Versão Imprimível
Caro Diego,
Fico alegre em saber que o meu tópico está ajudando os membros aqui do fórum a solucionarem dúvidas e problemas que encomodam bastante no nosso dia-a-dia no tibia.
Fique sabendo que qualquer outra dúvida pode ser respondida aqui no fórum de suporte ou até mesmo clicando no link a baixo, por MP.
Log
Código:ComboFix 09-11-27.04 - Familia 28/11/2009 1:35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.233 [GMT -2:00]
Executando de: c:\documents and settings\Familia\Meus documentos\Downloads\ComboFix*****
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\twain_32.dll
----- BITS: Sites possivelmente infectados -----
hxxp://armmf.adobe.com
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-28 to 2009-11-28 ))))))))))))))))))))))))))))
.
2009-11-28 01:44 . 2009-11-26 15:02 58720 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Zwunzi\zwunzi129*****
2009-11-26 19:38 . 2009-11-26 19:48 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\MessengerDiscovery 2
2009-11-26 16:44 . 2009-11-28 03:30 -------- d-----w- c:\arquivos de programas\Zwunzi
2009-11-26 16:44 . 2009-11-28 01:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Zwunzi
2009-11-22 19:41 . 2009-11-22 19:46 -------- d-----w- c:\arquivos de programas\******** NG 8.50 ot
2009-11-22 06:25 . 2009-11-25 23:35 -------- d-----w- c:\arquivos de programas\Ot 8.50
2009-11-21 02:26 . 2009-11-21 04:05 -------- d-----w- c:\arquivos de programas\Conquer 2.0
2009-11-20 05:36 . 2009-11-26 21:49 -------- d-----w- C:\GunSoft
2009-11-20 02:50 . 2009-11-20 04:20 452464325 ----a-w- C:\KnightOnlineSetup_1708*****
2009-11-20 00:40 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-20 00:40 . 2008-04-13 18:40 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-19 15:04 . 2009-11-19 15:04 1 ----a-w- c:\documents and settings\Familia\Dados de aplicativos\BrOffice.org2\user\uno_packages\cache\stamp.sys
2009-11-18 20:36 . 2009-11-18 20:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\EZB Systems
2009-11-18 20:36 . 2009-11-18 20:36 -------- d-----w- c:\arquivos de programas\UltraISO
2009-11-18 20:21 . 2009-11-18 20:21 -------- d-----w- c:\arquivos de programas\WinISO
2009-11-17 23:03 . 2009-11-19 07:34 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight
2009-11-17 20:05 . 2009-11-17 20:05 -------- d-----w- c:\arquivos de programas\MGTGames
2009-11-17 20:02 . 2000-01-14 15:14 101376 ----a-w- c:\windows\UniFish3*****
2009-11-17 20:01 . 2009-11-17 20:01 -------- d-----w- c:\arquivos de programas\Hasbro Interactive
2009-11-17 19:52 . 2009-11-17 19:52 -------- d-----w- c:\arquivos de programas\MyRealGames.com
2009-11-17 15:22 . 2009-11-18 00:07 -------- d-----w- c:\arquivos de programas\Tremulous
2009-11-17 11:56 . 2009-11-04 13:18 58872 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Findbasic\findbasic137*****
2009-11-17 02:39 . 2009-11-17 02:39 -------- d-----w- c:\arquivos de programas\Incanta
2009-11-17 02:37 . 2009-11-17 02:37 -------- d-----w- c:\documents and settings\Familia\WINDOWS
2009-11-16 19:58 . 2009-11-16 19:58 152576 ----a-w- c:\documents and settings\Familia\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-16 19:46 . 2009-11-16 19:57 79488 ----a-w- c:\documents and settings\Familia\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-14 14:23 . 2009-11-14 14:23 -------- d-----w- C:\Sierra
2009-11-14 13:41 . 2009-11-14 13:41 -------- d-----w- c:\arquivos de programas\Discador Digerati
2009-11-11 16:32 . 2009-11-24 20:06 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\sqlitestudio
2009-11-08 01:49 . 2009-11-08 01:49 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-07 01:41 . 2009-11-07 01:41 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\Nokia
2009-11-06 22:58 . 2009-11-06 22:58 -------- d-sh--w- c:\documents and settings\Familia\PrivacIE
2009-11-06 22:53 . 2009-11-06 22:53 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\DataLayer
2009-11-06 19:07 . 2009-11-16 20:34 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\MSN6
2009-11-02 16:17 . 2009-11-02 16:17 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\Ahead
2009-10-31 21:12 . 2009-11-08 01:49 -------- d-----w- c:\documents and settings\Familia\Phone Browser
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 02:44 . 2008-01-10 17:25 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-11-27 21:57 . 2009-07-15 00:53 -------- d-----w- c:\arquivos de programas\******** NG
2009-11-26 21:53 . 2009-10-16 21:40 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\VMNTOOLBAR
2009-11-23 15:22 . 2009-10-16 22:38 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\Tibia
2009-11-22 13:08 . 2008-03-12 13:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-11-22 05:59 . 2009-06-12 16:34 -------- d-----w- c:\arquivos de programas\No-IP
2009-11-21 12:01 . 2007-10-11 20:21 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-11-21 04:49 . 2009-08-15 19:11 -------- d--h--w- c:\arquivos de programas\updart
2009-11-20 00:59 . 2008-07-08 16:15 -------- d-----w- c:\arquivos de programas\FunWebProducts
2009-11-19 16:37 . 2009-10-25 01:03 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\BrOffice.org2
2009-11-17 23:03 . 2008-03-29 14:37 -------- d-----w- c:\arquivos de programas\Windows Live
2009-11-17 15:01 . 2009-10-03 23:12 -------- d-----w- c:\arquivos de programas\Findbasic
2009-11-17 12:19 . 2001-10-28 15:07 83264 ----a-w- c:\windows\system32\perfc016.dat
2009-11-17 12:19 . 2001-10-28 15:07 477488 ----a-w- c:\windows\system32\perfh016.dat
2009-11-17 11:56 . 2009-10-03 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Findbasic
2009-11-17 02:22 . 2009-10-04 19:23 -------- d-----w- c:\arquivos de programas\Tibia 8.500
2009-11-16 21:00 . 2009-01-14 18:04 -------- d-----w- c:\arquivos de programas\Tibia
2009-11-16 21:00 . 2009-07-29 07:29 -------- d-----w- c:\arquivos de programas\******** NG1
2009-11-16 21:00 . 2009-10-16 13:43 -------- d-----w- c:\arquivos de programas\******** NG 8.50
2009-11-16 19:59 . 2008-03-05 16:47 -------- d-----w- c:\arquivos de programas\Java
2009-11-04 14:30 . 2009-10-16 21:40 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\EmailNotifier
2009-10-27 23:48 . 2008-03-28 23:20 -------- d-----w- c:\arquivos de programas\Google
2009-10-25 01:08 . 2009-10-25 01:08 -------- d-----w- c:\arquivos de programas\Cresce.Net
2009-10-25 01:02 . 2009-10-25 01:02 -------- d-----w- c:\arquivos de programas\Phoenix Crew
2009-10-16 22:39 . 2009-10-16 22:39 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\Windows Live Writer
2009-10-16 22:33 . 2009-10-16 22:33 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\PC Suite
2009-10-16 21:54 . 2009-10-16 21:54 -------- d-----w- c:\documents and settings\Familia\Dados de aplicativos\PC Suite
2009-10-16 01:14 . 2009-10-16 01:14 -------- d-----w- c:\arquivos de programas\Discador TopGames
2009-10-14 11:45 . 2009-09-06 21:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared
2009-10-11 06:17 . 2008-12-10 09:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 18:58 . 2009-10-07 18:58 28 ----a-w- c:\documents and settings\Bebiano\07102009.Dat
2009-10-07 13:59 . 2009-09-09 22:09 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\MPK
2009-10-06 16:10 . 2009-10-06 16:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\VMNTOOLBAR
2009-10-06 16:10 . 2009-10-06 16:10 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\EmailNotifier
2009-10-06 16:10 . 2009-10-06 16:10 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos\VMNTOOLBAR
2009-10-06 16:10 . 2009-10-06 16:10 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos\EmailNotifier
2009-10-06 16:00 . 2009-10-06 16:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PC Suite
2009-10-04 15:13 . 2009-10-04 15:13 28 ----a-w- c:\documents and settings\Bebiano\04102009.Dat
2009-10-04 15:05 . 2009-05-13 03:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8
2009-10-03 23:12 . 2009-10-03 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\EmailNotifier
2009-10-03 23:12 . 2009-10-03 23:12 -------- d-----w- c:\arquivos de programas\vmntoolbar
2009-10-03 23:12 . 2009-10-03 23:12 -------- d-----w- c:\arquivos de programas\CA VMN Anti-Spyware
2009-10-03 23:12 . 2009-10-03 23:12 -------- d-----w- c:\arquivos de programas\Common Files
2009-10-03 23:11 . 2009-10-03 23:11 -------- d-----w- c:\arquivos de programas\Free Screensavers
2009-09-30 15:31 . 2009-09-30 15:31 28 ----a-w- c:\documents and settings\Bebiano\30092009.Dat
2009-09-29 16:01 . 2009-09-29 16:01 28 ----a-w- c:\documents and settings\Bebiano\29092009.Dat
2009-09-27 15:50 . 2009-09-27 15:50 28 ----a-w- c:\documents and settings\Bebiano\27092009.Dat
2009-09-11 14:19 . 2002-09-09 17:07 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 00:30 . 2009-09-10 00:30 0 ----a-w- c:\windows\system32\drivers\usbkbd.sys
2009-09-10 00:30 . 2007-10-11 16:25 65536 ----a-w- c:\windows\DUMP83b6.tmp
2009-09-10 00:29 . 2007-10-11 16:25 65536 ----a-w- c:\windows\DUMP7a21.tmp
2009-09-09 21:58 . 2009-09-09 21:58 64000 ----a-w- c:\windows\system32\ssleay32.dll
2009-09-09 21:58 . 2009-09-09 21:58 290816 ----a-w- c:\windows\system32\libeay32.dll
2009-09-05 16:18 . 2009-09-05 16:18 2613248 ----a-w- c:\windows\system32\dxdsvr*****
2009-09-04 21:04 . 2001-10-28 15:07 58880 ----a-w- c:\windows\system32\msasn1.dll
1994-05-18 12:00 . 2006-02-08 11:30 19049 -csha-w- c:\windows\system32\BE*****
2004-12-19 14:32 . 2006-02-08 11:30 31232 --sha-w- c:\windows\system32\cmdow*****
2006-02-08 19:22 . 2006-02-08 13:59 136 -csha-w- c:\windows\system32\uninstall_otst.cmd
.
------- Sigcheck -------
[-] 2009-06-22 . 6F44A632CF9F90F5D499820E4DB3FBBF . 82944 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2006-05-19 . 33BAE2D63547096A41E278887F3FB6DE . 70656 . . [5.1.2600.1847] . . c:\windows\$NtUninstallKB922819_0$\ws2_32.dll
[7] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2001-10-28 . 4A95E7320199EC0E3A695494F140C69F . 75264 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB914388_0$\ws2_32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-20_01.05.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-28 03:30 . 2009-11-28 03:30 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2007-07-18 12:42 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange*****
- 2007-07-18 12:42 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange*****
+ 2009-11-25 22:00 . 2009-11-25 22:00 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon*****
+ 2009-11-25 22:00 . 2009-11-25 22:00 429568 c:\windows\Installer\1abd8b6.msi
+ 2009-07-21 02:03 . 2009-07-21 02:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-09-24 12:08 . 2009-07-31 12:03 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 02:05 . 2009-07-21 02:05 1348432 c:\windows\system32\msxml4.dll
+ 2007-10-13 16:07 . 2009-07-31 04:33 1172480 c:\windows\system32\msxml3.dll
+ 2008-09-24 12:08 . 2009-07-31 12:03 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-11-13 11:18 . 2009-07-31 04:33 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-11-22 13:08 . 2009-11-22 13:08 3957760 c:\windows\Installer\4a9056.msi
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 14:58 1107200 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr*****" [2009-07-26 3883840]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs*****" [2008-04-14 1695232]
"Discador Digerati"="c:\arquivos de programas\Discador Digerati\autoupdate*****" [2003-10-07 16384]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier*****" [2008-03-29 68856]
"Google Update"="c:\documents and settings\Familia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate*****" [2009-11-16 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2001-12-16 2899968]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2001-12-16 46080]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl*****" [2001-01-25 20480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck*****" [2001-07-09 155648]
"InCD"="c:\arquivos de programas\Ahead\InCD\InCD*****" [2005-05-13 1397760]
"FixCamera"="c:\windows\FixCamera*****" [2007-07-11 20480]
"tsnp325"="c:\windows\tsnp325*****" [2007-04-21 270336]
"snp325"="c:\windows\vsnp325*****" [2007-05-10 835584]
"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray*****" [2009-11-16 2028312]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched*****" [2009-06-11 198160]
"killer214"="c:\windows\system32\Tibia*****" [2009-07-04 45056]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched*****" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl*****" [2009-10-03 35696]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM*****" [2009-09-04 935288]
"nwiz"="nwiz*****" - c:\windows\system32\nwiz***** [2001-12-16 782336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON*****"="c:\windows\System32\CTFMON*****" [2008-04-14 15360]
c:\documents and settings\Mattheus.BEBIANO-P9TLQQR\Menu Iniciar\Programas\Inicializar\
BrOffice.org 2.3.lnk - c:\arquivos de programas\BrOffice.org 2.3\program\quickstart***** [2007-8-17 393216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-23 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-08-26 13:13 352256 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 14:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr*****"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr*****"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync*****"=
"c:\\Documents and Settings\\Familia\\Desktop\\Downloads\\Styller Yourots 0.6.1 Rev 04 (8.50-8.52)\\Styller Yourots Rev 04*****"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/5/2009 01:07 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/5/2009 01:07 108552]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 14:53 8944]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [27/2/2007 13:39 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc***** [13/5/2009 01:07 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc***** [13/5/2009 01:07 297752]
R2 Zwunzi Service;Zwunzi Service;c:\documents and settings\All Users\Dados de aplicativos\Zwunzi\zwunzi129***** [27/11/2009 23:44 58720]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/3/2008 20:57 664064]
S2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\httpd*****" -k runservice --> c:\xampp\apache\bin\httpd***** [?]
S2 Findbasic Service;Findbasic Service;c:\documents and settings\All Users\Dados de aplicativos\Findbasic\findbasic137***** [17/11/2009 09:56 58872]
S2 SlimFTPd;SlimFTPd;"c:\otstriad\ftp\SlimFTPd*****" -service --> c:\otstriad\ftp\SlimFTPd***** [?]
S2 XAMPP;XAMPP Service;c:\xampp\service***** --> c:\xampp\service***** [?]
S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [16/2/2006 18:51 4096]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [18/2/2009 18:33 10394624]
S3 usb2vcom;USB Data Cable;c:\windows\system32\drivers\usb2vcom.sys [19/10/2007 11:46 29152]
S3 XDva076;XDva076;\??\c:\windows\system32\XDva076.sys --> c:\windows\system32\XDva076.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-11-27 c:\windows\Tasks\Norton Security Scan for Bebiano.job
- c:\arquivos de programas\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss***** [2009-08-30 19:45]
.
.
------- Scan Suplementar -------
.
TCP: {2F8B96B8-66B0-4D7D-A0C1-EDD1AFD53413} = 208.67.222.222,208.67.220.220
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Familia\Dados de aplicativos\Mozilla\Firefox\Profiles\wrarxk0g.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npkanevapatch.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -
AddRemove-NVIDIA Display Driver - c:\windows\System32\nvudisp***** Uninstall
AddRemove-RealJukebox 1.0 - c:\arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst***** RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst***** RealNetworks|RealPlayer|6.0
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 01:52
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\a67ae326-5297-6599-f032-36c8e64e324]
@Denied: (Full) (AuthenticatedUsers)
@Denied: (Full) (Administrators)
"1v0ek45gmdg1f"=hex:33,36,32,38,34,64,32,30,2d,32,31,39,31,2d,34,32,32,36,2d,
38,34,31,66,2d,62,66,37,64,32,32,33,33,62,34,33,30
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon*****'(684)
c:\windows\system32\sknc.dll
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass*****'(740)
c:\windows\system32\sknc.dll
.
Tempo para conclusão: 2009-11-28 02:04
ComboFix-quarantined-files.txt 2009-11-28 04:04
ComboFix2.txt 2009-11-20 01:15
Pré-execução: 15 pasta(s) 44.523.646.976 bytes disponíveis
Pós execução: 18 pasta(s) 44.522.414.080 bytes disponíveis
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 71A07399060483772FC92B1B31BC5681
Caro bebiano,
Baixe o MalwareBytes em www.baixaki.com.br ou siga o link direto:
-
Instale o programa e execute-o;
Desative o seu AntiVírus;
Marque a opção verificação completa, e depois clique em verificar.
Certo, enquanto verifica, limparemos os cachês do seu navegador, faça o seguinte:
Baixe o programa CCleaner no baixaki ou siga o link direto em:
Execute o CCleaner ; Não mexa em nada ; Clique em Analisar ; Aguarde a Análise ser concluída ; Logo em seguida clique em Executar Limpeza ; Aguarde a limpeza ser concluída.
Na aba da direita clique em Registro ; Clique em Procurar Erros ; Aguarde a procura ser concluída ; Clique em Corrigir Erros Selecionados ; Na caixa de diálogo que apareceu clique em Não ; Clique em Corrigir Todos Os Erros Selecionados ; Clique em Não na caixa de diálogo que apareceu ; Feche o programa.
-
Abra o CMD clicando em Iniciar>Executar e escrevendo " cmd " na caixa de diálogo que abriu (sem aspas).
Digite: ipconfig /flushdns e aperte enter (repita esse passo 3x).
Feche o CMD escrevendo exit e apertando enter.
-
Após executar o malwarebytes, um log será gerado, copie e cole-o em sua próxima mensagem.
Funciono certinho.
Thx :D
Caro fedor02,
Sinta-se livre para usar o tópico para falar sobre assuntos relacionados, também para tirar suas dúvidas, caso o problema persista, estarei disposto a ajuda-lo por MP ou até mesmo por um post criado aqui na seção de suporte.
olha,eu nao consegui,fiz tudo que falaram ai e nao deu certo.sendo q nao tenho anti virus nem nada.ME AJUDEM
LOG
Código:Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\System.Windows.Forms.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\System.Windows.Forms.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\mscorlib.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\mscoree.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\System.Drawing.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\System.EnterpriseServices.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\Microsoft.JScript.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\Microsoft.Vsa.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\System.Drawing.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\mscoree.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\System.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\System.EnterpriseServices.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\Microsoft.JScript.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\Microsoft.Vsa.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.1.4322\\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\mscorlib.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\System.tlb"=dword:00001000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb"=dword:00001000
[HKEY_CLASSES_ROOT\SysmonLogManager.Snapin]
[HKEY_CLASSES_ROOT\WMPCD]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.0]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.0\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.5]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.5\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.elfc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.elfc\OpenWithList]
"a"="firefox*****"
"MRUList"="cab"
"b"="msmsgs*****"
"c"="Tibia Mc*****"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.elft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.elft\OpenWithList]
"a"="Tibia Mc*****"
"MRUList"="ab"
"b"="firefox*****"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fg]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fg\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lua]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lua\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.prx]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.prx\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjt]
"Application"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp]
"Application"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt]
"Application"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3db]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3db\OpenWithList]
"a"="sqlitestudio-1.0.1*****"
"MRUList"="ba"
"b"="sqlitestudio-1.0.0-b1*****"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sav]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sav\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp]
"Application"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgm]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgm\OpenWithList]
"a"="VisualBoyAdvance*****"
"MRUList"="a"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srt]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srt\OpenWithList]
"a"="sqlitestudio-1.0.0-b1*****"
"MRUList"="a"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.UV]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.UV\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpt]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpt\OpenWithList]
[HKEY_CLASSES_ROOT\Connection Manager Profile\DefaultIcon]
@="C:\\WINDOWS\\system32\\CMMGR32*****,1"
[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open]
[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open\command]
@="C:\\WINDOWS\\system32\\CMMGR32***** \"%1\""
[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...]
[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...\command]
@="C:\\WINDOWS\\system32\\CMMGR32***** /settings \"%1\""
[HKEY_CLASSES_ROOT\ots\shell\open]
[HKEY_CLASSES_ROOT\ots\shell\open\command]
@="\"C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\Tibia MULTI-ip changer*****\" %1"
[HKEY_CLASSES_ROOT\otserv\shell\open]
[HKEY_CLASSES_ROOT\otserv\shell\open\command]
@="\"C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\Tibia MULTI-ip changer*****\" %1"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}]
@="ActiveXPlugin Object"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Control]
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\InprocServer32]
@="C:\\WINDOWS\\system32\\plugin.ocx"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ProgID]
@="Microsoft.ActiveXPlugin.1"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ToolboxBitmap32]
@="C:\\WINDOWS\\system32\\plugin.ocx, 1"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\TypeLib]
@="{06DD38D0-D187-11CF-A80D-00C04FD74AD8}"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Version]
@="1.0"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\VersionIndependentProgID]
@="Microsoft.ActiveXPlugin"
[HKEY_CLASSES_ROOT\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@="FlashProp Class"
[HKEY_CLASSES_ROOT\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="C:\\WINDOWS\\system32\\macromed\\flash\\flash.ocx"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{1B02BDDF-F6D2-4B36-ABBA-AD49EBC876A5}]
[HKEY_CLASSES_ROOT\CLSID\{1B02BDDF-F6D2-4B36-ABBA-AD49EBC876A5}\InprocServer32]
@="C:\\ARQUIV~1\\WINDOW~4\\MESSEN~1\\MSGSC8~1.DLL"
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}]
@="Microsoft TabStrip Control 6.0 (SP6)"
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Control]
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.TabStrip.2"
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX, 10"
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Version]
@="2.0"
[HKEY_CLASSES_ROOT\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.TabStrip"
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}]
@="Microsoft ImageList Control 6.0 (SP6)"
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Control]
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="165265"
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.ImageListCtrl.2"
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX, 3"
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\Version]
@="2.0"
[HKEY_CLASSES_ROOT\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.ImageListCtrl"
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}]
@="Microsoft ProgressBar Control 6.0 (SP6)"
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Control]
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="172433"
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.ProgCtrl.2"
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX, 17"
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\Version]
@="2.0"
[HKEY_CLASSES_ROOT\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.ProgCtrl"
[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}]
@="Common Dialog Font Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"
[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}]
@="Common Dialog Print Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"
[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}]
@="Common Dialog Help Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}]
@="Microsoft Toolbar Control 6.0 (SP6)"
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Control]
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="237969"
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.Toolbar.2"
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX, 12"
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Version]
@="2.0"
[HKEY_CLASSES_ROOT\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.Toolbar"
[HKEY_CLASSES_ROOT\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}]
@="Common Dialog Open Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"
[HKEY_CLASSES_ROOT\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}]
@="Common Dialog Color Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}]
@="Microsoft StatusBar Control 6.0 (SP6)"
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Control]
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="172433"
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.SBarCtrl.2"
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX, 1"
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Version]
@="2.0"
[HKEY_CLASSES_ROOT\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.SBarCtrl"
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}]
@="Microsoft ListView Control 6.0 (SP6)"
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Control]
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.ListViewCtrl.2"
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX, 4"
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Version]
@="2.0"
[HKEY_CLASSES_ROOT\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.ListViewCtrl"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}]
@="TreeView General Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}]
@="TabStrip General Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}]
@="Tab Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}]
@="ImageList General Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}]
@="Image Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}]
@="Toolbar General Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}]
@="Button Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}]
@="StatusBar General Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}]
@="Panel Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}]
@="Progress Bar General Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}]
@="Slider General Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}]
@="Slider Appearance Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}]
@="ListView General Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}]
@="ListView Sort Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}]
@="ListView Images Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}]
@="ListView Columns Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}]
@="ImageComboBox General Property Page Object"
[HKEY_CLASSES_ROOT\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}]
@="Microsoft TreeView Control 6.0 (SP6)"
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Control]
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.TreeCtrl.2"
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX, 2"
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Version]
@="2.0"
[HKEY_CLASSES_ROOT\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.TreeCtrl"
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}]
@="Microsoft ImageComboBox Control 6.0 (SP6)"
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Control]
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.ImageComboCtl.2"
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX, 1916"
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Version]
@="2.0"
[HKEY_CLASSES_ROOT\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.ImageComboCtl"
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}]
@="Microsoft Slider Control 6.0 (SP6)"
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Control]
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\ProgID]
@="MSComctlLib.Slider.2"
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\ToolboxBitmap32]
@="C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Rar$EX00.422\\Trial Reset\\MSCOMCTL.OCX, 16"
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\TypeLib]
@="{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\Version]
@="2.0"
[HKEY_CLASSES_ROOT\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\VersionIndependentProgID]
@="MSComctlLib.Slider"
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}]
@="Microsoft Common Dialog Control, version 6.0 (SP6)"
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Control]
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1]
@="132499"
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ProgID]
@="MSComDlg.CommonDialog.1"
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Programmable]
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ToolboxBitmap32]
@="C:\\Documents and Settings\\Diogo\\Meus documentos\\Meus arquivos recebidos\\Tibia Multi IP Changer\\Tibia Multi IP Changer\\COMDLG32.OCX, 1"
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib]
@="{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version]
@="1.2"
[HKEY_CLASSES_ROOT\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\VersionIndependentProgID]
@="MSComDlg.CommonDialog"
[HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}]
@="IF3PopupMenu"
[HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib]
@="{E47CAEE0-DEEA-464A-9326-3F2801535A4D}"
"Version"="1.0"
[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}]
@="IUserHelper"
[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}\TypeLib]
@="{19D52A9A-379C-4720-BA00-3D396ECD24D7}"
"Version"="1.0"
[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}]
@="IiPodManagerUI"
[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}\TypeLib]
@="{19D52A9A-379C-4720-BA00-3D396ECD24D7}"
"Version"="1.0"
[HKEY_CLASSES_ROOT\Applications\moviemk*****]
[HKEY_CLASSES_ROOT\Applications\moviemk*****\shell]
"FriendlyCache"="Movie Maker"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32*****]
@="C:\\WINDOWS\\system32\\cmmgr32*****"
"Path"="C:\\WINDOWS\\system32"
"CmstpExtensionDll"="C:\\WINDOWS\\system32\\cmcfg32.dll"
"CMInternalVersion"="1.2"
"CmNative"=dword:00000001
"ProfilesUpgraded"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\WINDOWS\\winsxs\\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Internet Security 2009\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\Kaspersky Lab\\"="1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\TibiaLive\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\fr\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\it\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\de\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\es\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\zh-Hans\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\zh-Hant\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\ja\\"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Arquivos de programas\\Microsoft Silverlight\\3.0.40624.0\\ko\\"=""
[HKEY_CURRENT_USER\Software\shockwave.com]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyEmergency"="C:\\Arquivos de programas\\NETGATE\\Spy Emergency 2008\\SpyEmergency*****"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Ardamax Keylogger]
"Order"=hex:08,00,00,00,02,00,00,00,84,01,00,00,01,00,00,00,03,00,00,00,8c,\
00,00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,\
32,00,fa,01,00,00,83,3b,d1,63,20,00,41,52,44,41,4d,41,7e,31,2e,4c,4e,4b,00,\
00,42,00,03,00,04,00,ef,be,83,3b,46,17,83,3b,d1,63,14,00,00,00,41,00,72,00,\
64,00,61,00,6d,00,61,00,78,00,20,00,4b,00,65,00,79,00,6c,00,6f,00,67,00,67,\
00,65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,1c,00,00,00,00,00,00,00,00,00,6e,00,00,00,01,00,00,00,60,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,4e,00,32,00,ce,01,00,00,83,3b,d1,63,\
20,00,48,65,6c,70,2e,6c,6e,6b,00,00,28,00,03,00,04,00,ef,be,83,3b,46,17,83,\
3b,d1,63,14,00,00,00,48,00,65,00,6c,00,70,00,2e,00,6c,00,6e,00,6b,00,00,00,\
18,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,18,00,00,00,00,00,00,00,00,00,7e,\
00,00,00,02,00,00,00,70,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,\
32,00,08,02,00,00,83,3b,d1,63,20,00,4c,4f,47,56,49,45,7e,31,2e,4c,4e,4b,00,\
00,34,00,03,00,04,00,ef,be,83,3b,46,17,83,3b,d1,63,14,00,00,00,4c,00,6f,00,\
67,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\avast! Antivirus]
"Order"=hex:08,00,00,00,02,00,00,00,8e,01,00,00,01,00,00,00,03,00,00,00,70,\
00,00,00,00,00,00,00,62,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,50,00,\
32,00,c9,07,00,00,8a,3a,3b,93,20,00,41,6a,75,64,61,2e,6c,6e,6b,00,2a,00,03,\
00,04,00,ef,be,8a,3a,3b,93,d2,3a,35,5f,14,00,00,00,41,00,6a,00,75,00,64,00,\
61,00,2e,00,6c,00,6e,00,6b,00,00,00,18,00,0e,00,00,00,0a,00,ef,be,00,00,00,\
00,18,00,00,00,00,00,00,00,00,00,8a,00,00,00,01,00,00,00,7c,00,00,00,41,75,\
67,4d,02,00,00,00,01,00,00,00,6a,00,32,00,01,07,00,00,8a,3a,3b,93,20,00,41,\
56,41,53,54,21,7e,31,2e,4c,4e,4b,00,00,40,00,03,00,04,00,ef,be,8a,3a,3b,93,\
d2,3a,35,5f,14,00,00,00,61,00,76,00,61,00,73,00,74,00,21,00,20,00,41,00,6e,\
00,74,00,69,00,76,00,69,00,72,00,75,00,73,00,2e,00,6c,00,6e,00,6b,00,00,00,\
1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,88,\
00,00,00,02,00,00,00,7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,\
32,00,57,00,00,00,8a,3a,3b,93,20,00,41,56,41,53,54,21,7e,31,2e,55,52,4c,00,\
00,3e,00,03,00,04,00,ef,be,8a,3a,3b,93,d2,3a,35,5f,14,00,00,00,61,00,76,00,\
61,00,73,00,74,00,21,00,20,00,57,00,65,00,62,00,20,00,53,00,69,00,74,00,65,\
00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Avira]
"Order"=hex:08,00,00,00,02,00,00,00,88,00,00,00,01,00,00,00,01,00,00,00,7c,\
00,00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,\
31,00,00,00,00,00,5a,3b,52,26,10,00,41,4e,54,49,56,49,7e,31,00,00,36,00,03,\
00,04,00,ef,be,5a,3b,52,26,5d,3b,55,7f,14,00,00,00,41,00,6e,00,74,00,69,00,\
56,00,69,00,72,00,20,00,44,00,65,00,73,00,6b,00,74,00,6f,00,70,00,00,00,18,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,18,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BMO WORLD]
"Order"=hex:08,00,00,00,02,00,00,00,24,03,00,00,01,00,00,00,06,00,00,00,88,\
00,00,00,00,00,00,00,7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,\
32,00,7c,06,00,00,ac,3a,3b,82,20,00,41,43,43,4f,55,4e,7e,31,2e,4c,4e,4b,00,\
00,3e,00,03,00,04,00,ef,be,ac,3a,3b,82,d2,3a,35,5f,14,00,00,00,41,00,63,00,\
63,00,6f,00,75,00,6e,00,74,00,20,00,53,00,69,00,67,00,6e,00,20,00,55,00,70,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,7c,00,00,00,01,00,00,00,6e,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,5c,00,32,00,1b,06,00,00,ac,3a,3b,82,20,00,42,4d,\
4f,57,4f,52,7e,31,2e,4c,4e,4b,00,00,32,00,03,00,04,00,ef,be,ac,3a,3b,82,d2,\
3a,35,5f,14,00,00,00,42,00,4d,00,4f,00,20,00,57,00,4f,00,52,00,4c,00,44,00,\
2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
00,00,00,00,00,00,00,00,00,9a,00,00,00,02,00,00,00,8c,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,7a,00,32,00,4f,06,00,00,ac,3a,3b,82,20,00,42,55,59,\
47,4f,4c,7e,31,2e,4c,4e,4b,00,00,50,00,03,00,04,00,ef,be,ac,3a,3b,82,d2,3a,\
35,5f,14,00,00,00,42,00,75,00,79,00,20,00,47,00,6f,00,6c,00,64,00,20,00,50,\
00,72,00,65,00,6d,00,69,00,75,00,6d,00,20,00,41,00,63,00,63,00,6f,00,75,00,\
6e,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,1c,00,00,00,00,00,00,00,00,00,80,00,00,00,03,00,00,00,72,00,00,00,\
41,75,67,4d,02,00,00,00,01,00,00,00,60,00,32,00,36,06,00,00,ac,3a,3b,82,20,\
00,48,4f,57,54,4f,50,7e,31,2e,4c,4e,4b,00,00,36,00,03,00,04,00,ef,be,ac,3a,\
3b,82,d2,3a,35,5f,14,00,00,00,48,00,6f,00,77,00,20,00,54,00,6f,00,20,00,50,\
00,6c,00,61,00,79,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,84,00,00,00,04,00,00,00,76,\
00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,64,00,32,00,27,06,00,00,ac,3a,\
3b,82,20,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,3a,00,03,00,04,00,ef,\
be,ac,3a,3b,82,d2,3a,35,5f,14,00,00,00,55,00,6e,00,69,00,6e,00,73,00,74,00,\
61,00,6c,00,6c,00,20,00,42,00,4d,00,4f,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,76,00,\
00,00,05,00,00,00,68,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,56,00,32,\
00,20,06,00,00,ac,3a,3b,82,20,00,57,65,62,73,69,74,65,2e,6c,6e,6b,00,2e,00,\
03,00,04,00,ef,be,ac,3a,3b,82,d2,3a,35,5f,14,00,00,00,57,00,65,00,62,00,73,\
00,69,00,74,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1a,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Garena]
"Order"=hex:08,00,00,00,02,00,00,00,80,00,00,00,01,00,00,00,01,00,00,00,74,\
00,00,00,00,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,54,00,\
32,00,8f,05,00,00,3d,3b,65,ba,20,00,47,61,72,65,6e,61,2e,6c,6e,6b,00,00,2c,\
00,03,00,04,00,ef,be,3d,3b,65,ba,70,3b,4a,40,14,00,00,00,47,00,61,00,72,00,\
65,00,6e,00,61,00,2e,00,6c,00,6e,00,6b,00,00,00,1a,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Lavalys]
"Order"=hex:08,00,00,00,02,00,00,00,9a,00,00,00,01,00,00,00,01,00,00,00,8e,\
00,00,00,00,00,00,00,80,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6e,00,\
31,00,00,00,00,00,89,3a,70,7a,10,00,45,56,45,52,45,53,7e,31,00,00,48,00,03,\
00,04,00,ef,be,89,3a,70,7a,d2,3a,2f,5f,14,00,00,00,45,00,56,00,45,00,52,00,\
45,00,53,00,54,00,20,00,55,00,6c,00,74,00,69,00,6d,00,61,00,74,00,65,00,20,\
00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,00,00,18,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,18,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Lavalys\EVEREST Ultimate Edition]
"Order"=hex:08,00,00,00,02,00,00,00,ba,02,00,00,01,00,00,00,04,00,00,00,9a,\
00,00,00,00,00,00,00,8c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7a,00,\
32,00,4d,03,00,00,89,3a,70,7a,20,00,45,56,45,52,45,53,7e,31,2e,4c,4e,4b,00,\
00,50,00,03,00,04,00,ef,be,89,3a,70,7a,8a,3a,1a,91,14,00,00,00,45,00,56,00,\
45,00,52,00,45,00,53,00,54,00,20,00,55,00,6c,00,74,00,69,00,6d,00,61,00,74,\
00,65,00,20,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,2e,00,6c,00,6e,00,\
6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
00,00,00,b6,00,00,00,01,00,00,00,a8,00,00,00,41,75,67,4d,02,00,00,00,01,00,\
00,00,96,00,32,00,4d,03,00,00,89,3a,70,7a,20,00,45,56,45,52,45,53,7e,33,2e,\
4c,4e,4b,00,00,6c,00,03,00,04,00,ef,be,89,3a,70,7a,8a,3a,1a,91,14,00,00,00,\
45,00,56,00,45,00,52,00,45,00,53,00,54,00,20,00,55,00,6c,00,74,00,69,00,6d,\
00,61,00,74,00,65,00,20,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,00,20,00,\
44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,61,00,74,00,69,00,6f,00,6e,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,b0,00,00,00,02,00,00,00,a2,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,90,00,32,00,95,02,00,00,89,3a,70,7a,20,00,45,56,\
45,52,45,53,7e,32,2e,4c,4e,4b,00,00,66,00,03,00,04,00,ef,be,89,3a,70,7a,8a,\
3a,1a,91,14,00,00,00,45,00,56,00,45,00,52,00,45,00,53,00,54,00,20,00,55,00,\
6c,00,74,00,69,00,6d,00,61,00,74,00,65,00,20,00,45,00,64,00,69,00,74,00,69,\
00,6f,00,6e,00,20,00,6f,00,6e,00,20,00,74,00,68,00,65,00,20,00,57,00,65,00,\
62,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,\
00,1c,00,00,00,00,00,00,00,00,00,ae,00,00,00,03,00,00,00,a0,00,00,00,41,75,\
67,4d,02,00,00,00,01,00,00,00,8e,00,32,00,54,03,00,00,89,3a,70,7a,20,00,55,\
4e,49,4e,53,54,7e,31,2e,4c,4e,4b,00,00,64,00,03,00,04,00,ef,be,89,3a,70,7a,\
8a,3a,1a,91,14,00,00,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,20,00,45,00,56,00,45,00,52,00,45,00,53,00,54,00,20,00,55,00,6c,00,74,00,\
69,00,6d,00,61,00,74,00,65,00,20,00,45,00,64,00,69,00,74,00,69,00,6f,00,6e,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Lavalys\EVEREST Ultimate Edition]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\mIRC]
"Order"=hex:08,00,00,00,02,00,00,00,7a,02,00,00,01,00,00,00,05,00,00,00,84,\
00,00,00,00,00,00,00,76,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,64,00,\
32,00,11,03,00,00,cb,3a,bb,0d,20,00,49,52,43,49,4e,54,7e,31,2e,4c,4e,4b,00,\
00,3a,00,03,00,04,00,ef,be,cb,3a,bb,0d,d2,3a,36,5f,14,00,00,00,49,00,52,00,\
43,00,49,00,6e,00,74,00,72,00,6f,00,20,00,48,00,65,00,6c,00,70,00,2e,00,6c,\
00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,\
00,00,00,00,00,00,6e,00,00,00,01,00,00,00,60,00,00,00,41,75,67,4d,02,00,00,\
00,01,00,00,00,4e,00,32,00,f9,02,00,00,cb,3a,bb,0d,20,00,6d,49,52,43,2e,6c,\
6e,6b,00,00,28,00,03,00,04,00,ef,be,cb,3a,bb,0d,d2,3a,36,5f,14,00,00,00,6d,\
00,49,00,52,00,43,00,2e,00,6c,00,6e,00,6b,00,00,00,18,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,18,00,00,00,00,00,00,00,00,00,7c,00,00,00,02,00,00,00,6e,\
00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,00,f9,02,00,00,cb,3a,\
bb,0d,20,00,4d,49,52,43,48,45,7e,31,2e,4c,4e,4b,00,00,32,00,03,00,04,00,ef,\
be,cb,3a,bb,0d,d2,3a,36,5f,14,00,00,00,6d,00,49,00,52,00,43,00,20,00,48,00,\
65,00,6c,00,70,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,7e,00,00,00,03,00,00,00,70,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,32,00,05,03,00,00,cb,3a,bb,\
0d,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,00,34,00,03,00,04,00,ef,be,\
cb,3a,bb,0d,d2,3a,36,5f,14,00,00,00,52,00,65,00,61,00,64,00,6d,00,65,00,2e,\
00,74,00,78,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,82,00,00,00,04,00,00,00,74,\
00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,62,00,32,00,11,03,00,00,cb,3a,\
bb,0d,20,00,56,45,52,53,49,4f,7e,31,2e,4c,4e,4b,00,00,38,00,03,00,04,00,ef,\
be,cb,3a,bb,0d,d2,3a,36,5f,14,00,00,00,56,00,65,00,72,00,73,00,69,00,6f,00,\
6e,00,73,00,2e,00,74,00,78,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,\
00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Rad Tibia Client Server 1 - v8.40 - www.RADBR.com]
"Order"=hex:08,00,00,00,02,00,00,00,da,00,00,00,01,00,00,00,01,00,00,00,ce,\
00,00,00,00,00,00,00,c0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,ae,00,\
32,00,11,04,00,00,c9,3a,21,6e,20,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,4b,00,\
00,84,00,03,00,04,00,ef,be,c9,3a,21,6e,d2,3a,33,5f,14,00,00,00,55,00,6e,00,\
69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,52,00,61,00,64,00,20,00,54,\
00,69,00,62,00,69,00,61,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,20,00,\
2d,00,20,00,76,00,38,00,2e,00,34,00,30,00,20,00,2d,00,20,00,77,00,77,00,77,\
00,2e,00,52,00,41,00,44,00,42,00,52,00,2e,00,63,00,6f,00,6d,00,2e,00,6c,00,\
6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,\
00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Spy Emergency 2008]
"Order"=hex:08,00,00,00,02,00,00,00,bc,03,00,00,01,00,00,00,06,00,00,00,9c,\
00,00,00,00,00,00,00,8e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,\
32,00,30,03,00,00,8a,3a,48,93,20,00,44,45,53,49,4e,53,7e,31,2e,4c,4e,4b,00,\
00,52,00,03,00,04,00,ef,be,8a,3a,48,93,8a,3a,48,93,14,00,00,00,44,00,65,00,\
73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,61,00,72,00,20,00,53,00,70,00,79,\
00,20,00,45,00,6d,00,65,00,72,00,67,00,65,00,6e,00,63,00,79,00,2e,00,6c,00,\
6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,\
00,00,00,00,00,8e,00,00,00,01,00,00,00,80,00,00,00,41,75,67,4d,02,00,00,00,\
01,00,00,00,6e,00,32,00,44,03,00,00,8a,3a,48,93,20,00,53,50,59,45,4d,45,7e,\
31,2e,4c,4e,4b,00,00,44,00,03,00,04,00,ef,be,8a,3a,48,93,8a,3a,48,93,14,00,\
00,00,53,00,70,00,79,00,20,00,45,00,6d,00,65,00,72,00,67,00,65,00,6e,00,63,\
00,79,00,20,00,32,00,30,00,30,00,38,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,a2,00,00,\
00,02,00,00,00,94,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,82,00,32,00,\
51,00,00,00,8a,3a,48,93,20,00,53,50,59,45,4d,45,7e,32,2e,55,52,4c,00,00,58,\
00,03,00,04,00,ef,be,8a,3a,48,93,8a,3a,48,93,14,00,00,00,53,00,70,00,79,00,\
20,00,45,00,6d,00,65,00,72,00,67,00,65,00,6e,00,63,00,79,00,20,00,32,00,30,\
00,30,00,38,00,20,00,2d,00,20,00,43,00,6f,00,6d,00,70,00,72,00,61,00,72,00,\
2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
00,00,00,00,00,00,00,00,00,9e,00,00,00,03,00,00,00,90,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,7e,00,32,00,44,03,00,00,8a,3a,48,93,20,00,53,50,59,\
45,4d,45,7e,32,2e,4c,4e,4b,00,00,54,00,03,00,04,00,ef,be,8a,3a,48,93,8a,3a,\
48,93,14,00,00,00,53,00,70,00,79,00,20,00,45,00,6d,00,65,00,72,00,67,00,65,\
00,6e,00,63,00,79,00,20,00,32,00,30,00,30,00,38,00,20,00,2d,00,20,00,47,00,\
75,00,69,00,64,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,\
00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,a0,00,00,00,04,00,00,00,\
92,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,80,00,32,00,24,03,00,00,8a,\
3a,48,93,20,00,53,50,59,45,4d,45,7e,33,2e,4c,4e,4b,00,00,56,00,03,00,04,00,\
ef,be,8a,3a,48,93,8a,3a,48,93,14,00,00,00,53,00,70,00,79,00,20,00,45,00,6d,\
00,65,00,72,00,67,00,65,00,6e,00,63,00,79,00,20,00,32,00,30,00,30,00,38,00,\
20,00,2d,00,20,00,4d,00,61,00,6e,00,75,00,61,00,6c,00,2e,00,6c,00,6e,00,6b,\
00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,\
00,00,a6,00,00,00,05,00,00,00,98,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,\
00,86,00,32,00,36,00,00,00,8a,3a,48,93,20,00,53,50,59,45,4d,45,7e,31,2e,55,\
52,4c,00,00,5c,00,03,00,04,00,ef,be,8a,3a,48,93,8a,3a,48,93,14,00,00,00,53,\
00,70,00,79,00,20,00,45,00,6d,00,65,00,72,00,67,00,65,00,6e,00,63,00,79,00,\
20,00,32,00,30,00,30,00,38,00,20,00,6e,00,61,00,20,00,49,00,6e,00,74,00,65,\
00,72,00,6e,00,65,00,74,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,\
0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\******** NG]
"Order"=hex:08,00,00,00,02,00,00,00,46,02,00,00,01,00,00,00,04,00,00,00,98,\
00,00,00,00,00,00,00,8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,\
32,00,81,02,00,00,33,3b,c3,89,20,00,44,45,53,49,4e,53,7e,31,2e,4c,4e,4b,00,\
00,4e,00,03,00,04,00,ef,be,c7,3a,93,10,71,3b,91,66,14,00,00,00,44,00,65,00,\
73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,61,00,72,00,20,00,54,00,69,00,62,\
00,69,00,61,00,42,00,6f,00,74,00,20,00,4e,00,47,00,2e,00,6c,00,6e,00,6b,00,\
00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,\
00,80,00,00,00,01,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,\
60,00,32,00,75,02,00,00,33,3b,c3,89,20,00,54,49,42,49,41,42,7e,31,2e,4c,4e,\
4b,00,00,36,00,03,00,04,00,ef,be,c7,3a,93,10,71,3b,91,66,14,00,00,00,54,00,\
69,00,62,00,69,00,61,00,42,00,6f,00,74,00,20,00,4e,00,47,00,2e,00,6c,00,6e,\
00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,\
00,00,00,00,8a,00,00,00,02,00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,\
00,00,00,6a,00,32,00,69,02,00,00,33,3b,c3,89,20,00,54,49,42,49,41,42,7e,32,\
2e,4c,4e,4b,00,00,40,00,03,00,04,00,ef,be,c7,3a,93,10,71,3b,91,66,14,00,00,\
00,54,00,69,00,62,00,69,00,61,00,42,00,6f,00,74,00,20,00,4e,00,47,00,20,00,\
48,00,65,00,6c,00,70,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,\
00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,00,03,00,00,00,\
8a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,75,02,00,00,33,\
3b,c3,89,20,00,54,49,42,49,41,42,7e,33,2e,4c,4e,4b,00,00,4e,00,03,00,04,00,\
ef,be,c7,3a,93,10,71,3b,91,66,14,00,00,00,54,00,69,00,62,00,69,00,61,00,42,\
00,6f,00,74,00,20,00,4e,00,47,00,20,00,6e,00,61,00,20,00,49,00,6e,00,74,00,\
65,00,72,00,6e,00,65,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\TibiaLive]
"Order"=hex:08,00,00,00,02,00,00,00,62,01,00,00,01,00,00,00,03,00,00,00,6e,\
00,00,00,00,00,00,00,60,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,4e,00,\
32,00,97,02,00,00,52,3b,3d,28,20,00,50,6c,61,79,2e,6c,6e,6b,00,00,28,00,03,\
00,04,00,ef,be,52,3b,2f,25,70,3b,4c,40,14,00,00,00,50,00,6c,00,61,00,79,00,\
2e,00,6c,00,6e,00,6b,00,00,00,18,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,18,\
00,00,00,00,00,00,00,00,00,74,00,00,00,01,00,00,00,66,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,54,00,32,00,a3,02,00,00,52,3b,3d,28,20,00,52,65,61,\
64,6d,65,2e,6c,6e,6b,00,00,2c,00,03,00,04,00,ef,be,52,3b,2f,25,70,3b,4c,40,\
14,00,00,00,52,00,65,00,61,00,64,00,6d,00,65,00,2e,00,6c,00,6e,00,6b,00,00,\
00,1a,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00,\
74,00,00,00,02,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,54,\
00,32,00,a3,02,00,00,52,3b,3d,28,20,00,52,65,63,6f,72,64,2e,6c,6e,6b,00,00,\
2c,00,03,00,04,00,ef,be,52,3b,2f,25,70,3b,4c,40,14,00,00,00,52,00,65,00,63,\
00,6f,00,72,00,64,00,2e,00,6c,00,6e,00,6b,00,00,00,1a,00,0e,00,00,00,0a,00,\
ef,be,00,00,00,00,1a,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\Diogo\\Meus documentos\\Downloads\\AVI_ReComp_1.5.0_Setup*****"="The tool for re-encoding AVI clips"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\AviSynth_2.5.8_ARC*****"="Avisynth installer"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\Xvid_1.2.2_ARC*****"="AVI ReComp's Xvid installer"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\VobSub_2.23_ARC*****"="AVI ReComp's VobSub installer"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\Diogo\\CONFIG~1\\Temp\\IXP000.TMP\\PluginInstaller*****"="Windows Genuine Advantage validation plug-in installer"
Caro Pvp,
Isso que dá baixar OT servers e hostea-los. Sua máquinha fica vulnerável. No seu caso o problema é vírus, trojans pra ser exato, faça uma verificação completa com o malwarebytes (encontrado no baixaki) e cole o log que será gerado após a verificação aqui no tópico em sua próxima mensagem.
te amo valeu
valeu
Log
Código:ComboFix 09-12-22.09 - Gutooo 23/12/2009 18:54:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.767.420 [GMT -2:00]
Executando de: c:\documents and settings\Gutooo\Meus documentos\Downloads\ComboFix*****
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-23 to 2009-12-23 ))))))))))))))))))))))))))))
.
2009-12-23 20:36 . 2009-12-23 20:36 -------- d-s---w- c:\documents and settings\Gutooo\UserData
2009-12-23 20:22 . 2009-12-23 20:22 -------- d-----w- c:\documents and settings\Gutooo\Dados de aplicativos\TeamViewer
2009-12-23 20:22 . 2009-12-23 20:22 -------- d-----w- c:\documents and settings\Gutooo\temp
2009-12-22 20:32 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2009-12-22 20:32 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2009-12-22 20:32 . 2008-05-09 10:55 430080 -c----w- c:\windows\system32\dllcache\vbscript.dll
2009-12-22 20:32 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2009-12-22 20:32 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript*****
2009-12-22 20:32 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\************
2009-12-22 20:29 . 2009-08-13 15:21 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2009-12-22 08:32 . 2009-12-22 08:32 -------- d-----w- c:\windows\l2schemas
2009-12-22 08:32 . 2009-12-22 08:32 -------- d-----w- c:\windows\system32\bits
2009-12-22 02:14 . 2009-12-22 08:26 -------- d-----w- c:\windows\ServicePackFiles
2009-12-22 02:10 . 2004-08-04 00:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-12-22 02:10 . 2004-08-04 00:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-12-22 02:10 . 2004-08-04 00:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-12-22 00:22 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-22 00:22 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-22 00:09 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse*****
2009-12-22 00:09 . 2009-08-05 00:57 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl*****
2009-12-22 00:09 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-22 00:09 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services*****
2009-12-22 00:09 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-22 00:09 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-22 00:09 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-22 00:09 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-22 00:09 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-22 00:09 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-22 00:09 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp*****
2009-12-22 00:09 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp*****
2009-12-22 00:03 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-21 23:51 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-21 23:51 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-21 23:45 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-21 23:42 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-21 23:36 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-21 23:35 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad*****
2009-12-21 23:31 . 2009-12-22 20:42 -------- d--h--w- c:\windows\$hf_mig$
2009-12-21 23:07 . 2009-08-06 21:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-21 23:07 . 2009-08-06 21:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-21 22:16 . 2009-12-21 22:16 -------- d-----w- c:\documents and settings\Gutooo\Dados de aplicativos\Yahoo!
2009-12-21 22:16 . 2009-12-21 22:21 -------- d-----w- c:\arquivos de programas\Yahoo!
2009-12-21 22:16 . 2009-12-21 22:16 -------- d-----w- c:\arquivos de programas\CCleaner
2009-12-21 22:11 . 2009-12-21 22:13 -------- d-----w- c:\documents and settings\Gutooo\Dados de aplicativos\Tibia
2009-12-21 22:08 . 2009-12-21 22:08 -------- d-----w- c:\arquivos de programas\Tibia
2009-12-21 22:00 . 2009-12-21 22:00 -------- d-----w- c:\arquivos de programas\Tibiacast
2009-12-21 21:42 . 2004-08-04 03:45 25600 ----a-w- c:\documents and settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-20 22:25 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-12-20 22:25 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-12-20 22:25 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-12-20 22:25 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-12-20 22:25 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-12-20 22:25 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-12-20 22:25 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-12-20 22:25 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-12-20 22:25 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2009-12-20 22:25 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2009-12-20 22:25 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2009-12-20 22:24 . 2003-02-26 18:04 370048 ----a-r- c:\windows\system32\drivers\viaudios.sys
2009-12-20 22:24 . 2008-04-14 02:20 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-12-20 22:24 . 2008-04-13 19:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-12-20 22:24 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-12-20 22:24 . 2009-12-20 22:24 -------- d-----w- c:\arquivos de programas\VIA Technologies, INC
2009-12-20 22:24 . 2003-02-26 18:04 765952 ----a-r- c:\windows\system\crlds3d.dll
2009-12-20 22:24 . 2003-02-26 18:04 720896 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2009-12-20 22:24 . 2003-02-26 18:04 720896 ----a-r- c:\windows\system32\a3d.dll
2009-12-20 22:24 . 2002-12-16 12:19 32768 ----a-w- c:\windows\system32\UnAudioNT.dll
2009-12-20 22:24 . 1998-10-09 19:56 327168 ----a-w- c:\windows\IsUn0416*****
2009-12-20 19:05 . 2006-06-29 15:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-20 19:05 . 2009-12-22 08:32 -------- d-----w- c:\windows\system32\pt-BR
2009-12-20 19:01 . 2009-12-20 19:01 -------- d-----w- c:\windows\system32\XPSViewer
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 16:49 . 2009-12-20 18:48 -------- d-----w- c:\arquivos de programas\Windows Live
2009-12-22 20:47 . 2001-10-28 18:07 80246 ----a-w- c:\windows\system32\perfc016.dat
2009-12-22 20:47 . 2001-10-28 18:07 473318 ----a-w- c:\windows\system32\perfh016.dat
2009-12-21 20:52 . 2009-12-20 18:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-20 19:01 . 2009-12-20 19:01 -------- d-----w- c:\arquivos de programas\MSBuild
2009-12-20 19:01 . 2009-12-20 19:01 -------- d-----w- c:\arquivos de programas\Reference Assemblies
2009-12-20 18:56 . 2009-12-20 18:56 -------- d-----w- c:\arquivos de programas\MSXML 6.0
2009-12-20 18:48 . 2009-12-20 18:48 -------- d-----w- c:\arquivos de programas\Microsoft
2009-12-20 18:48 . 2009-12-20 18:48 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive
2009-12-20 18:37 . 2009-12-20 18:37 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2
2009-12-20 18:36 . 2009-12-20 18:36 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-12-20 18:35 . 2009-12-20 18:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live
2009-12-20 18:14 . 2009-12-20 18:14 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2009-12-20 18:11 . 2009-12-20 18:11 -------- d-----w- c:\arquivos de programas\Serviços on-line
2009-12-20 18:10 . 2009-12-20 18:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços
2009-12-20 18:09 . 2009-12-20 18:09 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 05:25 . 2004-08-04 03:45 669184 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 02:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-04 03:45 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-04 03:45 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:39 . 2004-08-04 03:45 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-25 05:36 . 2004-08-04 03:45 81920 ----a-w- c:\windows\system32\ieencode.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr*****" [2009-07-26 3883840]
"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs*****" [2008-04-14 1695232]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON*****"="c:\windows\system32\CTFMON*****" [2008-04-14 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr*****"=
"c:\\Arquivos de programas\\Messenger\\msmsgs*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk*****"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr*****"=
"%windir%\\Network Diagnostic\\xpnetdiag*****"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1863:UDP"= 1863:UDP:msnmsgr
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.centralexpert.net/
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 18:58
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'explorer*****'(832)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2009-12-23 19:00:56
ComboFix-quarantined-files.txt 2009-12-23 21:00
Pré-execução: 5 pasta(s) 10.881.798.144 bytes disponíveis
Pós execução: 6 pasta(s) 10.948.034.560 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG*****
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - ECAF1FA6F234984E536207148955177E
ja possuo o ccleaner, o mawarebytes e passei ambos no meu pc e ainda n consigo acessar o meu char nem o tibia.com, se possivel gostaria de saber como desativar meu antivirus??Código:ComboFix 09-12-30.01 - NEWTONALMEIDA 31/12/2009 2:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1033.18.1982.1269 [GMT -2:00]
Executando de: c:\users\NEWTONALMEIDA\Downloads\ComboFix*****
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3102239989-1682233996-76167453-500
c:\$recycle.bin\S-1-5-21-3599374952-3106861771-1934837511-500
c:\program files\ActivationManager
c:\program files\ActivationManager\Uninstall*****
c:\program files\ADSTechnology
c:\program files\ADSTechnology\Uninstall*****
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\ADSTechnology
c:\programdata\Microsoft\Windows\Start Menu\Programs\ADSTechnology\ADSTechnology.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ADSTechnology\Uninstall.lnk
c:\windows\Downloaded Program Files\poPCaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\SIntf16.dll
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-28 to 2009-12-31 ))))))))))))))))))))))))))))
.
2009-12-31 04:17 . 2009-12-31 04:18 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Local\temp
2009-12-31 04:17 . 2009-12-31 04:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-30 20:34 . 2009-06-30 11:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-30 20:32 . 2009-12-30 20:32 -------- d-----w- c:\program files\Panda Security
2009-12-30 04:20 . 2009-12-30 04:26 -------- d-----w- c:\program files\******** NG
2009-12-20 10:43 . 2009-12-20 10:42 2065688 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-12-10 03:11 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 03:11 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 03:11 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 19:04 . 2009-12-09 19:04 -------- d-----w- C:\Level Up! Games
2009-12-09 14:45 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 14:45 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 03:53 . 2009-07-18 16:20 34677 ---ha-w- C:\os503778.bin
2009-12-30 21:39 . 2008-11-05 00:23 -------- d-----w- c:\program files\Warcraft III
2009-12-30 00:17 . 2008-07-05 00:43 -------- d---a-w- c:\program files\Tibia
2009-12-24 19:47 . 2009-02-16 14:35 28599 ----a-w- c:\programdata\nvModes.dat
2009-12-20 17:02 . 2007-11-24 23:14 -------- d-----w- c:\program files\Google
2009-12-18 02:09 . 2009-01-08 00:23 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Roaming\Skype
2009-12-18 02:08 . 2009-01-08 00:25 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Roaming\skypePM
2009-12-10 11:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-10 03:11 . 2007-08-04 10:35 -------- d-----w- c:\programdata\Microsoft Help
2009-11-21 06:40 . 2009-12-09 15:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 15:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 15:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 15:20 133632 ----a-w- c:\windows\system32\ieUnatt*****
2009-11-19 15:59 . 2007-12-29 06:42 680 ----a-w- c:\users\NEWTONALMEIDA\AppData\Local\d3d9caps.dat
2009-11-18 01:43 . 2007-12-23 11:23 -------- d-----w- c:\users\NEWTONALMEIDA\AppData\Roaming\LimeWire
2009-11-14 11:46 . 2008-08-04 19:14 -------- d-----w- c:\programdata\avg8
2009-11-12 12:23 . 2009-11-10 23:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 23:10 . 2009-11-10 23:01 -------- d-----w- c:\program files\Microsoft
2009-11-10 23:10 . 2007-11-24 12:08 -------- d-----w- c:\program files\Windows Live
2009-11-10 23:10 . 2007-11-24 12:20 -------- d-----w- c:\program files\Windows Live Toolbar
2009-11-10 23:09 . 2009-11-10 23:09 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 23:04 . 2009-11-10 23:04 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-10 23:01 . 2009-11-10 23:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-10 22:38 . 2009-11-10 22:38 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-02 22:42 . 2009-10-02 22:54 195456 ------w- c:\windows\system32\MpSigStub*****
2009-11-02 03:41 . 2009-11-02 03:41 -------- d-----w- c:\program files\Haali
2009-11-01 05:16 . 2009-11-01 05:16 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-01 05:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-01 05:15 . 2009-11-01 05:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-29 09:17 . 2009-11-26 01:53 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-13 01:57 . 2009-10-13 01:58 286720 ----a-w- c:\windows\iun506*****
2009-10-12 05:10 . 2009-10-12 05:10 101 ----a-w- c:\users\NEWTONALMEIDA\AppData\Local\fusioncache.dat
2009-10-08 21:08 . 2009-11-01 05:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:08 . 2009-11-01 05:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:07 . 2009-11-01 05:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-06-11 66912]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-08-04 57344]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-06-11 03:27 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 14:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-19 16:37 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-19 1144712]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar*****" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel*****" [2007-04-19 484904]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor*****" [2007-03-20 1773568]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr*****" [2009-07-26 3883840]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer*****" [2009-03-05 2260480]
"ehTray*****"="c:\windows\ehome\ehTray*****" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG*****" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui*****" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh*****" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService*****" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl*****" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler*****" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain*****" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg*****" [2007-01-10 317128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched*****" [2007-12-31 180269]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray*****" [2009-12-20 2043160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier*****" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask*****" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper*****" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl*****" [2008-06-12 34672]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr*****" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2*****" [2007-05-08 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint*****" [2007-08-31 1037736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher*****" [2006-11-08 44128]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A***** [2007-8-4 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^NEWTONALMEIDA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\NEWTONALMEIDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-08-04 11:36 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched*****
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ad,94,86,23,ef,19,ca,01
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [30/12/2009 18:34 28552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [04/08/2008 17:19 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/02/2009 17:22 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc***** [23/06/2009 18:42 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc***** [23/06/2009 18:42 297752]
R2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService***** [12/10/2009 02:24 267760]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [26/12/2007 17:51 715248]
S2 gupdate1ca09a1908fd57a;Google Update Service (gupdate1ca09a1908fd57a);c:\program files\Google\Update\GoogleUpdate***** [20/07/2009 23:21 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost***** -k LocalServiceAndNoImpersonation [20/09/2008 01:42 21504]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService*****" --> c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService***** [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
--- =Outros Serviços/Drivers Na Memória ---
*NewlyCreated* - PAVBOOT
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce*****
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-12-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService***** [2007-11-24 01:18]
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate***** [2009-07-21 01:21]
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate***** [2009-07-21 01:21]
2009-12-28 c:\windows\Tasks\HPCeeScheduleForNEWTONALMEIDA.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE***** [2007-08-04 21:23]
2009-12-30 c:\windows\Tasks\User_Feed_Synchronization-{D14C4F9A-1C7A-425C-85F6-7E351C5DDC4A}.job
- c:\windows\system32\msfeedssync***** [2009-12-09 04:59]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL*****/3000
TCP: {1E9A579B-4901-4D13-9E69-1D567F37E9F1} = 200.204.0.10 200.204.0.138
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://www.powerchallenge.com/applet/PowerLoader.cab
FF - ProfilePath - c:\users\NEWTONALMEIDA\AppData\Roaming\Mozilla\Firefox\Profiles\cejz0yq6.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -
URLSearchHooks-*{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
URLSearchHooks-*{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier*****
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon*****
AddRemove-15b35190-c6f9-11d9-9669-0800200c9a66_is1 - c:\program files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\Uninstall*****
AddRemove-62289540-dc30-11dc-95ff-0800200c9a66_is1 - c:\program files\Turbine\Turbine Download Manager\UninstallTDM*****
AddRemove-Lunia - c:\level up! games\Lunia\uninstall*****
AddRemove-Perfect World_is1 - c:\level up! games\Perfect World\unins000*****
AddRemove-Tales of Pirates Online_is1 - c:\program files\Tales of Pirates Online\unins000*****
AddRemove-The Duel_is1 - c:\level up! games\The Duel\unins000*****
AddRemove-Cate West - The Vanishing Files Deluxe - c:\users\NEWTONALMEIDA\AppData\Local\Zylom Games\Cate West - The Vanishing Files Deluxe\GameInstlr*****
AddRemove-Loucoserv - c:\program files\Loucoserv\Uninstal*****
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 02:18
Windows 6.0.6002 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Tempo para conclusão: 2009-12-31 02:26:28
ComboFix-quarantined-files.txt 2009-12-31 04:26
Pré-execução: 18.960.920.576 bytes free
Pós execução: 21.716.312.064 bytes free
- - End Of File - - DAC7219D781773246FD1199A8C470274
[refiz os logs e postei novamente]