Ir para conteúdo



Este tópico foi arquivado e está fechado para novas respostas.


[Resolvido] &nbspwindows explorer

Recommended Posts

segue abaixo o log do Hijackthis;





Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:56:21, on 21/03/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal


Running processes:



C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\STOPzilla!\Stopzilla.exe




C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DU Meter\DUMeter.exe


C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\\Pop-Up Sentry!\PSENTRY.EXE

C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe


C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe





R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: PopupSentry Class - {00000000-6C30-11D8-9363-000AE6309657} - C:\Program Files\\Pop-Up Sentry!\PSBHO.dll

O2 - BHO: - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sTOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun


O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [sRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [PopUpSentry] C:\Program Files\\Pop-Up Sentry!\PSENTRY.EXE

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{F226E472-0CA8-4CED-A121-1F3B797DDCF8}: NameServer =,

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\\Pop-Up Sentry!\SABWINLO.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pop-Up Sentry! Service (SABSVC) - - C:\Program Files\\Pop-Up Sentry!\SABSVC.EXE

O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe

O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\SZNTSvc.exe



End of file - 7217 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

Olá tchulaa



*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post

Link para o post
Compartilhar em outros sites

*Faça um scan online com o NOD32




*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

Compartilhar este post

Link para o post
Compartilhar em outros sites

opá wings tipo eu apssei o ccleaner e o superantispyware dai depois iniceio o explorer pelo gerenciador de tarefas dai ele nao reinicio mais


ta vo fase aki depois posto ;)

Compartilhar este post

Link para o post
Compartilhar em outros sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=

# OnlineScanner.ocx=

# api_version=3.0.2

# EOSSerial=bceb815310d51442998b7a12de04f656

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-03-22 01:23:16

# local_time=2011-03-21 10:23:16 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 149031 149031 0 0

# compatibility_mode=1797 16775165 100 94 0 33506205 200112 0

# compatibility_mode=3073 16777214 60 39 1642196 16820777 0 0

# compatibility_mode=5893 16776573 100 94 176373 52300756 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=123792

# found=1

# cleaned=1

# scan_time=4662

C:\Users\Usuario\AppData\Local\COMODO\Dragon\User Data\Default\Cache\f_000341 Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C




ta ai veio ele acho e boto a quarentena pah

Compartilhar este post

Link para o post
Compartilhar em outros sites



*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

Como está o PC?


Informe se foi resolvido o problema.



Um abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites

nada veio continuaa,, to passando o avira pra ve se ele pega alguja cosia deposi posto akii


Avira AntiVir Personal

Data do arquivo de relatório: terça-feira, 22 de março de 2011 12:02


Fazendo a varredura quanto a 2502953 suspeitas de vírus e programas indesejados.


O programa está sendo executado como versão completa sem limitações.

Serviços on-line estão disponíveis:


Licenciado : Avira AntiVir Personal - FREE Antivirus

Número de série : 0000149996-ADJIE-0000001

Plataforma : Windows 7

Versão do Windows : (Service Pack 1) [6.1.7601]

Modo de inicialização : Modo de segurança com rede

Nome de usuário : Usuario

Nome do computador : USUARIO-PC


Informações da versão:

BUILD.DAT : 31820 Bytes 04/02/2011 14:29:00

AVSCAN.EXE : 435368 Bytes 30/01/2011 18:38:39

AVSCAN.DLL : 52584 Bytes 03/09/2010 17:44:32

LUKE.DLL : 104296 Bytes 30/01/2011 18:38:58

LUKERES.DLL : 13160 Bytes 03/09/2010 17:44:33

VBASE000.VDF : 19875328 Bytes 06/11/2009 12:05:36

VBASE001.VDF : 13342208 Bytes 14/12/2010 15:25:34

VBASE002.VDF : 1950720 Bytes 09/02/2011 18:59:56

VBASE003.VDF : 2048 Bytes 09/02/2011 18:59:56

VBASE004.VDF : 2048 Bytes 09/02/2011 18:59:56

VBASE005.VDF : 2048 Bytes 09/02/2011 18:59:58

VBASE006.VDF : 2048 Bytes 09/02/2011 18:59:58

VBASE007.VDF : 2048 Bytes 09/02/2011 18:59:59

VBASE008.VDF : 2048 Bytes 09/02/2011 18:59:59

VBASE009.VDF : 2048 Bytes 09/02/2011 18:59:59

VBASE010.VDF : 2048 Bytes 09/02/2011 19:00:00

VBASE011.VDF : 2048 Bytes 09/02/2011 19:00:00

VBASE012.VDF : 2048 Bytes 09/02/2011 19:00:02

VBASE013.VDF : 157184 Bytes 14/02/2011 19:00:24

VBASE014.VDF : 120320 Bytes 16/02/2011 20:00:49

VBASE015.VDF : 128000 Bytes 19/02/2011 20:00:52

VBASE016.VDF : 140288 Bytes 22/02/2011 20:00:55

VBASE017.VDF : 124416 Bytes 24/02/2011 20:00:58

VBASE018.VDF : 159232 Bytes 28/02/2011 15:50:10

VBASE019.VDF : 148992 Bytes 02/03/2011 15:50:27

VBASE020.VDF : 150016 Bytes 06/03/2011 19:28:42

VBASE021.VDF : 122880 Bytes 08/03/2011 19:28:45

VBASE022.VDF : 133120 Bytes 10/03/2011 17:20:46

VBASE023.VDF : 122368 Bytes 14/03/2011 19:27:09

VBASE024.VDF : 123392 Bytes 16/03/2011 19:27:20

VBASE025.VDF : 2048 Bytes 16/03/2011 19:27:21

VBASE026.VDF : 2048 Bytes 16/03/2011 19:27:22

VBASE027.VDF : 2048 Bytes 16/03/2011 19:27:23

VBASE028.VDF : 2048 Bytes 16/03/2011 19:27:25

VBASE029.VDF : 2048 Bytes 16/03/2011 19:27:32

VBASE030.VDF : 2048 Bytes 16/03/2011 19:27:34

VBASE031.VDF : 87040 Bytes 18/03/2011 19:27:42

Versão do mecanismo :

AEVDF.DLL : 106868 Bytes 03/09/2010 17:44:20

AESCRIPT.DLL : 1261947 Bytes 18/03/2011 19:29:24

AESCN.DLL : 127349 Bytes 25/01/2011 15:26:40

AESBX.DLL : 254324 Bytes 25/01/2011 15:26:43

AERDL.DLL : 639346 Bytes 18/03/2011 19:29:11

AEPACK.DLL : 520567 Bytes 18/03/2011 19:28:54

AEOFFICE.DLL : 205177 Bytes 08/03/2011 19:29:19

AEHEUR.DLL : 3371383 Bytes 18/03/2011 19:28:43

AEHELP.DLL : 246134 Bytes 14/02/2011 19:01:00

AEGEN.DLL : 397684 Bytes 18/03/2011 19:27:55

AEEMU.DLL : 393589 Bytes 25/01/2011 15:26:18

AECORE.DLL : 196983 Bytes 25/01/2011 15:26:17

AEBB.DLL : 53618 Bytes 03/09/2010 17:44:16

AVWINLL.DLL : 19304 Bytes 03/09/2010 17:44:22

AVPREF.DLL : 44904 Bytes 03/09/2010 17:44:22

AVREP.DLL : 62209 Bytes 17/06/2010 17:29:08

AVREG.DLL : 53096 Bytes 03/09/2010 17:44:22

AVSCPLR.DLL : 84328 Bytes 30/01/2011 18:38:44

AVARKT.DLL : 231784 Bytes 30/01/2011 18:37:19

AVEVTLOG.DLL : 203112 Bytes 03/09/2010 17:44:21

SQLITE3.DLL : 355688 Bytes 17/06/2010 17:29:17

AVSMTP.DLL : 63848 Bytes 03/09/2010 17:44:22

NETNT.DLL : 11624 Bytes 17/06/2010 17:29:16

RCIMAGE.DLL : 2550120 Bytes 16/02/2010 12:49:20

RCTEXT.DLL : 98664 Bytes 03/09/2010 17:44:33


Opções de configuração para a varredura:

Nome da tarefa......................................: Verif. compl. do sistema

Arquivo de configuração.............................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Registro............................................: baixo

Ação primária.......................................: interativo

Ação secundária.....................................: ignorar

Fazer a varredura do setor mestre de inicialização..: ativado

Fazer a varredura do setor de inicialização.........: ativado

Setores de inicialização............................: C:, D:,

Varredura do processo...............................: ativado

Varredura do processo estendida.....................: ativado

Fazer a varredura do registro.......................: ativado

Verificação por rootkits............................: ativado

Verificação da integridade dos arquivos de sistema..: desativado

Fazer a varredura de todos os arquivos..............: Todos os arquivos

Fazer a varredura dos arquivamentos.................: ativado

Profundidade de recursão............................: 20

Extensões inteligentes..............................: ativado

Heurística de macro.................................: ativado

Heurística do arquivo...............................: médio

Desviando categorias de risco.......................: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,


Início da varredura: terça-feira, 22 de março de 2011 12:02


Iniciando a pesquisa de objetos ocultos.

Não foi possível inicializar o driver.


A varredura dos processos em execução será iniciada

Processo de varredura 'avscan.exe' – foi feita a varredura em '65' módulo(s)

Processo de varredura 'WerFault.exe' – foi feita a varredura em '51' módulo(s)

Processo de varredura 'avcenter.exe' – foi feita a varredura em '72' módulo(s)

Processo de varredura 'wmpnscfg.exe' – foi feita a varredura em '29' módulo(s)

Processo de varredura 'wmpnscfg.exe' – foi feita a varredura em '29' módulo(s)

Processo de varredura 'explorer.exe' – foi feita a varredura em '166' módulo(s)

Processo de varredura 'svchost.exe' – foi feita a varredura em '56' módulo(s)

Processo de varredura 'ctfmon.exe' – foi feita a varredura em '24' módulo(s)

Processo de varredura 'svchost.exe' – foi feita a varredura em '53' módulo(s)

Processo de varredura 'svchost.exe' – foi feita a varredura em '63' módulo(s)

Processo de varredura 'svchost.exe' – foi feita a varredura em '30' módulo(s)

Processo de varredura 'svchost.exe' – foi feita a varredura em '61' módulo(s)

Processo de varredura 'svchost.exe' – foi feita a varredura em '49' módulo(s)

Processo de varredura 'svchost.exe' – foi feita a varredura em '45' módulo(s)

Processo de varredura 'svchost.exe' – foi feita a varredura em '34' módulo(s)

Processo de varredura 'svchost.exe' – foi feita a varredura em '51' módulo(s)

Processo de varredura 'lsm.exe' – foi feita a varredura em '16' módulo(s)

Processo de varredura 'lsass.exe' – foi feita a varredura em '60' módulo(s)

Processo de varredura 'services.exe' – foi feita a varredura em '32' módulo(s)

Processo de varredura 'winlogon.exe' – foi feita a varredura em '24' módulo(s)

Processo de varredura 'csrss.exe' – foi feita a varredura em '16' módulo(s)

Processo de varredura 'wininit.exe' – foi feita a varredura em '25' módulo(s)

Processo de varredura 'csrss.exe' – foi feita a varredura em '16' módulo(s)

Processo de varredura 'smss.exe' – foi feita a varredura em '2' módulo(s)


Iniciando a varredura do setor mestre de inicialização:

HD0 do setor mestre de inicialização

[iNFO] Nenhum vírus foi encontrado!

HD1 do setor mestre de inicialização

[iNFO] Nenhum vírus foi encontrado!

HD2 do setor mestre de inicialização

[iNFO] Nenhum vírus foi encontrado!

HD3 do setor mestre de inicialização

[iNFO] Nenhum vírus foi encontrado!

HD4 do setor mestre de inicialização

[iNFO] Nenhum vírus foi encontrado!


Iniciar a varredura dos setores de inicialização:

Setor de inicialização 'C:\'

[iNFO] Nenhum vírus foi encontrado!

Setor de inicialização 'D:\'

[iNFO] Nenhum vírus foi encontrado!


Iniciando a varredura dos arquivos executáveis (registro).

Foi feita a varredura do registro ( '513' arquivos ).



Iniciando a varredura do arquivo:


Iniciar verificação em 'C:\'

C:\Users\Usuario\AppData\Local\COMODO\Dragon\User Data\Default\Cache\f_000462

--> Object

[AVISO] Não foi possível ler o arquivo

[AVISO] Não foi possível ler o arquivo

Iniciar verificação em 'D:\'


[AVISO] Não foi possível abrir o arquivo!



Término da varredura: terça-feira, 22 de março de 2011 12:33

Tempo de uso: 30:16 Minuto(s)


A varredura foi concluída.


19251 Diretórios verificados

240186 Foi feita a varredura dos arquivos

0 Vírus e/ou programas indesejados foram encontrados

0 Os arquivos foram classificados como suspeitos

0 arquivos excluídos

0 Vírus e programas indesejados foram reparados

0 Os arquivos foram movidos para a quarentena

0 Os arquivos foram renomeados

1 Não é possível fazer a varredura dos arquivos

240185 Arquivos não envolvidos

2128 Os arquivamentos foram verificados

3 Avisos

0 Notas


olha aii esses aviso aii


ahh essse arquivo akii

C:\Users\Usuario\AppData\Local\COMODO\Dragon\User Data\Default\Cache\f_000462


foi o msm qo eset encontro mais ele coloko na quarentena pah depois exclui acho ...

Compartilhar este post

Link para o post
Compartilhar em outros sites

*Baixe o ZHPDiag e salve-o no desktop

*Instale o programa e durante a instalação selecione a opção [x]Créer une icône sur le Bureau

*Clique em 36d3dfc24e.jpg e selecione: 30 Days

*Clique em 51685e29d4.jpg e aguarde o término

*Cole os relatórios C:\Arquivos de programas\ZHPdiag\ZHPDiag.txt e C:\Arquivos de programas\ZHPdiag\mbr.txt


Caso o relatório ZHPDiag.txt seja demasiadamente grande..

*Acesse este link

*Clique [Enviar arquivo]

*Localize o arquivo ZHPDiag.txt

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

Compartilhar este post

Link para o post
Compartilhar em outros sites

Rapport de ZHPDiag v1.27.181 par Nicolas Coolman, Update du 21/03/2011

Run by Usuario at 22/03/2011 20:44:07

Web site :

Contact :



---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421

MFIE: Mozilla Firefox 4.0 v4.0 (Defaut)


---\\ System Information

Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 2039 MB (34% free)

System Restore: Activé (Enable)

System drive C: has 24 GB (48%) free of 49 GB


---\\ Logged in mode

Computer Name: USUARIO-PC

User Name: Usuario

All Users Names: Usuario, Convidado, Administrador,

Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator


---\\ Environnement Variables



%StartMenu%=C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu


---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 24 Go of 49 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 68 Go of 100 Go)

E:\ CD-ROM drive (Not Inserted)

F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

J:\ Floppy drive, Flash card reader, USB Key (Free 0 Go of 2 Go)

K:\ Floppy drive, Flash card reader, USB Key (Free 0 Go of 0 Go)




---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified




---\\ Search Generic System Files

[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 04:17:10.) -- C:\Windows\Explorer.exe [2616320]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]

[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/03/2011 15:50:47.) -- C:\Windows\System32\wininet.dll [1126912]

[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 04:17:56.) -- C:\Windows\System32\Winlogon.exe [286720]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 22:26:15.) -- C:\Windows\System32\drivers\atapi.sys [21584]

[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 04:30:08.) -- C:\Windows\System32\drivers\ntfs.sys [1211264]




---\\ Running Processes

[MD5.AD7994EF4243AA5DDE0E187F61DF7231] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]

[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592]

[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552]

[MD5.F60D7BA291B9812AE9A77CF95689818E] - (.Hewlett-Packard Company - KBD EXE.) -- C:\hp\kbd\kbd.exe [61440]

[MD5.933E558B679914DC302005F22D8F0306] - (.SRS Labs, Inc. - SRS Audio Sandbox control panel.) -- C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [3216664]

[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952]

[MD5.94353E39A5494BBF73E04F2290F9A264] - (.Hagel Technologies Ltd - DU Meter Monitor.) -- C:\Program Files\DU Meter\DUMeter.exe [2582288]

[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files\RocketDock\RocketDock.exe [495616]

[MD5.A80C173AC5C75706BB74AE4D78F2A53D] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe [164864]

[MD5.7AAF26E5CEC48A364FAB61A3505668FB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe [924632]

[MD5.356A22A5871AC798035E4082C0508F76] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe [16856]

[MD5.53CB2DEB7D474FDEF32FD0E86A0E735E] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [642048]




---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

P2 - FPN: [HKLM] [] - (.Unknown owner - No comment.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

P2 - FPN: [HKLM] [] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [ Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\\npGoogleOneClick8.dll

M0 - MFSP: prefs.js [usuario - mti67u9d.default]'>




---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKUS\S-1-5-21-1627759439-3692452802-2262465073-1001\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKUS\S-1-5-21-1627759439-3692452802-2262465073-1001\Software\Microsoft\Internet Explorer\Main,Search Page =

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navegador da Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2




---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll




---\\ ---\\ Changed inifile Value, Mapped to Registry (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe




---\\ Browser Helper Objects (O2)

O2 - BHO: PopupSentry Class - {00000000-6C30-11D8-9363-000AE6309657} . ( - Pop-Up Sentry Browser Helper Object.) -- C:\Program Files\\Pop-Up Sentry!\PSBHO.dll

O2 - BHO: - {000123B4-9B42-4900-B3F7-F4B073EFC214} . ( - Orbitcth.) -- C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} Orphean Key




---\\ ---\\ Auto loading programs from Registry and folders (O4)

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sTOPzilla] . (.International Software Systems Solutions - STOPzilla! Application.) -- C:\Program Files\STOPzilla!\Stopzilla.exe

O4 - HKCU\..\Run: [sRS Audio Sandbox] . (.SRS Labs, Inc. - SRS Audio Sandbox control panel.) -- C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKCU\..\Run: [DU Meter] . (.Hagel Technologies Ltd - DU Meter Monitor.) -- C:\Program Files\DU Meter\DUMeter.exe

O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files\RocketDock\RocketDock.exe

O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-21-1627759439-3692452802-2262465073-1001\..\Run: [sRS Audio Sandbox] . (.SRS Labs, Inc. - SRS Audio Sandbox control panel.) -- C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

O4 - HKUS\S-1-5-21-1627759439-3692452802-2262465073-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKUS\S-1-5-21-1627759439-3692452802-2262465073-1001\..\Run: [DU Meter] . (.Hagel Technologies Ltd - DU Meter Monitor.) -- C:\Program Files\DU Meter\DUMeter.exe

O4 - HKUS\S-1-5-21-1627759439-3692452802-2262465073-1001\..\Run: [RocketDock] . (...) -- C:\Program Files\RocketDock\RocketDock.exe

O4 - HKUS\S-1-5-21-1627759439-3692452802-2262465073-1001\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe




---\\ ---\\ Other User Links (O4)

O4 - Global Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Usuario\Desktop\DVD Decrypter.lnk . (.LIGHTNING UK!.) -- C:\Program Files\DVD Decrypter\DVDDecrypter.exe

O4 - Global Startup: C:\Users\Usuario\Desktop\FlashGet 3.7.lnk . (...) -- C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe (.not file.)

O4 - Global Startup: C:\Users\Usuario\Desktop\FusionSoft DVD Player XP.lnk . (...) -- C:\Program Files\FusionSoft DVD Player XP\FSoftDVD.exe (.not file.)

O4 - Global Startup: C:\Users\Usuario\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - Global Startup: C:\Users\Usuario\Desktop\Invisible IP Map.lnk . (...) -- C:\Program Files\Invisible IP Map\InvisibleIP.exe

O4 - Global Startup: C:\Users\Usuario\Desktop\PointBlank.lnk . (.Zepetto Co..) -- C:\ongame\Pointblank\PBLauncher.exe

O4 - Global Startup: C:\Users\Usuario\Desktop\Proxy Vampire.lnk . (...) -- C:\Program Files\Proxy Vampire\proxyvampire.exe

O4 - Global Startup: C:\Users\Usuario\Desktop\RAM Idle LE.lnk . ( -- C:\Program Files\RAM Idle LE\RAMMan.exe

O4 - Global Startup: C:\Users\Usuario\Desktop\Total Video Converter.lnk . (...) -- C:\Program Files\Total Video Converter\tvc.exe

O4 - Global Startup: C:\Users\Usuario\Desktop\Total Video Player.lnk . (...) -- C:\Program Files\Total Video Converter\tvp.exe

O4 - Global Startup: C:\Users\Usuario\Desktop\Virtual DJ Trial.lnk . (.Atomix Productions.) -- C:\Program Files\VirtualDJ\virtualdj_trial.exe

O4 - Global Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk . (.LIGHTNING UK!.) -- C:\Program Files\DVD Decrypter\DVDDecrypter.exe

O4 - Global Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVDFab 6.lnk . (.Fengtao Software Inc..) -- C:\Program Files\DVDFab 6\DVDFab.exe

O4 - Global Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch STOPzilla!.lnk . (...) -- C:\Users\Usuario\AppData\Roaming\Microsoft\Installer\{3037A890-E9CE-4E89-A7FA-0540A3A6A887}\_1e02718d.exe

O4 - Global Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk . (.Nero AG.) -- C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe

O4 - Global Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk . ( -- C:\Program Files\Orbitdownloader\orbitdm.exe




---\\ Extra items in the IE right-click menu (O8)

O8 - Extra context menu item: &Download by Orbit . ( - Orbitmxt.) -- C:\Program Files\Orbitdownloader\orbitmxt.dll

O8 - Extra context menu item: &Grab video by Orbit . ( - Orbitmxt.) -- C:\Program Files\Orbitdownloader\orbitmxt.dll

O8 - Extra context menu item: Do&wnload selected by Orbit . ( - Orbitmxt.) -- C:\Program Files\Orbitdownloader\orbitmxt.dll

O8 - Extra context menu item: Down&load all by Orbit . ( - Orbitmxt.) -- C:\Program Files\Orbitdownloader\orbitmxt.dll

O8 - Extra context menu item: E&xportar para o Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~4\Office12\EXCEL.exe

O8 - Extra context menu item: ????3?? . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~4\Office12\EXCEL.exe

O8 - Extra context menu item: ????3?????? . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~4\Office12\EXCEL.exe




---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll




---\\ ActiveX Objects (Downloaded Program Files) (O16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -




---\\ Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{F226E472-0CA8-4CED-A121-1F3B797DDCF8}: NameServer =,

O17 - HKLM\System\CS1\Services\Tcpip\..\{F226E472-0CA8-4CED-A121-1F3B797DDCF8}: NameServer =,

O17 - HKLM\System\CS2\Services\Tcpip\..\{F226E472-0CA8-4CED-A121-1F3B797DDCF8}: NameServer =,

O17 - HKLM\System\CCS\Services\Tcpip\..\{F226E472-0CA8-4CED-A121-1F3B797DDCF8}: DhcpNameServer =

O17 - HKLM\System\CS1\Services\Tcpip\..\{F226E472-0CA8-4CED-A121-1F3B797DDCF8}: DhcpNameServer =

O17 - HKLM\System\CS2\Services\Tcpip\..\{F226E472-0CA8-4CED-A121-1F3B797DDCF8}: DhcpNameServer =

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =




---\\ Extra protocols and protocol Hijackers (O18)

O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL




---\\ AppInit_DLLs Registry value Autorun (O20)

O20 - Winlogon Notify: !SABWinLogon . ( - Super Ad Blocker WinLogon Processor.) -- C:\Program Files\\Pop-Up Sentry!\SABWINLO.dll

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll




---\\ ShellServiceObjectDelayLoad (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Monitor de Sites.) -- C:\Windows\system32\webcheck.dll




---\\ SharedTaskScheduler (O22)

O22 - SharedTaskScheduler: (no name) - {E31004D1-A431-41B8-826F-E902F9D95C81} . (.Microsoft Corporation - Microsoft Windows 7 Ultimate Extra: Windows.) -- C:\Windows\System32\DreamScene.dll




---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)

O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: (DUMeterSvc) . (.Hagel Technologies Ltd - DU Meter Service.) - C:\Program Files\DU Meter\DUMeterSvc.exe

O23 - Service: (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: C:\Windows\system32\drivers\luafv.sys (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: (NBService) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: (NMIndexingService) . (.Nero AG - Nero Home.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: (SABSVC) . ( - Super Ad Blocker Service.) - C:\Program Files\\Pop-Up Sentry!\SABSVC.exe

O23 - Service: (SRS Labs License Service) . (.SRS Labs - System Level Service Utility.) - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe

O23 - Service: (STOPzilla Local Service) . (.International Software Systems Solutions - STOPzilla NT Service.) - C:\Program Files\STOPzilla!\SZNTSvc.exe

O23 - Service: ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp. - No comment.) - C:\Program Files\CyberLink\PowerDVD9\000.fcl




---\\ Windows Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)




---\\ Task Planned Automatically(039)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

[MD5.00000000000000000000000000000000] [APT] [MyDefrag v4.3.1 Daily] (.Unknown owner.) -- C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD" (.not file.)

[MD5.00000000000000000000000000000000] [APT] [MyDefrag v4.3.1 Monthly] (.Unknown owner.) -- C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD" (.not file.)

[MD5.A531E07BBF9BC1CF4EA8BA2F760E3FEE] [APT] [{967A7775-239C-4D17-B094-A738C392DBE7}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe

[MD5.00000000000000000000000000000000] [APT] [{A4B60026-0694-4AF1-A079-388317D60629}] (.Unknown owner.) -- D:\Usuario\Desktop\STOPzilla + Crack\STOPzilla_Setup.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [AppleSoftwareUpdate] (.Unknown owner.) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe (.not file.)




---\\ Drivers launched at startup (O41)

O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys

O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys

O41 - Driver: (SABDIFSV) . (.Unknown owner - SABDIFSV.) - C:\Program Files\\Pop-Up Sentry!\SABDIFSV.sys

O41 - Driver: (SABKUTIL) . (.Unknown owner - SABKUTIL.SYS.) - C:\Program Files\\Pop-Up Sentry!\SABKUTIL.sys

O41 - Driver: (SASDIFSV) . ( and - SASDIFSV.SYS.) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys

O41 - Driver: (SASKUTIL) . ( and - SASKUTIL.SYS.) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\Windows\System32\DRIVERS\serial.sys

O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys

O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys




---\\ Software installed (O42)

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{98003BDC-1B68-4970-B28E-ACC8000D2F3E}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}

O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}

O42 - Logiciel: AVS Media Player - (.Online Media Technologies Ltd..) [HKLM] -- AVS Media Player_is1

O42 - Logiciel: AVS Update Manager 1.0 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Update Manager_is1

O42 - Logiciel: AVS4YOU Software Navigator 1.4 - (.Online Media Technologies Ltd..) [HKLM] -- AVS4YOU Software Navigator_is1

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Reader 9.2 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A92000000001}

O42 - Logiciel: Arquivo do WinRAR - (.Unknown owner.) [HKLM] -- WinRAR archiver

O42 - Logiciel: Assistente de Conexão do Windows Live - (.Microsoft Corporation.) [HKLM] -- {51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}

O42 - Logiciel: Atualização do produto Microsoft Office 2007 Proofing Tools (KB972854) - (.Microsoft.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{16658B58-2DE1-4B8E-9C86-82D1713FB992}

O42 - Logiciel: Atualização do produto Microsoft Office Excel 2007 Help (KB963678) - (.Microsoft.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}

O42 - Logiciel: Atualização do produto Microsoft Office Word 2007 Help (KB963665) - (.Microsoft.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}

O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop

O42 - Logiciel: BitTorrent - (.Unknown owner.) [HKLM] -- BitTorrent

O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {2A981294-F14C-4F0F-9627-D793270922F8}

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: CPUID CPU-Z 1.57 - (.Unknown owner.) [HKLM] -- CPUID CPU-Z_is1

O42 - Logiciel: Combined Community Codec Pack 2010-10-10 - (.CCCP Project.) [HKLM] -- Combined Community Codec Pack_is1

O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}

O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- {A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}

O42 - Logiciel: DU Meter - (.Hagel Technologies Ltd.) [HKLM] -- DUMeter3_is1

O42 - Logiciel: DVD Decrypter (Remove Only) - (.Unknown owner.) [HKLM] -- DVD Decrypter

O42 - Logiciel: DVDFab (June 26, 2009) - (.Fengtao Software Inc..) [HKLM] -- DVDFab 6_is1

O42 - Logiciel: DVDVideoSoftTB Toolbar - (.Unknown owner.) [HKLM] -- DVDVideoSoftTB Toolbar

O42 - Logiciel: Device Doctor - (.Device Doctor Software Inc..) [HKLM] -- {D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1

O42 - Logiciel: Driver Checker v2.7.3 - (, Inc..) [HKLM] -- Driver Checker_is1

O42 - Logiciel: Ferramenta de Carregamento do Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}

O42 - Logiciel: FormatFactory 2.60 - (.Free Time.) [HKLM] -- FormatFactory

O42 - Logiciel: Free 3GP Video Converter version 3.7.18 - (.DVDVideoSoft Limited..) [HKLM] -- Free 3GP Video Converter_is1

O42 - Logiciel: Free FLV Converter V 6.95.0 - (.Koyote Soft.) [HKLM] -- Free FLV Converter_is1

O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {C768790F-04FB-11E0-9B2C-001AA037B01E}

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI

O42 - Logiciel: Invisible IP Map - (.Unknown owner.) [HKLM] -- Invisible IP Map

O42 - Logiciel: Java 6 Update 24 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF}

O42 - Logiciel: Java 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}

O42 - Logiciel: K-Lite Mega Codec Pack 6.8.0 - (.Unknown owner.) [HKLM] -- KLiteCodecPack_is1

O42 - Logiciel: KBD - (.Unknown owner.) [HKLM] -- KBD

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

O42 - Logiciel: MV RegClean 6.0 - (.Unknown owner.) [HKLM] -- MV RegClean 6.0_is1

O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Messenger Plus! Live - (.Yuna Software.) [HKLM] -- Messenger Plus! Live

O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- ENTERPRISE

O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Mozilla Firefox 4.0 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 4.0 (x86 pt-BR)

O42 - Logiciel: Mp3 Convert Master v1.1.1.401 - (.Power Convert Mp3 Solution Ltd..) [HKLM] -- Mp3 Convert Master_is1

O42 - Logiciel: MyDefrag v4.3.1 - (.J.C. Kessels.) [HKLM] -- MyDefrag v4.3.1_is1

O42 - Logiciel: Need For Speed™ World - (.Electronic Arts.) [HKLM] -- {7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1

O42 - Logiciel: Nero 7 Ultra Edition - (.Nero AG.) [HKLM] -- {6A96F672-0D61-4857-B9CE-47EBAE811046}

O42 - Logiciel: Orbit Downloader - ( [HKLM] -- Orbit_is1

O42 - Logiciel: PointBlank - (.Ongame S.A & Zepetto.) [HKCU] -- PointBlank

O42 - Logiciel: Pop-Up Sentry! Anti-Spyware - ( [HKLM] -- {D93F052A-325F-4D08-9785-F276F28B820A}

O42 - Logiciel: Proxy Vampire v.2.0 - ( [HKLM] -- Proxy Vampire_is1

O42 - Logiciel: RAM Idle LE - (.TweakNow.) [HKLM] -- RAM Idle LE_is1

O42 - Logiciel: Real Hide IP - (.Unknown owner.) [HKLM] -- RealHideIP

O42 - Logiciel: Realtek Ethernet Controller Driver For Windows 7 - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}

O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

O42 - Logiciel: Recuva - (.Piriform.) [HKLM] -- Recuva

O42 - Logiciel: Revo Uninstaller 1.91 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller

O42 - Logiciel: RocketDock 1.3.5 - (.Punk Software.) [HKLM] -- RocketDock_is1

O42 - Logiciel: SRS Audio Sandbox - (.SRS Labs, Inc..) [HKLM] -- {542C6F13-6861-4010-9EBC-6F068D397AD8}

O42 - Logiciel: STOPzilla! - (.Unknown owner.) [HKLM] -- STOPzilla

O42 - Logiciel: SUPERAntiSpyware - ( [HKLM] -- {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

O42 - Logiciel: Security Task Manager 1.8c - (.Neuber Software.) [HKLM] -- Security Task Manager

O42 - Logiciel: Ski Challenge 11 (SF) - (.Unknown owner.) [HKCU] -- sc11-CH_SF

O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

O42 - Logiciel: Skype™ 5.1 - (.Skype Technologies S.A..) [HKLM] -- {E633D396-5188-4E9D-8F6B-BFB8BF3467E8}

O42 - Logiciel: Stamp ID3 Tag Editor - (.NCH Software.) [HKLM] -- Stamp

O42 - Logiciel: Total Uninstall 5.9.2 - (.Gavrila Martau.) [HKLM] -- Total Uninstall 5_is1

O42 - Logiciel: Total Video Converter 3.02 - (.EffectMatrix Inc..) [HKLM] -- Total Video Converter 3.02_is1

O42 - Logiciel: Unlocker 1.8.8 - (.Cedrick Collomb.) [HKLM] -- Unlocker

O42 - Logiciel: Virtual DJ - Atomix Productions - (.Unknown owner.) [HKLM] -- Virtual DJ - Atomix Productions

O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {590035D9-BFA0-406A-A7F0-479C72C0DDB2}

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- {0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}

O42 - Logiciel: Windows Live Galeria de Fotos - (.Microsoft Corporation.) [HKLM] -- {87A9C015-C2BA-44EE-9C20-6E1A764B8E23}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {9ADC3E4F-34DA-48CD-8727-BB26D90257BD}

O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {6D4A54DD-C9E2-4647-B872-2E83C188584B}

O42 - Logiciel: Windows Live Sync - (.Microsoft Corporation.) [HKLM] -- {2DF215E0-BD3C-4C98-8616-AFEF09747285}

O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}


---\\ HKCU & HKLM Software Keys



















[HKCU\Software\DVD Decrypter]



[HKCU\Software\Driver Checker]

[HKCU\Software\Eltima Software]









[HKCU\Software\IM Providers]







[HKCU\Software\Malwarebytes' Anti-Malware]



[HKCU\Software\NCH Swift Sound]


[HKCU\Software\Neuber GbR]









[HKCU\Software\Ram Idle]







[HKCU\Software\Tiamat Software]



[HKCU\Software\WinRAR SFX]






[HKLM\Software\ATI Technologies]




[HKLM\Software\Apple Inc.]





[HKLM\Software\Codec Tweak Tool]







[HKLM\Software\Electronic Arts]

[HKLM\Software\FlashGet Network]

















[HKLM\Software\Malwarebytes' Anti-Malware]



[HKLM\Software\NCH Swift Sound]












[HKLM\Software\SRS Labs]











[HKLM\Software\Wilson WindowWare]











---\\ Contents of the Common Files folders (O43)

O43 - CFD: 25/01/2011 - 12:59:50 - [230192388] ----D- C:\Program Files\Adobe

O43 - CFD: 25/01/2011 - 09:28:26 - [0] -SH-D- C:\Program Files\Arquivos Comuns

O43 - CFD: 25/01/2011 - 12:22:18 - [112177315] ----D- C:\Program Files\Avira

O43 - CFD: 30/01/2011 - 18:15:14 - [34960552] ----D- C:\Program Files\AVS4YOU

O43 - CFD: 27/01/2011 - 16:35:58 - [4771184] ----D- C:\Program Files\BitTorrent

O43 - CFD: 06/03/2011 - 15:08:06 - [617126] ----D- C:\Program Files\Bonjour

O43 - CFD: 25/01/2011 - 15:35:06 - [3514104] ----D- C:\Program Files\CCleaner

O43 - CFD: 05/02/2011 - 23:39:48 - [27588013] ----D- C:\Program Files\Combined Community Codec Pack

O43 - CFD: 22/03/2011 - 13:29:30 - [822966582] ----D- C:\Program Files\Common Files

O43 - CFD: 22/03/2011 - 14:35:06 - [173881723] ----D- C:\Program Files\COMODO

O43 - CFD: 19/03/2011 - 13:04:36 - [3346675] ----D- C:\Program Files\CPUID

O43 - CFD: 01/03/2011 - 22:17:56 - [235088873] ----D- C:\Program Files\CyberLink

O43 - CFD: 01/03/2011 - 22:55:18 - [12970767] ----D- C:\Program Files\Device Doctor

O43 - CFD: 17/03/2011 - 22:41:40 - [31472567] ----D- C:\Program Files\Driver Checker

O43 - CFD: 04/03/2011 - 23:30:52 - [6243935] ----D- C:\Program Files\Driver-Soft

O43 - CFD: 25/01/2011 - 17:08:38 - [5973467] ----D- C:\Program Files\DU Meter

O43 - CFD: 03/03/2011 - 14:12:54 - [945408] ----D- C:\Program Files\DVD Decrypter

O43 - CFD: 05/03/2011 - 12:53:58 - [83303956] ----D- C:\Program Files\DVD Maker

O43 - CFD: 25/01/2011 - 12:56:26 - [36378638] ----D- C:\Program Files\DVDFab 6

O43 - CFD: 15/02/2011 - 21:52:38 - [156277] ----D- C:\Program Files\DVDVideoSoftTB

O43 - CFD: 21/03/2011 - 20:19:24 - [101761041] ----D- C:\Program Files\ESET

O43 - CFD: 06/02/2011 - 12:01:24 - [80] ----D- C:\Program Files\exclusiva

O43 - CFD: 26/01/2011 - 19:54:34 - [142] ----D- C:\Program Files\FlashGet Network

O43 - CFD: 05/02/2011 - 23:08:12 - [3026550] ----D- C:\Program Files\Free 3GP Video Converter

O43 - CFD: 27/02/2011 - 15:53:48 - [12066031] ----D- C:\Program Files\Free FLV Converter

O43 - CFD: 09/03/2011 - 13:13:14 - [118071505] ----D- C:\Program Files\FreeTime

O43 - CFD: 12/03/2011 - 12:40:44 - [20495] ----D- C:\Program Files\

O43 - CFD: 04/02/2011 - 23:41:10 - [90123180] ----D- C:\Program Files\Google

O43 - CFD: 01/03/2011 - 22:17:58 - [26178676] --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 19/02/2011 - 17:04:20 - [95691] ----D- C:\Program Files\Intel

O43 - CFD: 21/03/2011 - 08:55:38 - [5165634] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 22/03/2011 - 11:31:56 - [2776704] ----D- C:\Program Files\Invisible IP Map

O43 - CFD: 03/03/2011 - 15:34:48 - [169894308] ----D- C:\Program Files\Java

O43 - CFD: 30/01/2011 - 13:42:26 - [48881514] ----D- C:\Program Files\K-Lite Codec Pack

O43 - CFD: 03/03/2011 - 20:11:26 - [4940603] ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 01/03/2011 - 17:07:10 - [2948745] ----D- C:\Program Files\Marcos Velasco Security

O43 - CFD: 25/01/2011 - 17:16:46 - [31448855] ----D- C:\Program Files\Messenger Plus! Live

O43 - CFD: 25/01/2011 - 10:28:12 - [226432] ----D- C:\Program Files\Microsoft

O43 - CFD: 14/07/2009 - 05:53:54 - [148361266] ----D- C:\Program Files\Microsoft Games

O43 - CFD: 25/01/2011 - 12:30:22 - [633262658] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 25/01/2011 - 10:28:46 - [1829877] ----D- C:\Program Files\Microsoft SQL Server Compact Edition

O43 - CFD: 25/01/2011 - 12:30:16 - [14904] ----D- C:\Program Files\Microsoft Visual Studio

O43 - CFD: 25/01/2011 - 12:28:32 - [1262854] ----D- C:\Program Files\Microsoft Visual Studio 8

O43 - CFD: 25/01/2011 - 12:30:38 - [3178824] ----D- C:\Program Files\Microsoft Works

O43 - CFD: 25/01/2011 - 12:29:48 - [8152064] ----D- C:\Program Files\Microsoft.NET

O43 - CFD: 19/03/2011 - 18:08:40 - [31588999] ----D- C:\Program Files\Mozilla Firefox 4.0 Beta 12

O43 - CFD: 02/02/2011 - 20:38:48 - [15262444] ----D- C:\Program Files\Mp3 Convert Master

O43 - CFD: 25/01/2011 - 12:30:28 - [26521] ----D- C:\Program Files\MSBuild

O43 - CFD: 22/03/2011 - 11:31:56 - [2825339] ----D- C:\Program Files\MyDefrag v4.3.1

O43 - CFD: 26/01/2011 - 19:53:26 - [1552512] ----D- C:\Program Files\NCH Swift Sound

O43 - CFD: 13/03/2011 - 21:14:38 - [20171126] ----D- C:\Program Files\Need For Speed World

O43 - CFD: 25/01/2011 - 12:47:10 - [391087139] ----D- C:\Program Files\Nero

O43 - CFD: 22/03/2011 - 11:31:56 - [13392004] ----D- C:\Program Files\Orbitdownloader

O43 - CFD: 20/03/2011 - 14:01:20 - [13780569] ----D- C:\Program Files\

O43 - CFD: 25/01/2011 - 20:45:12 - [3216207] ----D- C:\Program Files\Proxy Vampire

O43 - CFD: 17/03/2011 - 23:08:08 - [2043739] ----D- C:\Program Files\RAM Idle LE

O43 - CFD: 08/03/2011 - 17:40:02 - [4576182] ----D- C:\Program Files\RealHideIP

O43 - CFD: 08/03/2011 - 19:28:22 - [53080395] ----D- C:\Program Files\Realtek

O43 - CFD: 14/03/2011 - 12:26:30 - [2017856] ----D- C:\Program Files\Recuva

O43 - CFD: 14/07/2009 - 01:52:32 - [41206529] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 01/03/2011 - 22:17:58 - [8022929] ----D- C:\Program Files\RegSeeker

O43 - CFD: 25/01/2011 - 19:18:20 - [11613719] ----D- C:\Program Files\RocketDock

O43 - CFD: 22/03/2011 - 15:16:08 - [2720909] ----D- C:\Program Files\Security Task Manager

O43 - CFD: 25/01/2011 - 22:01:34 - [28275803] R---D- C:\Program Files\Skype

O43 - CFD: 25/01/2011 - 16:41:50 - [10295267] ----D- C:\Program Files\SRS Labs

O43 - CFD: 13/03/2011 - 02:47:26 - [2976668] ----D- C:\Program Files\STOPzilla!

O43 - CFD: 22/03/2011 - 13:44:16 - [50196888] ----D- C:\Program Files\SUPERAntiSpyware

O43 - CFD: 18/03/2011 - 21:30:36 - [11202544] ----D- C:\Program Files\Total Uninstall 5

O43 - CFD: 03/03/2011 - 14:57:02 - [328411430] ----D- C:\Program Files\Total Video Converter

O43 - CFD: 09/03/2011 - 12:42:16 - [403023] ----D- C:\Program Files\Trend Micro

O43 - CFD: 14/07/2009 - 01:53:24 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 06/02/2011 - 15:05:50 - [216326] ----D- C:\Program Files\Unlocker

O43 - CFD: 06/02/2011 - 11:13:40 - [830976] ----D- C:\Program Files\VideoConverter

O43 - CFD: 02/03/2011 - 15:34:28 - [16767718] ----D- C:\Program Files\VirtualDJ

O43 - CFD: 07/02/2011 - 20:52:14 - [6770777] ----D- C:\Program Files\VS Revo Group

O43 - CFD: 05/03/2011 - 12:53:56 - [3147264] ----D- C:\Program Files\Windows Defender

O43 - CFD: 05/03/2011 - 12:53:58 - [7127672] ----D- C:\Program Files\Windows Journal

O43 - CFD: 25/01/2011 - 19:50:16 - [111661258] ----D- C:\Program Files\Windows Live

O43 - CFD: 25/01/2011 - 10:27:56 - [245112] ----D- C:\Program Files\Windows Live SkyDrive

O43 - CFD: 05/03/2011 - 12:53:58 - [6723584] ----D- C:\Program Files\Windows Mail

O43 - CFD: 05/03/2011 - 12:53:58 - [6740738] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 25/01/2011 - 09:28:26 - [12379828] ----D- C:\Program Files\Windows NT

O43 - CFD: 05/03/2011 - 12:53:58 - [4476680] ----D- C:\Program Files\Windows Photo Viewer

O43 - CFD: 01/03/2011 - 22:20:46 - [189952] ----D- C:\Program Files\Windows Portable Devices

O43 - CFD: 05/03/2011 - 12:53:58 - [7639331] ----D- C:\Program Files\Windows Sidebar

O43 - CFD: 12/02/2011 - 10:47:26 - [5235071] ----D- C:\Program Files\WinRAR

O43 - CFD: 22/03/2011 - 20:44:24 - [5466727] ----D- C:\Program Files\ZHPDiag

O43 - CFD: 25/01/2011 - 13:00:00 - [6257094] ----D- C:\Program Files\Common Files\Adobe

O43 - CFD: 25/01/2011 - 12:47:40 - [106173515] ----D- C:\Program Files\Common Files\Ahead

O43 - CFD: 30/01/2011 - 18:15:00 - [41540712] ----D- C:\Program Files\Common Files\AVSMedia

O43 - CFD: 25/01/2011 - 13:04:42 - [120104] ----D- C:\Program Files\Common Files\CyberLink

O43 - CFD: 25/01/2011 - 12:30:16 - [92976] ----D- C:\Program Files\Common Files\DESIGNER

O43 - CFD: 28/01/2011 - 21:08:10 - [1417637] ----D- C:\Program Files\Common Files\DFX

O43 - CFD: 25/01/2011 - 16:01:06 - [2037602] ----D- C:\Program Files\Common Files\InstallShield

O43 - CFD: 03/03/2011 - 15:35:22 - [36387680] ----D- C:\Program Files\Common Files\Java

O43 - CFD: 25/01/2011 - 12:33:58 - [211649852] ----D- C:\Program Files\Common Files\microsoft shared

O43 - CFD: 01/03/2011 - 22:19:16 - [2702] ----D- C:\Program Files\Common Files\Services

O43 - CFD: 25/01/2011 - 09:28:26 - [0] -SH-D- C:\Program Files\Common Files\Sistema

O43 - CFD: 25/01/2011 - 21:59:06 - [2164104] ----D- C:\Program Files\Common Files\Skype

O43 - CFD: 13/07/2009 - 23:37:06 - [41103783] ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 25/01/2011 - 16:42:22 - [72704] ----D- C:\Program Files\Common Files\SRS Labs Shared

O43 - CFD: 05/03/2011 - 12:53:58 - [44512725] ----D- C:\Program Files\Common Files\System

O43 - CFD: 25/01/2011 - 10:25:14 - [325141296] ----D- C:\Program Files\Common Files\Windows Live

O43 - CFD: 20/03/2011 - 12:30:52 - [4292096] ----D- C:\Program Files\Common Files\Wise Installation Wizard

O43 - CFD: 17/03/2011 - 21:39:14 - [13212327] ----D- C:\ProgramData\Adobe

O43 - CFD: 06/03/2011 - 15:07:30 - [4863488] ----D- C:\ProgramData\Apple

O43 - CFD: 06/03/2011 - 15:08:46 - [0] ----D- C:\ProgramData\Apple Computer

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Application Data

O43 - CFD: 25/01/2011 - 12:22:18 - [65311601] ----D- C:\ProgramData\Avira

O43 - CFD: 30/01/2011 - 18:39:50 - [0] ----D- C:\ProgramData\AVS4YOU

O43 - CFD: 01/03/2011 - 17:20:24 - [308700] ----D- C:\ProgramData\Comodo

O43 - CFD: 15/02/2011 - 20:59:46 - [7711952] ----D- C:\ProgramData\Comodo Downloader

O43 - CFD: 29/01/2011 - 14:58:12 - [21022] ----D- C:\ProgramData\CyberLink

O43 - CFD: 25/01/2011 - 09:28:26 - [0] -SH-D- C:\ProgramData\Dados de aplicativos

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Desktop

O43 - CFD: 28/01/2011 - 21:08:14 - [59] ----D- C:\ProgramData\DFX

O43 - CFD: 25/01/2011 - 09:28:26 - [0] -SH-D- C:\ProgramData\Documentos

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Documents

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Favorites

O43 - CFD: 25/01/2011 - 09:28:26 - [0] -SH-D- C:\ProgramData\Favoritos

O43 - CFD: 25/01/2011 - 17:08:40 - [0] ----D- C:\ProgramData\Hagel Technologies

O43 - CFD: 27/01/2011 - 16:18:20 - [46578] ----D- C:\ProgramData\Hewlett-Packard

O43 - CFD: 25/01/2011 - 20:40:56 - [17197498] ----D- C:\ProgramData\Malwarebytes

O43 - CFD: 18/03/2011 - 21:30:36 - [436197093] ----D- C:\ProgramData\Martau

O43 - CFD: 25/01/2011 - 09:28:26 - [0] -SH-D- C:\ProgramData\Menu Iniciar

O43 - CFD: 27/01/2011 - 20:05:36 - [243611] ----D- C:\ProgramData\Messenger Plus!

O43 - CFD: 30/01/2011 - 19:05:06 - [251056414] -S--D- C:\ProgramData\Microsoft

O43 - CFD: 12/02/2011 - 10:04:22 - [66062] ----D- C:\ProgramData\Microsoft Help

O43 - CFD: 25/01/2011 - 09:28:26 - [0] -SH-D- C:\ProgramData\Modelos

O43 - CFD: 26/01/2011 - 19:55:08 - [0] ----D- C:\ProgramData\NCH Swift Sound

O43 - CFD: 13/03/2011 - 21:17:00 - [2475912124] ----D- C:\ProgramData\Need For Speed World

O43 - CFD: 25/01/2011 - 12:47:10 - [2839479] ----D- C:\ProgramData\Nero

O43 - CFD: 08/03/2011 - 17:40:12 - [18400] ----D- C:\ProgramData\RealHideIP

O43 - CFD: 22/03/2011 - 15:20:58 - [2311154] ----D- C:\ProgramData\SecTaskMan

O43 - CFD: 25/01/2011 - 21:59:02 - [21719886] ----D- C:\ProgramData\Skype

O43 - CFD: 02/02/2011 - 20:44:26 - [6011] ----D- C:\ProgramData\SRS Labs

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Start Menu

O43 - CFD: 06/02/2011 - 12:29:18 - [0] ----D- C:\ProgramData\Start Orb Manager

O43 - CFD: 03/03/2011 - 15:35:22 - [119] ----D- C:\ProgramData\Sun

O43 - CFD: 25/01/2011 - 20:35:32 - [0] ----D- C:\ProgramData\

O43 - CFD: 01/03/2011 - 22:17:58 - [106638] ---AD- C:\ProgramData\Temp

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Templates

O43 - CFD: 07/03/2011 - 12:19:14 - [0] ----D- C:\ProgramData\UAB

O43 - CFD: 05/03/2011 - 12:09:42 - [0] ----D- C:\ProgramData\Uniblue

O43 - CFD: 25/01/2011 - 15:41:48 - [781785] ----D- C:\Users\Usuario\AppData\Roaming\Adobe

O43 - CFD: 04/03/2011 - 21:19:28 - [105368] ----D- C:\Users\Usuario\AppData\Roaming\Ahead

O43 - CFD: 05/02/2011 - 23:25:40 - [9834] ----D- C:\Users\Usuario\AppData\Roaming\AnvSoft

O43 - CFD: 06/03/2011 - 15:23:24 - [1808546] ----D- C:\Users\Usuario\AppData\Roaming\Apple Computer

O43 - CFD: 25/01/2011 - 16:25:50 - [0] ----D- C:\Users\Usuario\AppData\Roaming\Avira

O43 - CFD: 30/01/2011 - 18:39:50 - [81] ----D- C:\Users\Usuario\AppData\Roaming\AVS4YOU

O43 - CFD: 26/01/2011 - 20:03:30 - [4795] ----D- C:\Users\Usuario\AppData\Roaming\BITS

O43 - CFD: 30/01/2011 - 14:16:06 - [12397] ----D- C:\Users\Usuario\AppData\Roaming\BitTorrent

O43 - CFD: 29/01/2011 - 14:58:12 - [2418] ----D- C:\Users\Usuario\AppData\Roaming\CyberLink

O43 - CFD: 01/03/2011 - 22:55:18 - [7216688] ----D- C:\Users\Usuario\AppData\Roaming\DeviceDoctorSoftware

O43 - CFD: 07/03/2011 - 12:19:12 - [575] ----D- C:\Users\Usuario\AppData\Roaming\Drivers For Free

O43 - CFD: 03/03/2011 - 14:04:22 - [0] ----D- C:\Users\Usuario\AppData\Roaming\DVD2AVI Ripper

O43 - CFD: 05/02/2011 - 23:07:26 - [2031582] ----D- C:\Users\Usuario\AppData\Roaming\DVDVideoSoft

O43 - CFD: 19/02/2011 - 16:35:28 - [12656889] ----D- C:\Users\Usuario\AppData\Roaming\Easeware

O43 - CFD: 26/02/2011 - 22:35:10 - [0] ----D- C:\Users\Usuario\AppData\Roaming\Eltima Software

O43 - CFD: 26/01/2011 - 19:54:44 - [9950] ----D- C:\Users\Usuario\AppData\Roaming\FlashGet

O43 - CFD: 26/01/2011 - 19:54:38 - [564857] ----D- C:\Users\Usuario\AppData\Roaming\FlashGetBHO

O43 - CFD: 27/02/2011 - 15:54:26 - [52776] ----D- C:\Users\Usuario\AppData\Roaming\FreeFLVConverter

O43 - CFD: 30/01/2011 - 13:21:18 - [0] ----D- C:\Users\Usuario\AppData\Roaming\GetRightToGo

O43 - CFD: 30/01/2011 - 14:35:50 - [0] ----D- C:\Users\Usuario\AppData\Roaming\GrabPro

O43 - CFD: 25/01/2011 - 09:28:50 - [0] ----D- C:\Users\Usuario\AppData\Roaming\Identities

O43 - CFD: 25/01/2011 - 15:41:48 - [2120] ----D- C:\Users\Usuario\AppData\Roaming\Macromedia

O43 - CFD: 25/01/2011 - 20:41:36 - [8083] ----D- C:\Users\Usuario\AppData\Roaming\Malwarebytes

O43 - CFD: 14/07/2009 - 05:52:56 - [0] ----D- C:\Users\Usuario\AppData\Roaming\Media Center Programs

O43 - CFD: 21/03/2011 - 19:21:30 - [0] ----D- C:\Users\Usuario\AppData\Roaming\Media Player Classic

O43 - CFD: 17/03/2011 - 21:39:18 - [1903012] -S--D- C:\Users\Usuario\AppData\Roaming\Microsoft

O43 - CFD: 25/01/2011 - 15:38:50 - [17635349] ----D- C:\Users\Usuario\AppData\Roaming\Mozilla

O43 - CFD: 26/01/2011 - 19:53:26 - [0] ----D- C:\Users\Usuario\AppData\Roaming\NCH Swift Sound

O43 - CFD: 13/03/2011 - 15:21:26 - [52598] ----D- C:\Users\Usuario\AppData\Roaming\Need for Speed World

O43 - CFD: 22/03/2011 - 11:31:34 - [5271597] ----D- C:\Users\Usuario\AppData\Roaming\Orbit

O43 - CFD: 20/03/2011 - 12:32:28 - [52875274] ----D- C:\Users\Usuario\AppData\Roaming\

O43 - CFD: 30/01/2011 - 14:35:40 - [441] ----D- C:\Users\Usuario\AppData\Roaming\ProgSense

O43 - CFD: 08/03/2011 - 17:40:12 - [22] ----D- C:\Users\Usuario\AppData\Roaming\RealHideIP

O43 - CFD: 17/03/2011 - 22:48:28 - [111852] ----D- C:\Users\Usuario\AppData\Roaming\Skype

O43 - CFD: 15/02/2011 - 20:19:16 - [0] ----D- C:\Users\Usuario\AppData\Roaming\skypePM

O43 - CFD: 07/03/2011 - 12:04:14 - [6360717] ----D- C:\Users\Usuario\AppData\Roaming\Software Informer

O43 - CFD: 07/03/2011 - 13:42:20 - [4840] ----D- C:\Users\Usuario\AppData\Roaming\STOPzilla!

O43 - CFD: 08/02/2011 - 21:41:48 - [0] ----D- C:\Users\Usuario\AppData\Roaming\

O43 - CFD: 25/01/2011 - 20:35:32 - [79937995] ----D- C:\Users\Usuario\AppData\Roaming\

O43 - CFD: 05/03/2011 - 12:09:28 - [0] ----D- C:\Users\Usuario\AppData\Roaming\Uniblue

O43 - CFD: 17/03/2011 - 21:01:44 - [38] ----D- C:\Users\Usuario\AppData\Roaming\ViGlance

O43 - CFD: 25/01/2011 - 12:57:14 - [0] ----D- C:\Users\Usuario\AppData\Roaming\Vso

O43 - CFD: 12/02/2011 - 15:27:52 - [12] ----D- C:\Users\Usuario\AppData\Roaming\WinRAR




---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.4F0000000000000000000000F0EF1200] - 22/03/2011 - 20:44:38 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1905935]

O44 - LFC:[MD5.9982DE5B241F4776F71698EB4D4FC7E9] - 22/03/2011 - 19:48:24 ---A- . (...) -- C:\Windows\setupact.log [168]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/03/2011 - 15:23:42 ---A- . (...) -- C:\Windows\setuperr.log [0]

O44 - LFC:[MD5.27698CCAAC5AF372C2460E42773B9EA0] - 22/03/2011 - 15:23:41 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.3944BEF28522BDA7AB0C13A8340501ED] - 22/03/2011 - 15:16:11 ---A- . (...) -- C:\Windows\win.ini [497]

O44 - LFC:[MD5.AED5EB76359B1A7589CFE2130CB69D5E] - 22/03/2011 - 14:17:36 ---A- . (...) -- C:\backupshell.reg [13642]

O44 - LFC:[MD5.065A2D5D90AF5C67B1E9D079579FD439] - 22/03/2011 - 13:40:57 ---A- . (...) -- C:\ComboFix.txt [64343]

O44 - LFC:[MD5.59566D76E88B62E39686202933A27ABB] - 22/03/2011 - 13:34:01 ---A- . (...) -- C:\Windows\system.ini [330]

O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 22/03/2011 - 13:22:40 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\Windows\SWXCACLS.exe [212480]

O44 - LFC:[MD5.BD996A6E51F79564A3362CD3C879B17D] - 21/03/2011 - 09:03:10 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [2302906]

O44 - LFC:[MD5.3590E36C045B0172A691C305F2328A4F] - 21/03/2011 - 09:03:10 ---A- . (...) -- C:\Windows\System32\perfc009.dat [104214]

O44 - LFC:[MD5.90C2227DB2C6FC00C865DA751F434F50] - 21/03/2011 - 09:03:10 ---A- . (...) -- C:\Windows\System32\perfh009.dat [609896]

O44 - LFC:[MD5.A1BD3E7026F780324164C9F4B6B00E95] - 21/03/2011 - 09:03:10 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [125568]

O44 - LFC:[MD5.993EBDA56EB6F5CAE937363B11EA1CFA] - 21/03/2011 - 09:03:10 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [131232]

O44 - LFC:[MD5.31605BDCF913656AC6E06729BB8E5E49] - 21/03/2011 - 09:03:10 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [657176]

O44 - LFC:[MD5.FC5205A4DCFB3616D0353A9FB7B36E44] - 21/03/2011 - 09:03:10 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [672790]

O44 - LFC:[MD5.7206BF9E9B14A8D000FEEB94A2186DF9] - 19/03/2011 - 22:00:12 ---A- . (...) -- C:\Windows\System32\defltbase.sdb [1056768]

O44 - LFC:[MD5.6BADA94085B6709694F8327C211D12E1] - 19/03/2011 - 13:04:36 ---A- . (.CPUID - CPUID Driver.) -- C:\Windows\System32\drivers\cpuz135_x32.sys [22504]

O44 - LFC:[MD5.EC5432A03C1FB9F4755BBE2C31B41FB8] - 18/03/2011 - 21:27:19 ---A- . (.e-Softer Desenvolvimentos - Customizable Menu Control.) -- C:\Windows\System32\XPMenu.ocx [90112]

O44 - LFC:[MD5.7D0940B7034BC0CB65F61262E7E059D1] - 18/03/2011 - 21:08:24 ---A- . (...) -- C:\Windows\System32\CPDRI.DAT [18]

O44 - LFC:[MD5.1F48D656C5E4AC0417B13BC35850E623] - 18/03/2011 - 21:07:04 ---A- . (.Leithauser Research - No comment.) -- C:\Windows\Delete Complete Program Deleter.Exe [15872]

O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 18/03/2011 - 15:50:41 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]

O44 - LFC:[MD5.A964E72690F342A877D3208EB25A94B2] - 17/03/2011 - 22:39:26 ---A- . (.Windows ® Codename Longhorn DDK provider - Windows Setup API.) -- C:\Windows\System32\devcon_x64.exe [81408]

O44 - LFC:[MD5.09E20C70FD5C56210BB7C308ED10E021] - 10/03/2011 - 13:47:31 ---A- . (...) -- C:\Windows\w7dsd.reg [8107]

O44 - LFC:[MD5.59A56044F9E68FCD8056FAAAEAAAA615] - 10/03/2011 - 13:47:31 ---A- . (...) -- C:\Windows\w7dse.reg [8089]

O44 - LFC:[MD5.D206BDE03BEB6D8F140E397A56C0BA83] - 09/03/2011 - 15:43:15 ---A- . (.J.C. Kessels - MyDefrag Script Interpreter.) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.exe [1061888]

O44 - LFC:[MD5.986EA740F39697DA8B985E9E15F1B732] - 09/03/2011 - 15:43:15 ---A- . (.J.C. Kessels - MyDefrag Script Interpreter.) -- C:\Windows\System32\MyDefragScreenSaver_v4.3.1.scr [475648]

O44 - LFC:[MD5.78A2145443852E9297D38D70C88AEC06] - 09/03/2011 - 13:13:58 ---A- . (.Progressive Networks - No comment.) -- C:\Windows\System32\pncrt.dll [272896]

O44 - LFC:[MD5.7FD1956E221C3750E0532A48E8EDD305] - 08/03/2011 - 19:28:22 ---A- . (.Unknown owner - About Page.) -- C:\Windows\System32\RtNicProp32.dll [80416]

O44 - LFC:[MD5.287989F4561D817BA7349BAFF5476E9F] - 07/03/2011 - 14:19:53 ---A- . (...) -- C:\Windows\System32\results.xml [14744]

O44 - LFC:[MD5.D5EDE44CA85899E0478208C8413C1C31] - 07/03/2011 - 13:00:36 ---A- . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Dr.) -- C:\Windows\System32\drivers\Rt86win7.sys [275048]

O44 - LFC:[MD5.31E5D5538847764F5F69542FA5BB437E] - 07/03/2011 - 12:30:54 ---A- . (...) -- C:\Windows\Model.txt [21]

O44 - LFC:[MD5.D19C0F80FC322C19300885A8C1267543] - 06/03/2011 - 15:22:39 --HA- . (...) -- C:\Windows\System32\mlfcache.dat [140584]

O44 - LFC:[MD5.E3CA25699D5FA7D4679C2ADBF54966F6] - 05/03/2011 - 10:53:54 ---A- . (...) -- C:\Windows\System32\prfd0816.dat [40548]

O44 - LFC:[MD5.8776482629FF81F2FDB6610A66C97EE4] - 05/03/2011 - 10:53:54 ---A- . (...) -- C:\Windows\System32\prfi0816.dat [336656]

O44 - LFC:[MD5.7BF3AF3F9FA520D7BDE37F6900E676BB] - 04/03/2011 - 23:17:43 ---A- . (.Xceed Software Inc (450) 442-2626 - Xceed Zip Compression Library.) -- C:\Windows\System32\XceedZip.dll [427864]

O44 - LFC:[MD5.B7F04974D71CE86FC21FFC7FB192B202] - 03/03/2011 - 15:50:47 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [412744]

O44 - LFC:[MD5.5BF8BA1B854D7DFCE1F47E58852B3D8F] - 03/03/2011 - 15:34:51 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Windows\System32\javaw.exe [145184]

O44 - LFC:[MD5.58DC5CBDC930AF070B177843810F2C85] - 03/03/2011 - 15:34:51 ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\Windows\System32\javaws.exe [157472]

O44 - LFC:[MD5.68288DA42BC798992A42CD59061B199D] - 03/03/2011 - 15:34:50 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Windows\System32\java.exe [145184]

O44 - LFC:[MD5.F87BA06FE22C81CDE563761DDFBAB267] - 03/03/2011 - 15:34:49 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Windows\System32\deployJava1.dll [472808]

O44 - LFC:[MD5.BFFDB363485501A38F0BCA83AEC810DB] - 02/03/2011 - 11:47:53 ---A- . (.Hewlett-Packard Company - PS2 SYS.) -- C:\Windows\System32\drivers\PS2.sys [14112]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/03/2011 - 11:47:39 RSHA- . (...) -- C:\IO.SYS [0]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/03/2011 - 11:47:39 RSHA- . (...) -- C:\MSDOS.SYS [0]

O44 - LFC:[MD5.737AFC772243C75E6AD17A7A8E8E23F9] - 01/03/2011 - 13:05:24 ---A- . (.Windows ® Codename Longhorn DDK provider - Serviços de Gerenciamento de Fontes.) -- C:\Windows\System32\fms.dll [93696]

O44 - LFC:[MD5.163A95975E1D8819E653AA3E961371CA] - 01/03/2011 - 13:05:23 ---A- . (.Twain Working Group - Gerenciador de origens Twain_32 (interface.) -- C:\Windows\twain_32.dll [51200]

O44 - LFC:[MD5.39B9273CA01364E115B464416CFB729B] - 01/03/2011 - 13:05:19 ---A- . (.Microsoft - robocopy.) -- C:\Windows\System32\Robocopy.exe [98816]

O44 - LFC:[MD5.EB6C16CE0163AD282E95FCE5EE9BA518] - 01/03/2011 - 13:05:19 ---A- . (.Unknown owner - Aplicativo PrintBrm.) -- C:\Windows\System32\PrintBrmUi.exe [66048]

O44 - LFC:[MD5.AF2EEC9580C1D32FB7EAF105D9784061] - 01/03/2011 - 13:05:16 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [117120]

O44 - LFC:[MD5.9283C58EBAA2618F93482EB5DABCEC82] - 01/03/2011 - 13:05:16 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [143744]

O44 - LFC:[MD5.C9FB8C3D650EF8BD76865EC20A19A5BC] - 01/03/2011 - 13:05:09 ---A- . (.Microsoft - Filtro Processador RDP (redirecionador).) -- C:\Windows\System32\DShowRdpFilter.dll [252928]

O44 - LFC:[MD5.A04C06A2142226D79DDA75920A496243] - 01/03/2011 - 13:05:02 ---A- . (.Unknown owner - RemoteFX Helper.) -- C:\Windows\System32\RDVGHelper.exe [80896]

O44 - LFC:[MD5.1DE21EC4A2232FF4F5298ADCAE7B3690] - 01/03/2011 - 13:04:53 ---A- . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll [82944]

O44 - LFC:[MD5.A3CAE5D281DB4CFF7CFF8233507EE5AD] - 01/03/2011 - 13:04:16 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [332160]

O44 - LFC:[MD5.E7F4D42D8076EC60E21715CD11743A0D] - 01/03/2011 - 13:04:12 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [80256]

O44 - LFC:[MD5.146459D2B08BFDCBFA856D9947043C81] - 01/03/2011 - 13:04:12 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [22400]

O44 - LFC:[MD5.8700783B8B9B5CDB49DBF9A6721165C0] - 01/03/2011 - 11:51:48 ---A- . (...) -- C:\Windows\cscmondump.bin [28611]

O44 - LFC:[MD5.9E200C05E1B38212F8A57134EA64134C] - 01/03/2011 - 11:51:45 ---A- . (...) -- C:\Windows\System32\drivers\sfi.dat [1474832]

O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 01/03/2011 - 11:38:11 ---A- . (.NirSoft - NirCmd.) -- C:\Windows\NIRCMD.exe [31232]

O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 01/03/2011 - 11:38:11 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\Windows\SWREG.exe [161792]

O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 01/03/2011 - 11:38:11 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\Windows\SWSC.exe [136704]

O44 - LFC:[MD5.DA39805E2BAD99D37FCE9477DD94E7F2] - 25/02/2011 - 17:02:21 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\System32\drivers\avipbb.sys [135096]

O44 - LFC:[MD5.1F97F32A20DD796B9888EE805FE91FBE] - 23/02/2011 - 16:14:52 ---A- . ( - Free FLV Converter - Tube Finder.) -- C:\Windows\System32\TubeFinder.exe [307200]

O44 - LFC:[MD5.03783D0840B2C54D7665248425C74417] - 19/11/2010 - 21:23:56 ---A- . (...) -- C:\Windows\System32\dosx.exe [53600]

O44 - LFC:[MD5.C5DEA5B95AF9AA981C88CAB94A58213E] - 19/11/2010 - 19:52:34 ---A- . (...) -- C:\Windows\System32\locale.nls [419880]

O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 09/11/2010 - 17:45:50 ---A- . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429]

O44 - LFC:[MD5.9DAA7218961710008D7385B01BD3F386] - 08/11/2010 - 01:20:24 ---A- . (...) -- C:\Windows\MBR.exe [89088]

O44 - LFC:[MD5.B8CBB46B42570D373C9933FBDF25EBCE] - 04/11/2010 - 18:20:54 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [146852]

O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 04/11/2010 - 18:20:46 ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559]

O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 26/04/2010 - 15:58:12 ---A- . (...) -- C:\Windows\PEV.exe [256512]

O44 - LFC:[MD5.E4F856D2E8DE64B5B099E1A59AAD25A1] - 19/06/2009 - 18:51:40 ---A- . (...) -- C:\Windows\System32\ControlSubX.ocx [24576]

O44 - LFC:[MD5.944418C4D8FE165A45FFDEF408B3EDF1] - 19/06/2009 - 18:51:40 ---A- . (...) -- C:\Windows\System32\PropertyGrid.ocx [364544]

O44 - LFC:[MD5.54993305992877F9515D01CDC6BEE4C9] - 19/06/2009 - 18:51:40 ---A- . (...) -- C:\Windows\System32\ReyXpBasics.tlb [208500]

O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 31/08/2000 - 08:00:00 ---A- . (...) -- C:\Windows\grep.exe [80412]

O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 31/08/2000 - 08:00:00 ---A- . (...) -- C:\Windows\sed.exe [98816]

O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 31/08/2000 - 08:00:00 ---A- . (...) -- C:\Windows\zip.exe [68096]

O44 - LFC:[MD5.1B6DC8F28DDC91FE7C8142E24527555B] - 08/04/2001 - 13:59:12 ---A- . (...) -- C:\Complete Program Deleter.lnk [280]

O44 - LFC:[MD5.CEAF29A7C3E55BB8701CD6F076298539] - 22/09/2002 - 12:42:56 ---A- . (...) -- C:\Windows\Shortcut.exe [17408]




---\\ Operations and functions at Windows Explorer startup (O46)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll




---\\ Export authorized application key (O47)

O47 - AAKE:Key Export SP - "C:\Program Files\Orbitdownloader\orbitdm.exe" [Enabled] .( - Orbit Downloader.) -- C:\Program Files\Orbitdownloader\orbitdm.exe

O47 - AAKE:Key Export SP - "C:\Program Files\Orbitdownloader\orbitnet.exe" [Enabled] .( - P2P service of Orbit Downloader.) -- C:\Program Files\Orbitdownloader\orbitnet.exe




---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \Drivers32\"msacm.l3fhg"="mp3fhg.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\mp3fhg.acm

O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Unknown owner - No comment.) -- C:\Windows\System32\xvidvfw.dll

O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . ( - Helix YV12 YUV Codec.) -- C:\Windows\System32\yv12vfw.dll

O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm

O52 - TDSD: \Drivers32\"VIDC.FFDS"="C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll" . (.Unknown owner - No comment.) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"mp3fhg.acm"="Fraunhofer IIS MPEG Layer-3 Codec (Professional) v3.3.2" . (.Unknown owner - No comment.) -- (.not file.)

O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec 1.3.0" . (.Unknown owner - No comment.) -- (.not file.)

O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm

O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Unknown owner - No comment.) -- C:\Windows\System32\ff_vfw.dll

O52 - TDSD: \drivers.desc\"C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll"="FFDShow Video Encoder" . (.Unknown owner - No comment.) -- (.not file.)




---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\InvisibleIPMap [Key] . (.Unknown owner - No comment.) -- C:\Program Files\Invisible IP Map\InvisibleIP.exe

O53 - SMSR:HKLM\...\startupreg\KBD [Key] . (.Hewlett-Packard Company - KBD EXE.) -- C:\HP\KBD\KBD.exe

O53 - SMSR:HKLM\...\startupreg\MCM [Key] . (.Power Convert Mp3 Solution Ltd - Mp3 Convert Master.) -- C:\Program Files\Mp3 Convert Master\Mp3ConvertMaster.exe

O53 - SMSR:HKLM\...\startupreg\PopUpSentry [Key] . ( - Pop-Up Sentry! Anti-Spyware.) -- C:\Program Files\\Pop-Up Sentry!\PSENTRY.exe




---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll




---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0




---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0




---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]

O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]

O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]

O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]

O58 - SDL:[MD5.E7F4D42D8076EC60E21715CD11743A0D] - 20/11/2010 - 04:29:14 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [80256]

O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]

O58 - SDL:[MD5.146459D2B08BFDCBFA856D9947043C81] - 20/11/2010 - 04:29:16 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [22400]

O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]

O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]

O58 - SDL:[MD5.47B879406246FFDCED59E18D331A0E7D] - 30/01/2011 - 15:39:18 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [61960]

O58 - SDL:[MD5.DA39805E2BAD99D37FCE9477DD94E7F2] - 25/02/2011 - 17:02:21 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [135096]

O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]

O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]

O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]

O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]

O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]

O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]

O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]

O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]

O58 - SDL:[MD5.DEE2298F837BD809E0323A6D442AFDFE] - 29/01/2011 - 20:08:32 ---A- . (.COMODO - COMODO Internet Security Eradication Driver.) -- C:\Windows\system32\drivers\cmderd.sys [17256]

O58 - SDL:[MD5.25257833BFE9751C54751477123F174E] - 29/01/2011 - 20:08:30 ---A- . (.COMODO - COMODO Internet Security Sandbox Driver.) -- C:\Windows\system32\drivers\cmdGuard.sys [236600]

O58 - SDL:[MD5.85B5D9FFA0B0D20A5137A356918E2E38] - 29/01/2011 - 20:08:37 ---A- . (.COMODO - COMODO Internet Security Helper Driver.) -- C:\Windows\system32\drivers\cmdhlp.sys [35768]

O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]

O58 - SDL:[MD5.6BADA94085B6709694F8327C211D12E1] - 19/01/2011 - 17:47:12 ---A- . (.CPUID - CPUID Driver.) -- C:\Windows\system32\drivers\cpuz135_x32.sys [22504]

O58 - SDL:[MD5.EB32219D346B25B4830B4B955C87C555] - 09/10/2006 - 09:18:10 ---A- . (.Unknown owner - SRS Labs CSII Decoder Kernel DLL.) -- C:\Windows\system32\drivers\csiidecoder_kern_i386.sys [36992]

O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]

O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]

O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]

O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]

O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]

O58 - SDL:[MD5.A3CAE5D281DB4CFF7CFF8233507EE5AD] - 20/11/2010 - 04:29:56 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332160]

O58 - SDL:[MD5.9467514EA189475A6E7FDC5D7BDE9D3F] - 23/09/2009 - 18:18:14 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd32.sys [4808192]

O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]

O58 - SDL:[MD5.3FD25C91BC2BE3465559E64801C10E33] - 29/01/2011 - 20:08:39 ---A- . (.COMODO - COMODO Internet Security Firewall Driver.) -- C:\Windows\system32\drivers\inspect.sys [80064]

O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]

O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]

O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]

O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]

O58 - SDL:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 20/12/2010 - 18:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20952]

O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 18:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [38224]

O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]

O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]

O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]

O58 - SDL:[MD5.AF2EEC9580C1D32FB7EAF105D9784061] - 20/11/2010 - 04:30:08 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117120]

O58 - SDL:[MD5.9283C58EBAA2618F93482EB5DABCEC82] - 20/11/2010 - 04:30:08 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [143744]

O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 25/01/2011 - 12:56:28 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Windows\system32\drivers\pcouffin.sys [47360]

O58 - SDL:[MD5.BFFDB363485501A38F0BCA83AEC810DB] - 04/06/2001 - 06:00:00 ---A- . (.Hewlett-Packard Company - PS2 SYS.) -- C:\Windows\system32\drivers\PS2.sys [14112]

O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]

O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064]

O58 - SDL:[MD5.D5EDE44CA85899E0478208C8413C1C31] - 23/06/2010 - 17:10:54 ---A- . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\Windows\system32\drivers\Rt86win7.sys [275048]

O58 - SDL:[MD5.6708CFA52D71374371F61435845F3C9B] - 11/03/2008 - 17:54:14 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RtkHDAud.sys [4687872]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016]

O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888]

O58 - SDL:[MD5.A864D48CC592985DF965DF0180B7BF26] - 09/10/2006 - 09:18:10 ---A- . (.Unknown owner - SRS WOW HD, TSXT, CSII, Mobile HD Standalone driver.) -- C:\Windows\system32\drivers\SRS_SSCFilter.sys [34048]

O58 - SDL:[MD5.25ECEA986742275ECB23A1CB6BC87A61] - 15/12/2009 - 13:41:30 ---A- . (.Unknown owner - SRS WOW HD, TSXT, CSII, Mobile HD Standalone driver.) -- C:\Windows\system32\drivers\SRS_SSCFilter_i386.sys [268912]

O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/06/2010 - 14:29:17 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\system32\drivers\ssmdrv.sys [28520]

O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072]

O58 - SDL:[MD5.5A2BCD979FD17EA8E08AA28846B3ED3A] - 09/10/2006 - 09:18:08 ---A- . (.Unknown owner - SRS Labs Surround HD kernel DLL.) -- C:\Windows\system32\drivers\Surroundhp_kern_i386.sys [42240]

O58 - SDL:[MD5.695A64DF7692FEE96EDC97CB01F09142] - 09/10/2006 - 09:18:08 ---A- . (.Unknown owner - SRS Labs TruSurround HD 4 kernel DLL.) -- C:\Windows\system32\drivers\tshd4_kern_i386.sys [44160]

O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976]

O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904]

O58 - SDL:[MD5.0664A76D4CBC1B5D6584AC446EF93DCC] - 09/10/2006 - 09:18:08 ---A- . (.SRS Labs, Inc. - WOW HD kernel mode DLL for Windows.) -- C:\Windows\system32\drivers\wowhd_kern_i386.sys [30976]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\system32\country.sys [27097]

O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]

O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]

O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]

O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]

O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]

O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]

O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]

O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]




---\\ List all tools cleaner (LATC) (O63)

O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis

O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1




---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe




---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe




---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -

O69 - SBI: SearchScopes [HKCU] {BD71E5D9-BD44-40DF-A220-1B63AED83876} [DefaultScope] - (Google) -




---\\ Search Particular Root Folder (SPRF) (O84)

[MD5.5923BA07BC3FA1301B971C0541E87350] [sPRF] ( - SUPERAntiSpyware Update Application.) -- C:\Users\Usuario\AppData\Local\Temp\SSUPDATE.EXE [355056]

[MD5.5B6C11DE7E839C05248CED8825470FEF] [sPRF] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\Usuario\AppData\Roaming\pcouffin.sys [47360]




---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Aplicativo de subsistema de spooler.) -- C:\Windows\system32\spoolsv.exe

O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Aplicativo de subsistema de spooler.) -- C:\Windows\system32\spoolsv.exe

O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Local Security Authority Process.) -- C:\Windows\system32\lsass.exe

O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Aplicativo de serviços e controle.) -- C:\Windows\system32\services.exe

O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Aplicativo de serviços e controle.) -- C:\Windows\system32\services.exe

O87 - FAEL: "NetPres-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "NetPres-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "NetPres-WSD-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "NetPres-WSD-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "NetPres-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "NetPres-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe

O87 - FAEL: "{A68BDF90-DACE-4F14-8BDB-77E59F3F57AF}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Aplicativo de subsistema de spooler.) -- C:\Windows\system32\spoolsv.exe

O87 - FAEL: "{614D9D91-882A-455C-925A-98BA71BCE419}" | In - None - P17 - TRUE | .(.CyberLink Corp. - CyberLink PowerDVD Cinema Main Program.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe

O87 - FAEL: "{0BFC0987-93CE-43AF-B601-C4A5BB08281A}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD 9.0.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe

O87 - FAEL: "{F7E3F937-8E18-4E17-AC15-CF5E2B7E46C9}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O87 - FAEL: "{5A4A9EF7-B801-47BC-A6D9-F91FBB7B4E81}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe

O87 - FAEL: "{B69587B1-F710-4C09-B2EC-5A31F0D080B4}" | In - Domain - P17 - TRUE | .(.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe

O87 - FAEL: "TCP Query User{3B8170CD-BB9C-4AD4-95F5-CC18CC27E315}C:\program files\flashget network\flashget 3\flashget3.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\flashget network\flashget 3\flashget3.exe (.not file.)

O87 - FAEL: "UDP Query User{CE000CEC-25C1-4D96-B464-C08F78F7213A}C:\program files\flashget network\flashget 3\flashget3.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\flashget network\flashget 3\flashget3.exe (.not file.)

O87 - FAEL: "{4DCABE49-5397-4EAD-B242-9AFA1A6685DF}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\BitTorrent.exe

O87 - FAEL: "{875853F5-95D0-4E20-AA01-7A9BB8033DEB}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\BitTorrent.exe

O87 - FAEL: "TCP Query User{B7C3DD6A-F41F-4696-BDB1-618EB76BC3D7}C:\program files\orbitdownloader\orbitnet.exe" | In - Private - P6 - TRUE | .( - P2P service of Orbit Downloader.) -- C:\program files\orbitdownloader\orbitnet.exe

O87 - FAEL: "UDP Query User{375E354B-D7D9-4D62-B0A2-FFA2C2FC8EE8}C:\program files\orbitdownloader\orbitnet.exe" | In - Private - P17 - TRUE | .( - P2P service of Orbit Downloader.) -- C:\program files\orbitdownloader\orbitnet.exe

O87 - FAEL: "{57010373-6F2E-41E4-8729-4B414304E68E}" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O87 - FAEL: "{F540A0C4-66D1-45B3-AD83-36DCE2580814}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O87 - FAEL: "{F0FB4694-8DF0-400A-97DF-ADEACA8D88D0}" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O87 - FAEL: "{74FB2858-BEDF-42BF-A7D6-8B909339BE70}" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O87 - FAEL: "{DC9E97D2-F906-4C90-BEFD-346EBE4A4B78}" | In - Private - P6 - TRUE | .(.Zepetto - Point Blank.) -- C:\ongame\Pointblank\PointBlank.exe

O87 - FAEL: "{B325D785-2A2A-4775-B473-A36F34C153CE}" | In - Private - P17 - TRUE | .(.Zepetto - Point Blank.) -- C:\ongame\Pointblank\PointBlank.exe

O87 - FAEL: "TCP Query User{07A5B4BD-2723-4FB0-9E05-52F304A0B987}C:\program files\google\google earth\client\googleearth.exe" | In - Private - P6 - TRUE | .(.Google - Google Earth.) -- C:\program files\google\google earth\client\googleearth.exe

O87 - FAEL: "UDP Query User{EB9C98FD-1BE1-48AF-9FFA-C1DE77EF72A0}C:\program files\google\google earth\client\googleearth.exe" | In - Private - P17 - TRUE | .(.Google - Google Earth.) -- C:\program files\google\google earth\client\googleearth.exe

O87 - FAEL: "TCP Query User{1969D852-178A-4887-AAD4-A4E499F073E1}C:\program files\comodo\dragon\dragon.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\comodo\dragon\dragon.exe (.not file.)

O87 - FAEL: "UDP Query User{56731034-F845-4CC2-AF6C-FB0939CBB600}C:\program files\comodo\dragon\dragon.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\comodo\dragon\dragon.exe (.not file.)

O87 - FAEL: "{1F2D5800-D40C-4E42-86A0-60660FEF3F84}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe

O87 - FAEL: "{6F1FDD88-17C9-42E3-9F15-B1A0BEB393A0}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe




---\\ Additional Scan (O88)

Database Version : 24190 - (21/03/2011)


[HKCR\bittorrent] =>Adware.BHO

[HKCR\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>PUP.BearShare

[HKCR\CLSID\{6ed74ae3-8066-4385-aaba-243e033f75a3}] =>PUP.BearShare

[HKCR\CLSID\{77829f14-d911-40ff-a2f0-d11db8d6d0bc}] =>PUP.BearShare

[HKCR\CLSID\{a8fa2fde-bf01-4dd9-aaff-7bacfdcae896}] =>PUP.BearShare

[HKCR\Interface\{1e2d3c35-7aa0-4f6b-a334-30035604c03b}] =>PUP.BearShare

[HKCR\nctaudiofile2.audiofile2] =>Adware.RecordNRip

[HKCR\nctaudiofile2.audiofile2.2] =>Adware.RecordNRip

[HKCR\nctaudiofile2.audiofile2lameenc] =>Adware.RecordNRip

[HKCR\nctaudiofile2.audiofile2lameenc.1] =>Adware.RecordNRip

[HKCR\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>PUP.BearShare

[HKCR\TypeLib\{e160feb0-334e-4648-9ee1-fcbbf2e2aa4b}] =>PUP.BearShare

[HKCU\Software\AppDataLow\AskToolbarInfo] =>Adware.AskBarDis

[HKCU\Software\appdatalow\asktoolbarinfo] =>Adware.AskTBar

[HKCU\Software\appdatalow\Software\asktoolbar] =>Adware.AskTBar

[HKCU\Software\] =>Adware.AskBar

[HKCU\Software\] =>Adware.AskBarDis

[HKCU\Software\] =>Adware.AskTBar

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}] =>Adware.AskSBar

[HKLM\Software\Classes\AppID\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}] =>Adware.AskSBar

[HKLM\Software\Classes\AppID\genericasktoolbar.dll] =>Adware.AskTBar

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}] =>Adware.AskSBar

[HKLM\Software\Orbit\OpenCandy] =>Adware.OpenCandy

C:\Users\Usuario\AppData\Roaming\\SOFTWARE Informer =>Adware.VirtualGirl




---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 03/09/2010 135336 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

SR - | Auto 30/01/2011 267944 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 07/10/2010 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SS - | Auto 04/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SR - | Auto 20/12/2010 363344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

SS - | Demand 15/01/2007 774144 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

SS - | Demand 15/01/2007 266240 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

SR - | Auto 01/09/2005 65536 | (SABSVC) . ( - C:\Program Files\\Pop-Up Sentry!\SABSVC.exe

SS - | Demand 25/01/2011 72704 | (SRS Labs License Service) . (.SRS Labs.) - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe

SR - | Auto 09/11/2003 45056 | (STOPzilla Local Service) . (.International Software Systems Solutions.) - C:\Program Files\STOPzilla!\SZNTSvc.exe

SR - | Auto 05/08/2009 87536 | ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp..) - C:\Program Files\CyberLink\PowerDVD9\000.fcl




---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer,

Run by Usuario at 22/03/2011 20:47:08


device: opened successfully

user: MBR read successfully


Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys

1 nt!IofCallDriver[0x82C38FE3] -> \Device\Harddisk0\DR0[0x85A2A030]

3 CLASSPNP[0x89A6759E] -> nt!IofCallDriver[0x82C38FE3] -> \Device\Ide\IdeDeviceP2T1L0-4[0x85955030]

kernel: MBR read successfully

user & kernel MBR OK




---\\ Search Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Usuario at 22/03/2011 20:47:11

Use the desktop link 'MBRCheck' to have full report

Dump file Name : C:\PhysicalDisk0_MBR.bin




---\\ List of CD/DVD Emulators (MBR Hook)

O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 25/01/2011 - 12:56:28 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Windows\system32\drivers\pcouffin.sys [47360]




End of the scan (1160 lines in 03mn 03s)(0)


tipo agora eu to usando o pc sem o explorer sabe dai nao tem a barra de tarefas só assim nem liguei mais ele vo tenta liga , esse programa ali ele repara tbm ou só ve os programas e chaves e tals????

Compartilhar este post

Link para o post
Compartilhar em outros sites


*Copie o código abaixo:








O4 - Global Startup: C:\Users\Usuario\Desktop\FusionSoft DVD Player XP.lnk . (...) -- C:\Program Files\FusionSoft DVD Player XP\FSoftDVD.exe (.not file.)


[MD5.00000000000000000000000000000000] [APT] [MyDefrag v4.3.1 Daily] (.Unknown owner.) -- C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD" (.not file.)


[MD5.00000000000000000000000000000000] [APT] [MyDefrag v4.3.1 Monthly] (.Unknown owner.) -- C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD" (.not file.)


[MD5.00000000000000000000000000000000] [APT] [{A4B60026-0694-4AF1-A079-388317D60629}] (.Unknown owner.) -- D:\Usuario\Desktop\STOPzilla + Crack\STOPzilla_Setup.exe (.not file.)

*Execute o ZHPFix, localizado no desktop

*Clique em panelhelper.jpg

*Clique [OK] > [All] > [Fix]

*Cole os relatórios criados em C:\Arquivos de programas\ZHPDiag\ZHPFixReport.txt e C:\Arquivos de programas\ZHPdiag\mbr.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites



Rapport de ZHPFix 1.12.3260 par Nicolas Coolman, Update du 11/03/2011

Fichier d'export Registre :

Run by Usuario at 22/03/2011 22:21:42

Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Web site :

Contact :


========== Registry Key ==========

HKCU\Software\AppDataLow\AskToolbarInfo => Registry Key removed successfully

HKCU\Software\AppDataLow\Software\AskToolbar => Registry Key removed successfully

HKCU\Software\ => Registry Key removed successfully

HKLM\Software\Orbit\OpenCandy => Registry Key removed successfully


========== File ==========

c:\users\usuario\desktop\fusionsoft dvd player xp.lnk => Quarantined and Deleted successfully

c:\program files\fusionsoft dvd player xp\fsoftdvd.exe => Quarantined and Deleted successfully

c:\program files\mydefrag v4.3.1\scripts\automaticdaily.myd" (.not file.) => File not found

c:\program files\mydefrag v4.3.1\scripts\automaticmonthly.myd" (.not file.) => File not found

d:\usuario\desktop\stopzilla + crack\stopzilla_setup.exe (.not file.) => File not found


========== Task ==========

Task : MyDefrag v4.3.1 Daily => Task deleted successfully

Task : MyDefrag v4.3.1 Monthly => Task deleted successfully

Task : {A4B60026-0694-4AF1-A079-388317D60629} => Task deleted successfully



========== Summary ==========

4 : Registry Key

5 : File

3 : Task



End of the scan


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer,

Windows 6.1.7601 Disk: SAMSUNG_HD161HJ rev.GF100-07 -> \Device\Ide\IdeDeviceP2T1L0-4


device: opened successfully

user: MBR read successfully


Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys

1 nt!IofCallDriver[0x82C38FE3] -> \Device\Harddisk0\DR0[0x85A2A030]

3 CLASSPNP[0x89A6759E] -> nt!IofCallDriver[0x82C38FE3] -> \Device\Ide\IdeDeviceP2T1L0-4[0x85955030]

kernel: MBR read successfully

user & kernel MBR OK


vo baxa o mdr repair pra ve aki veio depois posto os log bele

Compartilhar este post

Link para o post
Compartilhar em outros sites


*Vá em Adicionar ou remover programas e desinstale ZHPDiag

*Delete a pasta C:\Arquivos de programas\ZHPdiag



*Desative temporariamente seu antivírus


Clique com o botão direito do mouse no ícone do Avira ao lado do relógio

Clique na opção "Antivir Guard enable".

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Não use o mouse nem o teclado durante as etapas, pois isto implicará na desconfiguração do seu desktop deixando-o em branco![/b][/color]

*Cole o relatório apresentado

Compartilhar este post

Link para o post
Compartilhar em outros sites

o veio mais como vo paraa o antivirus se nao consigu acessa a area de notificação pq o explorer fia reiniciando :S e tentei pelo gerenciador de tarefas , para o serviço e nao obtive sucesso :S::SS:

Compartilhar este post

Link para o post
Compartilhar em outros sites

ComboFix 11-03-22.09 - Usuario 23/03/2011 14:40:23.4.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.2039.1354 [GMT -3:00]

Executando de: d:\usuario\Documents\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



(((((((((((((((( Arquivos/Ficheiros criados de 2011-02-23 to 2011-03-23 ))))))))))))))))))))))))))))



2011-03-23 17:45 . 2011-03-23 17:46 -------- d-----w- c:\users\Usuario\AppData\Local\temp

2011-03-23 17:45 . 2011-03-23 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-22 23:47 . 2011-03-22 23:47 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2011-03-22 23:43 . 2011-03-23 01:21 -------- d-----w- c:\program files\ZHPDiag

2011-03-22 18:12 . 2011-03-22 18:20 -------- d-----w- c:\programdata\SecTaskMan

2011-03-22 18:12 . 2011-03-22 18:16 -------- d-----w- c:\program files\Security Task Manager

2011-03-22 17:17 . 2011-03-22 17:17 13642 ----a-w- C:\backupshell.reg

2011-03-22 15:38 . 2011-03-22 15:39 -------- d-----w- C:\LinhaDefensiva

2011-03-21 23:19 . 2011-03-21 23:19 -------- d-----w- c:\program files\ESET

2011-03-20 15:32 . 2011-03-20 15:32 -------- d-----w- c:\users\Usuario\AppData\Roaming\

2011-03-20 15:31 . 2011-03-20 15:31 8192 ----a-r- c:\users\Usuario\AppData\Roaming\Microsoft\Installer\{D93F052A-325F-4D08-9785-F276F28B820A}\IconD93F052A1.exe

2011-03-20 15:31 . 2011-03-20 17:01 -------- d-----w- c:\program files\

2011-03-20 15:30 . 2011-03-20 15:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2011-03-19 16:04 . 2011-01-19 20:47 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys

2011-03-19 16:04 . 2011-03-19 16:04 -------- d-----w- c:\program files\CPUID

2011-03-19 00:30 . 2011-03-19 00:30 -------- d-----w- c:\programdata\Martau

2011-03-19 00:30 . 2011-03-19 00:30 -------- d-----w- c:\program files\Total Uninstall 5

2011-03-19 00:27 . 2005-06-15 10:12 90112 ----a-w- c:\windows\system32\XPMenu.ocx

2011-03-19 00:27 . 1998-06-24 02:00 609584 ----a-w- c:\windows\system32\COMCTL32.OCX

2011-03-19 00:07 . 2001-04-10 01:06 15872 ----a-w- c:\windows\Delete Complete Program Deleter.Exe

2011-03-19 00:06 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{960E4262-6B45-4A26-BA8B-5BFFB39642B8}\mpengine.dll

2011-03-18 23:45 . 1996-01-12 03:00 722192 ----a-w- c:\windows\system32\vb40032.dll

2011-03-18 02:08 . 2002-09-22 15:42 17408 ----a-w- c:\windows\Shortcut.exe

2011-03-18 02:08 . 2011-03-18 02:08 -------- d-----w- c:\program files\RAM Idle LE

2011-03-18 01:39 . 2008-12-03 20:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe

2011-03-18 01:39 . 2002-11-15 01:32 55808 ----a-w- c:\windows\system32\devcon.exe

2011-03-18 01:39 . 2011-03-18 01:41 -------- d-----w- c:\program files\Driver Checker

2011-03-18 00:01 . 2011-03-18 00:01 -------- d-----w- c:\users\Usuario\AppData\Roaming\ViGlance

2011-03-17 15:22 . 2008-05-30 17:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll

2011-03-14 15:26 . 2011-03-14 15:26 -------- d-----w- c:\program files\Recuva

2011-03-14 15:18 . 2011-03-14 15:18 -------- d-----w- C:\O&O

2011-03-14 15:15 . 2011-03-22 14:31 -------- d-----w- C:\Downloads

2011-03-14 15:02 . 2011-03-14 15:02 -------- d-----w- c:\users\Usuario\AppData\Local\Downloaded Installations

2011-03-13 18:21 . 2011-03-13 18:21 -------- d-----w- c:\users\Usuario\AppData\Roaming\Need for Speed World

2011-03-12 02:27 . 2011-03-14 15:08 -------- d-----w- C:\Games

2011-03-12 01:05 . 2011-03-12 15:40 -------- d-----w- c:\program files\

2011-03-12 00:43 . 2011-03-12 00:43 -------- d-----w- c:\users\Usuario\AppData\Local\Electronic_Arts_Inc

2011-03-12 00:42 . 2011-03-14 00:16 -------- d-----w- c:\programdata\Need For Speed World

2011-03-12 00:42 . 2011-03-14 00:14 -------- d-----w- c:\program files\Need For Speed World

2011-03-11 23:23 . 2009-03-09 18:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll

2011-03-11 23:23 . 2009-03-09 18:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll

2011-03-11 23:23 . 2009-03-16 17:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2011-03-11 23:23 . 2009-03-09 18:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll

2011-03-11 23:23 . 2009-03-16 17:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

2011-03-11 23:23 . 2009-03-16 17:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

2011-03-11 23:23 . 2007-04-04 21:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2011-03-11 22:02 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2011-03-11 22:02 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-03-11 22:02 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-03-11 01:15 . 2011-03-11 01:15 -------- d-----w- c:\users\Usuario\dwhelper

2011-03-09 18:43 . 2010-05-21 15:11 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr

2011-03-09 18:43 . 2010-05-21 15:11 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe

2011-03-09 18:43 . 2011-03-22 14:31 -------- d-----w- c:\program files\MyDefrag v4.3.1

2011-03-09 16:13 . 2011-03-09 16:13 -------- d-----w- c:\program files\FreeTime

2011-03-09 15:42 . 2011-03-09 15:42 -------- d-----w- c:\program files\Trend Micro

2011-03-09 13:56 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-09 13:56 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 13:56 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 13:56 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\

2011-03-08 22:28 . 2009-12-03 20:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2011-03-08 20:40 . 2011-03-08 20:40 -------- d-----w- c:\users\Usuario\AppData\Roaming\RealHideIP

2011-03-08 20:40 . 2011-03-08 20:40 -------- d-----w- c:\programdata\RealHideIP

2011-03-08 20:39 . 2011-03-08 20:40 -------- d-----w- c:\program files\RealHideIP

2011-03-07 16:42 . 2011-03-07 16:42 -------- d-----w- c:\users\Usuario\AppData\Roaming\STOPzilla!

2011-03-07 16:16 . 2011-03-13 05:47 -------- d-----w- c:\program files\STOPzilla!

2011-03-07 16:00 . 2010-06-23 20:10 275048 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

2011-03-07 15:19 . 2011-03-07 15:19 -------- d-----w- c:\programdata\UAB

2011-03-07 15:19 . 2011-03-07 15:19 -------- d-----w- c:\users\Usuario\AppData\Roaming\Drivers For Free

2011-03-07 14:42 . 2011-03-07 15:04 -------- d-----w- c:\users\Usuario\AppData\Roaming\Software Informer

2011-03-07 14:05 . 2011-03-07 14:05 -------- d-----w- c:\users\Usuario\SystemRequirementsLab

2011-03-07 14:04 . 2011-03-07 14:04 -------- d-----w- c:\windows\Sun

2011-03-06 18:22 . 2011-03-06 18:23 -------- d-----w- c:\users\Usuario\AppData\Roaming\Apple Computer

2011-03-06 18:22 . 2011-03-06 18:22 -------- d-----w- c:\users\Usuario\AppData\Local\Apple Computer

2011-03-06 18:08 . 2011-03-06 18:08 -------- d-----w- c:\programdata\Apple Computer

2011-03-06 18:08 . 2011-03-06 18:08 -------- d-----w- c:\program files\Bonjour

2011-03-06 18:07 . 2011-03-06 18:07 -------- d-----w- c:\users\Usuario\AppData\Local\Apple

2011-03-06 18:07 . 2011-03-06 18:07 -------- d-----w- c:\programdata\Apple

2011-03-05 18:00 . 2011-03-19 21:08 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 12

2011-03-05 15:53 . 2011-03-05 15:53 -------- d-----w- c:\windows\pt-PT

2011-03-05 15:53 . 2011-03-05 15:53 -------- d-----w- c:\windows\system32\drivers\pt-PT

2011-03-05 15:53 . 2011-03-05 15:53 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT

2011-03-05 15:53 . 2011-03-18 23:59 -------- d-----w- c:\windows\system32\wbem\pt-PT

2011-03-05 15:53 . 2011-03-05 15:53 -------- d-----w- c:\windows\system32\pt

2011-03-05 15:09 . 2011-03-05 15:09 -------- d-----w- c:\programdata\Uniblue

2011-03-05 15:09 . 2011-03-05 15:09 -------- d-----w- c:\users\Usuario\AppData\Roaming\Uniblue

2011-03-05 13:47 . 2009-07-13 21:38 4096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\pt-PT\LXKPTPRC.DLL.mui

2011-03-05 13:30 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-03-05 02:30 . 2011-03-05 02:30 -------- d-----w- c:\program files\Driver-Soft

2011-03-05 02:17 . 2004-06-14 17:56 427864 ----a-w- c:\windows\system32\XceedZip.dll

2011-03-05 02:17 . 2004-03-09 19:45 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX

2011-03-03 18:48 . 2011-03-03 18:48 -------- d-----w- c:\windows\system32\Lang

2011-03-03 18:35 . 2011-03-03 18:34 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-03-03 17:52 . 2011-03-03 17:57 -------- d-----w- c:\program files\Total Video Converter

2011-03-03 17:12 . 2011-03-03 17:12 -------- d-----w- c:\program files\DVD Decrypter

2011-03-03 17:04 . 2011-03-03 17:04 -------- d-----w- c:\users\Usuario\AppData\Roaming\DVD2AVI Ripper

2011-03-02 18:34 . 2011-03-02 18:34 -------- d-----w- c:\program files\VirtualDJ

2011-03-02 14:47 . 2001-06-04 09:00 14112 ----a-w- c:\windows\system32\drivers\PS2.sys

2011-03-02 14:47 . 2011-03-02 14:48 -------- d-----w- C:\hp

2011-03-02 01:55 . 2011-03-02 01:55 -------- d-----w- c:\users\Usuario\AppData\Roaming\DeviceDoctorSoftware

2011-03-02 01:55 . 2011-03-02 01:55 -------- d-----w- c:\program files\Device Doctor

2011-03-01 20:07 . 2011-03-01 20:07 -------- d-----w- c:\program files\Marcos Velasco Security

2011-03-01 16:28 . 2011-03-02 01:18 -------- d-----w- c:\windows\system32\SPReview

2011-03-01 16:04 . 2010-11-20 07:30 67456 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2011-03-01 16:03 . 2011-03-01 16:03 -------- d-----w- c:\windows\system32\EventProviders

2011-03-01 14:51 . 2011-03-01 14:51 28611 ----a-w- c:\windows\cscmondump.bin

2011-03-01 14:38 . 2011-03-01 14:38 -------- d-----w- C:\VritualRoot

2011-02-27 18:53 . 2011-02-23 19:14 307200 ----a-w- c:\windows\system32\TubeFinder.exe

2011-02-27 18:53 . 2009-06-19 21:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL

2011-02-27 18:53 . 2009-06-19 21:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL

2011-02-27 18:53 . 2009-06-19 21:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX

2011-02-27 18:53 . 2009-06-19 21:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx

2011-02-27 18:53 . 2009-06-19 21:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx

2011-02-27 18:53 . 2009-06-19 21:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL

2011-02-27 18:53 . 2011-02-27 18:54 -------- d-----w- c:\users\Usuario\AppData\Roaming\FreeFLVConverter

2011-02-27 18:53 . 2011-02-27 18:53 -------- d-----w- c:\program files\Free FLV Converter

2011-02-27 18:53 . 2009-06-19 21:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL

2011-02-27 18:53 . 2009-06-19 21:51 152848 ----a-w- c:\windows\system32\COMDLG32.OCX

2011-02-26 18:15 . 2011-02-27 01:35 -------- d-----w- c:\users\Usuario\AppData\Roaming\Eltima Software

2011-02-23 00:17 . 2011-03-10 16:47 8107 ----a-w- c:\windows\w7dsd.reg

2011-02-23 00:17 . 2011-03-10 16:47 8089 ----a-w- c:\windows\w7dse.reg

2011-02-23 00:17 . 2011-02-23 00:17 233888 ----a-w- c:\windows\system32\DreamScene.dll



((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))


2011-03-01 16:24 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-02-15 22:55 . 2011-02-15 22:55 1060864 ----a-w- c:\windows\system32\mfc71.dll

2011-02-02 20:11 . 2011-01-25 12:48 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-30 15:49 . 2011-01-30 15:39 249856 ------w- c:\windows\Setup1.exe

2011-01-30 15:49 . 2011-01-30 15:38 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-01-30 15:43 . 2011-01-30 15:43 147512 ----a-w- c:\windows\system32\temp.002

2011-01-30 15:43 . 2011-01-30 15:43 278581 ----a-w- c:\windows\system32\temp.001

2011-01-30 15:43 . 2011-01-30 15:43 924432 ----a-w- c:\windows\system32\temp.000

2011-01-29 23:08 . 2010-09-11 01:41 285480 ----a-w- c:\windows\system32\guard32.dll

2011-01-29 23:08 . 2010-09-11 01:40 80064 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-01-29 23:08 . 2010-09-11 01:40 35768 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-01-29 23:08 . 2010-09-11 01:40 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-01-29 23:08 . 2010-09-11 01:40 236600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-01-25 19:01 . 2011-01-25 19:01 319456 ----a-w- c:\windows\DIFxAPI.dll

2011-01-25 19:01 . 2011-01-25 19:01 315392 ----a-w- c:\windows\HideWin.exe

2011-01-25 16:12 . 2011-01-25 16:03 505128 ----a-w- c:\windows\system32\msvcp71.dll

2011-01-25 16:12 . 2011-01-25 16:03 353576 ----a-w- c:\windows\system32\msvcr71.dll

2011-01-25 15:56 . 2011-01-25 15:56 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2011-01-25 15:56 . 2011-01-25 15:56 47360 ----a-w- c:\users\Usuario\AppData\Roaming\pcouffin.sys

2011-01-13 08:00 . 2011-01-30 16:41 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-01-07 07:45 . 2011-02-12 12:55 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:43 . 2011-02-12 12:55 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 03:51 . 2011-02-12 12:51 2330624 ----a-w- c:\windows\system32\win32k.sys

2010-12-27 14:41 . 2011-01-30 21:13 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2010-12-27 14:41 . 2011-01-25 16:03 24576 ----a-w- c:\windows\system32\msxml3a.dll



(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))



*Nota* entradas vazias e legítimas por defeito não são mostradas.




"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2007-10-15 2582288]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]



"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]



"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]

2007-08-29 12:24 176128 ----a-w- c:\program files\\Pop-Up Sentry!\SABWINLO.dll


[HKLM\~\startupfolder\C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Alarm.lnk]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleIPMap]

2007-09-18 20:21 2475520 ----a-w- c:\program files\Invisible IP Map\InvisibleIP.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2001-07-06 16:56 61440 ----a-w- c:\hp\kbd\kbd.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2010-12-20 21:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCM]

2009-08-21 16:06 2456064 ----a-w- c:\program files\Mp3 Convert Master\Mp3ConvertMaster.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpSentry]

2007-09-10 17:20 1785856 ----a-w- c:\program files\\Pop-Up Sentry!\PSENTRY.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STOPzilla]

2003-11-10 18:55 36864 ----a-w- c:\program files\STOPzilla!\Stopzilla.exe


--- =Outros Serviços/Drivers Na Memória ---


*Deregistered* - avipbb

*Deregistered* - ssmdrv


Conteúdo da pasta 'Tarefas Agendadas'


2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 02:34]


2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 02:34]



------- Scan Suplementar -------


uStart Page = hxxp://

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: ????3?? - c:\users\Usuario\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: ????3?????? - c:\users\Usuario\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

TCP: {F226E472-0CA8-4CED-A121-1F3B797DDCF8} =,

FF - ProfilePath - c:\users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\mti67u9d.default\

FF - prefs.js: browser.startup.homepage - hxxp://

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0


- - - - ORFÃOS REMOVIDOS - - - -


ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000D8} - (no file)





"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"



"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"


--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------


[HKEY_USERS\S-1-5-21-1627759439-3692452802-2262465073-1001\Software\Gabest\Media Player Classic\Settings\PnSPresets]

@DACL=(02 0000)

"Preset0"="Scale to 16:9 TV,0.500,0.500,1.000,1.333"

"Preset1"="Zoom To Widescreen,0.500,0.500,1.333,1.333"

"Preset2"="Zoom To Ultra-Widescreen,0.500,0.500,1.763,1.763"



@DACL=(02 0000)

"DiskPrompt"="STOPzilla!: [1]"




@DACL=(02 0000)

"DiskPrompt"="Windows Media Player Firefox Plugin Installation"

"1"=";CD-ROM #1"



@DACL=(02 0000)


[HKEY_USERS\S-1-5-21-1627759439-3692452802-2262465073-1001\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]




[HKEY_USERS\S-1-5-21-1627759439-3692452802-2262465073-1001\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]





@DACL=(02 0000)
















@DACL=(02 0000)




@DACL=(02 0000)



@DACL=(02 0000)



@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@Denied: (A 2) (Everyone)














@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)





















































































































































































































































































































































































































































































































































































@DACL=(02 0000)



@DACL=(02 0000)





@DACL=(02 0000)



@DACL=(02 0000)


"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"



@DACL=(02 0000)



@DACL=(02 0000)




@DACL=(02 0000)





@DACL=(02 0000)



@DACL=(02 0000)





@DACL=(02 0000)



@DACL=(02 0000)





@DACL=(02 0000)



@Denied: (A 2) (Everyone)











@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)




@DACL=(02 0000)







@Denied: (Full) (Everyone)


Tempo para conclusão: 2011-03-23 14:48:09

ComboFix-quarantined-files.txt 2011-03-23 17:48

ComboFix2.txt 2011-03-22 16:40

ComboFix3.txt 2011-03-05 17:30


Pré-execução: 25.794.600.960 bytes disponíveis

Pós execução: 26.834.722.816 bytes disponíveis


- - End Of File - - 45DBD40A074F6F07678CA49F57408BFC















continuo com o problema, inicio ele pelo gerenciador de tarefas ele fika reiniciando diretoo trava, reinicia e assim sucessivamente afe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Seu problema não tem relação com malwares.


Sugiro que reinstale o Windows.


*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall




*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]



Um abraço.

Compartilhar este post

Link para o post
Compartilhar em outros sites



Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites


Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.