[Resolvido] &nbspanalise hijack

[Ndias_90 0]

Boa tarde, sera que me podiam analizar o log do hijacj, penso que estou a enviar virus pelo msn. Obrigadao

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:42:32, on 24-09-2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\BTNext Evolution\BTNext.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\Dias\Desktop\HijackThis.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Windows\system32\conhost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=91&bd=Pavilion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ig?hl=pt-PT

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=91&bd=Pavilion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=91&bd=Pavilion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Serviço de rede')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Testes Teóricos de Exame.lnk = ?

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&nviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppPT\ztemon_cd.exe

O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 14890 bytes

[wings 22]

Olá Ndias_90

 

*Faça um scan online com o NOD32

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

[Ndias_90 0]

Boas

 

Eu fiz o scan com o eset, mas ele nao me criou nenhum log, como tal gravei o que ele encontrou, fica aqui:

 

C:\Users\Dias\AppData\Local\Temp\jar_cache2783328010250427342.tmp multiple threats deleted - quarantined

C:\Users\Dias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\34609f0d-46191d0d a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined

 

Por vezes tenho recebido estes mails :ermm: :

 

This is an automatically generated Delivery Status Notification.

 

Delivery to the following recipients failed.

 

....@hotmail.com

 

 

 

 

 

 

--Anexo da Mensagem Reencaminhado--

From: .....@hotmail.com

Subject: i hope this doesn't slip your mind

Date: Sat, 9 Oct 2010 00:56:39 +0000

To: .....@hotmail.com

 

I have been wanting to contact you so many things have changed in my life you could definitely do well with this http://bit.ly/bRyLTR money started to pour into my pocket your best bet is to get started today

[wings 22]

Olá Ndias_90

 

Não parece ser vírus.

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao finalizar o scan, clique [sIM] > [OK] > [Mostrar Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

[Ndias_90 0]

Boas

 

Como pedido fica aqui o log do malware:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4796

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

11-10-2010 22:12:38

mbam-log-2010-10-11 (22-12-38).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 340283

Tempo decorrido: 2 hora(s), 12 minuto(s), 45 segundo(s)

 

Processos de Memória Infectados: 1

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 4

 

Processos de Memória Infectados:

C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Unloaded process successfully.

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

C:\Users\Dias\AppData\Local\Xenocode\Sandbox\AdtvSoft\1.4.0.2\2010.04.09T19.02\Native\STUBEXE\8.0.1112\@PROGRAMFILES@\liQeNSoft\jre\bin\java.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.

C:\Users\Dias\AppData\Local\Xenocode\Sandbox\AdtvSoft\1.4.0.2\2010.04.09T19.02\Native\STUBEXE\8.0.1112\@SYSTEM@\cmd.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.

C:\Users\Dias\AppData\Local\Xenocode\Sandbox\AdtvSoft\1.4.0.2\2010.04.09T19.02\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\liQeNSoft\AdtvSoft\bin\AdtvSoft.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.

 

 

Fica tambem o log do hijack:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:28:11, on 11-10-2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\Dias\Desktop\HijackThis.exe

C:\Windows\system32\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=91&bd=Pavilion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ig?hl=pt-PT

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=91&bd=Pavilion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=91&bd=Pavilion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Serviço de rede')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&nviar para o OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs:

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppPT\ztemon_cd.exe

O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 15036 bytes

[wings 22]

1.

*Troque a senha do seu msn.

 

2.

*Baixe o OTL e salve-o no desktop

*Execute o OTL e selecione as opções abaixo:

 

[X] Verificar All Users

Exame Extra do Registro: [X] Nenhum

[X] Ignorar Arquivos Microsoft

[X] Usar WhiteList para Nomes de Companhias

[X] Verificar Lop

[X] Verificar Purity

*Deixe as demais opções como estão.

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código:

%SystemDrive%\*.*

%SystemRoot%\*.*

%SystemRoot%\system32\drivers\*.*

%SystemDrive%\documents and settings\All Users\Dados de aplicativos\*.*

%SystemDrive%\documents and settings\All Users\Dados de aplicativos\*

%SystemDrive%\documents and settings\All Users\Menu iniciar\Programas\Inicializar\*.*

%SystemDrive%\documents and settings\User\Configurações Locais\Temp\*.*

%UserProfile%\*.*

netsvcs

*Clique [Verificar]

*Cole o relatório OTL.txt apresentado

[Ndias_90 0]

Okay aqui esta:

 

OTL logfile created on: 12-10-2010 08:02:23 - Run 1

OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Dias\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free

6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 289,12 Gb Total Space | 157,06 Gb Free Space | 54,32% Space Free | Partition Type: NTFS

Drive D: | 8,97 Gb Total Space | 1,63 Gb Free Space | 18,22% Space Free | Partition Type: NTFS

 

Computer Name: DIAS-PC | User Name: Dias | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010-10-12 07:55:59 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Dias\Desktop\OTL.com

PRC - [2010-09-29 11:20:38 | 002,500,552 | ---- | M] (COMODO) -- C:\Programas\COMODO\COMODO Internet Security\cfp.exe

PRC - [2010-09-29 11:20:35 | 001,901,056 | ---- | M] (COMODO) -- C:\Programas\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2010-09-17 16:26:30 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Programas\Mozilla Firefox\plugin-container.exe

PRC - [2010-09-17 16:26:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programas\Mozilla Firefox\firefox.exe

PRC - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programas\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010-04-19 23:10:03 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programas\Avira\AntiVir Desktop\avguard.exe

PRC - [2010-04-16 22:12:16 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programas\Windows Live\Messenger\msnmsgr.exe

PRC - [2010-04-16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programas\Windows Live\Contacts\wlcomm.exe

PRC - [2010-03-23 14:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programas\IDT\WDM\sttray.exe

PRC - [2010-03-23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe

PRC - [2010-03-02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programas\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010-02-24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programas\Avira\AntiVir Desktop\sched.exe

PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programas\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009-08-18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2009-08-18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2009-07-14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programas\Windows Media Player\wmpnetwk.exe

PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009-07-14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programas\Windows Defender\MpCmdRun.exe

PRC - [2009-07-14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2009-05-19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009-03-02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe

PRC - [2008-12-25 13:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programas\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2008-12-25 13:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Programas\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

PRC - [2008-12-17 17:11:40 | 000,365,952 | ---- | M] () -- C:\Programas\SMINST\BLService.exe

PRC - [2008-11-28 18:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programas\Hewlett-Packard\Media\DVD\DVDAgent.exe

PRC - [2008-11-18 19:35:44 | 000,914,224 | ---- | M] (Hewlett-Packard) -- C:\Programas\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

PRC - [2008-06-11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programas\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2008-04-18 07:54:42 | 000,086,016 | R--- | M] () -- C:\Windows\System32\SupportAppPT\ztemon_cd.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010-10-12 07:55:59 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Dias\Desktop\OTL.com

MOD - [2010-09-29 11:21:01 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll

MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll

MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll

MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010-09-29 11:20:35 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010-06-14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010-06-10 01:35:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010-04-28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2010-04-19 23:10:03 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010-03-23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)

SRV - [2010-02-25 01:38:20 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010-02-24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010-01-09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009-10-16 22:32:21 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2009-10-15 22:58:11 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009-10-07 05:31:18 | 000,035,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe -- (aspnet_state)

SRV - [2009-10-07 02:44:58 | 000,752,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2009-10-07 02:44:58 | 000,129,856 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe -- (clr_optimization_v4.0.21006_32)

SRV - [2009-10-07 02:44:58 | 000,124,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2009-10-07 02:44:58 | 000,124,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpActivator)

SRV - [2009-10-07 02:44:58 | 000,124,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetPipeActivator)

SRV - [2009-10-07 02:44:58 | 000,124,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetMsmqActivator)

SRV - [2009-08-18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) Protocolo PNRP (Peer Name Resolution Protocol)

SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programas\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009-05-19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009-03-02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)

SRV - [2008-12-17 17:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programas\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008-04-18 07:54:42 | 000,086,016 | R--- | M] () [Auto | Running] -- C:\Windows\System32\SupportAppPT\ztemon_cd.exe -- (Automatic CDROM Monitor)

SRV - [2008-02-03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)

SRV - [2003-04-18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010-09-29 11:21:00 | 000,078,504 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)

DRV - [2010-09-29 11:21:00 | 000,030,112 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2010-09-29 11:20:59 | 000,236,088 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)

DRV - [2010-08-21 22:10:42 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010-06-15 16:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV - [2010-06-15 16:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010-05-27 22:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2010-03-23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2010-03-01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2010-02-16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009-08-18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009-08-05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009-07-14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)

DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009-06-02 21:17:45 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stbus.sys -- (STBUS)

DRV - [2009-05-11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009-04-13 03:24:49 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)

DRV - [2009-03-01 23:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)

DRV - [2009-02-24 16:44:06 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2009-02-24 16:44:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2009-02-24 16:43:46 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2009-02-13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programas\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008-11-28 18:04:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/04/13 03:52:48] [Kernel | Auto | Running] -- C:\Programas\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

DRV - [2008-10-23 10:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008-09-04 18:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008-08-06 17:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007-06-18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2003-09-05 06:58:24 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)

DRV - [2003-09-05 06:58:22 | 000,070,624 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=91&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=91&bd=Pavilion&pf=cnnb

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1359562021-3652883525-67487786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pt_pt&c=91&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-1359562021-3652883525-67487786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ig?hl=pt-PT

IE - HKU\S-1-5-21-1359562021-3652883525-67487786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 A4 0F 00 DA 19 CB 01 [binary data]

IE - HKU\S-1-5-21-1359562021-3652883525-67487786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1359562021-3652883525-67487786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1359562021-3652883525-67487786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-06-06 12:23:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-27 23:55:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-09-27 23:55:25 | 000,000,000 | ---D | M]

 

[2010-06-02 23:53:43 | 000,000,000 | ---D | M] -- C:\Users\Dias\AppData\Roaming\mozilla\Extensions

[2010-10-10 23:46:37 | 000,000,000 | ---D | M] -- C:\Users\Dias\AppData\Roaming\mozilla\Firefox\Profiles\jxc6q87i.default\extensions

[2010-06-02 23:53:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dias\AppData\Roaming\mozilla\Firefox\Profiles\jxc6q87i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-08-20 20:35:27 | 000,000,000 | ---D | M] -- C:\Programas\Mozilla Firefox\extensions

[2010-06-06 12:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010-08-20 20:35:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npdeployJava1.dll

[2010-06-26 08:58:52 | 000,001,525 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010-06-26 08:58:52 | 000,001,529 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\priberam.xml

[2010-06-26 08:58:52 | 000,002,071 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\sapo.xml

[2010-06-26 08:58:52 | 000,000,942 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\wikipedia-ptpt.xml

[2010-06-26 08:58:52 | 000,000,648 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2010-07-23 21:15:46 | 000,000,796 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 activation.guitar-pro.com

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Programa Auxiliar de Início de Sessão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1359562021-3652883525-67487786-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1359562021-3652883525-67487786-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programas\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found

O4 - HKLM..\Run: [smartMenu] C:\Programas\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4 - HKLM..\Run: [sysTrayApp] C:\Programas\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&nviar para o OneNote - C:\Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programas\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O24 - Desktop WallPaper: C:\Users\Dias\AppData\Roaming\Microsoft\Windows Photo Gallery\Fundo da Galeria de Fotografias do Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\Dias\AppData\Roaming\Microsoft\Windows Photo Gallery\Fundo da Galeria de Fotografias do Windows.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-10-12 07:55:54 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Dias\Desktop\OTL.com

[2010-10-11 19:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010-10-10 12:16:17 | 000,000,000 | ---D | C] -- C:\Users\Dias\Desktop\F1

[2010-10-10 11:22:30 | 000,000,000 | ---D | C] -- C:\Users\Dias\Desktop\The.A-Team.2010.DVDRip.XviD-iLG

[2010-10-08 11:10:55 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys

[2010-10-08 11:10:47 | 000,000,000 | ---D | C] -- C:\Programas\PC Connectivity Solution

[2010-10-01 08:47:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2010-09-30 21:34:51 | 000,000,000 | ---D | C] -- C:\Users\Dias\Documents\KONAMI

[2010-09-30 21:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI

[2010-09-30 21:23:25 | 000,000,000 | ---D | C] -- C:\Programas\KONAMI

[2010-09-30 21:01:21 | 000,000,000 | ---D | C] -- C:\Users\Dias\AppData\Roaming\DAEMON Tools Lite

[2010-09-27 23:58:23 | 000,000,000 | ---D | C] -- C:\Programas\iTunes

[2010-09-27 23:58:23 | 000,000,000 | ---D | C] -- C:\Programas\iPod

[2010-09-27 23:55:04 | 000,000,000 | ---D | C] -- C:\Programas\QuickTime

[2010-09-27 23:53:33 | 000,000,000 | ---D | C] -- C:\Programas\Bonjour

[2010-09-27 00:01:10 | 000,000,000 | ---D | C] -- C:\Users\Dias\AppData\Local\Apps

[2010-09-24 23:39:29 | 000,000,000 | ---D | C] -- C:\Users\Dias\AppData\Roaming\Malwarebytes

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010-10-12 08:04:54 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dias\Desktop\mbam-setup-1.46.exe

[2010-10-12 08:01:22 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010-10-12 08:01:22 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010-10-12 07:55:59 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Dias\Desktop\OTL.com

[2010-10-12 07:53:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010-10-12 07:53:44 | 2413,711,360 | -HS- | M] () -- C:\hiberfil.sys

[2010-10-11 23:41:07 | 000,120,038 | ---- | M] () -- C:\Users\Dias\Desktop\Microsoft.Office.2010.Professional.Plus.x86_x64.PT-NY.next

[2010-10-11 21:17:06 | 000,718,264 | ---- | M] () -- C:\Windows\System32\prfh0816.dat

[2010-10-11 21:17:06 | 000,651,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010-10-11 21:17:06 | 000,151,272 | ---- | M] () -- C:\Windows\System32\prfc0816.dat

[2010-10-11 21:17:06 | 000,120,578 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010-10-10 11:46:25 | 183,830,214 | ---- | M] () -- C:\Users\Dias\Desktop\The.Simpsons.S22E03.HDTV.XviD-LOL.avi

[2010-10-09 17:09:00 | 000,007,680 | ---- | M] () -- C:\Users\Dias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-10-09 16:49:37 | 000,018,784 | ---- | M] () -- C:\Users\Dias\Desktop\The_Disappearance_of_Alice_Creed PT-PT.zip

[2010-10-09 10:58:50 | 000,106,496 | ---- | M] () -- C:\Users\Dias\Desktop\EMELE_Folha_de_Rosto.doc

[2010-10-09 10:58:38 | 000,120,977 | ---- | M] () -- C:\Users\Dias\Desktop\EMELE_Guiao_M1-T2_V2.pdf

[2010-10-08 11:15:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

[2010-10-07 17:29:18 | 000,069,622 | ---- | M] () -- C:\Users\Dias\Desktop\_Mapa.pdf

[2010-10-06 20:07:42 | 734,494,720 | ---- | M] () -- C:\Users\Dias\Desktop\The Disappearance Of Alice Creed 2009 BRRip Xvid-LTRG.avi

[2010-10-05 14:11:14 | 000,001,709 | ---- | M] () -- C:\Users\Dias\Desktop\pes2011.lnk

[2010-09-27 23:12:10 | 000,014,321 | ---- | M] () -- C:\Users\Dias\Desktop\horarios.docx

[2010-09-27 22:29:50 | 000,054,687 | ---- | M] () -- C:\Users\Dias\Desktop\horario 1o semestre.jpg

[2010-09-23 22:00:28 | 000,000,853 | ---- | M] () -- C:\Users\Dias\.recently-used.xbel

[2010-09-19 18:24:43 | 000,001,887 | ---- | M] () -- C:\Users\Dias\Desktop\BTNext Evolution.lnk

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-10-11 23:41:05 | 000,120,038 | ---- | C] () -- C:\Users\Dias\Desktop\Microsoft.Office.2010.Professional.Plus.x86_x64.PT-NY.next

[2010-10-11 20:24:11 | 183,830,214 | ---- | C] () -- C:\Users\Dias\Desktop\The.Simpsons.S22E03.HDTV.XviD-LOL.avi

[2010-10-09 16:49:35 | 000,018,784 | ---- | C] () -- C:\Users\Dias\Desktop\The_Disappearance_of_Alice_Creed PT-PT.zip

[2010-10-09 16:47:17 | 734,494,720 | ---- | C] () -- C:\Users\Dias\Desktop\The Disappearance Of Alice Creed 2009 BRRip Xvid-LTRG.avi

[2010-10-09 10:58:48 | 000,106,496 | ---- | C] () -- C:\Users\Dias\Desktop\EMELE_Folha_de_Rosto.doc

[2010-10-09 10:58:38 | 000,120,977 | ---- | C] () -- C:\Users\Dias\Desktop\EMELE_Guiao_M1-T2_V2.pdf

[2010-10-08 11:15:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

[2010-10-07 17:29:17 | 000,069,622 | ---- | C] () -- C:\Users\Dias\Desktop\_Mapa.pdf

[2010-10-05 14:10:37 | 000,001,709 | ---- | C] () -- C:\Users\Dias\Desktop\pes2011.lnk

[2010-09-27 22:29:46 | 000,054,687 | ---- | C] () -- C:\Users\Dias\Desktop\horario 1o semestre.jpg

[2010-09-23 22:00:28 | 000,000,853 | ---- | C] () -- C:\Users\Dias\.recently-used.xbel

[2010-09-20 19:28:23 | 000,014,321 | ---- | C] () -- C:\Users\Dias\Desktop\horarios.docx

[2010-07-05 19:34:55 | 000,000,990 | -HS- | C] () -- C:\Users\Dias\AppData\Roaming\systemfl.$dk

[2010-06-25 17:39:12 | 000,007,680 | ---- | C] () -- C:\Users\Dias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-06-19 23:55:56 | 002,722,932 | ---- | C] () -- C:\Users\Dias\AppData\Local\tmpAGUA0001.JPG

[2010-06-19 23:55:55 | 004,832,888 | ---- | C] () -- C:\Users\Dias\AppData\Local\tmpAGUA0001.0

[2010-06-03 01:07:35 | 000,003,468 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010-06-03 00:33:47 | 000,000,000 | ---- | C] () -- C:\Users\Dias\AppData\Local\QSwitch.txt

[2010-06-03 00:33:47 | 000,000,000 | ---- | C] () -- C:\Users\Dias\AppData\Local\DSwitch.txt

[2010-06-03 00:33:47 | 000,000,000 | ---- | C] () -- C:\Users\Dias\AppData\Local\AtStart.txt

[2010-06-03 00:32:53 | 000,022,108 | ---- | C] () -- C:\ProgramData\HPWALog.txt

[2009-10-24 16:59:53 | 000,000,379 | ---- | C] () -- C:\Windows\pdf2word.INI

[2009-07-16 15:38:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009-07-14 22:08:22 | 000,000,120 | ---- | C] () -- C:\Windows\CIS_Setup_3.10.102363.531_XP_Vista_x32.INI

[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009-06-30 23:57:52 | 000,000,604 | -H-- | C] () -- C:\Programas\STLL Notifier

[2009-06-19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2009-06-09 23:03:04 | 000,025,509 | ---- | C] () -- C:\Users\Dias\AppData\Roaming\UserTile.png

[2009-06-02 21:23:49 | 000,005,607 | ---- | C] () -- C:\Windows\System32\stci.dll

[2009-06-02 16:49:23 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2009-04-13 03:24:54 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

 

========== LOP Check ==========

 

[2010-06-02 23:53:22 | 000,000,000 | ---D | M] -- C:\Users\Dias\AppData\Roaming\Autodesk

[2010-09-30 21:04:06 | 000,000,000 | ---D | M] -- C:\Users\Dias\AppData\Roaming\DAEMON Tools Lite

[2010-09-23 22:00:28 | 000,000,000 | ---D | M] -- C:\Users\Dias\AppData\Roaming\gtk-2.0

[2010-07-23 21:38:36 | 000,000,000 | ---D | M] -- C:\Users\Dias\AppData\Roaming\Guitar Pro 6

[2010-06-02 23:53:45 | 000,000,000 | ---D | M] -- C:\Users\Dias\AppData\Roaming\Nokia

[2010-07-30 23:14:25 | 000,000,000 | ---D | M] -- C:\Users\Dias\AppData\Roaming\PC Suite

[2009-06-09 23:03:04 | 000,000,000 | ---D | M] -- C:\Users\Dias\AppData\Roaming\PeerNetworking

[2010-10-06 00:27:54 | 000,000,000 | ---D | M] -- C:\Users\Dias\AppData\Roaming\Sports Interactive

[2010-06-22 10:10:00 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\Install.job

[2010-10-06 10:50:15 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SystemDrive%\*.* >

[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2010-06-03 00:13:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010-10-12 07:53:44 | 2413,711,360 | -HS- | M] () -- C:\hiberfil.sys

[2009-07-08 00:13:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009-07-08 00:13:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010-10-12 07:53:49 | 3218,284,544 | -HS- | M] () -- C:\pagefile.sys

[2010-07-05 19:40:24 | 000,000,771 | ---- | M] () -- C:\Sys_LogWin.log

 

< %SystemRoot%\*.* >

[2009-06-17 07:53:12 | 000,018,333 | ---- | M] () -- C:\Windows\atiogl.xml

[2010-06-02 23:20:05 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

[2009-04-13 03:25:23 | 000,033,100 | ---- | M] () -- C:\Windows\bcmwl.log

[2009-07-14 02:14:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe

[2010-10-12 07:53:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009-07-14 22:08:23 | 000,000,120 | ---- | M] () -- C:\Windows\CIS_Setup_3.10.102363.531_XP_Vista_x32.INI

[2010-06-03 00:13:14 | 000,006,087 | ---- | M] () -- C:\Windows\comsetup.log

[2009-04-13 11:10:47 | 000,000,012 | ---- | M] () -- C:\Windows\CSUP.txt

[2010-06-02 21:34:24 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml

[2010-06-02 21:34:27 | 000,002,544 | ---- | M] () -- C:\Windows\diagwrn.xml

[2010-08-21 22:49:54 | 000,380,517 | ---- | M] () -- C:\Windows\DirectX.log

[2010-10-08 11:10:57 | 000,087,856 | ---- | M] () -- C:\Windows\DPINST.LOG

[2010-06-03 00:02:15 | 000,004,141 | ---- | M] () -- C:\Windows\DtcInstall.log

[2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2009-07-14 02:14:20 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe

[2009-07-14 02:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

[2009-07-14 02:14:21 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\hh.exe

[2006-09-19 12:41:44 | 000,008,328 | ---- | M] () -- C:\Windows\HomePremium.xml

[2010-06-03 01:44:39 | 000,205,431 | ---- | M] () -- C:\Windows\hpoins30.dat

[2010-06-03 01:10:06 | 000,175,359 | ---- | M] () -- C:\Windows\hpoins30.dat.osupcopy

[2009-10-07 22:11:41 | 000,176,719 | ---- | M] () -- C:\Windows\hpoins30.dat.temp

[2009-10-08 02:29:55 | 000,000,587 | ---- | M] () -- C:\Windows\hpomdl30.dat

[2008-06-18 07:22:38 | 000,000,844 | ---- | M] () -- C:\Windows\hpomdl30.dat.temp

[2010-06-06 12:24:08 | 000,023,187 | ---- | M] () -- C:\Windows\hpqins15.dat

[2009-02-27 23:47:39 | 000,005,744 | ---- | M] () -- C:\Windows\HPQLB.LOG

[2009-06-02 15:57:43 | 000,002,084 | ---- | M] () -- C:\Windows\ie8_main.log

[2009-07-14 22:34:30 | 171,711,017 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2009-07-13 23:58:08 | 000,043,131 | ---- | M] () -- C:\Windows\mib.bin

[2009-06-10 22:19:27 | 000,001,405 | ---- | M] () -- C:\Windows\msdfmap.ini

[2009-06-02 09:38:22 | 000,284,306 | ---- | M] () -- C:\Windows\msxml4-KB954430-enu.LOG

[2009-11-25 18:45:50 | 000,295,416 | ---- | M] () -- C:\Windows\msxml4-KB973688-enu.LOG

[2009-07-14 02:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe

[2009-08-24 12:24:07 | 002,443,186 | ---- | M] () -- C:\Windows\ntbtlog.txt

[2009-10-24 16:59:53 | 000,000,379 | ---- | M] () -- C:\Windows\pdf2word.INI

[2010-10-10 11:09:53 | 000,313,204 | ---- | M] () -- C:\Windows\PFRO.log

[2005-04-14 16:33:14 | 000,003,638 | -H-- | M] () -- C:\Windows\ps.ico

[2009-07-14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\regedit.exe

[2010-09-27 21:37:22 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe

[2010-10-12 07:53:55 | 001,652,212 | ---- | M] () -- C:\Windows\setupact.log

[2009-07-14 05:39:09 | 000,000,000 | ---- | M] () -- C:\Windows\setuperr.log

[2010-09-27 21:37:21 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE

[2009-06-10 22:14:45 | 000,048,201 | ---- | M] () -- C:\Windows\Starter.xml

[2010-03-23 14:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray.exe

[2009-06-10 22:46:28 | 000,000,219 | ---- | M] () -- C:\Windows\system.ini

[2010-06-02 23:20:29 | 000,001,313 | ---- | M] () -- C:\Windows\TSSysprep.log

[2009-06-10 22:41:17 | 000,094,784 | ---- | M] (Twain Working Group) -- C:\Windows\twain.dll

[2009-07-14 02:16:16 | 000,051,200 | ---- | M] (Twain Working Group) -- C:\Windows\twain_32.dll

[2008-03-14 06:56:18 | 000,012,288 | R--- | M] (Hewlett-Packard Company) -- C:\Windows\Twunk_16.dll

[2009-06-10 22:41:17 | 000,049,680 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_16.exe

[2008-03-14 06:56:18 | 000,012,288 | R--- | M] (Hewlett-Packard Company) -- C:\Windows\Twunk_32.dll

[2009-07-14 02:14:42 | 000,031,232 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe

[2009-06-10 22:14:45 | 000,051,867 | ---- | M] () -- C:\Windows\Ultimate.xml

[2010-06-03 01:44:30 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini

[2009-07-14 05:41:57 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest

[2010-06-02 22:38:00 | 001,637,937 | ---- | M] () -- C:\Windows\WindowsUpdate (1).log

[2010-10-12 07:58:30 | 001,485,614 | ---- | M] () -- C:\Windows\WindowsUpdate.log

[2009-06-10 22:42:20 | 000,256,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhelp.exe

[2009-07-14 02:14:45 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe

[2010-04-17 00:21:52 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

[2009-06-10 22:34:23 | 000,316,640 | ---- | M] () -- C:\Windows\WMSysPr9.prx

[2009-07-14 02:14:49 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\write.exe

[2009-08-04 20:16:44 | 000,019,211 | ---- | M] () -- C:\Windows\ZTEInstallInfo.log

[2009-06-10 22:42:49 | 000,000,707 | ---- | M] () -- C:\Windows\_default.pif

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

< %SystemRoot%\system32\drivers\*.* >

[2009-06-01 19:29:16 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv6 Notebook PC_Y5335KV_0U_QCNF9150G1L_E510505-131_4A_I3628_SQuanta_V18.27_F.12_T090323_WV3-1_L816_M3069_J320_7Intel_867A_92.67_#090413_N10EC8168;14E44315_(NU754EA#AB9)_XMOBILE_CN10_Z_2Rev 1.MRK

[2009-07-14 00:51:21 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys

[2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394ohci.sys

[2010-06-15 16:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\Accelerometer.sys

[2009-07-14 02:26:15 | 000,274,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys

[2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpipmi.sys

[2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys

[2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys

[2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys

[2009-07-14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys

[2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\agilevpn.sys

[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AGP440.sys

[2003-09-05 06:58:12 | 000,003,968 | ---- | M] (THOMSON) -- C:\Windows\System32\drivers\alcacr.sys

[2003-09-05 06:58:24 | 000,053,600 | ---- | M] (THOMSON) -- C:\Windows\System32\drivers\alcan5wn.sys

[2003-09-05 06:58:22 | 000,070,624 | ---- | M] (THOMSON) -- C:\Windows\System32\drivers\alcaudsl.sys

[2003-09-05 06:58:18 | 000,005,280 | ---- | M] (THOMSON) -- C:\Windows\System32\drivers\alcawh.sys

[2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys

[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS

[2009-07-14 02:26:15 | 000,014,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys

[2009-07-14 00:11:04 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys

[2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdppm.sys

[2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdsata.sys

[2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\System32\drivers\amdsbs.sys

[2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdxata.sys

[2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\appid.sys

[2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys

[2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys

[2009-07-14 00:54:46 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\asyncmac.sys

[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys

[2009-07-14 02:26:15 | 000,133,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys

[2009-08-18 01:37:56 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

[2009-08-18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys

[2009-06-10 22:19:15 | 000,328,162 | ---- | M] () -- C:\Windows\System32\drivers\ativcaxx.cpa

[2009-06-10 22:19:15 | 000,000,929 | ---- | M] () -- C:\Windows\System32\drivers\ativcaxx.vp

[2009-06-10 22:19:15 | 000,002,096 | ---- | M] () -- C:\Windows\System32\drivers\ativdkxx.vp

[2009-06-10 22:19:15 | 000,002,096 | ---- | M] () -- C:\Windows\System32\drivers\ativokxx.vp

[2009-06-10 22:19:15 | 000,002,096 | ---- | M] () -- C:\Windows\System32\drivers\ativpkxx.vp

[2009-06-10 22:19:15 | 000,052,400 | ---- | M] () -- C:\Windows\System32\drivers\ativvpxx.vp

[2009-05-11 12:49:28 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys

[2010-02-16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2009-05-11 12:49:28 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys

[2010-03-01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys

[2009-07-14 02:26:15 | 000,025,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys

[2009-04-13 03:24:49 | 001,331,192 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS

[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\beep.sys

[2009-07-14 00:23:04 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\blbdrive.sys

[2009-07-14 00:14:22 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys

[2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys

[2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys

[2009-07-14 01:41:26 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys

[2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys

[2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys

[2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys

[2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys

[2009-07-14 00:51:34 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys

[2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\bxvbdx.sys

[2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys

[2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys

[2009-07-14 00:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdfs.sys

[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys

[2009-07-14 00:51:17 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys

[2009-07-14 02:26:15 | 000,140,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys

[2009-07-14 00:19:18 | 000,014,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CmBatt.sys

[2010-09-29 11:21:00 | 000,017,256 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys

[2010-09-29 11:20:59 | 000,236,088 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys

[2010-09-29 11:21:00 | 000,030,112 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys

[2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cng.sys

[2009-07-14 02:26:21 | 000,019,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys

[2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CompositeBus.sys

[2009-07-14 02:20:28 | 000,035,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys

[2009-07-14 02:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys

[2009-07-14 00:15:13 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys

[2009-07-14 00:14:17 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys

[2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\discache.sys

[2009-07-14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys

[2009-07-14 02:20:28 | 000,026,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys

[2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys

[2009-07-14 01:41:37 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys

[2009-07-14 00:50:57 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmkaud.sys

[2009-07-14 02:20:28 | 000,026,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys

[2009-07-14 02:17:54 | 000,055,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dumpfve.sys

[2009-07-14 00:25:26 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys

[2009-07-14 00:25:25 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys

[2009-10-02 05:06:59 | 000,728,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys

[2009-07-14 00:25:35 | 000,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys

[2008-09-04 18:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\System32\drivers\enecir.sys

[2009-07-14 00:19:19 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\errdev.sys

[2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\evbdx.sys

[2009-07-14 00:14:03 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys

[2009-07-14 00:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys

[2009-07-14 00:45:45 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fdc.sys

[2009-07-14 02:20:28 | 000,058,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys

[2009-07-14 00:15:29 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys

[2009-07-14 00:45:45 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\flpydisk.sys

[2009-07-14 02:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys

[2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fsdepends.sys

[2009-08-05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys

[2009-07-14 02:20:28 | 000,019,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys

[2009-09-26 06:58:35 | 000,194,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fvevol.sys

[2009-07-14 02:20:28 | 000,187,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS

[2009-07-14 02:20:28 | 000,057,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS

[2009-05-18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys

[2009-06-10 22:14:29 | 003,440,660 | ---- | M] () -- C:\Windows\System32\drivers\gm.dls

[2009-06-10 22:14:29 | 000,000,646 | ---- | M] () -- C:\Windows\System32\drivers\gmreadme.txt

[2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\drivers\hcw85cir.sys

[2009-07-14 00:50:56 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys

[2009-07-14 00:51:47 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys

[2009-07-14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbatt.sys

[2009-07-14 00:51:33 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys

[2009-07-14 00:51:01 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys

[2009-07-14 00:51:05 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys

[2009-07-14 00:51:00 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys

[2009-07-14 00:51:04 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys

[2010-06-15 16:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\hpdskflt.sys

[2007-06-18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\HpqKbFiltr.sys

[2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpSAMD.sys

[2009-07-14 00:12:59 | 000,513,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys

[2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys

[2009-07-14 00:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys

[2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys

[2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys

[2010-09-29 11:21:00 | 000,078,504 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2009-07-14 02:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelide.sys

[2009-07-14 00:11:04 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys

[2009-07-14 00:54:29 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipfltdrv.sys

[2009-07-14 00:30:59 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys

[2009-07-14 00:54:29 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipnat.sys

[2009-07-14 00:53:32 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\irda.sys

[2009-07-14 00:53:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\irenum.sys

[2009-07-14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\isapnp.sys

[2008-10-23 10:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) -- C:\Windows\System32\drivers\jmcr.sys

[2009-07-14 02:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys

[2009-07-14 00:45:09 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys

[2010-03-04 04:57:55 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys

[2009-07-14 02:20:36 | 000,067,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys

[2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys

[2009-07-14 00:53:19 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys

[2009-06-02 21:17:45 | 000,016,128 | ---- | M] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\lpwdm.sys

[2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_fc.sys

[2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas.sys

[2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_sas2.sys

[2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\lsi_scsi.sys

[2009-07-14 00:15:45 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys

[2009-07-14 00:45:57 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys

[2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys

[2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys

[2009-07-14 00:55:24 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\modem.sys

[2009-07-14 00:25:59 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys

[2009-07-14 02:20:44 | 000,041,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys

[2009-07-14 00:45:08 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouhid.sys

[2009-07-14 02:20:44 | 000,078,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mountmgr.sys

[2009-07-14 02:20:44 | 000,130,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys

[2009-07-14 00:52:53 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys

[2009-07-14 00:14:26 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys

[2010-02-27 08:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys

[2010-02-27 08:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys

[2010-02-27 08:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys

[2009-07-14 02:20:44 | 000,027,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys

[2009-07-14 02:20:44 | 000,115,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys

[2009-07-14 00:11:26 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfs.sys

[2010-05-11 16:41:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2009-06-10 22:27:38 | 000,000,003 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf

[2009-12-31 11:30:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

[2010-05-11 16:18:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

[2010-05-11 16:41:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2010-06-02 23:20:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf

[2010-07-14 08:44:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf

[2010-05-11 16:18:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

[2010-10-08 11:15:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf

[2009-02-27 23:07:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2009-11-18 15:12:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2010-06-05 19:06:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010-01-03 16:12:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2010-06-17 16:18:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mshidkmdf.sys

[2009-07-14 02:20:43 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys

[2009-07-14 02:20:44 | 000,186,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys

[2009-07-14 00:45:08 | 000,008,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mskssrv.sys

[2009-07-14 00:45:08 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspclock.sys

[2009-07-14 00:45:07 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspqm.sys

[2009-07-14 02:20:44 | 000,162,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys

[2009-07-14 02:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mssmbios.sys

[2009-07-14 00:45:08 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys

[2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MTConfig.sys

[2009-07-14 02:20:44 | 000,049,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys

[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys

[2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiscap.sys

[2009-07-14 00:54:24 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys

[2009-07-14 00:53:51 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndisuio.sys

[2009-07-14 00:54:35 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys

[2009-07-14 00:54:27 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys

[2009-07-14 00:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbios.sys

[2009-07-14 00:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys

[2009-07-14 02:20:44 | 000,240,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys

[2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsu.sys

[2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsuc.sys

[2009-07-14 00:11:32 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys

[2009-07-14 00:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys

[2009-07-14 02:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys

[2009-07-14 00:11:12 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\null.sys

[2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys

[2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys

[2009-07-14 02:20:44 | 000,105,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS

[2009-07-14 00:52:03 | 000,267,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys

[2009-07-14 00:51:29 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ohci1394.sys

[2009-07-14 00:53:58 | 000,104,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys

[2009-07-14 00:45:35 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\parport.sys

[2009-07-14 02:20:44 | 000,056,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys

[2009-07-14 00:45:29 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\parvdm.sys

[2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys

[2009-07-14 02:20:45 | 000,153,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys

[2009-07-14 02:20:45 | 000,012,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys

[2009-07-14 02:19:03 | 000,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys

[2009-07-14 02:19:03 | 000,180,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcmcia.sys

[2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcw.sys

[2009-07-14 01:41:15 | 000,586,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys

[2009-07-14 00:51:02 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys

[2009-07-14 00:11:04 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys

[2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys

[2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys

[2009-07-14 00:54:13 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys

[2009-07-14 00:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasacd.sys

[2009-07-14 00:54:34 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasl2tp.sys

[2009-07-14 00:54:53 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys

[2009-07-14 00:54:48 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspptp.sys

[2009-07-14 00:54:58 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys

[2009-07-14 00:14:29 | 000,241,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys

[2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpbus.sys

[2009-07-14 01:01:40 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPCDD.sys

[2009-07-14 01:02:58 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpdr.sys

[2009-07-14 01:01:39 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys

[2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPREFMP.sys

[2009-07-14 01:01:55 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys

[2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdyboost.sys

[2009-07-14 00:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys

[2009-07-14 00:54:09 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys

[2009-07-14 00:55:21 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rootmdm.sys

[2009-07-14 00:53:20 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys

[2009-03-01 23:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rt86win7.sys

[2008-08-06 17:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys

[2009-07-14 02:19:04 | 000,085,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys

[2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scfilter.sys

[2009-07-14 02:19:04 | 000,140,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys

[2009-07-13 21:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys

[2009-07-14 00:45:28 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serenum.sys

[2009-07-14 00:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serial.sys

[2009-07-14 00:45:08 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys

[2009-07-14 01:14:46 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serscan.sys

[2009-07-14 00:45:52 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys

[2009-07-14 00:45:52 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys

[2009-10-10 03:57:31 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys

[2010-06-03 00:52:36 | 000,173,888 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat

[2009-07-14 00:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sfloppy.sys

[2004-01-28 15:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) -- C:\Windows\System32\drivers\SilvrLnk.sys

[2009-07-14 02:19:03 | 000,052,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS

[2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys

[2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys

[2009-07-14 00:53:41 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys

[2009-07-14 00:45:28 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys

[2009-07-14 02:19:03 | 000,017,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys

[2009-07-13 21:34:43 | 000,405,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys

[2010-08-21 22:10:42 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys

[2010-06-22 03:47:35 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2010-06-22 03:47:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys

[2010-06-22 03:47:13 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys

[2009-05-11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2009-06-02 21:17:45 | 000,030,464 | ---- | M] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\st330.sys

[2009-06-02 21:17:45 | 000,012,672 | ---- | M] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\stbus.sys

[2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) -- C:\Windows\System32\drivers\stexstor.sys

[2009-07-14 02:19:04 | 000,144,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys

[2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys

[2009-07-14 00:50:57 | 000,053,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys

[2010-03-23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys

[2009-07-14 02:19:10 | 000,012,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\swenum.sys

[2010-05-27 22:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys

[2009-07-14 00:45:53 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys

[2010-06-14 07:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys

[2009-07-14 00:54:14 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys

[2009-07-14 00:12:12 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys

[2009-07-14 01:01:37 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdpipe.sys

[2009-07-14 01:01:37 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdtcp.sys

[2009-07-14 00:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys

[2009-07-14 02:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys

[2009-07-14 01:01:51 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys

[2009-07-14 00:54:03 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

[2009-07-14 02:19:10 | 000,055,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS

[2009-07-14 00:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys

[2009-07-14 02:19:11 | 000,057,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS

[2009-07-14 00:51:39 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys

[2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys

[2009-07-14 00:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys

[2010-04-19 20:47:42 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys

[2009-07-14 00:51:15 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys

[2009-07-14 00:51:16 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys

[2009-07-14 00:51:31 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbccgp.sys

[2009-07-14 00:51:18 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys

[2009-07-14 00:51:05 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys

[2009-07-14 00:51:14 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys

[2009-07-14 00:52:09 | 000,258,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys

[2009-07-14 00:51:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys

[2009-07-14 00:51:15 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys

[2009-07-14 01:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbprint.sys

[2009-07-14 01:14:30 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys

[2009-07-14 00:51:17 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbser.sys

[2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\usbser_lowerflt.sys

[2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys

[2009-07-14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS

[2009-07-14 00:51:10 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbuhci.sys

[2010-03-04 05:04:40 | 000,146,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys

[2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vdrvroot.sys

[2009-07-14 00:25:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vga.sys

[2009-07-14 00:25:49 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys

[2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vhdmp.sys

[2009-07-14 02:19:10 | 000,053,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS

[2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys

[2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys

[2009-07-14 00:25:51 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys

[2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys

[2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys

[2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys

[2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys

[2009-07-14 02:19:10 | 000,053,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys

[2009-07-14 02:19:11 | 000,297,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys

[2009-07-14 02:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys

[2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys

[2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifibus.sys

[2009-07-14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwififlt.sys

[2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifimp.sys

[2009-07-14 00:46:53 | 000,021,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys

[2009-07-14 00:55:02 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys

[2009-07-14 00:24:11 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys

[2009-07-14 02:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys

[2009-07-14 02:19:10 | 000,445,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys

[2006-11-02 07:09:50 | 001,419,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wdfcoinstaller01005.dll

[2009-07-14 02:19:11 | 000,038,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys

[2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wfplwf.sys

[2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wimmount.sys

[2009-07-14 02:20:52 | 000,043,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys

[2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys

[2009-07-14 00:19:17 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys

[2009-07-14 02:19:10 | 000,014,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys

[2009-07-14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009-07-14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WSDPrint.sys

[2009-07-14 00:50:17 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFPf.sys

[2009-07-14 00:50:45 | 000,132,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys

[2009-02-24 16:43:46 | 000,104,960 | ---- | M] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys

[2009-02-24 16:43:56 | 000,110,080 | ---- | M] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnet.sys

[2009-02-24 16:44:04 | 000,104,960 | ---- | M] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys

[2009-02-24 16:44:06 | 000,104,960 | ---- | M] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys

 

< %SystemDrive%\documents and settings\All Users\Dados de aplicativos\*.* >

 

< %SystemDrive%\documents and settings\All Users\Dados de aplicativos\* >

 

< %SystemDrive%\documents and settings\All Users\Menu iniciar\Programas\Inicializar\*.* >

 

< %SystemDrive%\documents and settings\User\Configurações Locais\Temp\*.* >

 

< %UserProfile%\*.* >

[2010-09-23 22:00:28 | 000,000,853 | ---- | M] () -- C:\Users\Dias\.recently-used.xbel

[2010-10-12 08:05:03 | 005,505,024 | -HS- | M] () -- C:\Users\Dias\NTUSER.DAT

[2010-10-12 08:05:03 | 000,262,144 | -HS- | M] () -- C:\Users\Dias\ntuser.dat.LOG1

[2010-06-02 23:21:05 | 000,000,000 | -HS- | M] () -- C:\Users\Dias\ntuser.dat.LOG2

[2010-06-02 23:21:07 | 000,065,536 | -HS- | M] () -- C:\Users\Dias\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010-06-02 23:21:07 | 000,524,288 | -HS- | M] () -- C:\Users\Dias\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010-06-02 23:21:07 | 000,524,288 | -HS- | M] () -- C:\Users\Dias\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2010-06-03 00:30:42 | 000,000,020 | -HS- | M] () -- C:\Users\Dias\ntuser.ini

 

< End of report >

[wings 22]

Olá Ndias_90

 

Desculpe o atraso...muito ocupado nestes dias.

 

Seu log está limpo. :)

 

*Execute o OTL e clique [Limpeza] > [OK]

*O PC será reiniciado

 

Um abraço.

[Ndias_90 0]

Não faz mal :P

 

Muito obrigado, abraço

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.