 . 2010-05-20 21:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2010-05-20 21:36 . 2010-05-20 21:36 -------- d-----w- c:\arquivos de programas\CCleaner
2010-05-20 21:35 . 2010-05-20 21:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink
2010-05-20 21:35 . 2010-05-20 21:35 -------- d-----w- c:\arquivos de programas\DVD Shrink
2010-05-20 21:34 . 2010-05-20 21:34 -------- d-----w- c:\arquivos de programas\DVDFab Decrypter 3
2010-05-20 21:30 . 2010-05-20 21:30 2232 ----a-w- c:\windows\java\Packages\Data\R7J5Z7RJ.DAT
2010-05-20 21:30 . 2010-05-20 21:30 155995 ----a-w- c:\windows\java\Packages\YE1NLJ1J*****
2010-05-20 21:30 . 2010-05-20 21:30 2678 ----a-w- c:\windows\java\Packages\Data\HBX39BBN.DAT
2010-05-20 21:30 . 2010-05-20 21:30 2678 ----a-w- c:\windows\java\Packages\Data\FPNJ135R.DAT
2010-05-20 21:30 . 2010-05-20 21:30 2678 ----a-w- c:\windows\java\Packages\Data\LFFRHN5R.DAT
2010-05-20 21:30 . 2010-05-20 21:30 2678 ----a-w- c:\windows\java\Packages\Data\C2UNRHBZ.DAT
2010-05-20 21:30 . 2010-05-20 21:30 2678 ----a-w- c:\windows\java\Packages\Data\2J5RZNP7.DAT
2010-05-20 21:29 . 2010-05-20 21:29 -------- d-----w- c:\arquivos de programas\Java
2010-05-20 21:29 . 2010-05-20 21:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java
2010-05-20 21:28 . 2010-05-20 21:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira
2010-05-20 21:28 . 2010-05-20 21:28 -------- d-----w- c:\arquivos de programas\Avira
2010-05-20 20:55 . 2010-05-20 20:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-20 20:13 . 2010-05-20 20:13 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2010-05-20 20:11 . 2010-05-20 20:11 -------- d-----w- c:\arquivos de programas\Serviços on-line
2010-05-20 20:11 . 2010-05-20 20:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços
2010-05-20 20:09 . 2010-05-20 20:09 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-20 17:00 . 2010-05-20 17:00 -------- d-----w- c:\arquivos de programas\Motorola
2010-05-04 17:17 . 2008-04-13 21:20 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:17 . 2008-04-13 21:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:17 . 2008-04-13 21:20 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 08:08 . 2008-04-13 20:54 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:31 . 2008-04-13 21:18 285696 ----a-w- c:\windows\system32\atmfd.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent*****" [2010-06-24 461688]
"Google Update"="c:\documents and settings\Nathan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate*****" [2010-06-11 136176]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite*****" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt*****" [2010-03-02 282792]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager** ***" [2008-08-14 611712]
"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI*****" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON*****"="c:\windows\system32\CTFMON*****" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm***** [2010-6-16 1809680]

[HKLM\~\startupfolder\C:^Documents and Settings^Nathan^Menu Iniciar^Programas^Inicializar^LimeWire On Startup.lnk]
path=c:\documents and settings\Nathan\Menu Iniciar\Programas\Inicializar\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-08-22 12:52 94208 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON*****]
2008-04-13 21:20 15360 ----a-w- c:\windows\system32\ctfmon*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 03:47 31016 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-05-27 14:11 77824 ----a-w- c:\windows\system32\hkcmd*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-05-27 14:11 94208 ----a-w- c:\windows\system32\igfxtray*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 19:30 249856 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 19:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-05-27 14:11 114688 ----a-w- c:\windows\system32\igfxpers*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 00:53 421888 ----a-w- c:\arquivos de programas\QuickTime\QTTask*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 19:12 26192168 ----a-r- c:\arquivos de programas\Skype\Phone\Skype*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-05-27 14:13 638976 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-05-27 13:46 577536 ----a-w- c:\windows\SOUNDMAN*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 07:25 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_05\bin\jusched*****

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"gusvc"=3 (0x3)
"NBService"=3 (0x3)
"fsssvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag*****"=
"%windir%\\system32\\sessmgr*****"=
"c:\\Arquivos de programas\\LimeWire\\LimeWire*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr*****"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK*****"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE*****"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE*****"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent*****"=
"c:\\Arquivos de programas\\Messenger\\msmsgs*****"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManage r*****"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm*****"=
"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet*****"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox*****"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM*****"=
"c:\\Documents and Settings\\Nathan\\temp\\TeamViewer\\Version5\\Team Viewer*****"=
"c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer*****"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder*****"=
"c:\\Arquivos de programas\\Opera\\opera*****"=
"c:\\Fraps\\MuAwaY\\jogar*****"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype*****"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/7/2010 01:50 165456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched***** [20/5/2010 18:28 135336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [12/7/2010 01:50 17744]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/6/2010 16:55 697328]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL*****/3000
TCP: {3D56B4E2-F7BF-4A3B-863E-BAF441542285} = 172.16.70.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nathan\Dados de aplicativos\Mozilla\Firefox\Profiles\b8x0j58n.defa ult\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - component: c:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDo wnloader\components\GrabXpcom.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Fwww.gmer.net)
Rootkit scan 2010-07-13 12:25
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

************************************************** ************************
.
Tempo para conclusão: 2010-07-13 12:28:22
ComboFix-quarantined-files.txt 2010-07-13 15:28

Pré-execução: 19 pasta(s) 40.082.825.216 bytes disponíveis
Pós execução: 21 pasta(s) 41.147.260.928 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG*****
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Instalaçao do Microsoft Windows XP Professional"

- - End Of File - - C1A10E280EAAD08DAAA414CDA1D0C82B

Serafan

30-08-2010, 22:42

c:\documents and settings\All Users\Menu Iniciar\Programas\Ardamax Keylogger
c:\documents and settings\All Users\Menu Iniciar\Programas\Ardamax Keylogger\Ardamax Keylogger.lnk
c:\documents and settings\All Users\Menu Iniciar\Programas\Ardamax Keylogger\Help.lnk
c:\documents and settings\All Users\Menu Iniciar\Programas\Ardamax Keylogger\Log Viewer.lnk

Parei de ler aqui. Seu computador ESTAVA infectado com o Ardamax KEYLOGGER, ao que tudo indica, o mesmo foi excluido com êxito do seu computador pelo ComboFix by sUBs~.

Outra parte que li, foi o final da mensagem, e pra minha surpresa (sarcasticmode) mais um vírus dos pesados havia sido encontrado.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer

Sugiro que você faça o seguinte:

- Faça o download do Malwarebytes Anti-Malware
http://www.malwarebytes.org/mbam-download.php

• Desative o antivírus;
• Faça a instalação dando um duplo clique em "mbam-setup";
• Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
• Marque "Verificação Completa" e depois clique em Verificar;
• Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
• Se algo for detectado, veja se tudo está marcado e clique em "Remover";
• O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
• Copie e cole o conteúdo desse log na sua próxima resposta.

sacrott

07-09-2010, 16:33

Aqui fica o log que me apareceu.
Aguardo alguma ajuda urgente, não consigo abrir o site www.ne-miguelito.com (http://forums.tibiabr.com/vcheckvirus.php?url=http%3A%2F%2Fwww.ne-miguelito.com).

.
Conteúdo da pasta 'Tarefas Agendadas'

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-252222327-4265913071-1583749728-1001Core.job
- c:\users\Jose Torcato\AppData\Local\Google\Update\GoogleUpdate** *** [2010-09-01 03:54]

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-252222327-4265913071-1583749728-1001UA.job
- c:\users\Jose Torcato\AppData\Local\Google\Update\GoogleUpdate** *** [2010-09-01 03:54]
.
.
------- Scan Suplementar -------
.
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Jose Torcato\AppData\Roaming\Mozilla\Firefox\Profiles\7 4fqcc27.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Jose Torcato\AppData\Local\Google\Update\1.2.183.29\npG oogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil 10i_ActiveX*****,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil1 0i_ActiveX*****"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2010-09-07 20:25:47
ComboFix-quarantined-files.txt 2010-09-07 19:25

Pré-execução: 13.338.083.328 bytes livres
Pós execução: 16.890.679.296 bytes livres

- - End Of File - - BCDA6588F3A9974069BCC857216A4D2A

Serafan

08-09-2010, 19:25

Aqui fica o log que me apareceu.
Aguardo alguma ajuda urgente, não consigo abrir o site www.ne-miguelito.com.
Bom, como você pode ver, este fórum é destinado à suporte para o tibia, e não para qualquer outro site/programa;

Infelizmente eu não posso lhe ajudar, porque não conheço o site que você citou, logo, não posso abordar um assunto com ignorância, apenas confundiria você;

Suporte a erros decorridos durante o acesso ao site do tibia.com são resolvidos com o uso do programa ComboFix by sUBs~ em 99% dos casos, pois o acesso é bloqueado por um erro de registro simples ou apenas cachês "sujos";

Para demais sites, sugiro que consulte um técnico especializado, que possa sentar na frente do seu computador afim de lhe ajudar conhecendo, estudando e analisando o seu problema, providenciando a melhor solução;

Fica aqui o meu "me desculpe" mas essa não é a minha "jurisdição".

Cadhos

08-09-2010, 19:52

ótimo, ajudará muitas pessoa.

Sugiro botar apenas para apenas desativar o antí-virus se souber dos riscos que está levando

ericomichelon

10-09-2010, 16:41

Log

ComboFix 10-09-09.04 - Erico 10/09/2010 15:07:10.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.2046.1214 [GMT -3:00]
Executando de: c:\users\Erico\Desktop\ComboFix*****
.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-10 to 2010-09-10 ))))))))))))))))))))))))))))
.

2010-09-10 18:11 . 2010-09-10 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-09 14:42 . 2010-09-09 14:42 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL*****
2010-09-09 14:41 . 2010-09-09 14:41 10134 ----a-r- c:\users\Erico\AppData\Roaming\Microsoft\Installer \{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON*****
2010-09-09 14:40 . 2010-09-09 14:40 10134 ----a-r- c:\users\Erico\AppData\Roaming\Microsoft\Installer \{C89C8D86-4423-4A58-AA40-DD259ACE07C1}\ARPPRODUCTICON*****
2010-08-28 17:28 . 2010-08-28 17:28 -------- d-----w- c:\users\Erico\AppData\Roaming\skypePM
2010-08-28 17:24 . 2010-09-08 22:23 -------- d-----w- c:\users\Erico\AppData\Roaming\Skype
2010-08-28 17:24 . 2010-09-08 22:23 -------- d-----w- c:\program files\Common Files\Skype
2010-08-28 17:24 . 2010-08-28 17:24 -------- d-----r- c:\program files\Skype
2010-08-28 17:23 . 2010-08-28 17:24 -------- d-----w- c:\programdata\Skype
2010-08-18 12:48 . 2010-08-18 12:48 -------- d-----w- c:\users\Erico\AppData\Roaming\Leadertech
2010-08-18 12:48 . 2010-08-18 12:48 -------- d-----w- c:\users\Erico\AppData\Local\Logishrd
2010-08-18 12:47 . 2010-08-18 12:49 -------- d-----w- c:\programdata\Logishrd
2010-08-18 12:42 . 2010-09-08 22:23 -------- d-----w- c:\program files\Common Files\Real
2010-08-18 12:42 . 2010-09-08 22:23 -------- d-----w- c:\program files\Real
2010-08-18 12:42 . 2010-08-18 12:42 -------- d-----w- c:\users\Erico\AppData\Roaming\Logishrd
2010-08-18 02:18 . 2010-08-18 12:42 -------- d-----w- c:\users\Erico\AppData\Roaming\Logitech
2010-08-18 02:18 . 2010-09-08 22:23 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-08-18 02:16 . 2007-01-30 04:46 69632 ----a-w- c:\windows\system32\KemXML.dll
2010-08-18 02:16 . 2007-01-30 04:46 163840 ----a-w- c:\windows\system32\kemutb.dll
2010-08-18 02:16 . 2007-01-30 04:46 110592 ----a-w- c:\windows\system32\KemWnd.dll
2010-08-18 02:16 . 2007-01-30 04:46 135168 ----a-w- c:\windows\system32\KemUtil.dll
2010-08-18 02:15 . 2010-09-08 22:23 -------- d-----w- c:\programdata\Logitech
2010-08-18 02:15 . 2010-09-09 14:42 -------- d-----w- c:\program files\Logitech
2010-08-18 02:15 . 2010-09-09 14:41 -------- d-----w- c:\program files\Common Files\Logitech
2010-08-18 02:15 . 2010-08-18 02:15 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-17 20:28 . 2010-09-09 19:05 -------- d-----w- C:\Compartilhamento
2010-08-17 01:44 . 2010-09-08 23:08 -------- d-----w- c:\users\Erico\AppData\Local\ElevatedDiagnostics
2010-08-17 00:46 . 2010-09-08 22:23 -------- d-----w- c:\users\Erico\MINHA PASTA
2010-08-17 00:43 . 2010-09-08 22:23 -------- d-----w- c:\users\Erico\Pagoude e tudo mais
2010-08-17 00:32 . 2010-09-08 22:23 -------- d-----w- c:\users\Erico\MÚSICAS
2010-08-17 00:32 . 2010-08-24 00:43 -------- d-----w- c:\users\Erico\Estudos
2010-08-17 00:32 . 2010-08-17 00:34 -------- d-----w- c:\users\Erico\HTC_HD2
2010-08-17 00:31 . 2010-08-17 21:11 -------- d-----w- c:\users\Erico\Backup
2010-08-14 14:05 . 2010-08-14 14:05 -------- d-----w- c:\users\Public\CyberLink
2010-08-14 14:04 . 2010-08-14 14:04 -------- d-----w- c:\users\Erico\AppData\Local\Cyberlink
2010-08-14 14:03 . 2010-08-14 14:04 -------- d-----w- c:\users\Erico\AppData\Local\Adobe
2010-08-14 14:03 . 2010-08-14 14:03 -------- d-----w- c:\users\Erico\AppData\Roaming\CyberLink
2010-08-14 13:49 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-14 13:49 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-14 13:49 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-14 13:49 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-14 13:49 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-14 13:48 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS*****
2010-08-14 13:48 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot*****
2010-08-14 13:48 . 2010-08-14 13:48 -------- d-----w- c:\programdata\Alwil Software
2010-08-14 13:48 . 2010-08-14 13:48 -------- d-----w- c:\program files\Alwil Software
2010-08-14 13:47 . 2010-08-14 14:03 -------- d-----w- c:\users\Erico\AppData\Local\Ahead
2010-08-14 13:42 . 2010-08-14 13:42 -------- d-----w- c:\users\Erico\AppData\Roaming\Ahead
2010-08-14 13:42 . 2010-08-14 13:42 -------- d-----w- c:\programdata\Ahead
2010-08-14 13:41 . 2010-08-14 13:42 -------- d-----w- c:\program files\Common Files\Ahead
2010-08-14 13:41 . 2010-08-14 13:41 -------- d-----w- c:\programdata\Nero
2010-08-14 13:41 . 2010-08-14 13:41 -------- d-----w- c:\program files\Nero
2010-08-14 13:32 . 2010-08-14 13:32 -------- d-----w- c:\program files\Bonjour
2010-08-14 13:29 . 2010-08-14 13:29 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-08-14 13:19 . 2010-09-10 16:04 -------- d-----w- c:\users\Erico\Tracing
2010-08-14 13:19 . 2010-08-14 13:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-14 13:18 . 2010-08-14 13:18 -------- d-----w- c:\program files\Microsoft
2010-08-14 13:17 . 2010-08-14 13:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-08-14 13:17 . 2010-08-14 13:18 -------- d-----w- c:\program files\Windows Live
2010-08-14 13:13 . 2010-08-14 13:13 -------- d-----w- c:\program files\Common Files\Windows Live
2010-08-14 13:08 . 2010-08-14 14:03 -------- d-----w- c:\programdata\CyberLink
2010-08-14 13:08 . 2010-09-09 14:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-14 13:08 . 2010-08-14 13:08 -------- d-----w- c:\program files\Common Files\CyberLink
2010-08-14 13:06 . 2010-08-14 13:08 -------- d-----w- c:\program files\CyberLink
2010-08-14 13:06 . 2010-08-14 13:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-14 13:06 . 2010-08-14 13:06 53319 ----a-w- c:\programdata\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild*****
2010-08-14 13:04 . 2010-08-14 13:04 -------- d-----w- c:\program files\Microsoft Works
2010-08-14 13:04 . 2010-08-14 13:04 -------- d-----w- c:\windows\PCHEALTH
2010-08-14 13:01 . 2010-08-14 13:01 -------- d-----r- C:\MSOCache
2010-08-14 13:00 . 2010-08-14 13:00 -------- d-----w- c:\program files\Common Files\Java
2010-08-14 12:58 . 2010-08-14 12:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-14 12:58 . 2010-08-14 12:58 -------- d-----w- c:\program files\Java
2010-08-14 12:52 . 2009-09-04 20:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-08-14 12:52 . 2009-09-04 20:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-08-14 12:52 . 2009-09-04 20:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-08-14 12:52 . 2009-09-04 20:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-08-14 12:52 . 2009-09-04 20:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-08-14 12:50 . 2010-08-14 12:50 -------- d-----w- c:\program files\DVD Decrypter
2010-08-14 12:47 . 2010-09-08 22:16 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 3
2010-08-14 12:46 . 2010-08-14 12:49 -------- d-----w- c:\program files\Google
2010-08-14 12:46 . 2001-10-28 20:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-08-14 12:46 . 2010-08-14 12:46 -------- d-----w- c:\program files\PDFCreator
2010-08-14 12:46 . 1998-07-06 04:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-08-14 12:45 . 2010-08-14 12:45 -------- d-----w- c:\windows\system32\Adobe
2010-08-14 12:45 . 2010-08-14 12:45 -------- d-----w- c:\program files\uTorrent
2010-08-14 12:44 . 2010-08-14 14:05 -------- d-----w- c:\users\Erico\AppData\Roaming\uTorrent
2010-08-14 12:44 . 2010-08-14 13:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-14 12:44 . 2010-08-14 12:44 -------- d-----w- c:\programdata\eMule
2010-08-14 12:44 . 2010-08-14 12:44 -------- d-----w- c:\users\Erico\AppData\Local\eMule
2010-08-14 12:44 . 2010-08-14 12:44 -------- d-----w- c:\program files\eMule
2010-08-14 12:23 . 2010-08-14 12:50 -------- d-----w- c:\users\Erico\AppData\Local\Google
2010-08-14 12:22 . 2010-08-14 14:04 93648 ----a-w- c:\users\Erico\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-14 12:22 . 2010-08-14 12:23 -------- d-----w- c:\users\Erico\AppData\Local\Deployment
2010-08-14 12:22 . 2010-08-14 12:22 -------- d-----w- c:\users\Erico\AppData\Local\Apps
2010-08-14 12:18 . 2010-08-28 17:18 -------- d-----w- C:\Downloads
2010-08-14 12:17 . 2010-08-14 12:17 -------- d-----w- c:\users\Erico\AppData\Local\Microsoft Help
2010-08-14 12:17 . 2009-09-28 02:12 490088 ----a-w- c:\windows\system32\nvuninst*****
2010-08-14 12:16 . 2010-08-14 12:16 -------- d-----w- c:\program files\Microsoft SDKs
2010-08-14 12:16 . 2010-08-14 13:05 -------- d-----w- c:\programdata\Microsoft Help
2010-08-14 12:16 . 2010-08-14 12:16 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-08-14 12:16 . 2010-08-14 12:16 -------- d-----w- c:\program files\Microsoft.NET
2010-08-14 12:15 . 2010-08-14 12:15 -------- d-----w- c:\program files\Common Files\Corel
2010-08-14 12:15 . 2010-08-14 12:15 -------- d-----w- c:\programdata\Corel
2010-08-14 12:13 . 2010-08-14 12:13 -------- d-----w- c:\windows\system32\Macromed
2010-08-14 12:13 . 2010-09-10 18:10 -------- d-----w- c:\users\Erico\AppData\Roaming\Free Download Manager
2010-08-14 12:13 . 2010-08-14 12:13 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2010-08-14 12:13 . 2010-08-14 12:13 -------- d-----w- c:\program files\Free Download Manager
2010-08-14 12:12 . 2010-08-14 12:12 -------- d-----w- c:\program files\Corel
2010-08-14 12:11 . 2010-08-14 12:11 0 ----a-w- c:\windows\nsreg.dat
2010-08-14 12:11 . 2010-08-14 12:11 -------- d-----w- c:\users\Erico\AppData\Local\Mozilla
2010-08-14 12:11 . 2010-09-10 15:56 -------- d-sh--w- c:\windows\Installer
2010-08-14 12:10 . 2010-03-30 14:02 610 ----a-w- c:\windows\OEMLOGO7.reg
2010-08-14 12:06 . 2010-05-21 17:14 221568 ------w- c:\windows\system32\MpSigStub*****
2010-08-14 12:00 . 2010-09-10 15:00 -------- d-----w- c:\windows\system32\wbem\Performance
2010-08-14 05:56 . 2010-08-14 01:03 -------- d-----w- c:\windows\Panther
2010-08-14 01:02 . 2010-08-14 01:02 -------- d-----w- C:\Recovery

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-10 15:00 . 2009-07-29 18:38 654272 ----a-w- c:\windows\system32\prfh0416.dat
2010-09-10 15:00 . 2009-07-29 18:38 124724 ----a-w- c:\windows\system32\prfc0416.dat
2010-09-10 02:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-09-10 02:22 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-09-10 02:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-09-10 02:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-09-10 02:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-09-10 02:22 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-18 02:16 . 2010-08-18 02:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2010-08-14 13:06 . 2003-03-18 23:14 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-14 13:06 . 2003-02-21 07:42 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-14 12:00 . 2010-08-14 12:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
2010-08-14 01:02 . 2010-08-14 01:02 -------- d-sh--we c:\programdata\Modelos
2010-08-14 01:02 . 2010-08-14 01:02 -------- d-sh--we c:\programdata\Menu Iniciar
2010-08-14 01:02 . 2010-08-14 01:02 -------- d-sh--we c:\programdata\Favoritos
2010-08-14 01:02 . 2010-08-14 01:02 -------- d-sh--we c:\programdata\Documentos
2010-08-14 01:02 . 2010-08-14 01:02 -------- d-sh--we c:\programdata\Dados de aplicativos
2010-08-14 01:02 . 2010-08-14 01:02 -------- d-sh--we c:\program files\Common Files\Sistema
2010-08-14 01:02 . 2010-08-14 01:02 -------- d-sh--we c:\program files\Arquivos Comuns
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail*****
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm*****" [2009-01-31 3399727]
"Google Update"="c:\users\Erico\AppData\Local\Google\Update\GoogleU pdate*****" [2010-08-14 136176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor*****" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl*****" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM*****" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched*****" [2010-05-14 248552]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv*****" [2010-02-03 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs*****" [2010-03-13 75048]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck*****" [2007-03-01 153136]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI*****" [2010-06-28 2837864]
"Kernel and Hardware Abstraction Layer"="KHALMNPR*****" [2007-01-23 101136]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper*****" [2007-01-12 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX*****" [2007-01-12 244512]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger ***** [2010-9-9 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint***** [2010-9-9 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate***** [2010-08-14 136176]
R3 FXDrv32;FXDrv32;D:\FXDrv32.sys [x]
S1 aswSP;aswSP; [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/14 10:08];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 15:58 87536]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-06-28 50256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-19 189440]

.
Conteúdo da pasta 'Tarefas Agendadas'

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate***** [2010-08-14 12:46]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate***** [2010-08-14 12:46]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2932839343-234985235-1370105787-1001Core.job
- c:\users\Erico\AppData\Local\Google\Update\GoogleU pdate***** [2010-08-14 12:23]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2932839343-234985235-1370105787-1001UA.job
- c:\users\Erico\AppData\Local\Google\Update\GoogleU pdate***** [2010-08-14 12:23]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos*****/200
IE: Baixar com o Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL*****/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Erico\AppData\Roaming\Mozilla\Firefox\Pro files\2s2hrz5e.default\
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.d ll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Erico\AppData\Local\Google\Update\1.2.183 .29\npGoogleOneClick8.dll
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{ 1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil 10i_ActiveX*****,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil1 0i_ActiveX*****"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
LOG

@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'Explorer*****'(4012)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Tempo para conclusão: 2010-09-10 15:13:32
ComboFix-quarantined-files.txt 2010-09-10 18:13

Pré-execução: 58.462.244.864 bytes disponíveis
Pós execução: 59.295.748.096 bytes disponíveis

- - End Of File - - C375EBB2A3B3F96158CF5DFBB8CF38DD

Serafan

10-09-2010, 18:49

Olá ericomichelon,

Só pelo fato de não entrar no site do mercadolivre, sem mesmo analisar o seu log, acredito que já sei qual é o problema.

Tente entrar nestes 3 sites e me diga o resultado:

www.virustotal.com
www.microsoft.com
www.avast.com

Aguardo resposta, :thumb: !

ericomichelon

10-09-2010, 19:04

Serafan

11-09-2010, 19:29

serafanbtw, sem problemas para entrar nos sites que voce indicou, o navegador entrou sem problemas. alem do mercadolivre ele também nao entra em sites como:

www.armaniexchange.com
http://coolspotters.com/
http://weezythanxyou.com/
http://www.justintimberlake.com/
http://www.trapmuzik.com/

e no site do ebay (www.ebay.com) ele entra normal, consigo navegar pelo site tranquilamente, fazer pesquisas e tudo, porem quando clico para entra na minha conta (My eBay) o navegador tranca e nao vai.
• Vá até o site "baixaki.com.br" e faça download do navegador Google Chrome (o mais atual).
• Instale-o e defina-o como seu navegador padrão;
• Vá em inciar > painel de controle > conexões de rede e de internet > conexões de rede;
• Clique com o botão direito do mouse em Conexão local e em seguida em Reparar;
• Vá em iniciar > executar;
• Digite na caixa de dialogo que apareceu: cmd
• Na janela do prompt de comando escreva: ipconfig /flushdns e aperte enter;
• Escreva novamente ipconfig /flushdns e aperte enter, e repita essa mesma ação mais 2 vezes, totalizando 4 (quatro);
• Feche o prompt de comando e tente navegar novamente nos sites que você citou.

Poste aqui o resultado,
Aguardo resposta, :thumb: !

ericomichelon

13-09-2010, 19:27

nada feito amigo, o problema persiste.
só para deixar claro,possuo o windows 7, mas mesmo assim realizei a operaçao do executar, mas nada de corrigir o problema. quanto ao navegador eu já utizilo o google chrome, e já tentei nos outros navegadores tbm, nada certo.
:S

e agora? nem o técnico que vem aqui descobriu o que podia ser...disse que nunca viu isso antes

Serafan

13-09-2010, 21:09

Vamos denovo, hehe:

Desative o seu antivírus e o seu firewall temporariamente.
Vá até o google chrome e clique em personalizar e controlar o google chrome (uma chave inglesa no canto superior direito da sua tela), e em seguida em opções.

Na aba configurações avançadas você desmarca a opção ativar proteção contra pishing e malware.

Clique em configuração de conteúdo e na guia da esquerda navegue até pop-ups. Agora marque a opção permitir que todos sites mostrem pop-ups.

Vá em iniciar > painel de controle > conexões de rede e de internet > opções da internet.
Na aba segurança você definirá o nível de segurança desta zona como baixo.

Na aba privacidade você definirá as configurações como aceitar todos os cookies.

Na aba conteúdo clique em limpar estado ssl.

Na aba avançadas role a barra bem para baixo e verifique se usar ssl 2.0 e usar ssl 3.0 estão marcadas, caso não estejam, marque-as.
Ainda na barra avançadas você vai ao topo da caixa e marque a opção usar http 1.1 e desmarque usar http 1.1 através de conexões via proxy.

Vá até meu computador > disco local (c:) > windows > system32 (ou system64 se o seu windows for 64 bits) > drivers > etc.
Clique com o botão direito do mouse em cima de hosts e em propriedades.
Desmarque a opção somente leitura e confirme clicando em ok.
Dê um duplo clique no arquivo e selecione para abrir com o bloco de notas.

No txt que apareceu você apaga TUDO que estiver escrito e escreve apenas isso:

127.0.0.1 localhost

Salve as alterações e clique novamente com o botão direito no arquivo hosts e em seguida em propriedades. Agora, marque a opção somente leitura e confirme com um ok.

Tente entrar novamente nos sites, (em todos eles) pra ver se agora já dá pra entrar em algum.
Caso não dê, reinicie o computador e o modem, desative o antivírus e o firewall, tente novamente e retorne aqui com o resultado.

ericomichelon

14-09-2010, 11:46

nada resolvido, fiz exatamente o que voce falou, mas os sites continuam carregando e nao entrando....todos eles..
to fudid*

MC Vini Tibiano

30-12-2010, 13:10

Ola serafan o moderador girafales me recomendou esse topico axo q pelas respostas ele deve ser mto bom mas porem eu nao sei desativar meu antivirus desculpe e pq apenas o meu irmao mexe nisso eu nao sei se vc poder me ajudar eu uso AVG 7.5 ele e tudu em ingles eu nao desativa-lo e parabens pelo topico =]!!!

Serafan

27-01-2011, 21:27

nada resolvido, fiz exatamente o que voce falou, mas os sites continuam carregando e nao entrando....todos eles..
to fudid*

Estive away da seção de suporte por muito tempo em função das Hotnews, portanto, não creio que você ainda esteja passando pelos mesmos problemas. Dou sua dúvida como encerrada.

Ola serafan o moderador girafales me recomendou esse topico axo q pelas respostas ele deve ser mto bom mas porem eu nao sei desativar meu antivirus desculpe e pq apenas o meu irmao mexe nisso eu nao sei se vc poder me ajudar eu uso AVG 7.5 ele e tudu em ingles eu nao desativa-lo e parabens pelo topico =]!!!

Obrigado pelo elogio. Sigamos à sua dúvida. Para desativar o AVG 7.5 é um pouco mais complicado porque a proteção residente não pára, então, o jeito é desinstalar e instalar novamente.

Para desinstalar o AVG faça o seguinte:
Clique em Iniciar > Configurações > Painel de Controle > Adicionar ou remover programas.

Uma janela aparecerá. Procure pelo seu antivírus e clique em Remover. Siga o passo-à-passo do unistaller e pronto.

deivinho210

31-01-2011, 21:22

ei serafan min ajuda ae to com um problema toda vez ke eu vo cria um char de tibia no site oficial quando eu entro no site click em create account vai pro secure.tibia.com mais toda vez ke vai pro secure.tibia ñ pega da erro na pagina eu queria saber pq

vlw ser puder ajuda :D

everton marduk

02-02-2012, 21:20

estou tendo problemas ao abrir site do tibia.com .....ja instalei ,desinstalei ,navegador ,flash player ,ja desativei firewalll e ja passei Combofix ....ja tentei abrir em tres navegadores diferentes e nada ...ja dei about.config pra mudar tempo maximo de script para 30,20,10 segundos e nada ....bem olhando as propriedades da pagina do tbia.com observei que ela está em modo de (“Quirks mode”) que são sites para trabalhar com browsers antigos como IE 4 e tals ...bem meu Mozilla é o 10 e o que está acontecendo é isso a renderização do site esta toda bagunçada .....se eu puder e for de ajuda para alguem me ajudar a saber o que fazer eu tiro ss da pagina e das propriedades dela . obrigado desde já .

everton marduk

02-02-2012, 21:39