Manain 0 Denunciar post Postado Novembro 23, 2011 Solicito analise de log, pois não esta sendo possivel criar atalhos na area de trabalho e nem fazer pesquisa de arquivos e pastas utilizando o Windows explorer Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 07:44:56, on 23/11/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\SearchFilterHost.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: MessengerPlusLive Brazil TB - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll O3 - Toolbar: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6695 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Novembro 24, 2011 Manain, Verifique se o seu Windows está configurado para pesquisar... Veja exemplo: http://tinypic.com/r/2s0y8sz/7 Vamos verificar se o problema está relacionado a vírus. 1. *Baixe o ATF Cleaner e salve-o no desktop *Execute-o *Selecione: [X] Select All *Clique [Empty Selected] *Feche o ATF-Cleaner 2. *Baixe e instale o CCleaner Slim *Clique [Executar Limpeza] *Clique [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados] *Feche o CCleaner 3. *Baixe o MalwareBytes e salve-o no desktop *Instale o programa e aguarde a atualização *O programa será aberto automaticamente *Na aba [Verificação], selecione [Verificação completa] *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado (C:\Documents and settings\Nome_do_Usuário\Dados de aplicativos\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam.txt) Caso já tenhas o Malwarebytes instalado.... *Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações] *Na aba [Verificação], selecione [x] Verificação completa *Clique [Verificar] e selecione a partição onde o Windows está instalado *Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados] *Cole o relatório apresentado Fico no aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Novembro 27, 2011 Segue relatorio do Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Versão da Base de Dados: 8251 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 27/11/2011 07:43:02 mbam-log-2011-11-27 (07-43-02).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 1002466 Tempo decorrido: 4 hora(s), 29 minuto(s), 37 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 1 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\program files\vdownloader\vdownloader.exe (VirTool.DelfInject) -> Quarantined and deleted successfully. ' Anti-Malware 1.51.2.1300 www.malwarebytes.org Versão da Base de Dados: 8251 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 27/11/2011 07:43:02 mbam-log-2011-11-27 (07-43-02).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 1002466 Tempo decorrido: 4 hora(s), 29 minuto(s), 37 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 1 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: c:\program files\vdownloader\vdownloader.exe (VirTool.DelfInject) -> Quarantined and deleted successfully. Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Novembro 27, 2011 Manain, *Baixe o AD-Remover e salve-o no desktop *Execute-o, clique [Clean] > [sim] > [OK] > [sim]. O PC poderá ser reiniciado *Cole o relatório C:\Ad-Report-CLEAN[1].txt 2. *Baixe o USBFix e salve-o no desktop *Conecte o pen drive no PC, execute-o e clique [Pesquisa] *Cole o relatório apresentado Fico no aguardo! Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Novembro 28, 2011 Segue relatorio do AD-REMOVER Quanto ao USBFIX em todos os link tentado baixar ocorre a mensagem, NÃO É POSSIVEL LOCALIZAR A PAGINA. ======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 ======= Updated by TeamXscript on 12/04/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com website: http://www.teamxscript.org C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 23:34:34 on 27/11/2011, Normal boot Microsoft Windows 7 Ultimate (X86) nando@ACER5920 (Acer, inc. Aspire 5920) ============== ACTION(S) ============== Folder deleted: C:\Users\Nando\AppData\LocalLow\Conduit Folder deleted: C:\Users\Nando\AppData\LocalLow\ConduitEngine Folder deleted: C:\Users\Nando\AppData\LocalLow\PriceGong (!) -- Temporary files deleted. Key deleted: HKLM\Software\Classes\Conduit.Engine Key deleted: HKLM\Software\Classes\Toolbar.CT2567694 Key deleted: HKLM\Software\Classes\Toolbar.CT2719261 Key deleted: HKLM\Software\Conduit Key deleted: HKLM\Software\conduitEngine Key deleted: HKCU\Software\AppDataLow\Toolbar Key deleted: HKCU\Software\AppDataLow\Software\Conduit Key deleted: HKCU\Software\AppDataLow\Software\conduitEngine Key deleted: HKCU\Software\AppDataLow\Software\PriceGong Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D77EEFE0-AED2-41F5-B005-811961F889B0} ============== ADDITIONNAL SCAN ============== **** Internet Explorer Version [9.0.8112.16421] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKLM_URLSearchHooks|{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - "Messenger Plus Live Brazil Toolbar" (C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll) HKLM_URLSearchHooks|{c69650dc-9644-4580-aa86-0ea329ee6c60} - "MessengerPlusLive Brazil TB Toolbar" (C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll) HKCU_Toolbar\WebBrowser|{EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} (C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll) HKCU_Toolbar\WebBrowser|{C69650DC-9644-4580-AA86-0EA329EE6C60} (C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll) HKLM_Toolbar|{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} (C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll) HKLM_Toolbar|{c69650dc-9644-4580-aa86-0ea329ee6c60} (C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll) HKLM_ElevationPolicy\f5dea037-4ccf-424f-8ed7-61ad39d2eb3a - C:\Program Files\Messenger_Plus_Live_Brazil\Messenger_Plus_Live_BrazilToolbarHelper.exe (?) HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x) HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x) HKLM_ElevationPolicy\{1C306DF7-2171-45c8-9324-D36448104BD5} - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) HKLM_ElevationPolicy\{6FA8DB7B-83F8-44A3-A86A-7E91C18299CA} - C:\Program Files\MessengerPlusLive_Brazil_TB\MessengerPlusLive_Brazil_TBToolbarHelper.exe (?) HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x) HKLM_Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - "@C:\Windows\WindowsMobile\INetRepl.dll,-222" (C:\Windows\WindowsMobile\INetRepl.dll,210) HKLM_Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - "?" (?) BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll) BHO\{c69650dc-9644-4580-aa86-0ea329ee6c60} - "MessengerPlusLive Brazil TB Toolbar" (C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll) BHO\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} - "Free Download Manager" (C:\Program Files\Free Download Manager\iefdm2.dll) BHO\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - "Messenger Plus Live Brazil Toolbar" (C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll) ======================================== C:\Program Files\Ad-Remover\Quarantine: 54 File(s) C:\Program Files\Ad-Remover\Backup: 13 File(s) C:\Ad-Report-CLEAN[1].txt - 27/11/2011 23:35:06 (4553 Byte(s)) End at: 23:36:51, 27/11/2011 ============== E.O.F ============== Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Dezembro 7, 2011 Segue Relatorio do USBFIX ############################## | UsbFix V 7.072 | [Research] User: nando (Administrator) # ACER5920 Updated 04/12/2011 by El Desaparecido Started at 21:40:12 | 07/12/2011 Website: http://eldesaparecido.com Suspicious file ? : http://eldesaparecido.com/support.php Contact: contact@eldesaparecido.com PC: Acer, inc. (Aspire 5920 ) (X86-based PC) # Desktop Computer CPU: Intel® Core2 Duo CPU T5450 @ 1.66GHz (1667) RAM -> [ Total : 2038 | Free : 989 ] BIOS: ZD1 v1.3710 3G10 BOOT: Normal boot OS: Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) # WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] AV: avast! Antivirus [ Enabled | Updated ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Fixed drive # 149 Gb (26 Mb free - 17%) [] # NTFS D:\ -> CD-ROM F:\ -> Removable drive # 984 Mb (850 Mb free - 86%) [KINGSTON] # FAT ################## | Active Processes | C:\Windows\system32\csrss.exe (476) C:\Windows\system32\wininit.exe (532) C:\Windows\system32\csrss.exe (540) C:\Windows\system32\services.exe (588) C:\Windows\system32\winlogon.exe (620) C:\Windows\system32\lsass.exe (648) C:\Windows\system32\lsm.exe (660) C:\Windows\system32\svchost.exe (764) C:\Windows\system32\svchost.exe (848) C:\Windows\System32\svchost.exe (904) C:\Windows\System32\svchost.exe (960) C:\Windows\system32\svchost.exe (992) C:\Windows\system32\svchost.exe (1260) C:\Windows\system32\svchost.exe (1408) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1488) C:\Windows\System32\spoolsv.exe (1828) C:\Windows\system32\svchost.exe (1856) C:\Windows\system32\svchost.exe (1952) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (2032) C:\Windows\system32\IoctlSvc.exe (780) C:\Windows\system32\svchost.exe (1204) C:\Windows\system32\DRIVERS\xaudio.exe (1876) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (2180) C:\Windows\system32\svchost.exe (2416) C:\Windows\system32\svchost.exe (2592) C:\Windows\system32\taskhost.exe (3232) C:\Windows\system32\svchost.exe (3500) C:\Windows\system32\Dwm.exe (3612) C:\Windows\Explorer.EXE (3636) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3740) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (3872) C:\Program Files\Windows Sidebar\sidebar.exe (3880) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3892) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (4088) C:\Windows\system32\SearchIndexer.exe (2872) C:\Program Files\Windows Media Player\wmpnetwk.exe (196) C:\Windows\system32\svchost.exe (408) C:\Windows\System32\svchost.exe (3492) C:\Windows\System32\svchost.exe (2504) C:\Program Files\Internet Explorer\iexplore.exe (5140) C:\Program Files\Internet Explorer\iexplore.exe (5188) C:\Windows\system32\WUDFHost.exe (2580) C:\Windows\system32\SearchProtocolHost.exe (3988) C:\Windows\system32\SearchFilterHost.exe (4236) C:\Windows\system32\wbem\wmiprvse.exe (5820) C:\UsbFix\UsbFix.exe (5636) ################## | Files # Infected Folders | ################## | Registry | Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | Compartilhar este post Link para o post Compartilhar em outros sites
Felipe_88 0 Denunciar post Postado Dezembro 13, 2011 Manain, Desculpe a demora... * Execute o UsbFix e clique [supressão] *Ao finalizar, cole o relatório apresentado E informe situação atual do PC; Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Dezembro 17, 2011 Segue relatorio USBfix, ja consigo criar atalhos, mas ainda não consigo fazer pesquisa de arquivos e documentos. ############################## | UsbFix V 7.072 | [Deletion] User: nando (Administrator) # ACER5920 Updated 04/12/2011 by El Desaparecido Started at 21:42:14 | 16/12/2011 Website: http://eldesaparecido.com Suspicious file ? : http://eldesaparecido.com/support.php Contact: contact@eldesaparecido.com PC: Acer, inc. (Aspire 5920 ) (X86-based PC) # Desktop Computer CPU: Intel® Core2 Duo CPU T5450 @ 1.66GHz (1667) RAM -> [ Total : 2038 | Free : 1104 ] BIOS: ZD1 v1.3710 3G10 BOOT: Normal boot OS: Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) # WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] AV: avast! Antivirus [ Enabled | Updated ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Fixed drive # 149 Gb (27 Mb free - 18%) [] # NTFS D:\ -> CD-ROM ################## | Active Processes | C:\Windows\system32\csrss.exe (432) C:\Windows\system32\csrss.exe (488) C:\Windows\system32\wininit.exe (496) C:\Windows\system32\services.exe (564) C:\Windows\system32\winlogon.exe (572) C:\Windows\system32\lsass.exe (608) C:\Windows\system32\lsm.exe (620) C:\Windows\system32\svchost.exe (716) C:\Windows\system32\svchost.exe (804) C:\Windows\System32\svchost.exe (856) C:\Windows\System32\svchost.exe (924) C:\Windows\system32\svchost.exe (952) C:\Windows\system32\svchost.exe (1220) C:\Windows\system32\svchost.exe (1364) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1464) C:\Windows\System32\spoolsv.exe (1764) C:\Windows\system32\svchost.exe (1792) C:\Windows\system32\svchost.exe (1884) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (1944) C:\Windows\System32\svchost.exe (2012) C:\Windows\system32\IoctlSvc.exe (324) C:\Windows\System32\svchost.exe (444) C:\Windows\system32\DRIVERS\xaudio.exe (604) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (2252) C:\Windows\system32\svchost.exe (2412) C:\Windows\system32\svchost.exe (2532) C:\Windows\system32\svchost.exe (2964) C:\Windows\system32\svchost.exe (3100) C:\Windows\System32\svchost.exe (3268) C:\Program Files\Windows Media Player\wmpnetwk.exe (3308) C:\Windows\system32\SearchIndexer.exe (3356) C:\Windows\system32\taskhost.exe (2320) C:\Windows\system32\Dwm.exe (1140) C:\Windows\Explorer.EXE (2692) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3136) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (3184) C:\Program Files\Windows Sidebar\sidebar.exe (3124) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3284) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (1132) C:\Windows\System32\svchost.exe (3748) C:\Program Files\Internet Explorer\iexplore.exe (1400) C:\Program Files\Internet Explorer\iexplore.exe (3092) C:\UsbFix\UsbFix.exe (2224) C:\Windows\system32\wbem\wmiprvse.exe (2244) C:\Program Files\Internet Explorer\iexplore.exe (1340) C:\Windows\system32\SearchProtocolHost.exe (2360) C:\Windows\system32\SearchFilterHost.exe (2840) ################## | Stopped processes | Stopped! C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1464) Stopped! C:\Windows\System32\spoolsv.exe (1764) Stopped! C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (1944) Stopped! C:\Windows\system32\IoctlSvc.exe (324) Stopped! C:\Windows\system32\DRIVERS\xaudio.exe (604) Stopped! C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (2252) Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (3308) Stopped! C:\Windows\system32\SearchIndexer.exe (3356) Stopped! C:\Windows\system32\taskhost.exe (2320) Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3136) Stopped! C:\Program Files\Common Files\Real\Update_OB\realsched.exe (3184) Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (3124) Stopped! C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3284) Stopped! C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (1132) Stopped! C:\Program Files\Internet Explorer\iexplore.exe (1400) Stopped! C:\Program Files\Internet Explorer\iexplore.exe (3092) Stopped! C:\Program Files\Internet Explorer\iexplore.exe (1340) Stopped! C:\Windows\system32\SearchProtocolHost.exe (2360) Stopped! C:\Windows\system32\SearchFilterHost.exe (2840) ################## | Files # Infected Folders | Deleted ! C:\$RECYCLE.BIN\S-1-5-20 Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1593618484-1684749056-4021839093-1000 Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1593618484-1684749056-4021839093-501 (!) Temporary files deleted. ################## | Registry | Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Listing | [27/01/2010 - 21:11:47 | D ] C:\$AVG [16/12/2011 - 21:50:26 | SHD ] C:\$RECYCLE.BIN [27/11/2011 - 23:36:52 | N | 4692] C:\Ad-Report-CLEAN[1].txt [29/04/2011 - 11:58:14 | D ] C:\Arquivos de Programas [10/06/2009 - 19:42:20 | N | 24] C:\autoexec.bat [06/09/2011 - 16:28:13 | N | 87] C:\baixadll_log_terça-feira.log [22/04/2011 - 03:09:02 | D ] C:\BKPHDEXTERNO [15/03/2010 - 16:33:36 | D ] C:\Boot [18/01/2010 - 18:13:20 | N | 211] C:\Boot.BAK [19/01/2010 - 01:49:17 | N | 355] C:\Boot.ini.saved [28/10/2001 - 10:06:10 | N | 4952] C:\Bootfont.bin [13/07/2009 - 23:38:58 | RASH | 383562] C:\bootmgr [15/03/2010 - 16:33:40 | N | 8192] C:\BOOTSECT.BAK [22/09/2011 - 19:14:42 | D ] C:\ComboFix [22/09/2011 - 19:14:37 | N | 13324] C:\ComboFix.txt [18/01/2010 - 18:18:17 | N | 0] C:\CONFIG.001 [10/06/2009 - 19:42:20 | N | 10] C:\CONFIG.002 [16/11/2011 - 22:48:33 | D ] C:\Config.Msi [08/11/2011 - 06:50:15 | N | 2590] C:\CONFIG.SYS [09/11/2010 - 10:18:23 | D ] C:\contratos [14/07/2009 - 02:53:55 | SHD ] C:\Documents and Settings [21/09/2011 - 17:46:07 | D ] C:\Downloads [14/03/2010 - 13:01:15 | D ] C:\found.000 [15/03/2010 - 18:42:29 | N | 203372] C:\grldr [16/12/2011 - 21:18:40 | ASH | 1603084288] C:\hiberfil.sys [23/11/2011 - 07:44:22 | N | 388608] C:\HiJackThis.exe [23/11/2011 - 07:44:56 | N | 6696] C:\hijackthis.log [22/01/2010 - 12:02:48 | D ] C:\Intel [18/01/2010 - 18:18:17 | N | 0] C:\IO.SYS [15/03/2010 - 22:47:30 | N | 7] C:\ISACER.id [18/01/2010 - 18:18:17 | N | 0] C:\MSDOS.SYS [20/01/2010 - 11:51:37 | RD ] C:\MSOCache [05/01/2002 - 04:37:28 | N | 344064] C:\msvcr70.dll [03/08/2004 - 23:38:34 | N | 47564] C:\NTDETECT.COM [03/08/2004 - 23:59:34 | N | 251168] C:\ntldr [30/04/2010 - 17:12:53 | N | 36746] C:\P1005.log [16/12/2011 - 21:18:44 | ASH | 2137448448] C:\pagefile.sys [29/05/2010 - 17:32:49 | D ] C:\PARTIDOS_ELEITORAIS_2008 [14/07/2009 - 00:37:05 | D ] C:\PerfLogs [23/04/2011 - 02:50:29 | D ] C:\PFiles [04/12/2011 - 22:13:09 | D ] C:\Program Files [22/04/2011 - 03:01:52 | D ] C:\Program Files (x86) [04/12/2011 - 21:53:06 | D ] C:\ProgramData [22/09/2011 - 19:14:40 | D ] C:\Qoobox [15/03/2010 - 16:05:02 | D ] C:\Recovery [14/04/2011 - 20:53:07 | D ] C:\relatorios [09/04/2011 - 17:48:47 | D ] C:\SPCP [15/12/2011 - 08:34:17 | SHD ] C:\System Volume Information [31/03/2011 - 07:17:15 | D ] C:\Temp [09/07/2010 - 16:56:43 | D ] C:\trat_erro [06/07/2011 - 14:22:03 | D ] C:\UniScan [16/12/2011 - 21:50:26 | D ] C:\UsbFix [16/12/2011 - 21:42:53 | A | 7513] C:\UsbFix.txt [24/07/2011 - 14:43:03 | D ] C:\Users [09/07/2010 - 16:56:43 | D ] C:\webmatic [15/03/2010 - 18:42:30 | N | 12] C:\win7.ld [16/12/2011 - 21:18:40 | D ] C:\Windows [20/11/2011 - 10:52:58 | D ] D:\Musicas para Ensaiar ################## | Vaccin | C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) ################## | Upload | Please send the file: C:\UsbFix_Upload_Me_ACER5920.zip http://eldesaparecido.com/upload.html Thank you for your contribution. ################## | Reboot | (!) The computer was restarted. ################## | E.O.F | Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Dezembro 17, 2011 Ratificando a ultima resposta. Ainda não consigo criar atalhos e nem efetuar pesqisas. Manain Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 18, 2012 Ratificando a ultima resposta. Ainda não consigo criar atalhos e nem efetuar pesqisas. Manain Boa Tarde! Manain |- O colega Felipe_88,devido aos seus estudos,encontra-se impossibilitado de dar prosseguimento ao Tópico. Caso queira continuar a análise,poste um novo log do HijackThis. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Janeiro 28, 2012 Segue novo Log para continuação Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:32:42, on 28/01/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: MessengerPlusLive Brazil TB - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll O3 - Toolbar: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8542 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 29, 2012 Bom Dia! Manain |- Baixe: < GabKiller > ( ... par 2011N2 ) |- Salve-o no desktop! |- Feche pastas que estejam abertas e execute a ferramenta. |- Para Windows Vista ou 7,clique direito e execute como administrador. |- Escolha a opção 1. Rechercher -> Aperte Enter! |- Aguarde a conclusão e poste o relatório: Rapport de recherche de GabKiller |- Para sair,aperte a opção "4. Quitter" -> Enter! ///°°°/// |- Baixe: < > < > ( ...par Nicolas Coolman ) |- Estando na página,clique em: < > |- Salve-o em Arquivos de programas e descompacte-o aí mesmo! |- Desabilite seu antivírus e execute "ZHPDiag2.exe". < > |- Ps: Confirme todos os passos,ao instalar ZHPDiag. |- Clique em |-- Termine. |- Abra a ferramenta,clicando no ícone do pergaminho. < > |- Atualize-a,clicando na seta verde,no topo à direita. |- A atualização estará completa,ao termos a mensagem: |- Habilite todas as opções de diagnóstico,clicando em ( Ícone da chave de fenda ) |- Clique em All. |- Dê início ao diagnóstico ( Diag ),clicando no ícone da lupa. |- Ao concluir,clique no ícone da máquina fotográfica ou "Save Report",para dispormos do relatório. |- Salve-o em um local conveniente! |- Caso queira salvar o log no Bloco de Notas,clique no ícone da máquina fotográfica e cole-o no BN. |- Poste-o,na sua resposta: ZHPDiag.txt |- Tendo problemas ao postar esse relatório,acesse < > |- Maiores informações: |Link| > Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Janeiro 29, 2012 Segue relatorio Rapport de recherche de GabKiller ====================================== Informations ====================================== Rapport de recherche de GabKiller Outil développé par 2011N2 Contact : lot12@hotmail.fr Site : http://2011n2.forumgratuit.fr/ Mis à jour le : 04/08/2011 à 13h | 1.45 par 2011N2 Début du scan de recherche : 10:36:12 Nom du PC : ACER5920 Système d'exploitation : Windows 7 Ultimate Internet Explorer : 9.0.8112.16421 Mozilla Firefox : version 5 Mozilla Firefox : version 6 ############################# Éléments infectieux ############################# ============================ Section HKLM ============================ Présent : HKLM\Software\AskToolbar Présent : HKLM\Software\Classes\WlcUI.DialerWindow Présent : HKLM\Software\Classes\WlcUI.DialerWindow.1 Présent : HKLM\Software\Classes\WlcUI.PhoneNumber Présent : HKLM\Software\Classes\WlcUI.PhoneNumber.1 Présent : HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Présent : HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Présent : HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Présent : HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Présent : HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Présent : HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Présent : HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Présent : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Présent : HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Présent : HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Présent : HKLM\Software\Classes\WlcUI.DialerWindow Présent : HKLM\Software\Classes\WlcUI.DialerWindow.1 Présent : HKLM\Software\Classes\WlcUI.PhoneNumber Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Présent : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Présent : HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Présent : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Présent : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Présent : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Présent : HKLM\Software\APN ============================ Section HKCU ============================ Présent : HKCU\Software\Ask.com Présent : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Présent : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} ============================ Section HKCR ============================ Présent : HKCR\CLSID\{00000000-6e41-4fd3-8538-502f5495e5fc} Présent : HKCR\CLSID\{d4027c7f-154a-4066-a1ad-4243d8127440} Présent : HKCR\genericasktoolbar.toolbarwnd Présent : HKCR\genericasktoolbar.toolbarwnd.1 Présent : HKCR\TypeLib\{2996f0e7-292b-4cae-893f-47b8b1c05b56} Présent : HKCR\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Présent : HKCR\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Présent : HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Présent : HKCR\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Présent : HKCR\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Présent : HKCR\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Présent : HKCR\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Présent : HKCR\Interface\{6C434537-053E-486D-B62A-160059D9D456} Présent : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Présent : HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Présent : HKCR\genericasktoolbar.toolbarwnd Présent : HKCR\genericasktoolbar.toolbarwnd.1 ========================== Dossiers/Fichiers ========================== Présent : C:\Program Files\Ask.com ================================================================================================ Fin du scan de recherche : 10:37:00 Copyright © 2011. Tous droits réservés. ############### EOF ############### Segue relatorio ZHPDiag.txt Rapport de ZHPDiag v1.28.315 par Nicolas Coolman, Update du 22/01/2012 Run by nando at 1/29/2012 11:07:21 AM Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html Web site : http://nicolascoolman.skyrock.com/ State : Your version is update. ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 (Defaut) GCIE: Google Chrome v16.0.912.77 ---\\ Windows Product Information ~ Langage: Anglais Windows 7 Ultimate Edition, 32-bit (Build 7600) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2038.4 MB (53% free) System Restore: Activé (Enable) System drive C: has 22 GB (14%) free of 149 GB ---\\ Logged in mode ~ Computer Name: ACER5920 ~ User Name: nando ~ All Users Names: nando, HomeGroupUser$, Guest, ASPNET, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Nando\AppData\Roaming\ ~ %Desktop% : C:\Users\Nando\Desktop\ ~ %Favorites% : C:\Users\nando\Favorites\ ~ %LocalAppData% : C:\Users\Nando\AppData\Local\ ~ %StartMenu% : C:\Users\Nando\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 22 Go of 149 Go) D:\ CD-ROM drive (Free 0 Go of 0 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoDispScrSavPage: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Scan Security Center in 00mn AMs ---\\ Search Generic System Files [MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Windows Explorer.) (.10/31/2009 - 2:45:39 AM.) -- C:\Windows\Explorer.exe [2614272] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) (.7/13/2009 - 10:14:31 PM.) -- C:\Windows\system32\rundll32.exe [44544] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.7/13/2009 - 10:14:45 PM.) -- C:\Windows\system32\Wininit.exe [96256] [MD5.D3788D91530CFA005BD516189A4C676E] - (.Microsoft Corporation - Internet Extensions para Win32.) (.11/6/2011 - 6:02:33 AM.) -- C:\Windows\system32\wininet.dll [1126912] [MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.10/28/2009 - 3:17:59 AM.) -- C:\Windows\system32\Winlogon.exe [285696] [MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.7/13/2009 - 10:16:15 PM.) -- C:\Windows\system32\sppcomapi.dll [193024] [MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.7/13/2009 - 8:12:38 PM.) -- C:\Windows\system32\drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/13/2009 - 10:26:15 PM.) -- C:\Windows\system32\drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/13/2009 - 8:11:15 PM.) -- C:\Windows\system32\drivers\Cdfs.sys [70656] [MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.7/13/2009 - 8:11:26 PM.) -- C:\Windows\system32\drivers\Cdrom.sys [108544] [MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.7/13/2009 - 8:14:17 PM.) -- C:\Windows\system32\drivers\DfsC.sys [78336] [MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.7/13/2009 - 8:50:56 PM.) -- C:\Windows\system32\drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.7/13/2009 - 8:11:24 PM.) -- C:\Windows\system32\drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/13/2009 - 8:54:29 PM.) -- C:\Windows\system32\drivers\IpNat.sys [101888] [MD5.F1B6AA08497EA86CA6EF6F7A08B0BFB8] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2/27/2010 - 4:32:05 AM.) -- C:\Windows\system32\drivers\MRxSmb.sys [123392] [MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.7/13/2009 - 8:12:21 PM.) -- C:\Windows\system32\drivers\netBT.sys [187904] [MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.7/13/2009 - 10:20:44 PM.) -- C:\Windows\system32\drivers\ntfs.sys [1210432] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.7/13/2009 - 8:45:35 PM.) -- C:\Windows\system32\drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/13/2009 - 8:54:34 PM.) -- C:\Windows\system32\drivers\Rasl2tp.sys [78848] [MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.7/13/2009 - 9:02:58 PM.) -- C:\Windows\system32\drivers\rdpdr.sys [133120] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/13/2009 - 8:53:41 PM.) -- C:\Windows\system32\drivers\smb.sys [71168] [MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.7/13/2009 - 8:12:11 PM.) -- C:\Windows\system32\drivers\tdx.sys [74240] [MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.7/13/2009 - 10:19:10 PM.) -- C:\Windows\system32\drivers\volsnap.sys [245328] ~ Scan Generic Processes in 00mn AMs ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 74/468 ~ Mes musiques (My Musics) : 10/15 ~ Mes Videos (My Videos) : 3/22 ~ Mes Favoris (My Favorites) : Non accessible (Not found) ~ Mes Documents (My Documents) : 15/1622 ~ Mon Bureau (My Desktop) : 86/5191 ~ Menu demarrer (Programs) : 6/23 ~ Scan Hidden Files in 04mn AMs ---\\ Running Processes [MD5.644795F6985C740F5E36E9336B837D0B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072] [PID.3516] [MD5.E2724029D3648C2EB226D16678727FA9] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256] [PID.3540] [MD5.6E3245DF783E58375B3465F03274743E] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.3584] [MD5.71200E7924D30860F032C7BE3EDDCB3B] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [901800] [PID.3660] [MD5.20840EB3774FCBA636857902B3FA0D25] - (.RealNetworks, Inc. - RealPlayer.) -- c:\program files\real\realplayer\RealPlay.exe [488968] [PID.3716] [MD5.7B2D61A81906852CE38A46D09EFEEE9D] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.5492] ~ Scan Processes Running in 00mn AMs ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\nando\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [user Data\Default] http://start.facemoods.com G0 - GCSP: Preference [user Data\Default][HomePage] http://www.google.com G2 - GCE: Preference [user Data\Default] [bcjbagclppcgdbpobcpoojdjdmcjhpid] Missing e v.1.7.3 (Activé) G2 - GCE: Preference [user Data\Default] [lncjcfkpannmofmpgdfoonkniofdnaba] Chrome PDF Viewer v. (Désactivé) ~ Scan Google Browser in 00mn AMs ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_30 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.50401.0.) -- C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (...) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.) P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.732] - (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll P2 - FPN: [HKLM] [@real.com/nprjplug;version=1.0.3.732] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=1.0.0.0] - (.RealNetworks, Inc. - RealPlayer HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.732] - (.RealNetworks, Inc. - 6.0.12.732.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.4.5".) -- C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll ~ Scan Firefox Browser in 00mn AMs ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} . (.Conduit Ltd. - Conduit Toolbar.) (5, 5, 0, 10) -- C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll R3 - URLSearchHook: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.3.0) -- C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask - Ask Toolbar.) (5.13.2.19379) -- C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navegador da Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ~ Scan IE Browser in 00mn AMs ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Scan Proxy management in 00mn AMs ---\\ Changed inifile Value, Mapped to Registry (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe, F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe ~ Scan Keys in 00mn AMs ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn AMs ~ Nombre de lignes (Lines number): 1 ---\\ Browser Helper Objects (O2) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Orphean Key O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: MessengerPlusLive Brazil TB - {c69650dc-9644-4580-aa86-0ea329ee6c60} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} . (...) -- C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll ~ Scan BHO in 00mn AMs ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll O3 - Toolbar: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll ~ Scan Toolbar in 00mn AMs ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-1593618484-1684749056-4021839093-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-21-1593618484-1684749056-4021839093-1000\..\Run: [spybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ~ Scan Application in 00mn AMs ---\\ Other User Links (O4) O4 - Global Startup: C:\Users\nando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\nando\Desktop\Ad-Remover.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe O4 - Global Startup: C:\Users\nando\Desktop\Any Video Converter.lnk . (.Any-Video-Converter.com.) -- C:\Program Files\AnvSoft\Any Video Converter\VideoConverter.exe O4 - Global Startup: C:\Users\nando\Desktop\Disco Local © - Atalho.lnk . (...) -- C:\ O4 - Global Startup: C:\Users\nando\Desktop\DVD Decrypter.lnk . (.LIGHTNING UK!.) -- C:\Program Files\DVD Decrypter\DVDDecrypter.exe O4 - Global Startup: C:\Users\nando\Desktop\Free Download Manager.lnk . (.FreeDownloadManager.ORG.) -- C:\Program Files\Free Download Manager\fdm.exe O4 - Global Startup: C:\Users\nando\Desktop\IMOBILIARIA (KelowcESCRITORIO_CD_4) (Z) - Atalho.lnk . (...) -- Z:\ (.not file.) O4 - Global Startup: C:\Users\nando\Desktop\locacao - Atalho.lnk . (...) -- C:\BKPHDEXTERNO\Servidor_Log_Fev_09\Unidade E\HD Suelene\Escritorio\Imobiliaria\locacao O4 - Global Startup: C:\Users\nando\Desktop\Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe O4 - Global Startup: C:\Users\nando\Desktop\PARTIDOS_ELEITORAIS_2008.lnk . (...) -- C:\PARTIDOS_ELEITORAIS_2008 O4 - Global Startup: C:\Users\nando\Desktop\SCIWin - Creci.lnk . (.Microsistec.) -- C:\Arquivos de Programas\SCIWinLite\sciwin.exe O4 - Global Startup: C:\Users\nando\Desktop\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe O4 - Global Startup: C:\Users\nando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\aTube Catcher.lnk . (.DsNET.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe O4 - Global Startup: C:\Users\nando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk . (.LIGHTNING UK!.) -- C:\Program Files\DVD Decrypter\DVDDecrypter.exe O4 - Global Startup: C:\Users\nando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk . (.Google Inc..) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - Global Startup: C:\Users\nando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\nando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk . (.Nero AG.) -- C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe O4 - Global Startup: C:\Users\nando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk . (.Nero AG.) -- C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe O4 - Global Startup: C:\Users\nando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..) -- C:\Program Files\Google\Picasa3\Picasa3.exe O4 - Global Startup: C:\Users\nando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Saint Paint.lnk . (...) -- C:\Program Files\Saint Paint\SaintPaint.exe (.not file.) O4 - Global Startup: C:\Users\nando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe O4 - Global Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk . (.Google Inc..) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - Global Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..) -- C:\Program Files\Google\Picasa3\Picasa3.exe ~ Scan Global Startup in 00mn AMs ---\\ IE Options icon not visible in Control Panel (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ Scan IE Control Panel in 00mn AMs ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Enviar para o OneNote - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - Sincronização de Favoritos do ActiveSync.) -- C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - Sincronização de Favoritos do ActiveSync.) -- C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: Skype add-on for Internet Explorer - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Skype add-on for Internet Explorer - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll ~ Scan IE Extra Buttons in 00mn AMs ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\System32\mswsock.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\System32\NapiNSP.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll ~ Scan Winsock in 00mn AMs ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ~ Scan Objets ActiveX in 00mn AMs ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: DhcpNameServer = 200.204.0.10 192.168.254.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{A24026AE-7A0A-4F2C-8B00-26F6844F2B60}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: DhcpDomain = domain.invalid O17 - HKLM\System\CS1\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: DhcpNameServer = 200.204.0.10 192.168.254.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{A24026AE-7A0A-4F2C-8B00-26F6844F2B60}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: DhcpDomain = domain.invalid O17 - HKLM\System\CS2\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: DhcpNameServer = 200.204.0.10 192.168.254.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{A24026AE-7A0A-4F2C-8B00-26F6844F2B60}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{55D7BD5B-34AB-4950-A14C-819D138807AF}: DhcpDomain = domain.invalid ~ Scan Domain in 00mn AMs ---\\ Extra protocols (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} . (.Microsoft Corporation - GrooveSystemServices Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files\Common Files\Skype\Skype4COM.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\MSVidCtl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn AMs ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Monitor de Sites.) -- C:\Windows\system32\webcheck.dll ~ Scan SSODL in 00mn AMs ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - C:\Windows\System32\IoctlSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: XAudioService (XAudioService) . (.Conexant Systems, Inc. - Modem Audio Service.) - C:\Windows\system32\DRIVERS\xaudio.exe ~ Scan Services in 00mn AMs ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn AMs ---\\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ Scan Keys in 00mn AMs ---\\ Task Planned Automatically(039) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.E2724029D3648C2EB226D16678727FA9] [APT] [RealCreateProcessScheduledTask100995S-1-5-21-1593618484-1684749056-4021839093-1000] (.RealNetworks, Inc..) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [MD5.E2724029D3648C2EB226D16678727FA9] [APT] [RealCreateProcessScheduledTask109563620S-1-5-21-1593618484-1684749056-4021839093-1000] (.RealNetworks, Inc..) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [MD5.E2724029D3648C2EB226D16678727FA9] [APT] [RealCreateProcessScheduledTask110583945S-1-5-21-1593618484-1684749056-4021839093-1000] (.RealNetworks, Inc..) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [MD5.E2724029D3648C2EB226D16678727FA9] [APT] [RealCreateProcessScheduledTask36672481S-1-5-21-1593618484-1684749056-4021839093-1000] (.RealNetworks, Inc..) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [MD5.E2724029D3648C2EB226D16678727FA9] [APT] [RealCreateProcessScheduledTask52880282S-1-5-21-1593618484-1684749056-4021839093-1000] (.RealNetworks, Inc..) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [MD5.E2724029D3648C2EB226D16678727FA9] [APT] [RealCreateProcessScheduledTask56482111S-1-5-21-1593618484-1684749056-4021839093-1000] (.RealNetworks, Inc..) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [MD5.E2724029D3648C2EB226D16678727FA9] [APT] [RealCreateProcessScheduledTask60684170S-1-5-21-1593618484-1684749056-4021839093-1000] (.RealNetworks, Inc..) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [MD5.E2724029D3648C2EB226D16678727FA9] [APT] [RealCreateProcessScheduledTask6751988S-1-5-21-1593618484-1684749056-4021839093-1000] (.RealNetworks, Inc..) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [MD5.B7EE47B4D960BF55BDD7EC1812373872] [APT] [RealUpgradeLogonTaskS-1-5-21-1593618484-1684749056-4021839093-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [MD5.B7EE47B4D960BF55BDD7EC1812373872] [APT] [RealUpgradeScheduledTaskS-1-5-21-1593618484-1684749056-4021839093-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [MD5.14426438EDA546F331650854F4CD63A8] [APT] [scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe [MD5.A8D95FB229E33B7C93704432B30226D0] [APT] [{1A9E6DC8-0831-4231-816B-5F1BD6CDFC85}] (.Clickteam.) -- C:\Program Files\Install Creator\ic.exe [MD5.00000000000000000000000000000000] [APT] [{36076C5A-0859-47AD-AD0D-769FC19314D9}] (...) -- c:\program files\internet explorer\iexplore.exee-chrome:notoffered;systemlevelpresent (.not file.) [MD5.00000000000000000000000000000000] [APT] [{38B9E1A6-6888-4E5F-8867-AC6BD9FDAB5D}] (...) -- C:\Arquivos de programas\Counter-Strike Source\srcds.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{57A6B7B8-783F-4115-852E-0616E56E567F}] (...) -- C:\Users\nando\Downloads\atualizacaoradaresipiranga.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{69FF64BB-A868-4954-9594-E8999F82D0E4}] (...) -- C:\Arquivos de programas\Acer\Acer Crystal Eye webcam\CrystalEye.exe (.not file.) [MD5.F64D1364B1332E8E5B9B96AFFC9EE118] [APT] [{786CA64B-A438-41B3-87C7-BE68754E82A4}] (.Realtek Semiconductor Corp..) -- C:\Windows\system32\RTSndMgr.cpl [MD5.6FBBB73BE9FB38389AB73F38828A9CAC] [APT] [{D53F4855-5808-4BD1-A983-718D3823D30F}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe [MD5.00000000000000000000000000000000] [APT] [{D5789B95-7383-43B7-A7C6-DD577E531FC6}] (...) -- C:\Program Files\Internet Explorer\iexplore.exee-chrome:notoffered;systemlevelpresent (.not file.) [MD5.00000000000000000000000000000000] [APT] [{E9C7D238-6733-457A-8E14-DE9095A02D66}] (...) -- E:\Counter Strike Source Modern Warfare 2\PackAddons_CSS_beta_4.exe (.not file.) ~ Scan Scheduled Task in 03mn AMs ---\\ ActiveSetup Installed Components (O40) O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.1 r102.) -- C:\Windows\System32\Macromed\Flash\Flash11e.ocx ~ Scan Active Setup in 00mn AMs ---\\ Drivers launched at startup (O41) O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\system32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\system32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys ~ Scan Drivers in 00mn AMs ---\\ Software installed (O42) O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D} O42 - Logiciel: Acer Crystal Eye webcam - (.Chicony Electronics Co.,Ltd..) [HKLM] -- {D0ACE89D-EC7F-470F-80BE-4C98ED366B32} O42 - Logiciel: Acer Crystal Eye webcam - (.SUYIN.) [HKLM] -- {AA047D7C-5E7C-4878-B75C-77589151B563} O42 - Logiciel: Acer Crystal Eye webcam - (.Sonix.) [HKLM] -- {399C37FB-08AF-493B-BFED-20FBD85EDF7F} O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Reader 9.4.6 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A94000000001} O42 - Logiciel: Any Video Converter 3.0.3 - (.Any-Video-Converter.com.) [HKLM] -- Any Video Converter_is1 O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} O42 - Logiciel: Assistente de Conexão do Windows Live - (.Microsoft Corporation.) [HKLM] -- {51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48} O42 - Logiciel: Atualização de Driver do Windows Mobile Device Center - (.Microsoft Corporation.) [HKLM] -- {E7044E25-3038-4A76-9064-344AC038043E} O42 - Logiciel: Atualização do produto Microsoft Office Excel 2007 Help (KB963678) - (.Microsoft.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3} O42 - Logiciel: Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) - (.Microsoft.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA} O42 - Logiciel: Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) - (.Microsoft.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8} O42 - Logiciel: Atualização do produto Microsoft Office Word 2007 Help (KB963665) - (.Microsoft.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3} O42 - Logiciel: Bibliotecas de sistema 3.00.0003 - (.Folhamatic Tecnologia em Sistemas.) [HKLM] -- {20DED70C-944A-4DAE-B819-27CABDAD52B8} O42 - Logiciel: Broadcom Gigabit Integrated Controller - (.Broadcom Corporation.) [HKLM] -- {D3B3B9B2-FE73-44CB-8C0A-F737D92F991B} O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: Controle ActiveX do Windows Live Mesh para Conexões Remotas - (.Microsoft Corporation.) [HKLM] -- {39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9} O42 - Logiciel: DVD Decrypter (Remove Only) - (.Unknown owner.) [HKLM] -- DVD Decrypter O42 - Logiciel: Ferramenta de Carregamento do Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238} O42 - Logiciel: Free Download Manager 3.5 RC - (.FreeDownloadManager.ORG.) [HKLM] -- Free Download Manager_is1 O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: HDAUDIO Soft Data Fax Modem with SmartCP - (.Unknown owner.) [HKLM] -- CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118 O42 - Logiciel: HP Customer Participation Program 13.0 - (.HP.) [HKLM] -- HPExtendedCapabilities O42 - Logiciel: HP Imaging Device Functions 13.0 - (.HP.) [HKLM] -- HP Imaging Device Functions O42 - Logiciel: HP Photosmart All-In-One Driver Software 13.0 Rel. A - (.HP.) [HKLM] -- {17016DA1-F040-4032-BD36-34DD317BC9D5} O42 - Logiciel: HP Photosmart Essential 3.5 - (.HP.) [HKLM] -- HP Photosmart Essential O42 - Logiciel: HP Scanjet G2410 and 2400 - (.HP.) [HKLM] -- {E5B04674-1885-4B08-BAE7-ECDEC1F84677} O42 - Logiciel: HP Smart Web Printing 4.51 - (.HP.) [HKLM] -- HP Smart Web Printing O42 - Logiciel: HP Solution Center 13.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {7059BDA7-E1DB-442C-B7A1-6144596720A4} O42 - Logiciel: Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}.KB946040 O42 - Logiciel: Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}.KB946308 O42 - Logiciel: Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}.KB946344 O42 - Logiciel: Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}.KB947540 O42 - Logiciel: Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}.KB947789 O42 - Logiciel: Install Creator - (.Unknown owner.) [HKLM] -- Install Creator O42 - Logiciel: Java 6 Update 30 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216030FF} O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} O42 - Logiciel: Media Player Codec Pack 3.9.5 - (.Media Player Codec Pack.) [HKLM] -- Media Player - Codec Pack O42 - Logiciel: Messenger Plus! Live - (.Yuna Software.) [HKLM] -- Messenger Plus! Live O42 - Logiciel: MessengerPlusLive Brazil TB Toolbar - (.MessengerPlusLive Brazil TB.) [HKLM] -- MessengerPlusLive_Brazil_TB Toolbar O42 - Logiciel: Messenger_Plus_Live_Brazil Toolbar - (.Unknown owner.) [HKLM] -- Messenger_Plus_Live_Brazil Toolbar O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E} O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E} O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- ENTERPRISE O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Outlook Connector - (.Microsoft Corporation.) [HKLM] -- {95140000-007A-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC} O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9} O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Word MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {A49F249F-0C91-497F-86DF-B2585E8E76B7} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} O42 - Logiciel: Microsoft Visual Studio Tools for Applications 2.0 - ENU - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} O42 - Logiciel: Microsoft Visual Studio Tools for Applications 2.0 Runtime - (.Microsoft Corporation.) [HKLM] -- {299C0434-4F4E-341F-A916-4E07AEB35E79} O42 - Logiciel: Microsoft WSE 3.0 Runtime - (.Microsoft Corp..) [HKLM] -- {E3E71D07-CD27-46CB-8448-16D4FB29AA13} O42 - Logiciel: Nero 8 - (.Nero AG.) [HKLM] -- {BE282C23-5484-47FF-B2C1-EBEA5C891046} O42 - Logiciel: OCR Software by I.R.I.S. 13.0 - (.HP.) [HKLM] -- HPOCR O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] -- {B2544A03-10D0-4E5E-BA69-0362FFC20D18} O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3 O42 - Logiciel: RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 - (.Unknown owner.) [HKLM] -- {59F6A514-9813-47A3-948C-8A155460CC2A} O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0 O42 - Logiciel: RealUpgrade 1.0 - (.RealNetworks, Inc..) [HKLM] -- {F4F4F84E-804F-4E9A-84D7-C34283F0088F} O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: SCIWin - Versão Creci - (.Unknown owner.) [HKCU] -- SCIWin - Versão Creci O42 - Logiciel: SPCP 3.4.8.2 - (.Unknown owner.) [HKLM] -- SPCP_is1 O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08} O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7F207DCA-3399-40CB-A968-6E5991B1421A} O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB978380) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{667A88D1-0369-4070-A62A-70672D68A9BF} O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB978382) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6DE3DABF-0203-426B-B330-7287D1003E86} O42 - Logiciel: Security Update for Microsoft Office Outlook 2007 (KB972363) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB957789) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7559E742-FF9F-4FAE-B279-008ED296CB4D} O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB980470) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{34573F17-DADE-4D0D-835F-A54A1DE8AC1F} O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D} O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF} O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB969613) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{FCD742B9-7A55-44BC-A776-F795F21FEDDC} O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM] -- Shop for HP Supplies O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {981029E0-7FC9-4CF3-AB39-6F133621921A} O42 - Logiciel: Skype™ 4.2 - (.Skype Technologies S.A..) [HKLM] -- {D103C4BA-F905-437A-8049-DB24763BBE36} O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D} O42 - Logiciel: Update for 2007 Microsoft Office System (KB981715) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{661B3F32-FFE4-4606-AE3A-DFA11DCC0D79} O42 - Logiciel: Update for Microsoft Office InfoPath 2007 (KB976416) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{432C5EE4-8096-4FF1-95E1-65219365DFF7} O42 - Logiciel: Update for Microsoft Office OneNote 2007 (KB980729) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{329050A9-EF80-40F9-B633-74508F54C1FF} O42 - Logiciel: Update for Microsoft Office Word 2007 (KB974561) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0CDDBAA2-2111-4A0E-A1B0-76C40C635331} O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb981726) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2C69BACE-1151-41C0-8C8D-F6026D510BD4} O42 - Logiciel: VCRedistSetup - (.Nero AG.) [HKLM] -- {3921A67A-5AB1-4E48-9444-C71814CF3027} O42 - Logiciel: VDownloader 2.8.387 - (.Vitzo Limited.) [HKLM] -- {A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1 O42 - Logiciel: WinPcap 4.1.1 - (.CACE Technologies.) [HKLM] -- WinPcapInst O42 - Logiciel: WinRAR archiver - (.Unknown owner.) [HKLM] -- WinRAR archiver O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {590035D9-BFA0-406A-A7F0-479C72C0DDB2} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {9ADC3E4F-34DA-48CD-8727-BB26D90257BD} O42 - Logiciel: Windows Media Encoder 9 Series - (.Microsoft Corporation.) [HKLM] -- {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} O42 - Logiciel: Windows Media Encoder 9 Series - (.Unknown owner.) [HKLM] -- Windows Media Encoder 9 O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} O42 - Logiciel: Windows Mobile Device Center - (.Microsoft Corporation.) [HKLM] -- {904CCF62-818D-4675-BC76-D37EB399F917} O42 - Logiciel: aTube Catcher - (.DsNET.) [HKLM] -- aTube Catcher O42 - Logiciel: avast! Free Antivirus - (.AVAST Software.) [HKLM] -- avast O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B} ---\\ HKCU & HKLM Software Keys [HKCU\Software\4th Software] [HKCU\Software\AC3Filter] [HKCU\Software\ALWIL Software] [HKCU\Software\APN] [HKCU\Software\AVAST Software] [HKCU\Software\Adobe] [HKCU\Software\Ahead] [HKCU\Software\Antanda] [HKCU\Software\AnvSoft] [HKCU\Software\AppDataLow\Software\AskToolbar] [HKCU\Software\AppDataLow\Software\MessengerPlusLive_Brazil_TB] [HKCU\Software\AppDataLow\Software\Messenger_Plus_Live_Brazil] [HKCU\Software\AppDataLow\Software\Microsoft] [HKCU\Software\AppDataLow\Software\Monitored] [HKCU\Software\AppDataLow\Software\Yahoo] [HKCU\Software\AppDataLow\Software\settings] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\Ask.com] [HKCU\Software\Bitstream] [HKCU\Software\Borland] [HKCU\Software\Chicony] [HKCU\Software\Classes] [HKCU\Software\Clickteam] [HKCU\Software\Clients] [HKCU\Software\CoreAAC] [HKCU\Software\CoreVorbis] [HKCU\Software\Corel] [HKCU\Software\DSP-worx] [HKCU\Software\DVD Decrypter] [HKCU\Software\DigitalVolcano] [HKCU\Software\DivXNetworks] [HKCU\Software\DsNET Corp.] [HKCU\Software\Electronic Arts] [HKCU\Software\FreeDownloadManager.ORG] [HKCU\Software\GNU] [HKCU\Software\GSpot Appliance Corp] [HKCU\Software\Gabest] [HKCU\Software\Google] [HKCU\Software\HP] [HKCU\Software\Haali] [HKCU\Software\Hewlett-Packard] [HKCU\Software\IM Providers] [HKCU\Software\INCAInternet] [HKCU\Software\InterVideo] [HKCU\Software\JEDI-VCL] [HKCU\Software\JavaSoft] [HKCU\Software\Jitit Virtual Registry] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\Macromedia] [HKCU\Software\MainConcept] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\Media Player - Codec Pack] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Nero] [HKCU\Software\Netscape] [HKCU\Software\Northcode Inc] [HKCU\Software\ODBC] [HKCU\Software\Patchou] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\RealNetworks] [HKCU\Software\Realtek] [HKCU\Software\SProsoft] [HKCU\Software\Safer Networking Limited] [HKCU\Software\Saint Paint Studio] [HKCU\Software\SecuROM] [HKCU\Software\Skype] [HKCU\Software\Softonic] [HKCU\Software\Sony Corporation] [HKCU\Software\Synaptics] [HKCU\Software\Sysinternals] [HKCU\Software\Usbfix] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\Valve] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Yahoo] [HKCU\Software\acer] [HKLM\Software\ALWIL Software] [HKLM\Software\APN] [HKLM\Software\ATI Technologies] [HKLM\Software\AVAST Software] [HKLM\Software\Adobe] [HKLM\Software\Ahead] [HKLM\Software\AskToolbar] [HKLM\Software\Audible] [HKLM\Software\Bitstream] [HKLM\Software\Borland] [HKLM\Software\CXT] [HKLM\Software\Chicony Electronics Co.,Ltd.] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Debug] [HKLM\Software\DivXNetworks] [HKLM\Software\Electronic Arts] [HKLM\Software\FreeDownloadManager.ORG] [HKLM\Software\GNU] [HKLM\Software\Genesys Logic] [HKLM\Software\Google] [HKLM\Software\HP] [HKLM\Software\HaaliMkx] [HKLM\Software\Hewlett-Packard] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware (Trial)] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\MessengerPlusLive_Brazil_TB] [HKLM\Software\Messenger_Plus_Live_Brazil] [HKLM\Software\Mewsoft] [HKLM\Software\MimarSinan] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\Nero ShowTime] [HKLM\Software\NeroDigital] [HKLM\Software\Nero] [HKLM\Software\ODBC] [HKLM\Software\On2 Technologies] [HKLM\Software\Patchou] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Protexis] [HKLM\Software\RealNetworks] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RichFX] [HKLM\Software\SONIX] [HKLM\Software\SProsoft] [HKLM\Software\SUYIN] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Seminário DIPAM - 2011] [HKLM\Software\Skype] [HKLM\Software\SmartCom] [HKLM\Software\SmartPhones] [HKLM\Software\Sonic] [HKLM\Software\Sony Corporation] [HKLM\Software\Swearware] [HKLM\Software\Synaptics] [HKLM\Software\Thraex Software] [HKLM\Software\TrendMicro] [HKLM\Software\VDownloader] [HKLM\Software\Valve] [HKLM\Software\Volatile] [HKLM\Software\WinPcap] [HKLM\Software\Xing Technology Corp.] [HKLM\Software\Yahoo] [HKLM\Software\Yuan High-Tech] [HKLM\Software\acer] ~ Scan Softwares in 00mn AMs ---\\ Contents of the Common Files folders (O43) O43 - CFD: 3/15/2010 - 10:55:00 PM - [1.247] ----D- C:\Program Files\Acer O43 - CFD: 12/20/2011 - 3:20:34 PM - [1.859] ----D- C:\Program Files\ACER Crystal Eye webcam O43 - CFD: 11/27/2011 - 11:34:36 PM - [85.862] ----D- C:\Program Files\Ad-Remover O43 - CFD: 5/1/2010 - 12:10:52 PM - [147.355] ----D- C:\Program Files\Adobe O43 - CFD: 3/16/2010 - 1:23:44 AM - [249.003] ----D- C:\Program Files\Alwil Software O43 - CFD: 3/16/2010 - 3:17:44 AM - [63.512] ----D- C:\Program Files\AnvSoft O43 - CFD: 12/21/2011 - 2:08:18 PM - [2.827] ----D- C:\Program Files\Ask.com O43 - CFD: 4/30/2010 - 12:03:16 PM - [0.059] --H-D- C:\Program Files\Avago-HP O43 - CFD: 3/15/2010 - 10:56:48 PM - [0.570] ----D- C:\Program Files\AVerMedia O43 - CFD: 3/15/2010 - 11:05:54 PM - [0.749] ----D- C:\Program Files\Broadcom O43 - CFD: 11/27/2011 - 12:57:22 AM - [4.038] ----D- C:\Program Files\CCleaner O43 - CFD: 12/18/2011 - 9:26:16 PM - [510.565] ----D- C:\Program Files\Common Files O43 - CFD: 3/15/2010 - 11:03:02 PM - [0.711] ----D- C:\Program Files\CONEXANT O43 - CFD: 8/26/2010 - 7:10:56 PM - [24.727] ----D- C:\Program Files\DsNET Corp O43 - CFD: 3/15/2010 - 9:35:06 PM - [0.902] ----D- C:\Program Files\DVD Decrypter O43 - CFD: 3/15/2010 - 7:21:18 PM - [79.435] ----D- C:\Program Files\DVD Maker O43 - CFD: 9/17/2010 - 12:11:30 AM - [0] ----D- C:\Program Files\Electronic Arts O43 - CFD: 2/18/2011 - 9:56:50 AM - [18.696] ----D- C:\Program Files\Free Download Manager O43 - CFD: 12/6/2010 - 2:51:30 PM - [11.401] ----D- C:\Program Files\Free Screen Video Capture by Topviewsoft O43 - CFD: 12/21/2011 - 9:42:32 PM - [0] ----D- C:\Program Files\FreeTime O43 - CFD: 11/16/2011 - 10:48:10 PM - [434.310] ----D- C:\Program Files\Google O43 - CFD: 7/8/2011 - 8:58:20 AM - [325.472] ----D- C:\Program Files\HP O43 - CFD: 4/24/2011 - 11:58:22 PM - [3.021] ----D- C:\Program Files\Install Creator O43 - CFD: 9/17/2010 - 12:11:24 AM - [22.012] --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD: 3/15/2010 - 11:11:36 PM - [0.061] ----D- C:\Program Files\Intel O43 - CFD: 11/6/2011 - 7:05:16 AM - [5.593] ----D- C:\Program Files\Internet Explorer O43 - CFD: 12/18/2011 - 9:24:34 PM - [84.980] ----D- C:\Program Files\Java O43 - CFD: 1/3/2011 - 8:24:02 AM - [12.561] ----D- C:\Program Files\Messenger Plus! Live O43 - CFD: 1/3/2011 - 8:24:40 AM - [3.939] ----D- C:\Program Files\MessengerPlusLive_Brazil_TB O43 - CFD: 6/19/2010 - 8:11:58 PM - [2.591] ----D- C:\Program Files\Messenger_Plus_Live_Brazil O43 - CFD: 9/22/2011 - 7:16:24 PM - [0] ----D- C:\Program Files\Microsoft O43 - CFD: 7/14/2009 - 5:50:26 AM - [141.460] ----D- C:\Program Files\Microsoft Games O43 - CFD: 3/15/2010 - 7:35:02 PM - [613.101] ----D- C:\Program Files\Microsoft Office O43 - CFD: 9/2/2010 - 9:16:16 PM - [0.183] ----D- C:\Program Files\Microsoft SDKs O43 - CFD: 9/12/2011 - 9:01:58 AM - [36.499] ----D- C:\Program Files\Microsoft Silverlight O43 - CFD: 3/15/2010 - 7:34:12 PM - [0.014] ----D- C:\Program Files\Microsoft Visual Studio O43 - CFD: 3/15/2010 - 7:29:20 PM - [1.204] ----D- C:\Program Files\Microsoft Visual Studio 8 O43 - CFD: 9/2/2010 - 9:16:50 PM - [66.801] ----D- C:\Program Files\Microsoft Visual Studio 9.0 O43 - CFD: 3/22/2010 - 11:39:36 PM - [3.554] ----D- C:\Program Files\Microsoft Works O43 - CFD: 9/5/2010 - 2:48:06 PM - [0.934] ----D- C:\Program Files\Microsoft WSE O43 - CFD: 3/15/2010 - 7:32:16 PM - [7.801] ----D- C:\Program Files\Microsoft.NET O43 - CFD: 4/22/2011 - 2:06:26 AM - [0] ----D- C:\Program Files\Mozilla Firefox O43 - CFD: 3/15/2010 - 7:35:42 PM - [0.025] ----D- C:\Program Files\MSBuild O43 - CFD: 3/16/2010 - 3:27:28 AM - [0] ----D- C:\Program Files\MSXML 4.0 O43 - CFD: 3/15/2010 - 7:07:08 PM - [421.829] ----D- C:\Program Files\Nero O43 - CFD: 3/15/2010 - 7:12:18 PM - [0] ----D- C:\Program Files\NeroInstall.bak O43 - CFD: 3/16/2010 - 2:22:02 AM - [79.183] ----D- C:\Program Files\Real O43 - CFD: 3/15/2010 - 10:52:30 PM - [47.090] ----D- C:\Program Files\Realtek O43 - CFD: 7/14/2009 - 2:52:32 AM - [59.770] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 9/27/2010 - 3:55:24 PM - [24.354] R---D- C:\Program Files\Skype O43 - CFD: 1/29/2011 - 9:38:00 PM - [22.240] ----D- C:\Program Files\SPCP O43 - CFD: 12/4/2011 - 11:15:30 PM - [58.734] ----D- C:\Program Files\Spybot - Search & Destroy O43 - CFD: 3/15/2010 - 10:56:38 PM - [0] ----D- C:\Program Files\SUYIN O43 - CFD: 3/15/2010 - 11:03:58 PM - [13.486] ----D- C:\Program Files\Synaptics O43 - CFD: 5/20/2011 - 7:24:58 AM - [0.098] ----D- C:\Program Files\Task Solutions O43 - CFD: 7/14/2009 - 2:53:24 AM - [0] --H-D- C:\Program Files\Uninstall Information O43 - CFD: 5/27/2010 - 6:49:52 PM - [10.521] ----D- C:\Program Files\VDownloader O43 - CFD: 3/15/2010 - 11:11:16 PM - [0] ----D- C:\Program Files\Winbond Electronics O43 - CFD: 3/15/2010 - 7:21:18 PM - [2.989] ----D- C:\Program Files\Windows Defender O43 - CFD: 3/15/2010 - 7:21:18 PM - [6.788] ----D- C:\Program Files\Windows Journal O43 - CFD: 9/22/2011 - 8:13:48 PM - [48.199] ----D- C:\Program Files\Windows Live O43 - CFD: 9/22/2011 - 8:13:24 PM - [0.234] ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD: 5/12/2010 - 6:00:42 PM - [6.369] ----D- C:\Program Files\Windows Mail O43 - CFD: 9/8/2010 - 7:22:06 PM - [13.379] ----D- C:\Program Files\Windows Media Components O43 - CFD: 3/19/2010 - 12:53:12 AM - [6.417] ----D- C:\Program Files\Windows Media Player O43 - CFD: 7/14/2009 - 2:52:32 AM - [11.676] ----D- C:\Program Files\Windows NT O43 - CFD: 3/15/2010 - 7:21:18 PM - [4.248] ----D- C:\Program Files\Windows Photo Viewer O43 - CFD: 7/14/2009 - 2:52:34 AM - [0.181] ----D- C:\Program Files\Windows Portable Devices O43 - CFD: 3/15/2010 - 7:21:18 PM - [7.401] ----D- C:\Program Files\Windows Sidebar O43 - CFD: 8/26/2010 - 7:11:30 PM - [0.182] ----D- C:\Program Files\WinPcap O43 - CFD: 3/15/2010 - 7:27:30 PM - [3.774] ----D- C:\Program Files\WinRAR O43 - CFD: 1/10/2011 - 8:22:00 PM - [0] ----D- C:\Program Files\Wondershare O43 - CFD: 1/29/2012 - 11:07:32 AM - [10.098] ----D- C:\Program Files\ZHPDiag O43 - CFD: 10/19/2010 - 9:41:42 AM - [5.961] ----D- C:\Program Files\Common Files\Adobe O43 - CFD: 4/26/2010 - 3:58:56 PM - [7.320] ----D- C:\Program Files\Common Files\Borland Shared O43 - CFD: 3/15/2010 - 7:34:06 PM - [0.089] ----D- C:\Program Files\Common Files\DESIGNER O43 - CFD: 7/6/2011 - 8:28:48 AM - [5.080] ----D- C:\Program Files\Common Files\Hewlett-Packard O43 - CFD: 7/6/2011 - 8:29:20 AM - [5.403] ----D- C:\Program Files\Common Files\HP O43 - CFD: 12/18/2011 - 1:57:16 PM - [0] ----D- C:\Program Files\Common Files\INCA Shared O43 - CFD: 9/15/2010 - 8:25:48 AM - [3.655] ----D- C:\Program Files\Common Files\InstallShield O43 - CFD: 12/18/2011 - 9:26:16 PM - [1.201] ----D- C:\Program Files\Common Files\Java O43 - CFD: 10/10/2011 - 9:01:52 AM - [226.977] ----D- C:\Program Files\Common Files\microsoft shared O43 - CFD: 10/10/2011 - 9:01:52 AM - [0.622] ----D- C:\Program Files\Common Files\MSSoap O43 - CFD: 3/15/2010 - 7:09:46 PM - [134.482] ----D- C:\Program Files\Common Files\Nero O43 - CFD: 4/8/2010 - 11:30:02 PM - [20.498] ----D- C:\Program Files\Common Files\Real O43 - CFD: 7/14/2009 - 12:37:06 AM - [0.003] ----D- C:\Program Files\Common Files\Services O43 - CFD: 9/27/2010 - 3:55:04 PM - [2.036] ----D- C:\Program Files\Common Files\Skype O43 - CFD: 4/22/2011 - 4:20:48 AM - [0] ----D- C:\Program Files\Common Files\SmartCom O43 - CFD: 3/15/2010 - 10:55:58 PM - [4.501] ----D- C:\Program Files\Common Files\snp2uvc O43 - CFD: 7/14/2009 - 12:37:06 AM - [39.200] ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 7/31/2010 - 12:31:40 PM - [0] ----D- C:\Program Files\Common Files\SWF Studio O43 - CFD: 3/22/2010 - 11:36:52 PM - [45.637] ----D- C:\Program Files\Common Files\System O43 - CFD: 3/15/2010 - 7:30:34 PM - [0] ----D- C:\Program Files\Common Files\Windows Live O43 - CFD: 9/13/2011 - 11:05:54 AM - [7.564] ----D- C:\Program Files\Common Files\Wise Installation Wizard O43 - CFD: 4/8/2010 - 11:29:10 PM - [0.336] ----D- C:\Program Files\Common Files\xing shared O43 - CFD: 10/19/2010 - 9:41:42 AM - [0.001] ----D- C:\ProgramData\Adobe O43 - CFD: 3/16/2010 - 1:23:44 AM - [26.903] ----D- C:\ProgramData\Alwil Software O43 - CFD: 7/14/2009 - 2:53:56 AM - [0] -SH-D- C:\ProgramData\Application Data O43 - CFD: 12/18/2011 - 9:25:52 PM - [0] ----D- C:\ProgramData\Ask O43 - CFD: 9/2/2010 - 9:30:30 PM - [0.001] ----D- C:\ProgramData\Bitstream O43 - CFD: 9/14/2010 - 4:57:14 PM - [0] ----D- C:\ProgramData\Corel O43 - CFD: 7/14/2009 - 2:53:56 AM - [0] -SH-D- C:\ProgramData\Desktop O43 - CFD: 7/14/2009 - 2:53:56 AM - [0] -SH-D- C:\ProgramData\Documents O43 - CFD: 7/14/2009 - 2:53:56 AM - [0] -SH-D- C:\ProgramData\Favorites O43 - CFD: 10/17/2010 - 2:57:02 PM - [0.003] ----D- C:\ProgramData\FreeDownloadManager.ORG O43 - CFD: 9/22/2011 - 7:16:54 PM - [0.503] ----D- C:\ProgramData\Google O43 - CFD: 5/30/2010 - 10:26:38 AM - [0.679] ----D- C:\ProgramData\Hewlett-Packard O43 - CFD: 7/8/2011 - 9:25:02 AM - [30.591] ----D- C:\ProgramData\HP O43 - CFD: 7/8/2011 - 1:55:20 AM - [0.009] ----D- C:\ProgramData\HP Product Assistant O43 - CFD: 9/11/2011 - 5:44:10 PM - [9.403] ----D- C:\ProgramData\Malwarebytes O43 - CFD: 3/1/2011 - 4:15:26 PM - [0.201] ----D- C:\ProgramData\Messenger Plus! O43 - CFD: 9/22/2011 - 8:02:44 PM - [-1492.899] -S--D- C:\ProgramData\Microsoft O43 - CFD: 9/25/2010 - 10:05:42 AM - [0.522] ----D- C:\ProgramData\Microsoft Help O43 - CFD: 3/15/2010 - 7:07:08 PM - [5.403] ----D- C:\ProgramData\Nero O43 - CFD: 3/22/2010 - 11:44:52 PM - [0.001] ----D- C:\ProgramData\Office Genuine Advantage O43 - CFD: 9/2/2010 - 9:37:16 PM - [0.003] ----D- C:\ProgramData\Protexis O43 - CFD: 1/13/2011 - 8:19:44 AM - [1.398] ----D- C:\ProgramData\Real O43 - CFD: 9/27/2010 - 3:55:02 PM - [23.425] ----D- C:\ProgramData\Skype O43 - CFD: 12/7/2011 - 10:00:04 PM - [0.119] ----D- C:\ProgramData\Spybot - Search & Destroy O43 - CFD: 7/14/2009 - 2:53:56 AM - [0] -SH-D- C:\ProgramData\Start Menu O43 - CFD: 12/18/2011 - 9:26:18 PM - [0.000] ----D- C:\ProgramData\Sun O43 - CFD: 7/14/2009 - 2:53:56 AM - [0] -SH-D- C:\ProgramData\Templates O43 - CFD: 7/6/2011 - 2:17:28 PM - [0.000] ----D- C:\ProgramData\WEBREG O43 - CFD: 4/8/2010 - 10:59:42 PM - [0.002] ----D- C:\ProgramData\Windows Genuine Advantage O43 - CFD: 12/6/2010 - 2:39:50 PM - [0.002] ----D- C:\ProgramData\{6DEF1B17-CC6C-90D8-5A35-DB37528B7D0E} O43 - CFD: 12/18/2011 - 9:35:32 PM - [84.077] ----D- C:\Users\Nando\AppData\Roaming\.minecraft O43 - CFD: 6/16/2010 - 6:55:04 PM - [2.693] ----D- C:\Users\Nando\AppData\Roaming\Adobe O43 - CFD: 3/16/2010 - 3:17:48 AM - [0.207] ----D- C:\Users\Nando\AppData\Roaming\AnvSoft O43 - CFD: 9/8/2010 - 8:58:14 PM - [113.952] ----D- C:\Users\Nando\AppData\Roaming\Corel O43 - CFD: 5/27/2010 - 7:19:38 PM - [0] ----D- C:\Users\Nando\AppData\Roaming\DivX O43 - CFD: 9/22/2011 - 7:31:12 PM - [0.084] ----D- C:\Users\Nando\AppData\Roaming\Free Download Manager O43 - CFD: 4/8/2010 - 9:31:36 PM - [0] ----D- C:\Users\Nando\AppData\Roaming\Google O43 - CFD: 7/8/2011 - 2:11:40 AM - [0.170] ----D- C:\Users\Nando\AppData\Roaming\HP O43 - CFD: 3/15/2010 - 4:07:48 PM - [0] ----D- C:\Users\Nando\AppData\Roaming\Identities O43 - CFD: 3/15/2010 - 10:53:00 PM - [0] ----D- C:\Users\Nando\AppData\Roaming\InstallShield O43 - CFD: 3/16/2010 - 12:43:30 AM - [0.001] ----D- C:\Users\Nando\AppData\Roaming\Macromedia O43 - CFD: 9/11/2011 - 5:44:20 PM - [2.622] ----D- C:\Users\Nando\AppData\Roaming\Malwarebytes O43 - CFD: 7/14/2009 - 5:48:46 AM - [0] ----D- C:\Users\Nando\AppData\Roaming\Media Center Programs O43 - CFD: 10/10/2011 - 8:56:54 AM - [7.408] -S--D- C:\Users\Nando\AppData\Roaming\Microsoft O43 - CFD: 3/15/2010 - 8:54:04 PM - [0.543] ----D- C:\Users\Nando\AppData\Roaming\Nero O43 - CFD: 1/13/2011 - 8:19:38 AM - [2.991] ----D- C:\Users\Nando\AppData\Roaming\Real O43 - CFD: 9/14/2010 - 4:53:42 PM - [0] R---D- C:\Users\Nando\AppData\Roaming\SecuROM O43 - CFD: 7/2/2011 - 7:16:44 PM - [8.697] ----D- C:\Users\Nando\AppData\Roaming\Skype O43 - CFD: 7/2/2011 - 7:09:28 PM - [0.008] ----D- C:\Users\Nando\AppData\Roaming\skypePM O43 - CFD: 9/1/2010 - 7:49:12 PM - [0.175] ----D- C:\Users\Nando\AppData\Roaming\Sony Corporation O43 - CFD: 3/16/2010 - 12:50:52 AM - [0] ----D- C:\Users\Nando\AppData\Roaming\Yahoo! O43 - CFD: 10/19/2010 - 9:41:20 AM - [0.083] ----D- C:\Users\Nando\AppData\Local\Adobe O43 - CFD: 3/15/2010 - 11:37:00 PM - [5.346] ----D- C:\Users\Nando\AppData\Local\Ahead O43 - CFD: 12/21/2011 - 2:07:16 PM - [0.148] ----D- C:\Users\Nando\AppData\Local\APN O43 - CFD: 3/15/2010 - 4:07:22 PM - [0] -SH-D- C:\Users\Nando\AppData\Local\Application Data O43 - CFD: 11/27/2011 - 12:45:22 AM - [0] ----D- C:\Users\Nando\AppData\Local\Apps O43 - CFD: 6/3/2010 - 11:48:04 AM - [0.026] ----D- C:\Users\Nando\AppData\Local\Ares O43 - CFD: 7/13/2010 - 12:44:50 PM - [0] ----D- C:\Users\Nando\AppData\Local\Diagnostics O43 - CFD: 9/22/2011 - 7:16:54 PM - [-856.530] ----D- C:\Users\Nando\AppData\Local\Google O43 - CFD: 3/15/2010 - 4:07:22 PM - [0] -SH-D- C:\Users\Nando\AppData\Local\History O43 - CFD: 7/6/2011 - 2:22:50 PM - [5.499] ----D- C:\Users\Nando\AppData\Local\HP O43 - CFD: 9/22/2011 - 7:45:10 PM - [155.372] ----D- C:\Users\Nando\AppData\Local\Microsoft O43 - CFD: 9/27/2010 - 3:38:56 PM - [0.066] ----D- C:\Users\Nando\AppData\Local\Microsoft Games O43 - CFD: 5/23/2010 - 3:36:28 PM - [0.296] ----D- C:\Users\Nando\AppData\Local\Microsoft Help O43 - CFD: 3/15/2010 - 11:34:36 PM - [0.061] ----D- C:\Users\Nando\AppData\Local\Nero O43 - CFD: 3/16/2010 - 2:23:28 AM - [0] ----D- C:\Users\Nando\AppData\Local\Real O43 - CFD: 4/22/2011 - 2:43:00 AM - [0] ----D- C:\Users\Nando\AppData\Local\SmartCom O43 - CFD: 1/29/2012 - 10:57:36 AM - [189.103] ----D- C:\Users\Nando\AppData\Local\Temp O43 - CFD: 3/15/2010 - 4:07:22 PM - [0] -SH-D- C:\Users\Nando\AppData\Local\Temporary Internet Files O43 - CFD: 5/27/2010 - 7:09:44 PM - [0.010] ----D- C:\Users\Nando\AppData\Local\VDownloader O43 - CFD: 3/16/2010 - 2:28:08 AM - [0.009] ----D- C:\Users\Nando\AppData\Local\VirtualStore O43 - CFD: 9/22/2011 - 6:51:00 PM - [0.055] ----D- C:\Users\Nando\AppData\Local\Windows Live O43 - CFD: 9/21/2011 - 10:05:14 AM - [0] ----D- C:\Users\Nando\AppData\Local\{046082EA-807B-4094-886E-7E01016569F5} O43 - CFD: 9/14/2011 - 2:08:08 PM - [0] ----D- C:\Users\Nando\AppData\Local\{05604CFF-524F-4E0C-ADFB-259F97E27D95} O43 - CFD: 9/21/2011 - 8:49:52 AM - [0] ----D- C:\Users\Nando\AppData\Local\{116B73D7-D26D-4B49-B570-E031645A3245} O43 - CFD: 9/13/2011 - 9:12:46 AM - [0] ----D- C:\Users\Nando\AppData\Local\{26ECF7FC-D5A0-4E9D-A257-8FBEF8BC87EB} O43 - CFD: 9/20/2011 - 8:41:42 AM - [0] ----D- C:\Users\Nando\AppData\Local\{27F597C3-B8E8-47B1-81A2-696FC8DB13C0} O43 - CFD: 9/19/2011 - 12:38:08 AM - [0] ----D- C:\Users\Nando\AppData\Local\{2B85B32E-BAB7-47B6-8AEA-FBE33F639E3D} O43 - CFD: 9/21/2011 - 12:29:32 PM - [0] ----D- C:\Users\Nando\AppData\Local\{3728F549-E190-4D9A-A0FA-E4809F7944D9} O43 - CFD: 9/19/2011 - 12:37:50 AM - [0] ----D- C:\Users\Nando\AppData\Local\{37724C05-9777-465D-9493-C192BD54B99F} O43 - CFD: 9/22/2011 - 12:45:00 AM - [0] ----D- C:\Users\Nando\AppData\Local\{3D682031-F8C8-4947-8C4E-23BF2F470009} O43 - CFD: 9/18/2011 - 12:37:06 PM - [0] ----D- C:\Users\Nando\AppData\Local\{42AFC611-F25F-42F8-9891-2E397F341F82} O43 - CFD: 9/15/2011 - 9:43:12 AM - [0] ----D- C:\Users\Nando\AppData\Local\{4B2962C7-AC4D-4989-9B3F-AAE46D615BF2} O43 - CFD: 9/12/2011 - 2:30:42 PM - [0] ----D- C:\Users\Nando\AppData\Local\{4BFFD625-8FC7-4A51-90E6-8730D948255C} O43 - CFD: 9/16/2011 - 9:04:18 AM - [0] ----D- C:\Users\Nando\AppData\Local\{51A0C60C-7AED-4607-A787-5A2946D7AAEC} O43 - CFD: 9/15/2011 - 9:48:40 AM - [0] ----D- C:\Users\Nando\AppData\Local\{5AF5A587-AEE5-42A5-B2AA-7369246F77EC} O43 - CFD: 9/17/2011 - 9:37:36 AM - [0] ----D- C:\Users\Nando\AppData\Local\{5D11D9C8-38CD-429C-8B18-B4E336AB1AC8} O43 - CFD: 9/15/2011 - 9:42:40 AM - [0] ----D- C:\Users\Nando\AppData\Local\{6027B9E5-8501-41A1-BAD0-001FB7CB2060} O43 - CFD: 9/18/2011 - 12:36:48 PM - [0] ----D- C:\Users\Nando\AppData\Local\{60388DD4-756C-4500-9E85-D14901684FB0} O43 - CFD: 9/13/2011 - 9:14:46 PM - [0] ----D- C:\Users\Nando\AppData\Local\{652293CE-589A-478D-84AE-24620A1E670D} O43 - CFD: 9/17/2011 - 9:36:48 AM - [0] ----D- C:\Users\Nando\AppData\Local\{76C56283-C926-4AF6-8255-9F6FCCA6FD63} O43 - CFD: 9/18/2011 - 12:35:30 AM - [0] ----D- C:\Users\Nando\AppData\Local\{855E023A-00FC-4AD9-9F9E-196D6342F77E} O43 - CFD: 9/14/2011 - 2:08:28 PM - [0] ----D- C:\Users\Nando\AppData\Local\{8A2C938D-3951-4B07-9A30-122014A30AC9} O43 - CFD: 9/20/2011 - 8:41:14 AM - [0] ----D- C:\Users\Nando\AppData\Local\{8C966EC0-C3CF-4681-AE5C-2A5FF841CC8F} O43 - CFD: 9/18/2011 - 12:36:10 AM - [0] ----D- C:\Users\Nando\AppData\Local\{92125557-8547-4F46-BD7F-54BC003919CC} O43 - CFD: 9/22/2011 - 6:50:44 PM - [0] ----D- C:\Users\Nando\AppData\Local\{9899A81A-2657-4D90-A7A4-EF6ABC328158} O43 - CFD: 9/21/2011 - 10:04:54 AM - [0] ----D- C:\Users\Nando\AppData\Local\{B5B0DA6D-58D3-4E90-9D06-68047ACF7565} O43 - CFD: 9/19/2011 - 12:38:50 PM - [0] ----D- C:\Users\Nando\AppData\Local\{BE2C42BD-32D8-4AA3-9FF9-6DBA38AC3D4C} O43 - CFD: 9/13/2011 - 9:14:24 PM - [0] ----D- C:\Users\Nando\AppData\Local\{C7960776-6397-4EED-A33B-4F0325FB80E0} O43 - CFD: 9/14/2011 - 1:13:42 PM - [0] ----D- C:\Users\Nando\AppData\Local\{C9466B6D-19A1-48CF-A547-C91D96C9D157} O43 - CFD: 9/22/2011 - 12:44:44 AM - [0] ----D- C:\Users\Nando\AppData\Local\{D7C95547-F3EB-40DE-8B0E-84872F3095DA} O43 - CFD: 9/13/2011 - 9:13:38 AM - [0] ----D- C:\Users\Nando\AppData\Local\{E4E3B9BB-A563-48AC-A038-FD905F68A08E} O43 - CFD: 9/16/2011 - 9:04:38 AM - [0] ----D- C:\Users\Nando\AppData\Local\{E7531785-1609-4ABC-9F4B-BFEFC3FD722A} O43 - CFD: 9/21/2011 - 12:29:44 PM - [0] ----D- C:\Users\Nando\AppData\Local\{F08D2B32-9935-4383-BE08-16491B8A803E} O43 - CFD: 9/19/2011 - 12:39:00 PM - [0] ----D- C:\Users\Nando\AppData\Local\{F272872F-94F6-4DF1-B36F-C4EF78A37145} O43 - CFD: 9/12/2011 - 2:31:16 PM - [0] ----D- C:\Users\Nando\AppData\Local\{F9FB566A-622F-4A76-A7DC-F0AD8B091C50} O43 - CFD: 9/22/2011 - 6:50:56 PM - [0] ----D- C:\Users\Nando\AppData\Local\{FB5335F9-AA09-4746-B65F-53C87CDA6B9C} O43 - CFD: 2/19/2010 - 2:51:20 AM - [7.815] ----D- C:\Program Files (x86)\Alcohol Soft O43 - CFD: 3/8/2010 - 9:10:14 PM - [2.221] ----D- C:\Program Files (x86)\AnyToISO O43 - CFD: 2/25/2010 - 12:29:08 PM - [4.626] ----D- C:\Program Files (x86)\ArduoPdfMerger O43 - CFD: 3/8/2010 - 9:26:00 PM - [2.027] ----D- C:\Program Files (x86)\Clickable Card O43 - CFD: 2/25/2010 - 2:12:40 PM - [1.371] ----D- C:\Program Files (x86)\clock-desktop O43 - CFD: 3/8/2010 - 9:01:16 PM - [0.516] ----D- C:\Program Files (x86)\CNC Freak O43 - CFD: 3/14/2010 - 1:19:30 PM - [362.755] ----D- C:\Program Files (x86)\Common Files O43 - CFD: 2/25/2010 - 1:22:08 PM - [11.057] ----D- C:\Program Files (x86)\Dream Aquarium O43 - CFD: 3/14/2010 - 3:11:54 PM - [0.902] ----D- C:\Program Files (x86)\DVD Decrypter O43 - CFD: 2/18/2010 - 11:30:06 PM - [-317.903] ----D- C:\Program Files (x86)\EA SPORTS O43 - CFD: 2/18/2010 - 7:35:54 PM - [5.260] ----D- C:\Program Files (x86)\Elaborate Bytes O43 - CFD: 3/8/2010 - 8:34:28 PM - [67.561] ----D- C:\Program Files (x86)\Estúdio de Arte O43 - CFD: 3/8/2010 - 8:58:58 PM - [24.370] ----D- C:\Program Files (x86)\GameTop.com O43 - CFD: 2/18/2010 - 6:00:30 PM - [12.778] ----D- C:\Program Files (x86)\GetData O43 - CFD: 2/26/2010 - 2:44:50 PM - [3.499] ----D- C:\Program Files (x86)\HP O43 - CFD: 2/19/2010 - 3:00:54 AM - [10.151] ----D- C:\Program Files (x86)\InfraRecorder O43 - CFD: 3/14/2010 - 9:26:34 AM - [5.715] --H-D- C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 2/28/2010 - 7:12:44 PM - [10.573] ----D- C:\Program Files (x86)\InstantMask 1.2 O43 - CFD: 3/8/2010 - 11:45:36 PM - [4.391] ----D- C:\Program Files (x86)\Internet Explorer O43 - CFD: 2/25/2010 - 2:33:28 AM - [86.266] ----D- C:\Program Files (x86)\Java O43 - CFD: 3/8/2010 - 8:53:48 PM - [51.947] ----D- C:\Program Files (x86)\K-Lite Codec Pack O43 - CFD: 2/25/2010 - 1:21:18 PM - [247.545] ----D- C:\Program Files (x86)\Microsoft Office O43 - CFD: 2/25/2010 - 1:19:38 PM - [0.301] ----D- C:\Program Files (x86)\Microsoft.NET O43 - CFD: 11/2/2006 - 1:06:38 PM - [0.012] ----D- C:\Program Files (x86)\MSBuild O43 - CFD: 11/2/2006 - 1:06:38 PM - [3.121] ----D- C:\Program Files (x86)\MSN O43 - CFD: 2/25/2010 - 1:42:10 PM - [2.436] ----D- C:\Program Files (x86)\Online_Radio_Brazil O43 - CFD: 3/8/2010 - 9:30:36 PM - [21.131] ----D- C:\Program Files (x86)\PhotoScape O43 - CFD: 2/25/2010 - 6:42:12 AM - [17.435] ----D- C:\Program Files (x86)\plasq O43 - CFD: 11/2/2006 - 1:06:38 PM - [24.469] ----D- C:\Program Files (x86)\Reference Assemblies O43 - CFD: 2/22/2010 - 11:12:34 AM - [0.980] ----D- C:\Program Files (x86)\Scpad O43 - CFD: 2/18/2010 - 7:04:46 PM - [0] ----D- C:\Program Files (x86)\SlySoft O43 - CFD: 2/25/2010 - 3:07:16 AM - [4.805] ----D- C:\Program Files (x86)\Smart PC Utilities O43 - CFD: 3/8/2010 - 8:57:04 PM - [1.286] ----D- C:\Program Files (x86)\TouchStoneSoftware O43 - CFD: 11/2/2006 - 1:33:58 PM - [0] --H-D- C:\Program Files (x86)\Uninstall Information O43 - CFD: 3/8/2010 - 8:50:48 PM - [16.556] ----D- C:\Program Files (x86)\Visagesoft O43 - CFD: 3/8/2010 - 8:49:02 PM - [2.390] ----D- C:\Program Files (x86)\VS Revo Group O43 - CFD: 2/22/2010 - 5:32:22 AM - [0.970] ----D- C:\Program Files (x86)\Windows Calendar O43 - CFD: 11/2/2006 - 1:06:38 PM - [0.051] ----D- C:\Program Files (x86)\Windows Collaboration O43 - CFD: 11/2/2006 - 1:15:44 PM - [0.469] ----D- C:\Program Files (x86)\Windows Defender O43 - CFD: 3/14/2010 - 9:55:46 AM - [2.777] ----D- C:\Program Files (x86)\Windows Live O43 - CFD: 2/19/2010 - 4:05:32 AM - [0.234] ----D- C:\Program Files (x86)\Windows Live SkyDrive O43 - CFD: 3/14/2010 - 8:19:16 PM - [8.450] ----D- C:\Program Files (x86)\Windows Mail O43 - CFD: 2/22/2010 - 5:32:34 AM - [2.865] ----D- C:\Program Files (x86)\Windows Media Player O43 - CFD: 11/2/2006 - 1:06:38 PM - [7.572] ----D- C:\Program Files (x86)\Windows NT O43 - CFD: 11/2/2006 - 1:15:44 PM - [12.835] ----D- C:\Program Files (x86)\Windows Photo Gallery O43 - CFD: 2/22/2010 - 5:32:16 AM - [6.201] ----D- C:\Program Files (x86)\Windows Sidebar O43 - CFD: 2/18/2010 - 8:07:06 PM - [4.821] ----D- C:\Program Files (x86)\WinRAR O43 - CFD: 2/28/2010 - 7:14:18 PM - [0.051] ----D- C:\Program Files (x86)\Common Files\Adobe O43 - CFD: 3/15/2010 - 10:57:10 AM - [3.690] ----D- C:\Program Files (x86)\Common Files\Akamai O43 - CFD: 2/25/2010 - 1:21:12 PM - [0.082] ----D- C:\Program Files (x86)\Common Files\DESIGNER O43 - CFD: 3/1/2010 - 4:37:46 AM - [7.759] ----D- C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 3/14/2010 - 3:10:32 PM - [274.674] ----D- C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 11/2/2006 - 11:33:54 AM - [0.003] ----D- C:\Program Files (x86)\Common Files\Services O43 - CFD: 3/1/2010 - 4:36:58 AM - [4.499] ----D- C:\Program Files (x86)\Common Files\snp2uvc O43 - CFD: 11/2/2006 - 11:33:54 AM - [39.197] ----D- C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 2/25/2010 - 1:20:08 PM - [21.631] ----D- C:\Program Files (x86)\Common Files\System O43 - CFD: 2/19/2010 - 3:14:10 AM - [0] ----D- C:\Program Files (x86)\Common Files\Windows Live O43 - CFD: 2/25/2010 - 6:41:16 AM - [11.170] ----D- C:\Program Files (x86)\Common Files\Wise Installation Wizard ~ Scan Program Folder in 02mn AMs ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.4D763111148A03AF466358C860928BAF] - 1/12/2012 - 2:45:56 PM ---A- . (...) -- C:\simples nacional marcilio.pdf [18426] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1/16/2012 - 6:29:13 AM ---A- . (...) -- C:\Windows\setuperr.log [0] O44 - LFC:[MD5.C7F5D13F2354473E8FE5F478F3D65627] - 1/24/2012 - 9:08:11 AM ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1528060] O44 - LFC:[MD5.C85EA90FCFDE407EC3942BEA86F1F182] - 1/24/2012 - 9:08:11 AM ---A- . (...) -- C:\Windows\system32\perfc009.dat [108438] O44 - LFC:[MD5.663324E6B9EE9BCA9F61A392FB9B6BE4] - 1/24/2012 - 9:08:11 AM ---A- . (...) -- C:\Windows\system32\perfh009.dat [618862] O44 - LFC:[MD5.759E2957E92165E54CB3F39280468118] - 1/24/2012 - 9:08:11 AM ---A- . (...) -- C:\Windows\system32\prfc0416.dat [130806] O44 - LFC:[MD5.5E2FE275E6DE5EB6C545FBEB54553C28] - 1/24/2012 - 9:08:11 AM ---A- . (...) -- C:\Windows\system32\prfh0416.dat [666868] O44 - LFC:[MD5.9A9BC186615A6C5B45D552A15D39266D] - 1/28/2012 - 5:32:42 PM ---A- . (...) -- C:\hijackthis.log [8543] O44 - LFC:[MD5.8F1DE2DC2767F904110F993733509545] - 1/29/2012 - 9:28:30 AM -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.12EBDD712ECDF51877AA010450CB1100] - 1/29/2012 - 9:28:32 AM ---A- . (...) -- C:\Windows\setupact.log [1064] O44 - LFC:[MD5.0283C05DEB2A7677EAAEE2856654E465] - 1/29/2012 - 9:32:01 AM ---A- . (...) -- C:\Windows\WindowsUpdate.log [1914462] O44 - LFC:[MD5.EBA1D8515B897E5DF38CBFB600552D30] - 1/29/2012 - 9:37:00 AM ---A- . (...) -- C:\Rapport Gabkiller.txt [4949] ~ Scan Files in 07mn AMs ---\\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.78F33122FB14656F9E1E4DAEA7D57D71] - 1/11/2012 - 5:06:18 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-7CAECD06.pf O45 - LFCP:[MD5.3EA15718FEA41463B159BD65CA53C928] - 1/13/2012 - 11:33:49 PM ---A- - C:\Windows\Prefetch\SF.BIN-456FBC87.pf O45 - LFCP:[MD5.E882648D05D8D3690D582647589A71D3] - 1/13/2012 - 3:29:35 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-80CB30A5.pf O45 - LFCP:[MD5.632D5F254C648CE6C5514B4582DCB470] - 1/13/2012 - 3:53:41 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-DCF2F989.pf O45 - LFCP:[MD5.39049D2702AC3ACDE319F87CA56561C0] - 1/15/2012 - 5:25:58 PM ---A- - C:\Windows\Prefetch\CONTROL.EXE-9459D5A0.pf O45 - LFCP:[MD5.F6C3DFB8E0CAF0F2B603144FA0BB4D19] - 1/16/2012 - 10:11:32 AM ---A- - C:\Windows\Prefetch\GOOGLEEARTH.EXE-C7C9B977.pf O45 - LFCP:[MD5.8FB15C9C3B6FD7768CF3D06BF9E5C904] - 1/16/2012 - 1:05:41 PM ---A- - C:\Windows\Prefetch\HPQSSUPPLY.EXE-DD2A6E62.pf O45 - LFCP:[MD5.F6EB8541F7A3CDB247147B7052771D87] - 1/17/2012 - 1:10:58 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-59A851AE.pf O45 - LFCP:[MD5.54D602B46D4BDC643F9B8633025A53FD] - 1/17/2012 - 9:00:01 AM ---A- - C:\Windows\Prefetch\SDCLT.EXE-2D2C4DDD.pf O45 - LFCP:[MD5.76132AB64613E27B955CCB9B72C6AA4A] - 1/18/2012 - 6:59:08 AM ---A- - C:\Windows\Prefetch\SF.BIN-1AF3CDC8.pf O45 - LFCP:[MD5.E88D9BF2945B69695F445FBDE6C08960] - 1/18/2012 - 7:15:45 AM ---A- - C:\Windows\Prefetch\SIDEBAR.EXE-3A7B3FCC.pf O45 - LFCP:[MD5.A1E96EA75931DB71E569BD0B652C1663] - 1/2/2012 - 2:06:42 PM ---A- - C:\Windows\Prefetch\AgCx_SC2.db O45 - LFCP:[MD5.4928E11F71258E5262C5CA08ED3C6360] - 1/20/2012 - 1:36:47 PM ---A- - C:\Windows\Prefetch\SVCHOST.EXE-F0782E95.pf O45 - LFCP:[MD5.9880B01C36E94DB76A825FBD7846E1AC] - 1/20/2012 - 2:02:39 PM ---A- - C:\Windows\Prefetch\HPQDIREC.EXE-0842EF10.pf O45 - LFCP:[MD5.5A45DCD1D002B6FBC57792319CEE3D1F] - 1/20/2012 - 2:02:42 PM ---A- - C:\Windows\Prefetch\HPQGPC01.EXE-2F9CBF44.pf O45 - LFCP:[MD5.C80B93C958F282811EB51F44E8C3E7B8] - 1/20/2012 - 2:02:42 PM ---A- - C:\Windows\Prefetch\HPQSTE08.EXE-2C76ABC1.pf O45 - LFCP:[MD5.7F9213F1549E2CB2B9682E0E5D9E9795] - 1/20/2012 - 2:02:43 PM ---A- - C:\Windows\Prefetch\HPQBAM08.EXE-F839B01D.pf O45 - LFCP:[MD5.B7B54E1D5D7478DB3A59AF14A14DCA23] - 1/20/2012 - 2:34:46 PM ---A- - C:\Windows\Prefetch\DOCPROC.EXE-F1568757.pf O45 - LFCP:[MD5.655FFB2C38764624BE49D8349312989F] - 1/20/2012 - 2:34:49 PM ---A- - C:\Windows\Prefetch\HPQKYGRP.EXE-EDA025B6.pf O45 - LFCP:[MD5.BBB4D6573F413ACFFC774B346DE091DD] - 1/20/2012 - 2:34:50 PM ---A- - C:\Windows\Prefetch\HPQDSTCP.EXE-9D27DC03.pf O45 - LFCP:[MD5.897D38598353E20A7794E54DAAA1A2E8] - 1/20/2012 - 2:36:11 PM ---A- - C:\Windows\Prefetch\HPISCNAPP.EXE-C8B7B25E.pf O45 - LFCP:[MD5.507FD6F38E63E62E3142652913CA307A] - 1/20/2012 - 6:47:49 AM ---A- - C:\Windows\Prefetch\SF.BIN-BA44433F.pf O45 - LFCP:[MD5.228A567D3AE4BAB8AD9273B3E245BC15] - 1/23/2012 - 12:12:04 PM ---A- - C:\Windows\Prefetch\HPSWP_CLIPBOOK.EXE-16E63887.pf O45 - LFCP:[MD5.6CCCF915683C43F264F29A66AC7BFB5C] - 1/23/2012 - 12:13:24 PM ---A- - C:\Windows\Prefetch\WLLOGINPROXY.EXE-E9051163.pf O45 - LFCP:[MD5.CC1C10865153F2C7249927058A396E36] - 1/23/2012 - 12:59:01 PM ---A- - C:\Windows\Prefetch\SKYPENAMES2.EXE-9C9B11B0.pf O45 - LFCP:[MD5.B823469820F3A1073D01E1781A7C59D9] - 1/23/2012 - 12:59:02 PM ---A- - C:\Windows\Prefetch\REALUPGRADE.EXE-3EAD5EB9.pf O45 - LFCP:[MD5.75280A4F675A44266C163F3C9C6DF851] - 1/23/2012 - 3:05:06 PM ---A- - C:\Windows\Prefetch\SNDVOL.EXE-783DCB11.pf O45 - LFCP:[MD5.BDFC0FB2857A50A6AD65E686A410BFA3] - 1/23/2012 - 9:28:29 AM ---A- - C:\Windows\Prefetch\JUSCHED.EXE-07F32FAE.pf O45 - LFCP:[MD5.1D2CAB29A5C787B655FEAEB28E7084DF] - 1/23/2012 - 9:28:30 AM ---A- - C:\Windows\Prefetch\MSNMSGR.EXE-DD43BBF4.pf O45 - LFCP:[MD5.C1500CC3FCDE6F7593C7480C2488E4EE] - 1/24/2012 - 12:54:12 PM ---A- - C:\Windows\Prefetch\WMPLAYER.EXE-9DE758AE.pf O45 - LFCP:[MD5.5FF35881E84DF52CC2A71B4F5EE7AE09] - 1/24/2012 - 1:14:55 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-574AFF0B.pf O45 - LFCP:[MD5.776E87A6AC41239B3B9E5ECDC5BDD098] - 1/24/2012 - 1:40:33 PM ---A- - C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-5B0FD533.pf O45 - LFCP:[MD5.96FE3E8CFF0B14BD51524CF5CB8E87E7] - 1/24/2012 - 7:21:13 AM ---A- - C:\Windows\Prefetch\POWERCFG.EXE-37D2B69C.pf O45 - LFCP:[MD5.7F731981E68F710A7A1FDD796D8DFDC9] - 1/24/2012 - 8:11:40 AM ---A- - C:\Windows\Prefetch\SF.BIN-7DE824B9.pf O45 - LFCP:[MD5.F96CD407F2079F2F1967044AA6D5A781] - 1/25/2012 - 10:04:17 AM ---A- - C:\Windows\Prefetch\CHROME.EXE-0548EF22.pf O45 - LFCP:[MD5.240A12B3FA42840FAB4876F6EE85338B] - 1/25/2012 - 10:05:30 AM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-FDEF10C4.pf O45 - LFCP:[MD5.47D47BED52808DE9D6D1C2B4358A9EAF] - 1/25/2012 - 3:18:02 PM ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx O45 - LFCP:[MD5.84817DDECE8EC61005E455D77DB680A0] - 1/25/2012 - 3:18:03 PM ---A- - C:\Windows\Prefetch\UTILMAN.EXE-6DAF08F5.pf O45 - LFCP:[MD5.6A6F5A04B66FAD3CBA7A8F905D3B699E] - 1/25/2012 - 3:18:05 PM ---A- - C:\Windows\Prefetch\SMSS.EXE-1DCD0EB1.pf O45 - LFCP:[MD5.D4D372C87ABD3280FC7276F2C901E0CD] - 1/25/2012 - 3:18:07 PM ---A- - C:\Windows\Prefetch\AgCx_S1_S-1-5-21-1593618484-1684749056-4021839093-501.snp.db O45 - LFCP:[MD5.97DAF4057BF79D50DA22C12D30DA7703] - 1/25/2012 - 3:18:15 PM ---A- - C:\Windows\Prefetch\CSRSS.EXE-8C04D631.pf O45 - LFCP:[MD5.FE76C8A020DA921989B89B2C23EDAED8] - 1/25/2012 - 3:18:15 PM ---A- - C:\Windows\Prefetch\WINLOGON.EXE-8163EECC.pf O45 - LFCP:[MD5.B0C8E8BC0170FF04FFF3500F7BD7BDD7] - 1/25/2012 - 3:19:03 PM ---A- - C:\Windows\Prefetch\AgCx_SC1.db O45 - LFCP:[MD5.B6EA752A7BDA0C947E5FE9CAAA17A0F9] - 1/25/2012 - 3:19:03 PM ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1593618484-1684749056-4021839093-501.db O45 - LFCP:[MD5.40B49BCB9B5CF635715C77E2CDFD2413] - 1/25/2012 - 3:19:03 PM ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1593618484-1684749056-4021839093-501.db O45 - LFCP:[MD5.83EAF3A6864528D616DFE5B532230199] - 1/25/2012 - 3:19:05 PM ---A- - C:\Windows\Prefetch\RUNONCE.EXE-E33ED995.pf O45 - LFCP:[MD5.1219268CC5676EDD91AE3EBB203CF4CD] - 1/25/2012 - 9:16:56 AM ---A- - C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf O45 - LFCP:[MD5.A1DFE404CFFD994F4520E3A00908EF92] - 1/25/2012 - 9:17:07 AM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-8088E605.pf O45 - LFCP:[MD5.433A28F91B49BE3ED11B2A99CEBED009] - 1/26/2012 - 1:23:25 PM ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf O45 - LFCP:[MD5.9EC2E6A14A6CD1121611E80CD922D75B] - 1/26/2012 - 1:24:29 PM ---A- - C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf O45 - LFCP:[MD5.F17629721257DCC1C2330E651E37DCF4] - 1/26/2012 - 1:51:45 PM ---A- - C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf O45 - LFCP:[MD5.7BDD9749FB0AB74EEC627E488ABA4B85] - 1/26/2012 - 1:51:46 PM ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf O45 - LFCP:[MD5.3FF61EEDD5A631B4B316678BF77BC5EF] - 1/26/2012 - 1:58:46 PM ---A- - C:\Windows\Prefetch\SF.BIN-53FC9690.pf O45 - LFCP:[MD5.5147285F6AC7C6F3A0EA90E1CE94BCA4] - 1/26/2012 - 2:01:40 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-85E123DD.pf O45 - LFCP:[MD5.2309F280FAB6A4A0050C80588E7BB49C] - 1/26/2012 - 2:01:47 PM ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-67CD1457.pf O45 - LFCP:[MD5.E49025F68959A79D12B15D33134E3CC6] - 1/26/2012 - 2:02:58 PM ---A- - C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf O45 - LFCP:[MD5.46CD571A23F8591A8CDF9F52B82D782D] - 1/26/2012 - 2:02:58 PM ---A- - C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf O45 - LFCP:[MD5.934593AE7F662D0D166BBD3F1C6BA6B0] - 1/26/2012 - 2:03:14 PM ---A- - C:\Windows\Prefetch\W32TM.EXE-5D2265F4.pf O45 - LFCP:[MD5.9BDB0318157873F2EC291D96EB5257A8] - 1/26/2012 - 2:03:23 PM ---A- - C:\Windows\Prefetch\PING.EXE-B29F6629.pf O45 - LFCP:[MD5.DFBB02ECF360ECAB01C375F3ABC5F6C3] - 1/26/2012 - 5:08:50 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-BF965607.pf O45 - LFCP:[MD5.7198989A0B4C7CE0F07C35CF8C6ED73B] - 1/26/2012 - 5:17:38 PM ---A- - C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf O45 - LFCP:[MD5.7E5FA9F6F23139AAE7130C3A16075FC4] - 1/26/2012 - 5:45:27 AM ---A- - C:\Windows\Prefetch\SETUP.EXE-5D15D674.pf O45 - LFCP:[MD5.171C5929250D18467AC8A6A9CD041B90] - 1/26/2012 - 5:45:31 AM ---A- - C:\Windows\Prefetch\SETUP.EXE-05A05C7C.pf O45 - LFCP:[MD5.1AACCF73821EB0C63D65550654A2EE2F] - 1/26/2012 - 5:45:35 AM ---A- - C:\Windows\Prefetch\CHROME_UPDATER.EXE-81909CA5.pf O45 - LFCP:[MD5.3793E7F386AE8A88BF560FAAE52EF058] - 1/26/2012 - 5:46:24 AM ---A- - C:\Windows\Prefetch\SETUP.EXE-F081AE7E.pf O45 - LFCP:[MD5.DF0BA572738693665CCDFA6902D4F771] - 1/26/2012 - 8:16:13 AM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-DADA1130.pf O45 - LFCP:[MD5.C996785F6EB81ED00B3010E45D4787AA] - 1/26/2012 - 8:40:05 AM ---A- - C:\Windows\Prefetch\MSACCESS.EXE-0BDC6894.pf O45 - LFCP:[MD5.EE1123680FF99A5CA55F36BC2E3308BF] - 1/27/2012 - 11:53:13 AM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-03B761E8.pf O45 - LFCP:[MD5.8D67461756196692647E9037E8D37D21] - 1/27/2012 - 6:47:25 AM ---A- - C:\Windows\Prefetch\UPDATER.EXE-1EE7953B.pf O45 - LFCP:[MD5.CC21FC0F89833F21C741FC28D40B9606] - 1/27/2012 - 6:48:18 AM ---A- - C:\Windows\Prefetch\AgCx_SC4.db O45 - LFCP:[MD5.946B15A16DEBA4014791EF6911DE7F9E] - 1/27/2012 - 7:11:07 AM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-992E5998.pf O45 - LFCP:[MD5.F275B796D348D919046010D9D94F8830] - 1/27/2012 - 7:12:56 AM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-A2F0E2F8.pf O45 - LFCP:[MD5.9A609DEB7C293FD94B297F41D660DD45] - 1/28/2012 - 10:31:35 AM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F865E5DD.pf O45 - LFCP:[MD5.A796175D8F6B5911F201C0B6FEEDC490] - 1/28/2012 - 11:12:41 AM ---A- - C:\Windows\Prefetch\WINWORD.EXE-6AC9169C.pf O45 - LFCP:[MD5.6F0B87AC946005A9FC7520EB616D1C3A] - 1/28/2012 - 2:51:10 PM ---A- - C:\Windows\Prefetch\POWERPNT.EXE-C4965CED.pf O45 - LFCP:[MD5.D57E8B677656BCC648B6668F59B0C95A] - 1/28/2012 - 3:54:16 PM ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1593618484-1684749056-4021839093-1000.db O45 - LFCP:[MD5.A32184F1F8B3B870FF50BD98F0CD8A5D] - 1/28/2012 - 3:54:16 PM ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1593618484-1684749056-4021839093-1000.db O45 - LFCP:[MD5.B45C3E96AED1363E13ED5AA897C5E012] - 1/28/2012 - 5:30:15 PM ---A- - C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf O45 - LFCP:[MD5.412ECC16C63D4399E595122C3BDA80D4] - 1/28/2012 - 5:30:30 PM ---A- - C:\Windows\Prefetch\PICASAPHOTOVIEWER.EXE-563A04BB.pf O45 - LFCP:[MD5.378E3EA30D8174F82627B07E98981FCC] - 1/28/2012 - 5:32:35 PM ---A- - C:\Windows\Prefetch\HIJACKTHIS.EXE-3640180C.pf O45 - LFCP:[MD5.68BB622B50E706162769837AD95EEEF7] - 1/28/2012 - 5:36:58 PM ---A- - C:\Windows\Prefetch\CCLEANER.EXE-CC440CDB.pf O45 - LFCP:[MD5.2F73D627E8E05B57018B7672DF6BDEAE] - 1/28/2012 - 5:56:48 PM ---A- - C:\Windows\Prefetch\REALPLAY.EXE-FD224278.pf O45 - LFCP:[MD5.0E4590C1EC3F1C5686AF2CF3D9DDD0B4] - 1/28/2012 - 5:56:51 PM ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf O45 - LFCP:[MD5.6CA266594024F8886A51C76117194EB4] - 1/28/2012 - 5:56:55 PM ---A- - C:\Windows\Prefetch\REALSCHED.EXE-DFFEA31F.pf O45 - LFCP:[MD5.49F6F7425BE6DCFA861F11DA820B9E61] - 1/28/2012 - 5:57:00 PM ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf O45 - LFCP:[MD5.63F753BCBE7D7779365272767FE508C2] - 1/28/2012 - 6:19:21 PM ---A- - C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-83C184C4.pf O45 - LFCP:[MD5.B6E03AD81C11EA85A24DE74E5F03AF61] - 1/28/2012 - 6:19:26 PM ---A- - C:\Windows\Prefetch\HPQUSGL.EXE-032FE0FC.pf O45 - LFCP:[MD5.85B5DA668B09D107308C112A8D066550] - 1/28/2012 - 6:21:07 PM ---A- - C:\Windows\Prefetch\EXCEL.EXE-63933DC7.pf O45 - LFCP:[MD5.33BF3F11176411335B9B90DB6FF8A802] - 1/28/2012 - 6:25:47 PM ---A- - C:\Windows\Prefetch\ACRORD32.EXE-C2658FE9.pf O45 - LFCP:[MD5.B2437BE0F8531CF6A6430B5576B79C13] - 1/28/2012 - 6:27:12 PM ---A- - C:\Windows\Prefetch\LOGTRANSPORT2.EXE-73138BB6.pf O45 - LFCP:[MD5.9A81EF133190AC7252F442B3264DD36A] - 1/28/2012 - 6:29:29 PM ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin O45 - LFCP:[MD5.05F458397FFAA95DEDEA2165EE530420] - 1/28/2012 - 7:39:20 AM ---A- - C:\Windows\Prefetch\SVCHOST.EXE-135A30D8.pf O45 - LFCP:[MD5.A25C982B488E156CF80F5E29A78B085D] - 1/28/2012 - 7:39:24 AM ---A- - C:\Windows\Prefetch\SEARCHINDEXER.EXE-77D27BAC.pf O45 - LFCP:[MD5.B45F63F3C1CD24D69992A72823C6AB03] - 1/28/2012 - 8:06:40 AM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-125D4518.pf O45 - LFCP:[MD5.8A669E62E37C164E08066067511AF98D] - 1/28/2012 - 8:09:59 AM ---A- - C:\Windows\Prefetch\SF.BIN-6165655D.pf O45 - LFCP:[MD5.E2960E5C304D6CB932D7B042EB20076C] - 1/28/2012 - 8:13:33 AM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf O45 - LFCP:[MD5.DC0EBB801A4BA26E5B6F02A36E35DF64] - 1/28/2012 - 8:13:40 AM ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf O45 - LFCP:[MD5.094B6A5C268A7F78B3F3233FE3EC75C3] - 1/28/2012 - 8:13:40 AM ---A- - C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf O45 - LFCP:[MD5.D58C9B0FDAF7F3E42AC069101856EB75] - 1/28/2012 - 8:27:31 AM ---A- - C:\Windows\Prefetch\layout.ini O45 - LFCP:[MD5.FA5D3DFD7D4876C73215C82585BA59CA] - 1/28/2012 - 9:16:57 AM ---A- - C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf O45 - LFCP:[MD5.8431B8502FD352F1CFF723F2EC8FA860] - 1/28/2012 - 9:16:58 AM ---A- - C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf O45 - LFCP:[MD5.DA880747E6107ADB958F59696911AD77] - 1/28/2012 - 9:17:08 AM ---A- - C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf O45 - LFCP:[MD5.797A62E2D0290999FBF5D4CDAFA89EE1] - 1/28/2012 - 9:17:10 AM ---A- - C:\Windows\Prefetch\GROOVEMONITOR.EXE-98834D84.pf O45 - LFCP:[MD5.DD0D8FF06B2AF2B2D836852185CD4F77] - 1/28/2012 - 9:17:15 AM ---A- - C:\Windows\Prefetch\TEATIMER.EXE-A3BEBA3C.pf O45 - LFCP:[MD5.4408415E6F3D6B4B31B12A06941D630C] - 1/28/2012 - 9:22:02 AM ---A- - C:\Windows\Prefetch\JAVA.EXE-066C5985.pf O45 - LFCP:[MD5.FF712ABDE0F8F8870FB95634698C4401] - 1/28/2012 - 9:34:12 AM ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf O45 - LFCP:[MD5.15AFB209F04F0A957D5B3E6258959807] - 1/28/2012 - 9:34:44 AM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf O45 - LFCP:[MD5.CE80F585CB84A766068EBA6A7DFAA420] - 1/28/2012 - 9:43:44 AM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-CA07F36F.pf O45 - LFCP:[MD5.58BB77FB08B61785A8AB5BF5B0EDE47D] - 1/28/2012 - 9:47:27 AM ---A- - C:\Windows\Prefetch\PICASAUPDATER.EXE-F6B15E58.pf O45 - LFCP:[MD5.2DA24091F596F1980A657D7E9837DC2B] - 1/29/2012 - 10:03:35 AM ---A- - C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf O45 - LFCP:[MD5.30F1B9BAEFCE4C0B8EC8BA7BA61CE389] - 1/29/2012 - 10:04:52 AM ---A- - C:\Windows\Prefetch\AgRobust.db O45 - LFCP:[MD5.36A4E19DD2F67701C1154784B3B4766F] - 1/29/2012 - 10:04:56 AM ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db O45 - LFCP:[MD5.961E62746BFCE773F4D9176E21F7CD56] - 1/29/2012 - 10:05:03 AM ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db O45 - LFCP:[MD5.DD76DA36D966027D6D63C7E108EB9A14] - 1/29/2012 - 10:05:05 AM ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db O45 - LFCP:[MD5.4ED0F2937E307D2F6DF0174E068CB1E2] - 1/29/2012 - 10:06:37 AM ---A- - C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf O45 - LFCP:[MD5.7173EE34E5FACE6373C03D35F0AACE7C] - 1/29/2012 - 10:06:48 AM ---A- - C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf O45 - LFCP:[MD5.ABABD66E38ED69A592DA50047FE4473D] - 1/29/2012 - 10:06:56 AM ---A- - C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf O45 - LFCP:[MD5.202C271F2C5C4175C64A4B82A91A21BC] - 1/29/2012 - 10:06:56 AM ---A- - C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf O45 - LFCP:[MD5.09495F90E8CF7621204729F9572D9BD2] - 1/29/2012 - 10:07:11 AM ---A- - C:\Windows\Prefetch\JAVAWS.EXE-25FD1E0F.pf O45 - LFCP:[MD5.3F37ECBCFE010752E0D2C7F636FB0BBA] - 1/29/2012 - 10:07:12 AM ---A- - C:\Windows\Prefetch\JAVAW.EXE-C4EA16F0.pf O45 - LFCP:[MD5.19E88798A821E65F2FDBF8EE7A658B8A] - 1/29/2012 - 10:07:19 AM ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf O45 - LFCP:[MD5.6B6A693A85A6FF6AD2ACE911DFB30FC6] - 1/29/2012 - 10:07:19 AM ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf O45 - LFCP:[MD5.040E0FA61C1C3C4E7DD1F9A58EA8410F] - 1/29/2012 - 10:07:25 AM ---A- - C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf O45 - LFCP:[MD5.F756A9A00F05CE15F5B3A1471043E4BD] - 1/29/2012 - 10:07:32 AM ---A- - C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf O45 - LFCP:[MD5.22E4E6A2B7A05F3323C346B134B5BDA6] - 1/29/2012 - 10:07:32 AM ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf O45 - LFCP:[MD5.F5D3E9C2A3CB9A53F04EBB70F732FA73] - 1/29/2012 - 9:30:02 AM ---A- - C:\Windows\Prefetch\AVAST.SETUP-78AEAC94.pf O45 - LFCP:[MD5.DDE1A7CB1BAB66C15ABBBD8E8DC94AA0] - 1/29/2012 - 9:30:56 AM ---A- - C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-777FD13A.pf O45 - LFCP:[MD5.EA47C4D74E2B33DC60C2C63A46BAF6CB] - 1/29/2012 - 9:31:06 AM ---A- - C:\Windows\Prefetch\SVCHOST.EXE-F03E4D6B.pf O45 - LFCP:[MD5.E040A699B756FCE3BF3E7CB4DD1BD2B3] - 1/29/2012 - 9:31:17 AM ---A- - C:\Windows\Prefetch\SVCHOST.EXE-DB4C36D7.pf O45 - LFCP:[MD5.3DFB7398EFA67CCDED94CF7F35215957] - 1/29/2012 - 9:31:18 AM ---A- - C:\Windows\Prefetch\SVCHOST.EXE-18D06B2E.pf O45 - LFCP:[MD5.667432EB85DC312A60CC30A56CD90933] - 1/29/2012 - 9:31:42 AM ---A- - C:\Windows\Prefetch\DLLHOST.EXE-53B78AD0.pf O45 - LFCP:[MD5.D9D73A4FB2814CA6686461B7E40D4C91] - 1/29/2012 - 9:31:44 AM ---A- - C:\Windows\Prefetch\SC.EXE-BC6DAF49.pf O45 - LFCP:[MD5.02DCC8108083C8726B029B616548B199] - 1/29/2012 - 9:32:45 AM ---A- - C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf O45 - LFCP:[MD5.776F76746AB48326CF139E6798F72BD9] - 1/29/2012 - 9:36:28 AM ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf O45 - LFCP:[MD5.A0191279F32AEB9B04396DD2E70D5717] - 1/29/2012 - 9:41:54 AM ---A- - C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf O45 - LFCP:[MD5.80680523B266033430F802C4A7A159CF] - 1/29/2012 - 9:43:48 AM ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf O45 - LFCP:[MD5.16B019B402487E00973D9B627C95EEF0] - 1/29/2012 - 9:45:02 AM ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf O45 - LFCP:[MD5.B2FC87E76D7DF75B57E1444C549A8A33] - 1/29/2012 - 9:45:10 AM ---A- - C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf O45 - LFCP:[MD5.1A5FD01D3252FEBCECA51A1DAE1E9F45] - 1/29/2012 - 9:45:34 AM ---A- - C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf O45 - LFCP:[MD5.FE618EFAA64B3C03B4B284969AABCE75] - 1/29/2012 - 9:45:46 AM ---A- - C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf O45 - LFCP:[MD5.C7AEE5B6BC0CBE164BBE976CA314B517] - 1/6/2012 - 7:45:23 AM ---A- - C:\Windows\Prefetch\SETUP.EXE-9BCED7AD.pf O45 - LFCP:[MD5.9A7B4D39AF55B37D13F105AA44069A85] - 1/6/2012 - 7:45:27 AM ---A- - C:\Windows\Prefetch\SETUP.EXE-9FAD7222.pf O45 - LFCP:[MD5.6AAB8A028506416F1C40E1029BAB9C0B] - 1/6/2012 - 7:45:32 AM ---A- - C:\Windows\Prefetch\CHROME_UPDATER.EXE-65CF873A.pf O45 - LFCP:[MD5.8C9A41F18222425B7B9587279D6D18C8] - 1/7/2012 - 7:59:41 AM ---A- - C:\Windows\Prefetch\SF.BIN-F07494F9.pf ~ Scan Prefetcher in 00mn AMs ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll ~ Scan Keys in 00mn AMs ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\system32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys ~ Scan CSB in 00mn AMs ---\\ MountPoints2 Shell Key (MPKS) (O51) (None) ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.divx"="divx.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\System32\DivX.dll O52 - TDSD: \Drivers32\"vidc.yv12"="divx.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\System32\DivX.dll O52 - TDSD: \Drivers32\"vidc.xvid"="xvidvfw.dll" . (...) -- C:\Windows\System32\xvidvfw.dll O52 - TDSD: \Drivers32\"vidc.ffds"="ff_vfw.dll" . (...) -- C:\Windows\System32\ff_vfw.dll O52 - TDSD: \Drivers32\"vidc.vp60"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \Drivers32\"vidc.vp61"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \Drivers32\"vidc.vp62"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \Drivers32\"msacm.ac3filter"="ac3filter.acm" . (...) -- C:\Windows\System32\ac3filter.acm O52 - TDSD: \Drivers32\"msacm.divxa32"="DivXa32.acm" . (.Packed With Joy ! - DivX;-) Audio Codec.) -- C:\Windows\System32\DivXa32.acm O52 - TDSD: \Drivers32\"msacm.lameacm"="LameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\lameACM.acm O52 - TDSD: \Drivers32\"vidc.SVLC"="svlcvid.dll" . (.SProsoft - SVLC Video Decompressor.) -- C:\Windows\System32\svlcvid.dll O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"divx.dll"="DivX® 7.4 Codec" . (...) -- (.not file.) O52 - TDSD: \drivers.desc\"xvidvfw.dll"="XviD 1.2.2 Video Codec" . (...) -- (.not file.) O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow Video Codec" . (...) -- C:\Windows\System32\ff_vfw.dll O52 - TDSD: \drivers.desc\"vp6vfw.dll"="EA VP6 Codec" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \drivers.desc\"ac3filter.acm"="AC3Filter ACM codec" . (...) -- C:\Windows\System32\ac3filter.acm O52 - TDSD: \drivers.desc\"DivXa32.acm"="DivX Audio Codec" . (.Packed With Joy ! - DivX;-) Audio Codec.) -- C:\Windows\System32\DivXa32.acm O52 - TDSD: \drivers.desc\"LameACM.acm"="Lame ACM MP3 Codec" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\lameACM.acm O52 - TDSD: \drivers.desc\"svlcvid.dll"="SVLC Video Decompressor" . (.SProsoft - SVLC Video Decompressor.) -- C:\Windows\System32\svlcvid.dll ~ Scan Keys in 00mn AMs ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe O53 - SMSR:HKLM\...\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [Key] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O53 - SMSR:HKLM\...\startupreg\NBKeyScan [Key] . (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe O53 - SMSR:HKLM\...\startupreg\PLFSet [Key] . (.Unknown owner - The utilities for device installation.) -- C:\Windows\PLFSet.dll O53 - SMSR:HKLM\...\startupreg\SynTPEnh [Key] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe O53 - SMSR:HKLM\...\startupreg\Windows Mobile Device Center [Key] . (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdc.exe ~ Scan SMSR Keys in 00mn AMs ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll ~ Scan Keys in 00mn AMs ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ Scan Keys in 00mn AMs ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0 ~ Scan Keys in 00mn AMs ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 7/13/2009 - 10:26:15 PM ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976] O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 7/13/2009 - 10:26:17 PM ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552] O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 7/13/2009 - 10:26:15 PM ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512] O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 7/13/2009 - 10:26:15 PM ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400] O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 7/13/2009 - 10:26:15 PM ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [79952] O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 7/13/2009 - 10:26:15 PM ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312] O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 7/13/2009 - 10:26:15 PM ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [23616] O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 7/13/2009 - 10:26:15 PM ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368] O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 7/13/2009 - 10:26:15 PM ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608] O58 - SDL:[MD5.054DF24C92B55427E0757CFFF160E4F2] - 11/28/2011 - 2:51:50 PM ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20568] O58 - SDL:[MD5.258143605E77E4008F1758481D6A977D] - 11/28/2011 - 2:52:07 PM ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [55128] O58 - SDL:[MD5.352D5A48EBAB35A7693B048679304831] - 11/28/2011 - 2:52:19 PM ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [34392] O58 - SDL:[MD5.8D34D2B24297E27D93E847319ABFDEC4] - 11/28/2011 - 2:53:53 PM ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\system32\drivers\aswSnx.sys [435032] O58 - SDL:[MD5.010012597333DA1F46C3243F33F8409E] - 11/28/2011 - 2:53:35 PM ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [314456] O58 - SDL:[MD5.F9F84364416658E9786235904D448D37] - 11/28/2011 - 2:52:16 PM ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [52952] O58 - SDL:[MD5.0B92CCF7BFCBE2B33838434F2F50CB61] - 2/8/2007 - 7:03:20 PM ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver..) -- C:\Windows\system32\drivers\b57nd60x.sys [179712] O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 7/13/2009 - 7:53:28 PM ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568] O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 7/13/2009 - 7:53:28 PM ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248] O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 7/13/2009 - 9:57:25 PM ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128] O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 7/13/2009 - 7:53:32 PM ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336] O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 7/13/2009 - 7:53:33 PM ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160] O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 7/13/2009 - 7:53:33 PM ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904] O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 7/13/2009 - 7:02:48 PM ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080] O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 7/13/2009 - 10:26:21 PM ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952] O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 7/13/2009 - 10:20:28 PM ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720] O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/13/2009 - 10:20:28 PM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712] O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 7/13/2009 - 7:02:48 PM ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/13/2009 - 7:54:14 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 7/13/2009 - 10:20:28 PM ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152] O58 - SDL:[MD5.919337D853703267DA203E79A0AC1F2B] - 6/26/2007 - 4:33:00 AM ---A- . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) -- C:\Windows\system32\drivers\HSXHWAZL.sys [208384] O58 - SDL:[MD5.3344B5C3209E538291398FF12F895155] - 6/26/2007 - 4:33:00 AM ---A- . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\Windows\system32\drivers\HSX_CNXT.sys [660480] O58 - SDL:[MD5.347385D69C15E3D045AA1CB46E4CB86D] - 6/26/2007 - 4:33:00 AM ---A- . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\Windows\system32\drivers\HSX_DPV.sys [984064] O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 7/13/2009 - 10:20:36 PM ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332352] O58 - SDL:[MD5.AD626F6964F4D364D226C39E06872DD3] - 6/10/2009 - 6:19:30 PM ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd32.sys [4756480] O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 7/13/2009 - 10:20:36 PM ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040] O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 7/13/2009 - 10:20:36 PM ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824] O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 7/13/2009 - 10:20:37 PM ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168] O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 7/13/2009 - 10:20:36 PM ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864] O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 7/13/2009 - 10:20:36 PM ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848] O58 - SDL:[MD5.0CEA2D0D3FA284B85ED5B68365114F76] - 6/26/2007 - 4:33:00 AM ---A- . (.Conexant - Diagnostic Interface x86 Driver.) -- C:\Windows\system32\drivers\mdmxsdk.sys [12672] O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 7/13/2009 - 10:20:36 PM ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800] O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 7/13/2009 - 10:20:36 PM ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584] O58 - SDL:[MD5.1D73499A6664B4DA05D750FF83FDB274] - 2/24/2007 - 7:14:00 PM ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\NETw4v32.sys [2216448] O58 - SDL:[MD5.58218EC6B61B1169CF54AAB0D00F5FE2] - 7/13/2009 - 7:02:51 PM ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\netw5v32.sys [4231168] O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 7/13/2009 - 10:20:44 PM ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624] O58 - SDL:[MD5.B9730495E0CF674680121E34BD95A73B] - 11/16/2009 - 1:33:38 PM ---A- . (.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) -- C:\Windows\system32\drivers\npf.sys [50704] O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 7/13/2009 - 10:20:44 PM ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117312] O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 7/13/2009 - 10:20:44 PM ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [142416] O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 7/13/2009 - 10:19:04 PM ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488] O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 7/13/2009 - 10:19:04 PM ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064] O58 - SDL:[MD5.355AAC141B214BEF1DBC1483AFD9BD50] - 2/24/2007 - 6:42:22 PM ---A- . (.REDC - RICOH SD Driver.) -- C:\Windows\system32\drivers\rimmptsk.sys [39936] O58 - SDL:[MD5.A4216C71DD4F60B26418CCFD99CD0815] - 1/23/2007 - 8:40:20 PM ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\system32\drivers\rimsptsk.sys [42496] O58 - SDL:[MD5.D231B577024AA324AF13A42F3A807D10] - 3/22/2007 - 2:02:04 AM ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\system32\drivers\rixdptsk.sys [37376] O58 - SDL:[MD5.A799E941C3D19BCF6F93CBE12B55BC17] - 5/10/2007 - 7:28:00 AM R---- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RtkHDAud.sys [4419584] O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 7/13/2009 - 5:50:20 PM ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480] O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 7/13/2009 - 10:19:04 PM ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016] O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 7/13/2009 - 10:19:04 PM ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888] O58 - SDL:[MD5.1C550748F896E53B7B0FE7717845132B] - 6/12/2007 - 2:38:26 PM ---A- . (.Unknown owner - USB2.0 PC Camera driver.) -- C:\Windows\system32\drivers\snp2uvc.sys [1729152] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/13/2009 - 10:19:04 PM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072] O58 - SDL:[MD5.5D6E865780AAE258ABA1A1484782CFEC] - 5/9/2007 - 2:28:28 AM ---A- . (.Synaptics, Inc. - Synaptics Touchpad Driver.) -- C:\Windows\system32\drivers\SynTP.sys [185392] O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 7/13/2009 - 10:19:10 PM ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976] O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 7/13/2009 - 10:19:11 PM ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904] O58 - SDL:[MD5.E00FDFAFF025E94F9821153750C35A6D] - 7/13/2009 - 7:13:45 PM ---A- . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) -- C:\Windows\system32\drivers\VSTAZL3.SYS [207360] O58 - SDL:[MD5.BC0C7EA89194C299F051C24119000E17] - 7/13/2009 - 7:13:45 PM ---A- . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\Windows\system32\drivers\VSTCNXT3.SYS [661504] O58 - SDL:[MD5.CEB4E3B6890E1E42DCA6694D9E59E1A0] - 7/13/2009 - 7:13:46 PM ---A- . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\Windows\system32\drivers\VSTDPV3.SYS [980992] O58 - SDL:[MD5.3FA87D56769838AAC82FAFC3E78FC732] - 3/28/2007 - 11:51:40 AM ---A- . (.Winbond Electronics Corporation - Winbond MCE CIR Port Driver.) -- C:\Windows\system32\drivers\winbondcir.sys [43008] O58 - SDL:[MD5.2E579520E114A9CA309F13BF40AD8292] - 6/26/2007 - 4:33:00 AM ---A- . (.Conexant Systems, Inc. - Modem Audio Device Driver.) -- C:\Windows\system32\drivers\XAudio.sys [8704] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 6:40:41 PM ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 6:40:44 PM ---A- . (...) -- C:\Windows\system32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 6:40:40 PM ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 6:40:43 PM ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 6:40:43 PM ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.9131FE60ADFAB595C8DA53AD6A06AA31] - 1/2/2005 - 6:43:08 PM ---A- . (.INCA Internet Co., Ltd. - nProtect NPSC Kernel Mode Driver for NT.) -- C:\Windows\system32\npptNT2.sys [4682] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 6:40:23 PM ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 6:40:31 PM ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 6:40:35 PM ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 6:40:39 PM ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 6:40:27 PM ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 6:40:11 PM ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 6:40:15 PM ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 6:40:17 PM ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 6:40:19 PM ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 6:40:13 PM ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672] ~ Scan Drivers in 04mn AMs ---\\ Last modified or created user files (O61) O61 - LFC:Last File Created 1/26/2012 - 10:35:41 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt07.sqm [284] O61 - LFC:Last File Created 1/26/2012 - 5:27:03 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\ON2P7ZNG.txt [134] O61 - LFC:Last File Created 1/26/2012 - 5:35:37 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\10DQSI03.txt [254] O61 - LFC:Last File Created 1/26/2012 - 5:41:10 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\A24212BQ.txt [129] O61 - LFC:Last File Created 1/26/2012 - 5:41:19 PM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt08.sqm [284] O61 - LFC:Last File Created 1/26/2012 - 6:04:28 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\PLANILIA ALUGUEIS.LNK [573] O61 - LFC:Last File Created 1/26/2012 - 6:04:28 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\planilha controle aluguel 2011 - Cópia.xls.LNK [774] O61 - LFC:Last File Created 1/26/2012 - 7:03:17 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\RSKVMP01.txt [91] O61 - LFC:Last File Created 1/26/2012 - 8:26:49 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\CASA 2.LNK [788] O61 - LFC:Last File Created 1/26/2012 - 8:35:04 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\CASA 1 -.LNK [796] O61 - LFC:Last File Created 1/26/2012 - 8:46:47 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\C02K3HYF.txt [355] O61 - LFC:Last File Created 1/26/2012 - 9:00:46 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\Casa_AV_01_322_Centro.LNK [847] O61 - LFC:Last File Created 1/27/2012 - 11:27:14 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt09.sqm [284] O61 - LFC:Last File Created 1/27/2012 - 12:47:17 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\YQUB9618.txt [515] O61 - LFC:Last File Created 1/27/2012 - 12:58:06 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\YBBB1BAR.txt [188] O61 - LFC:Last File Created 1/27/2012 - 12:59:02 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\RREMBU2Y.txt [92] O61 - LFC:Last File Created 1/27/2012 - 4:14:34 PM ---A- C:\Users\Nando\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml [314] O61 - LFC:Last File Created 1/27/2012 - 4:14:34 PM ---A- C:\Users\Nando\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx [3092] O61 - LFC:Last File Created 1/27/2012 - 4:42:58 PM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\ADIVAN.docx.LNK [965] O61 - LFC:Last File Created 1/27/2012 - 4:42:58 PM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\Área de Trabalho (2).LNK [833] O61 - LFC:Last File Created 1/27/2012 - 4:45:00 PM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt10.sqm [284] O61 - LFC:Last File Created 1/27/2012 - 7:10:13 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\IMOVEIS - LOCADOS.LNK [451] O61 - LFC:Last File Created 1/27/2012 - 7:16:02 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\KENFER BUORO SCATOLIN.LNK [689] O61 - LFC:Last File Created 1/27/2012 - 8:02:03 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\CASA 1 - ELIZANGELA.LNK [829] O61 - LFC:Last File Created 1/27/2012 - 8:02:46 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\SALA 2 - FARMACIA.LNK [823] O61 - LFC:Last File Created 1/27/2012 - 8:41:43 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\QD3EHIIK.txt [335] O61 - LFC:Last File Created 1/28/2012 - 10:01:19 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\TATIANA NOTA.xls.LNK [1434] O61 - LFC:Last File Created 1/28/2012 - 10:01:44 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\Meus documentos (2).LNK [1312] O61 - LFC:Last File Created 1/28/2012 - 10:05:03 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\Tabela honorarios Exercicio 2009.xls.LNK [1487] O61 - LFC:Last File Created 1/28/2012 - 10:35:50 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\HonorariosContabeis.xls.LNK [1540] O61 - LFC:Last File Created 1/28/2012 - 10:37:54 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\FORMULÁRIO DE CADASTRO_Pessoa Juridica.doc.LNK [1597] O61 - LFC:Last File Created 1/28/2012 - 10:43:04 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\CONSOLIDAÇÃO DE SOCIEDADE SIMPLES LIMITADA.doc.LNK [1612] O61 - LFC:Last File Created 1/28/2012 - 10:45:10 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\ALVORADA.LNK [1396] O61 - LFC:Last File Created 1/28/2012 - 10:45:10 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\CONSTITUIÇÃO DE ESCRITÓRIO.doc.LNK [1561] O61 - LFC:Last File Created 1/28/2012 - 10:48:00 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\AUTORIZACAO3.doc.LNK [1503] O61 - LFC:Last File Created 1/28/2012 - 10:48:51 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\DADOS ADICIONAIS AO REQUERIMENTO 5.doc.LNK [1569] O61 - LFC:Last File Created 1/28/2012 - 10:49:59 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\CBRN.LNK [1380] O61 - LFC:Last File Created 1/28/2012 - 10:50:00 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\Outorgante Zarzur.doc.LNK [1518] O61 - LFC:Last File Created 1/28/2012 - 10:56:59 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\553_CONTABILIDADE - PEQUENAS E MEDIAS EMPRESAS - PROCEDIMENTOS.doc.LNK [1648] O61 - LFC:Last File Created 1/28/2012 - 10:56:59 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\CRC.LNK [1375] O61 - LFC:Last File Created 1/28/2012 - 11:02:02 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\honorario0506.doc.LNK [1427] O61 - LFC:Last File Created 1/28/2012 - 11:07:34 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\Escritorio.LNK [1488] O61 - LFC:Last File Created 1/28/2012 - 11:07:34 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\TABELA DE HONORÁRIOS E SERVIÇOS CONTÁBEIS.doc.LNK [1698] O61 - LFC:Last File Created 1/28/2012 - 11:12:48 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\creci.doc.LNK [1476] O61 - LFC:Last File Created 1/28/2012 - 11:12:48 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\kingston.LNK [1378] O61 - LFC:Last File Created 1/28/2012 - 11:19:29 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\UM DIA EM 5110 DIAS.pps.LNK [1405] O61 - LFC:Last File Created 1/28/2012 - 11:19:33 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\SNT.LNK [1261] O61 - LFC:Last File Created 1/28/2012 - 2:54:45 PM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\O GATO NA PRAIA.pps.LNK [1393] O61 - LFC:Last File Created 1/28/2012 - 5:26:36 PM ---A- C:\Users\Nando\AppData\Local\Temp\nro.log\log\ShellManager_Log.txt [27385] O61 - LFC:Last File Created 1/28/2012 - 5:36:13 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\V1RU5WFS.txt [403] O61 - LFC:Last File Created 1/28/2012 - 5:36:14 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\GQMWJQ81.txt [145] O61 - LFC:Last File Created 1/28/2012 - 5:36:32 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\08ET9EQA.txt [220] O61 - LFC:Last File Created 1/28/2012 - 5:36:34 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\5Z66E1E3.txt [473] O61 - LFC:Last File Created 1/28/2012 - 5:45:50 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\IN5VXD4Z.txt [431] O61 - LFC:Last File Created 1/28/2012 - 5:47:00 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\4AM1NXY2.txt [354] O61 - LFC:Last File Created 1/28/2012 - 5:47:01 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\RD0LUZZZ.txt [187] O61 - LFC:Last File Created 1/28/2012 - 5:47:01 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\STNDUXMZ.txt [308] O61 - LFC:Last File Created 1/28/2012 - 5:47:33 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\G0KAP8DD.txt [1093] O61 - LFC:Last File Created 1/28/2012 - 5:47:45 PM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt11.sqm [284] O61 - LFC:Last File Created 1/28/2012 - 5:47:54 PM ---A- C:\Users\All Users\Alwil Software\Avast5\log\AshWebSv.ws.ori [1244] O61 - LFC:Last File Created 1/28/2012 - 5:55:30 PM ---A- C:\Users\All Users\Alwil Software\Avast5\log\AshWebSv.ws [0] O61 - LFC:Last File Created 1/28/2012 - 5:56:46 PM ---A- C:\Users\All Users\Real\Update\AllInstProds [98] O61 - LFC:Last File Created 1/28/2012 - 5:56:46 PM ---A- C:\Users\All Users\Real\Update\LastAUCheck [10] O61 - LFC:Last File Created 1/28/2012 - 6:16:56 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\2YHRE8DU.txt [91] O61 - LFC:Last File Created 1/28/2012 - 6:17:23 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\DIFD6VR2.txt [156] O61 - LFC:Last File Created 1/28/2012 - 6:22:21 PM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\31IP0F4W.txt [349] O61 - LFC:Last File Created 1/28/2012 - 6:29:20 PM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt12.sqm [284] O61 - LFC:Last File Created 1/28/2012 - 9:21:25 AM ---A- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\A_licao_da_Borboleta.pps.LNK [1543] O61 - LFC:Last File Created 1/28/2012 - 9:46:10 AM ---A- C:\Users\Nando\AppData\Local\Temp\7782702.od [134] O61 - LFC:Last File Created 1/28/2012 - 9:46:10 AM ---A- C:\Users\Nando\AppData\Local\Temp\CVRC12E.tmp.cvr [0] O61 - LFC:Last File Created 1/29/2012 - 10:00:00 AM ---A- C:\Users\All Users\Alwil Software\Avast5\Log.db [64512] O61 - LFC:Last File Created 1/29/2012 - 9:28:22 AM ---A- C:\Users\All Users\Alwil Software\Avast5\snx_lconfig.xml [446] O61 - LFC:Last File Created 1/29/2012 - 9:28:39 AM ---A- C:\Users\All Users\Alwil Software\Avast5\report\EmailShield.txt [182740] O61 - LFC:Last File Created 1/29/2012 - 9:28:39 AM ---A- C:\Users\All Users\Alwil Software\Avast5\report\ScriptShield.txt [69299] O61 - LFC:Last File Created 1/29/2012 - 9:28:41 AM ---A- C:\Users\All Users\Alwil Software\Avast5\report\FileSystemShield.txt [183502] O61 - LFC:Last File Created 1/29/2012 - 9:28:41 AM ---A- C:\Users\All Users\Alwil Software\Avast5\report\IMShield.txt [182740] O61 - LFC:Last File Created 1/29/2012 - 9:28:41 AM ---A- C:\Users\All Users\Alwil Software\Avast5\report\NetworkShield.txt [182740] O61 - LFC:Last File Created 1/29/2012 - 9:28:41 AM ---A- C:\Users\All Users\Alwil Software\Avast5\report\P2PShield.txt [182740] O61 - LFC:Last File Created 1/29/2012 - 9:28:41 AM ---A- C:\Users\All Users\Alwil Software\Avast5\report\WebShield.txt [183357] O61 - LFC:Last File Created 1/29/2012 - 9:29:10 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\IDGX0K3O.txt [89] O61 - LFC:Last File Created 1/29/2012 - 9:29:11 AM ---A- C:\Users\All Users\Real\RealUpgrade\RealUpgrade_1_1.xml [1081] O61 - LFC:Last File Created 1/29/2012 - 9:29:13 AM ---A- C:\Users\All Users\Alwil Software\Avast5\report\BehaviorShield.txt [289884] O61 - LFC:Last File Created 1/29/2012 - 9:29:15 AM ---A- C:\Users\All Users\Messenger Plus!\Promotions\Cache\p_562.dat [1016] O61 - LFC:Last File Created 1/29/2012 - 9:29:15 AM ---A- C:\Users\All Users\Messenger Plus!\Promotions\Listing.dat [2700] O61 - LFC:Last File Created 1/29/2012 - 9:29:24 AM ---A- C:\Users\Nando\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog [0] O61 - LFC:Last File Created 1/29/2012 - 9:33:21 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\Y9MARRNU.txt [223] O61 - LFC:Last File Created 1/29/2012 - 9:41:38 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\9S3F51ZP.txt [117] O61 - LFC:Last File Created 1/29/2012 - 9:43:22 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\JJNDJ4F4.txt [258] O61 - LFC:Last File Created 1/29/2012 - 9:43:23 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\YX99W7YD.txt [384] O61 - LFC:Last File Created 1/29/2012 - 9:43:45 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\24VGWITS.txt [433] O61 - LFC:Last File Created 1/29/2012 - 9:43:45 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\SOVU1MN4.txt [98] O61 - LFC:Last File Created 1/29/2012 - 9:43:48 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\RK1HGWSI.txt [175] O61 - LFC:Last File Created 1/29/2012 - 9:43:57 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\ROKLUYU1.txt [694] O61 - LFC:Last File Created 1/29/2012 - 9:44:36 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\Q2710ZNC.txt [448] O61 - LFC:Last File Created 1/29/2012 - 9:45:07 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\DTNMGB7J.txt [305] O61 - LFC:Last File Created 1/29/2012 - 9:45:10 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\1IX159JO.txt [476] O61 - LFC:Last File Created 1/29/2012 - 9:45:10 AM ---A- C:\Users\Nando\AppData\Local\Temp\Cookies\N34F6UIV.txt [385] O61 - LFC:Last File Created 1/29/2012 - 9:51:58 AM ---A- C:\Users\All Users\Alwil Software\Avast5\URL.db [1055744] O61 - LFC:Last File Created 1/29/2012 - 9:57:22 AM ---A- C:\Users\All Users\Alwil Software\Avast5\FileInfo.db [31744] O61 - LFC:Last File Created 1/29/2012 - 9:58:16 AM ---A- C:\Users\All Users\Alwil Software\Avast5\db1cc6bbd3520170f-e04fb40b.dat [957648] O61 - LFC:Last File Created 12/30/1899 - 10:07:03 AM -SH-- C:\Users\Nando\AppData\Local\Temp\Cookies\index.dat [114688] O61 - LFC:Last File Created 12/30/1899 - 10:07:03 AM -SH-- C:\Users\Nando\AppData\Local\Temp\History\History.IE5\index.dat [2392064] O61 - LFC:Last File Created 12/30/1899 - 11:29:42 AM -SHA- C:\Users\Nando\AppData\Local\Temp\History\History.IE5\MSHist012012012720120128\index.dat [32768] O61 - LFC:Last File Created 12/30/1899 - 2:54:45 PM --HA- C:\Users\Nando\AppData\Roaming\Microsoft\Office\Recente\index.dat [1889] O61 - LFC:Last File Created 12/30/1899 - 3:13:11 PM -SHA- C:\Users\Nando\AppData\Local\Temp\History\History.IE5\MSHist012012012620120127\index.dat [49152] O61 - LFC:Last File Created 12/30/1899 - 5:56:16 PM -SHA- C:\Users\Nando\AppData\Local\Temp\History\History.IE5\MSHist012012012820120129\index.dat [49152] O61 - LFC:Last File Created 12/30/1899 - 9:41:08 AM -SHA- C:\Users\Nando\AppData\Local\Temp\History\History.IE5\MSHist012012012920120130\index.dat [32768] ~ Scan Files in 44mn AMs ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: Ad-Remover - (.Unknown owner.) [HKCU] -- Ad-Remover ~ Scan ADS in 00mn AMs ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 12/30/1899 - C:\Windows\system32\Drivers\aswFsBlk.sys (aswFsBlk) .(.AVAST Software - avast! File System Access Blocking Driver.) - LEGACY_ASWFSBLK O64 - Services: CurCS - 11/28/2011 - C:\Windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT O64 - Services: CurCS - 12/30/1899 - C:\Windows\system32\Drivers\aswRdr.sys (aswRdr) .(.AVAST Software - avast! TDI RDR Driver.) - LEGACY_ASWRDR O64 - Services: CurCS - 12/30/1899 - C:\Windows\system32\Drivers\aswSnx.sys (aswSnx) .(.AVAST Software - avast! Virtualization Driver.) - LEGACY_ASWSNX O64 - Services: CurCS - 12/30/1899 - C:\Windows\system32\Drivers\aswSP.sys (aswSP) .(.AVAST Software - avast! self protection module.) - LEGACY_ASWSP O64 - Services: CurCS - 12/30/1899 - C:\Windows\system32\Drivers\aswTdi.sys (aswTdi) .(.AVAST Software - avast! TDI Filter Driver.) - LEGACY_ASWTDI O64 - Services: CurCS - 11/16/2009 - C:\Windows\system32\drivers\npf.sys (npf) .(.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) - LEGACY_NPF O64 - Services: CurCS - 12/30/1899 - C:\Windows\system32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - 6/26/2007 - C:\Windows\system32\DRIVERS\xaudio.sys (XAudio) .(.Conexant Systems, Inc. - Modem Audio Device Driver.) - LEGACY_XAUDIO ~ Scan Services in 01mn AMs ---\\ List unsigned files (LUF) (O65) (None) ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe ~ Scan Keys in 00mn AMs ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe ~ Scan Keys in 00mn AMs ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com ~ Scan Keys in 00mn AMs ---\\ Crack & Keygen Files (CKF) (O82) C:\BKPHDEXTERNO\Servidor_Log_Fev_09\unidade C\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\kit rádio\Omnia.AX.v1.0.5.incl.Keygen-Lz0\OmniaAX.exe C:\BKPHDEXTERNO\Servidor_Log_Fev_09\unidade C\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\kit rádio\Omnia.AX.v1.0.5.incl.Keygen-Lz0\Program\OmniaAX.exe C:\BKPHDEXTERNO\Servidor_Log_Fev_09\unidade C\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\kit rádio\Omnia.AX.v1.0.5.incl.Keygen-Lz0\ShellExecRel.exe C:\BKPHDEXTERNO\Servidor_Log_Fev_09\unidade C\Documents and Settings\Administrador\Meus documentos\Playlist v50\CensuraDigital11_WinXP\censura11_keygen.exe C:\BKPHDEXTERNO\Servidor_Log_Fev_09\unidade C\Documents and Settings\Administrador\Meus documentos\Playlist v50\Crack\keygen.exe C:\BKPHDEXTERNO\Servidor_Log_Fev_09\unidade C\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\kit rádio\Omnia.AX.v1.0.5.incl.Keygen-Lz0\OmniaAX.exe C:\BKPHDEXTERNO\Servidor_Log_Fev_09\unidade C\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\kit rádio\Omnia.AX.v1.0.5.incl.Keygen-Lz0\Program\OmniaAX.exe C:\BKPHDEXTERNO\Servidor_Log_Fev_09\unidade C\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\kit rádio\Omnia.AX.v1.0.5.incl.Keygen-Lz0\ShellExecRel.exe C:\BKPHDEXTERNO\Servidor_Log_Fev_09\unidade C\Documents and Settings\Administrador\Meus documentos\Playlist v50\CensuraDigital11_WinXP\censura11_keygen.exe C:\BKPHDEXTERNO\Servidor_Log_Fev_09\unidade C\Documents and Settings\Administrador\Meus documentos\Playlist v50\Crack\keygen.exe ~ Scan Files in 03mn AMs ---\\ Search Svchost Services (SSS) (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\system32\aelupsvc.dll [62464] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\system32\certprop.dll [67584] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\system32\certprop.dll [67584] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\system32\srvsvc.dll [168448] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\system32\gpsvc.dll [591360] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\system32\ikeext.dll [667136] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\system32\Audiosrv.dll [473088] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\system32\rasauto.dll [90624] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\system32\rasmans.dll [285184] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\system32\mprdim.dll [75264] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\system32\sens.dll [49664] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\system32\ipnathlp.dll [300544] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\Windows\system32\tapisrv.dll [241664] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\system32\termsrv.dll [543232] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [1912832] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\system32\qmgr.dll [589312] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\system32\shsvcs.dll [328192] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\system32\iphlpsvc.dll [497152] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [21504] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\system32\appinfo.dll [46592] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\system32\iscsiexe.dll [114688] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\system32\mmcss.dll [49664] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\system32\wercplsupport.dll [61440] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\system32\eapsvc.dll [98304] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [162816] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\system32\schedsvc.dll [743424] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\system32\kmsvc.dll [71168] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\system32\sessenv.dll [99328] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [168960] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\system32\browser.dll [102400] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\system32\themeservice.dll [37376] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\system32\bdesvc.dll [76800] O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\system32\appmgmts.dll [149504] ~ Scan Services in 02mn AMs ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.380A6BE0E5C3B638ED965A4B72BB439B] [sPRF][4/27/2010] (...) -- C:\Users\Nando\AppData\Local\FSCache.dat [562] [MD5.DA1F52F275BB5881FBBF7792DB713A34] [sPRF][11/10/2011] (.Ask.com - AskStub Application.) -- C:\Users\nando\AppData\Local\Temp\ApnStub.exe [357032] [MD5.37802DC23540941D3D5FFC0CFB97D9F0] [sPRF][11/27/2011] (...) -- C:\Users\Nando\Desktop\AD-R.exe [1563105] [MD5.82D919DECC0392654D2FEC441D79F78E] [sPRF][11/26/2011] (.Piriform Ltd - CCleaner Installer.) -- C:\Users\Nando\Desktop\ccsetup312_slim.exe [2592416] [MD5.CE14CD5688091EF35EA6B915BA8E812C] [sPRF][1/29/2012] (...) -- C:\Users\Nando\Desktop\GabKiller.exe [50688] [MD5.31B66CC197BE80F499538597FCFE3FBF] [sPRF][11/27/2011] (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Users\Nando\Desktop\mbam-setup-1.51.2.1300.exe [9852544] [MD5.E706EA02B65CF72C38E3EF9AC3078927] [sPRF][12/7/2011] (.El Desaparecido - UsbFix NSIS Installer.) -- C:\Users\Nando\Desktop\UsbFix.exe [1853823] ~ Scan Files in 00mn AMs ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{CDCD9BAF-17F3-4FD6-B5A5-FB766100440C}C:\program files\nero\nero8\nero home\nerohome.exe" | In - Private - P6 - TRUE | .(.Nero AG - Nero Home.) -- C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe O87 - FAEL: "UDP Query User{9B186859-53A4-42FD-8480-FE315AD32753}C:\program files\nero\nero8\nero home\nerohome.exe" | In - Private - P17 - TRUE | .(.Nero AG - Nero Home.) -- C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe O87 - FAEL: "{B22296A1-1D42-4D18-BFC7-AE95A7F357BE}" | In - Public - P6 - TRUE | .(.Software 2000 Limited - SMLMProxy Module.) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.exe O87 - FAEL: "{A7EAB557-C2CF-45EB-AF26-9FB04F8C793C}" | In - Public - P17 - TRUE | .(.Software 2000 Limited - SMLMProxy Module.) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.exe O87 - FAEL: "{094A8F33-657C-42EC-8ECD-208517A66F5A}" | In - Private - P6 - TRUE | .(.Software 2000 Limited - SMLMProxy Module.) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.exe O87 - FAEL: "{B088DF70-8EAA-4E00-B916-C5F202AC428F}" | In - Private - P17 - TRUE | .(.Software 2000 Limited - SMLMProxy Module.) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.exe O87 - FAEL: "TCP Query User{1B03D15D-16C1-4B80-AC8B-E2DC514ADCAC}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P6 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe O87 - FAEL: "UDP Query User{C6C250E6-CE62-4862-B60D-5C5037FA03E4}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P17 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe O87 - FAEL: "{CEBD97CB-0C19-4591-96B4-469FBB182EA1}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{A7A5DFEE-8BF0-424C-B745-0C952060DE36}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{CDFE7714-0C24-477D-A880-87A4C75CE45B}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{1D8A4263-552C-481E-9484-7AD273D55200}" | In - Domain - P17 - TRUE | .(.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe O87 - FAEL: "TCP Query User{41B771AE-8753-49FA-AB31-03C194F820B7}C:\program files\google\google earth\client\googleearth.exe" | In - Private - P6 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\client\googleearth.exe O87 - FAEL: "UDP Query User{C9813CEA-D4BD-4F22-9682-DCC505A7C155}C:\program files\google\google earth\client\googleearth.exe" | In - Private - P17 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\client\googleearth.exe O87 - FAEL: "{2E883901-7247-4E54-AA74-1B30C710E5F0}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{B22DF17E-08A8-4467-AF6E-6A7D1EF0E8D6}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{DB3CFD26-4E8B-4A68-9AF9-30AB68E73E9C}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{7968B426-AE49-4308-BFE5-9C53C2F4699D}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{B398B784-8971-4FA3-888E-6A30302AD10E}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{D45D1550-E90B-4CB1-9D96-A7936226E07A}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{0493AC32-7A22-45A1-BA09-1E3DFBB8290B}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{3DB1CB9A-A618-43E5-B055-836AB725852A}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{C8DA7A39-5E27-4303-B32A-40DD39065B39}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{37E6BDAA-CC93-4C6A-B61A-389714501BCE}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{7262CA03-EA5D-4C04-B9B4-B47342AECEAB}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{4ECF6187-A89A-435E-8A47-46940FEB8378}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{ED32F55E-0F25-4B78-AA9B-2A3FE9F537F2}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{C037B885-86CB-44FA-8777-D75B6AB79132}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{412F70C0-02C5-47D9-ACEE-4E60B8DA1EAC}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{5673133F-E3B7-4CC7-B10B-9FFFA8902F2D}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{0A0A385A-C032-4C81-800A-45AAD13F3BD7}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{09D2A790-817D-4FBD-9B6B-3B84AE06E000}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{B7287028-ED06-4F9A-979D-480A3014DBFC}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{67209966-2086-4AA7-A508-E8B1744B20A6}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{697F0288-229B-49A7-83D3-71E7FA563B5A}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{C2D2EE55-DC8E-4BC1-9208-F8D16F4564C0}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{E6C03A90-A207-4861-8772-0C270D0FCA88}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{D492E603-D621-47D8-B69B-B1B949F895DC}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{7B483BB8-7B2D-4614-A24F-05A7E39C4524}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{3663D9CC-3434-4FDC-A3BD-12AE938DF23F}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{66D9785C-045F-4E82-9624-842425A4D17E}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{ABA1D379-53AB-408B-8A6E-62E41847F1BA}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{A8E82DAC-4688-49BA-83C0-58EF0F031575}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{AF540931-CBCA-4055-93A6-A3B68093FF2C}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{642902C3-2B75-4291-9C0E-B965C6CD48F3}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{A9A4A22C-BE7C-4DCE-A2EF-A5A188216201}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{2529CBAE-42BA-48B3-B7A9-8D4776697471}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{C081C868-DECE-46CE-A555-6A389FB41C37}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{BCAD8873-33AC-4235-B826-A889FD306759}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{A8ED47CD-084F-4B44-A2B7-078CCD510C54}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{639BFC00-AA5F-4DD2-A9D2-1B179802E180}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{8EB14F99-F7F3-4CFE-860B-DE9C875E773F}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{36333049-57ED-4DF8-9F97-26FF3B4CCF5A}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{30671204-0274-4E15-AA2A-E5B40B79C53D}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{E27044D4-0404-4C16-A742-FF9F23FA001E}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{FE96B82A-568A-493D-992E-220DB934AA88}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{1F22F9F0-31E5-4137-9897-331DD6D54D6C}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{BF3FB522-ADFA-40D6-B498-0F4D1D20EBB6}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{BC8FC37E-DF4A-4E2A-8027-4D3AD6AC095C}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{921C4B38-B7D1-4D38-96E0-1969A8BD9E5B}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{29D03279-FE1D-41BC-9CC9-EE10BE25F474}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{AF688C3D-CE0C-4DEF-A18A-7E4B6028C3D5}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{B39006A7-DCE4-4569-A161-49000E1EFB2C}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{F206D76F-6170-4A1F-8383-340D164A19A0}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{8BDA295E-55D7-4BEF-8A65-533803581462}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{19B0438A-B4DE-43A4-A7FC-C063A20D77FE}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{84067C4F-8C4B-4362-8495-2446CAD3FA48}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{809FFCD8-5945-4AB9-BEF2-040881191FB9}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{CFEC8D8B-DEAD-43E9-9B63-E99799B64621}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{29C68EA9-7FA4-4754-9B1D-2B590CAA46EB}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{16E98BC0-292E-4239-B69C-2D0BA82D5372}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{5C6BF87F-CF6A-4991-A699-EA4197FA6FFD}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{FB30645F-EFD1-4E7D-9F28-77433320C6A5}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{BB798F00-C2E8-4E0A-8374-5752CB8E393B}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{73FB81B2-E722-43EE-B6B7-34AB0C7E21BE}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{2D6D7B32-CC58-4A91-9981-8288FFA53072}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{636860A3-BA9D-454C-8761-D5E35B1D0EA3}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{401742A1-A2F6-42CB-83ED-743E85444662}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{A8BD9D17-93B1-4B01-AF4A-0DA04D02C7F6}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{CBE0FF27-74F9-4D51-A4BF-541CD0D4D409}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "{B7DAD4C9-03B3-4BAE-8819-4CC9DC3889FE}" | In - None - P17 - TRUE | .(.Hewlett-Packard - HP Software Update Client.) -- C:\Program Files\HP\HP Software Update\HPWUCli.exe O87 - FAEL: "{7A5AAA32-A82B-486A-9DBA-5F0E0915770F}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe ~ Scan Firewall in 04mn AMs ---\\ Additionnal Scan (O88) Database Version : 9053 - (22/01/2012) Clés trouvées (Keys found) : 29 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 1 [HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.AskSBar [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Toolbar.AskSBar [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Toolbar.AskSBar [HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar [HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Toolbar.AskSBar [HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.AskSBar [HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Toolbar.AskSBar [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.AskSBar [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.AskSBar [HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar [HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.AskSBar [HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar [HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AskSBar [HKCU\Software\APN] =>Toolbar.Agent [HKLM\Software\APN] =>Toolbar.Agent [HKCU\Software\Ask.com] =>Toolbar.AskBar [HKCU\Software\Ask.com] =>Toolbar.AskBarDis [HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar [HKLM\Software\AskToolbar] =>Toolbar.AskTBar [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShoppingReport2 [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater =>Toolbar.Ask C:\Program Files\Ask.com =>Toolbar.AskBar C:\Users\nando\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar C:\Users\nando\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon C:\Users\nando\AppData\LocalLow\facemoods.com =>Toolbar.Facemoods C:\Users\nando\AppData\Local\Temp\AskSearch =>Toolbar.AskBarDis C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar =>Toolbar.AskTBar ~ Scan Additionnel in 10mn AMs ---\\ Router Hijack DNS (O89) Servidor: resolver1.telesp.net.br Address: 200.204.0.10 Nome: www-cctld.l.google.com Address: 74.125.113.94 Aliases: www.google.fr ~ Scan DNS in 04mn AMs ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 11/28/2011 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe SS - | Auto 3/16/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 3/16/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 3/16/2010 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 2/18/2008 877864 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe SS - | Demand 2/28/2008 529704 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe SS - | Demand 6/19/2011 4122968 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\System32\GameMon.des SR - | Auto 12/19/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\System32\IoctlSvc.exe SR - | Auto 1/26/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe SR - | Auto 7/13/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 6/26/2007 386560 | (XAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\drivers\XAudio.exe ~ Scan Services in 09mn AMs ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ Scan MBR in 02mn AMs ---\\ Search Master Boot Record Infection (MBRCheck)(O80) (None) End of the scan (1807 lines in 16mn AMs)(10) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 30, 2012 Bom Dia! Manain |- Lance,novamente,GabKiller e escolha a opção "Suppression" ou "Delete". |- Poste o relatório! ///°°°/// |- Abra o Spybot Search & Destroy! |- No menu superior,vá em Modo e selecione a opção Avançado. --> Confirme! |- Clique no botão Ferramentas e depois em Residente. |- Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema ) |- Desmarque,também,"Resident SDHelper". ///°°°/// |- Feche programas/pastas que estejam abertas. |- Dê um duplo clique em ZHPFix. |- Clique no menu,H < > [MD5.71200E7924D30860F032C7BE3EDDCB3B] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [901800] [PID.3660]R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} . (.Conduit Ltd. - Conduit Toolbar.) (5, 5, 0, 10) -- C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll R3 - URLSearchHook: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.3.0) -- C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask - Ask Toolbar.) (5.13.2.19379) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Orphean Key O2 - BHO: MessengerPlusLive Brazil TB - {c69650dc-9644-4580-aa86-0ea329ee6c60} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll O3 - Toolbar: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\MessengerPlusLive_Brazil_TB\tbMess.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe O4 - Global Startup: C:\Users\nando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Saint Paint.lnk . (...) -- C:\Program Files\Saint Paint\SaintPaint.exe (.not file.) [MD5.14426438EDA546F331650854F4CD63A8] [APT] [scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe [MD5.00000000000000000000000000000000] [APT] [{36076C5A-0859-47AD-AD0D-769FC19314D9}] (...) -- c:\program files\internet explorer\iexplore.exee-chrome:notoffered;systemlevelpresent (.not file.) [MD5.00000000000000000000000000000000] [APT] [{38B9E1A6-6888-4E5F-8867-AC6BD9FDAB5D}] (...) -- C:\Arquivos de programas\Counter-Strike Source\srcds.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{57A6B7B8-783F-4115-852E-0616E56E567F}] (...) -- C:\Users\nando\Downloads\atualizacaoradaresipiranga.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{69FF64BB-A868-4954-9594-E8999F82D0E4}] (...) -- C:\Arquivos de programas\Acer\Acer Crystal Eye webcam\CrystalEye.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{D5789B95-7383-43B7-A7C6-DD577E531FC6}] (...) -- C:\Program Files\Internet Explorer\iexplore.exee-chrome:notoffered;systemlevelpresent (.not file.) [MD5.00000000000000000000000000000000] [APT] [{E9C7D238-6733-457A-8E14-DE9095A02D66}] (...) -- E:\Counter Strike Source Modern Warfare 2\PackAddons_CSS_beta_4.exe (.not file.) O43 - CFD: 12/21/2011 - 2:08:18 PM - [2.827] ----D- C:\Program Files\Ask.com O43 - CFD: 12/18/2011 - 9:25:52 PM - [0] ----D- C:\ProgramData\Ask O45 - LFCP:[MD5.A1E96EA75931DB71E569BD0B652C1663] - 1/2/2012 - 2:06:42 PM ---A- - C:\Windows\Prefetch\AgCx_SC2.db O45 - LFCP:[MD5.B0C8E8BC0170FF04FFF3500F7BD7BDD7] - 1/25/2012 - 3:19:03 PM ---A- - C:\Windows\Prefetch\AgCx_SC1.db O45 - LFCP:[MD5.CC21FC0F89833F21C741FC28D40B9606] - 1/27/2012 - 6:48:18 AM ---A- - C:\Windows\Prefetch\AgCx_SC4.db O45 - LFCP:[MD5.30F1B9BAEFCE4C0B8EC8BA7BA61CE389] - 1/29/2012 - 10:04:52 AM ---A- - C:\Windows\Prefetch\AgRobust.db O45 - LFCP:[MD5.36A4E19DD2F67701C1154784B3B4766F] - 1/29/2012 - 10:04:56 AM ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db O45 - LFCP:[MD5.961E62746BFCE773F4D9176E21F7CD56] - 1/29/2012 - 10:05:03 AM ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db O45 - LFCP:[MD5.DD76DA36D966027D6D63C7E108EB9A14] - 1/29/2012 - 10:05:05 AM ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db [MD5.DA1F52F275BB5881FBBF7792DB713A34] [sPRF][11/10/2011] (.Ask.com - AskStub Application.) -- C:\Users\nando\AppData\Local\Temp\ApnStub.exe [357032] [HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] [HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] [HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] [HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}] [HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] [HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] [HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] [HKCU\Software\APN] [HKLM\Software\APN] [HKCU\Software\Ask.com] [HKCU\Software\Ask.com] [HKCU\Software\AppDataLow\Software\AskToolbar] [HKLM\Software\AskToolbar] [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater C:\Program Files\Ask.com C:\Users\nando\AppData\LocalLow\AskToolbar C:\Users\nando\AppData\LocalLow\BabylonToolbar C:\Users\nando\AppData\LocalLow\facemoods.com C:\Users\nando\AppData\Local\Temp\AskSearch C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar emptytemp emptyflash firewallraz sysrestore |- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix. |- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote. |- Clique em GO -> Oui. |- Ao concluir,e caso tenha desaparecido todos os ícones de seu desktop,faça o seguinte: |- Abra o Gerenciador de tarefas. ( ctrl+alt+del ) |- Clique na aba "Aplicativos". |- Clique em "Nova tarefa..." |- Digite na caixa: explorer.exe |- Clique em OK. |- Poste o relatório: C:\ZHP\ZHPFixReport.txt |- Ps: Também,será gerado o relatório ( ZHPExportRegistry-dia-mes-ano-hs-min-seg ),que será backup das entradas removidas. <- Não poste-o! |- Ps: Cracks & Keygens serão removidos,pois fragilizam a segurança no PC. ( Eles estão destacados em vermelho escuro no script! ) |- Caso lhe seja fundamental mantê-los,pode retirá-los do script. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Fevereiro 1, 2012 Segue relatorio GabKiller após a opção "Suppression" =========== Informations =========== Mis à jour le : 07/08/2011 à 16h12 | 1.45 par 2011N2 Rapport de suppression de GabKiller par 2011N2 Contact : lot12@hotmail.fr Site : http://2011n2.forumgratuit.fr/ Début du nettoyage : 0:10:16 ###################################### Clés supprimées #################################### ============================ Section HKLM ============================ supprimé !! HKLM\Software\AskToolbar supprimé !! HKLM\Software\Classes\WlcUI.DialerWindow supprimé !! HKLM\Software\Classes\WlcUI.DialerWindow.1 supprimé !! HKLM\Software\Classes\WlcUI.PhoneNumber supprimé !! HKLM\Software\Classes\WlcUI.PhoneNumber.1 supprimé !! HKLM\Software\Classes\AppID\GenericAskToolbar.DLL supprimé !! HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} supprimé !! HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} supprimé !! HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd supprimé !! HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF supprimé !! HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} supprimé !! HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} supprimé !! HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF supprimé !! HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} supprimé !! HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} supprimé !! HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} supprimé !! HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} supprimé !! HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} supprimé !! HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF supprimé !! HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 supprimé !! HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} supprimé !! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar supprimé !! HKLM\Software\APN ============================ Section HKCU ============================ Supprimé !! HKCU\Software\Ask.com Supprimé !! HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Supprimé !! HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} ============================ Section HKCR ============================ ========================== Dossiers/Fichiers ======================== Supprimé !! "C:\Program Files\Ask.com" =================================== Fin du nettoyage : 0:11:47 Copyright © 2011. Tous droits réservés. ======== EOF ======== Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 1, 2012 Bom Dia! Manain |- Restou o log de ZHPFix. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Fevereiro 1, 2012 O ZHPFIX possui um tela esta "working" rodando a mais de 08:00 horas, eu acho que esta travado. No rodape da tela possui um endereço de site http://www.premiumorange.com./zeb-help-process/zhpfix.html e um barra que parece ter executado 10%. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 1, 2012 O ZHPFIX possui um tela esta "working" rodando a mais de 08:00 horas, eu acho que esta travado. No rodape da tela possui um endereço de site http://www.premiumorange.com./zeb-help-process/zhpfix.html e um barra que parece ter executado 10%. Opa! Manain |- Sim! Está travado. |- Abra o Gerenciador de tarefas e pare o processo ZHPDiag.exe. |- Desabilite o Spybot. |- Execute novamente "ZHPFix,mas faça-o em "Modo de Segurança". Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Fevereiro 2, 2012 Boa Noite Estou tentando executar em mode de segurança mas ocorre o seguinte mensagem. Impossible de creer le fichier "c:\users\nando\App Data\local\google\chrome\user data\Default\Preferenes" acesso negado OK esta mensagem aparece tanto em mode de segurança como no normal, desinstalei o Chrome, e fiz limpeza com cleaner, tentei executar no modo de segurança a mensagem continua. Se clicar no OK, o programa ZHPfix trava. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Fevereiro 3, 2012 Boa Noite! Manain |- Editei o script,removendo alguns objetos! Tente,novamente,executar ZHPFix em Modo Normal. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites