[Resolvido] &nbspAvast está disparando alertas de virus direto

[Edvan 30]

Boa noite, quando cheguei em casa para minha surpresa a maquina estava toda infectada, computador usado por varias pessoas só dar isso, o avast está alertando virus direto..

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:30:43, on 26/01/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16912)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

C:\Windows\system32\DllHost.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {27932703-59C1-4B18-A46D-ED8FC2D35BAA} (NEWIE Control) - http://vurdson.dyndns.org:8080/NEWIE.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Acronis Serviço Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Serviço de Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

 

--

End of file - 4568 bytes

[DigRam 144]

Boa Noite! Edvan

 

|- Tudo aponta para FP do Avast. Execute o Malwarebytes em seu completo escaneamento,para essa verificação.

 

///°°°///

 

|- Baixe: < >

 

|- < Link - 2 >

 

|- < Link - 3 >

 

|- Atualize o programa!

|- Escolha o escaneamento Completo!

|- Desabilite programas de proteção,ao executar o malwarebytes.

|- Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

|- Ao concluir,clique em "Remover itens".

|- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt

 

Abraços!

[Edvan 30]

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

 

Versão da Base de Dados: v2012.01.26.06

 

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Edvan :: EDVAN-PC [administrador]

 

26/01/2012 23:27:03

mbam-log-2012-01-26 (23-27-03).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 273427

Tempo decorrido: 37 minuto(s), 15 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 2

C:\Users\Edvan\Desktop\windows.exe (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Edvan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7aceea67-63459d26 (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

[DigRam 144]

Bom Dia! Edvan

 

|- Malwarebytes detectou Trojan.Banker,que são roubadores de senha,além de outras nefastas ações. Após o Bankerfix,recomendo mudar suas senhas. ( OnLine Banking ,Orkut ,Msn ,EMail ,PayPal ,... )

 

///°°°///

 

|- Baixe: < BankerFix 3.1 >

|- Salve-o no disco local!

|- Desabilite,temporariamente,o seu anti-vírus.

|- Dê um duplo-clique sobre o bankerfix.exe.

|- Ps: Execute o bankerfix.exe,apenas uma vez!Evitando,com isso,a sobrescrição de seu relatório.

|- A janela do BankerFix 3.1,abrir-se-á com a seguinte pergunta: "Instalar o Bankerfix 3.1?"

|- Clique em Sim!

|- Uma janela informando que o BankerFix 3.1 será baixado,via internet,abrir-se-á.

|- Clique OK. <-- Aguarde!

|- Na próxima janela,clique em OK.

|- O BankerFix 3.1 será iniciado!

|- Pressione qualquer tecla,para dar continuidade ao processo. <-- Aguarde!

|- Terminado o scan,leia a mensagem na tela e aperte Enter.

|- Habilite o seu anti-vírus.

|- Retorne com o relatório,do BankerFix,que estará em: C:\LinhaDefensiva\relatorio.txt

|- Verifique se o Avast,ainda,detecta o malware.

 

Abraços!

[Edvan 30]

Boa tarde Digram!

 

Eu também tinha visto isso, ate passei o BankerFix antes e nao pegou nada, passei ele novamente agora e nao pegou nada, veja a imagem abaixo:

 

 

Vou postar novo log.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:06:29, on 27/01/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16912)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\taskhost.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {27932703-59C1-4B18-A46D-ED8FC2D35BAA} (NEWIE Control) - http://vurdson.dyndns.org:8080/NEWIE.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Acronis Serviço Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Serviço de Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

 

--

End of file - 4671 bytes

 

Outra coisa que observei foi que toda pagina que abria mostrava um cavalo de troia, isso tanto no IE como no FF, daí olhei nas configuracoes de rede, mostrava o link estranho no proxy, aqui em casa nao uso proxy, era um link infectado..

 

esta aqui:

[Edvan 30]

OBS: Vou postar outro log aqui, baseado num tutorial que você abriu..

 

================================== Informations ==================================

 

Rapport de recherche de ToolbarShooter.

 

Outil développé par 2011N2

Contact : lot12@hotmail.fr

Site : http://2011n2.forumgratuit.fr/

Mis à jour le : 20/01/2012 à 19h45 par 2011N2

 

Début du scan de recherche : 20:43:11

Nom du PC : EDVAN-PC

 

Système d'exploitation : Windows 7 Professional

Internet Explorer : 8.0.7600.16385

Mozilla Firefox : 9.0.1 (pt-BR)

Mozilla Firefox : version 5

Mozilla Firefox : version 6

 

############################# Toolbars, pups et adwares néfastes détéctés #############################

 

 

Clé présente : HKLM\Software\Iminent

Clé présente : HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

Clé présente : HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Clé présente : HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

 

 

Clé présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Clé présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486b-A045-B233BD0DA8FC}

Clé présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486b-A045-B233BD0DA8FC}

Clé présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}

Clé présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}

Clé présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}

Clé présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}

Clé présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}

Clé présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}

Clé présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}

Clé présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Clé présente : HKCU\Software\Iminent

 

 

Clé présente : HKCR\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}

Clé présente : HKCR\AppID\escort.DLL

 

 

Dossier présent : C:\Users\Edvan\AppData\Roaming\Babylon

Dossier présent : C:\Users\Edvan\AppData\Local\Babylon

Dossier présent : C:\Users\Edvan\AppData\LocalLow\BabylonToolbar

Dossier présent : C:\Users\Edvan\AppData\LocalLow\Toolbar4

 

 

 

===============================================

 

Fin du scan de recherche de ToolbarShooter à 20:43:57 par EDVAN-PC

 

############### EOF ###############

 

Merci d'envoyer le rapport à cette adresse, en précisant la raison d'emploi de cet outil. Cela permettera au développeur d'effectuer d'éventuelles modifications : lot12@hotmail.fr

 

Merci de votre contribution !

[DigRam 144]

Boa Dia!Edvan

 

OBS: Vou postar outro log aqui, baseado num tutorial que você abriu..

|- E pode lançá-lo,novamente,na opção Suppression ou Delete.

|- Poste o relatório!

 

////°°°////

 

|- Baixe: < > < > ( ...par Nicolas Coolman )

 

|- Estando na página,clique em: < >

 

|- Salve-o em Arquivos de programas e descompacte-o aí mesmo!

 

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe". < >

|- Ps: Confirme todos os passos,ao instalar ZHPDiag.

|- Clique em |-- Termine.

|- Abra a ferramenta,clicando no ícone do pergaminho. < >

|- Atualize-a,clicando na seta verde,no topo à direita.

|- A atualização estará completa,ao termos a mensagem:

 

|- Habilite todas as opções de diagnóstico,clicando em ( Ícone da chave de fenda )

 

 

|- Clique em All.

|- Dê início ao diagnóstico ( Diag ),clicando no ícone da lupa.

|- Ao concluir,clique no ícone da máquina fotográfica ou "Save Report",para dispormos do relatório.

|- Salve-o em um local conveniente!

|- Caso queira salvar o log no Bloco de Notas,clique no ícone da máquina fotográfica e cole-o no BN.

|- Poste-o,na sua resposta: ZHPDiag.txt

|- Tendo problemas ao postar esse relatório,acesse < >

|- Maiores informações: |Link| >

 

Abraços!

[Edvan 30]

=========== Informations ===========

 

Mis à jour le : 20/01/2012 à 19h45 par 2011N2

Rapport de suppression de ToolbarShooter par 2011N2

Contact : lot12@hotmail.fr

Site : http://2011n2.forumgratuit.fr/

 

Début du scan de suppression : 10:57:03

 

################################## Toolbars, pups et adwares néfastes supprimés ################################

 

 

Clé supprimée avec succès : HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}

Clé supprimée avec succès : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4

Clé supprimée avec succès : HKLM\Software\Mircrosoft

Clé supprimée avec succès : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212

Clé supprimée avec succès : HKLM\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}

Clé supprimée avec succès : HKLM\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}

 

 

Clé supprimée avec succès : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Clé supprimée avec succès : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486b-A045-B233BD0DA8FC}

Clé supprimée avec succès : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486b-A045-B233BD0DA8FC}

Clé supprimée avec succès : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}

Clé supprimée avec succès : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}

Clé supprimée avec succès : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}

Clé supprimée avec succès : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}

Clé supprimée avec succès : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}

Clé supprimée avec succès : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}

Clé supprimée avec succès : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}

Clé supprimée avec succès : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Clé supprimée avec succès : HKCU\Software\Iminent

 

 

Clé supprimée avec succès : HKCR\AppID\escort.DLL

 

 

Dossier supprimé avec succès : "C:\Users\Edvan\AppData\Roaming\Babylon"

Dossier supprimé avec succès : "C:\Users\Edvan\AppData\Local\Babylon"

Dossier supprimé avec succès : "C:\Users\Edvan\AppData\LocalLow\BabylonToolbar"

Dossier supprimé avec succès : "C:\Users\Edvan\AppData\LocalLow\Toolbar4"

Dossier supprimé avec succès : "C:\Users\Edvan\AppData\Local\OpenCandy"

Dossier supprimé avec succès : "C:\Users\Edvan\AppData\Roaming\OpenCandy"

Dossier supprimé avec succès : "C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml"

Dossier supprimé avec succès : "C:\Program Files\Mozilla FireFox\searchplugins\fcmdSrch.xml"

 

======== Page de démarrage Internet Explorer ========

 

Page de démarrage d'Internet Explorer restaurée avec succès.

 

===================================

 

Fin du nettoyage : 10:57:51

 

 

======== EOF ========

 

Merci d'envoyer le rapport à cette adresse, en précisant la raison d'emploi de cet outil. Cela permettera au développeur d'effectuer d'éventuelles modifications : lot12@hotmail.fr

 

Merci de votre contribution !

 

 

L'utilisateur à décidé de redémarrer l'ordinateur ultérieurement

 

 

 

 

....................\\\.....................................

 

 

Rapport de ZHPDiag v1.28.315 par Nicolas Coolman, Update du 22/01/2012

Run by Edvan at 29/01/2012 11:07:41

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Web site : http://nicolascoolman.skyrock.com/

State : Your version is update.

 

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.7600.16385

MFIE: Mozilla Firefox 9.0.1 v9.0.1 (Defaut)

GCIE: Google Chrome

 

---\\ Windows Product Information

~ Langage: Anglais

Windows 7 Business Edition, 32-bit (Build 7600)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

 

---\\ System Information

~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 2035 MB (53% free)

System Restore: Activé (Enable)

System drive C: has 14 GB (26%) free of 51 GB

 

---\\ Logged in mode

~ Computer Name: EDVAN-PC

~ User Name: Edvan

~ All Users Names: Edvan, Convidado, Administrador,

~ Unselected Option: None

Logged in as Administrator

 

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\Edvan\AppData\Roaming\

~ %Desktop% : C:\Users\Edvan\Desktop\

~ %Favorites% : C:\Users\Edvan\Favorites\

~ %LocalAppData% : C:\Users\Edvan\AppData\Local\

~ %StartMenu% : C:\Users\Edvan\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\system32\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 14 Go of 51 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 17 Go of 34 Go)

E:\ Hard drive, Flash drive, Thumb drive (Free 4 Go of 15 Go)

F:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 25 Go)

G:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 1 Go)

H:\ CD-ROM drive (Not Inserted)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoDispScrSavPage: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

~ Scan Security Center in 00mn 00s

 

 

 

---\\ Search Generic System Files

[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 02:33:07.) -- C:\Windows\Explorer.exe [2614784]

[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) (.13/07/2009 - 22:14:31.) -- C:\Windows\system32\rundll32.exe [44544]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\system32\Wininit.exe [96256]

[MD5.7F5B51FACA193430346970283C50769F] - (.Microsoft Corporation - Internet Extensions para Win32.) (.05/11/2011 - 01:35:50.) -- C:\Windows\system32\wininet.dll [981504]

[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\system32\Winlogon.exe [285696]

[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\system32\sppcomapi.dll [193024]

[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\drivers\AFD.sys [338944]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]

[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\drivers\Cdfs.sys [70656]

[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\drivers\Cdrom.sys [108544]

[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\drivers\DfsC.sys [78336]

[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\drivers\HDAudBus.sys [108544]

[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896]

[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\drivers\IpNat.sys [101888]

[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\drivers\MRxSmb.sys [123392]

[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\drivers\netBT.sys [187904]

[MD5.187002CE05693C306F43C873F821381F] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:44:01.) -- C:\Windows\system32\drivers\ntfs.sys [1210240]

[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\drivers\Parport.sys [79360]

[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\drivers\Rasl2tp.sys [78848]

[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\drivers\rdpdr.sys [133120]

[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168]

[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\drivers\tdx.sys [74240]

[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\drivers\volsnap.sys [245328]

~ Scan Generic Processes in 00mn 00s

 

 

 

---\\ Hidden files state (Hidden/Total)

~ Mes images (My Pictures) : 2/10

~ Mes musiques (My Musics) : 1/83

~ Mes Videos (My Videos) : 1/35

~ Mes Favoris (My Favorites) : Non accessible (Not found)

~ Mes Documents (My Documents) : 9/1996

~ Mon Bureau (My Desktop) : 23/2242

~ Menu demarrer (Programs) : 7/35

~ Scan Hidden Files in 00mn 07s

 

 

 

---\\ Running Processes

[MD5.F7226AA410954185160067D5FA82F3F2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3744552] [PID.556]

[MD5.CC398EEE87E3AF073CDF90AE7C513D26] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe [10981248] [PID.3252]

[MD5.11CCA710674739E3DB8F7450A5B650B6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.1320]

[MD5.0619C9E7A3682C54BD226A831897CD06] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.1760]

[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [47104] [PID.2980]

[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.1024]

[MD5.7B2D61A81906852CE38A46D09EFEEE9D] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.3332]

~ Scan Processes Running in 00mn 00s

 

 

 

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

C:\Users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\15q1nmpg.default\prefs.js

M3 - MFPP: Plugins - [Edvan] -- C:\Users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\15q1nmpg.default\searchplugins\askcom.xml

M3 - MFPP: Plugins - [Edvan] -- C:\Users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\15q1nmpg.default\searchplugins\SearchTheWeb.xml

M3 - MFPP: Plugins - [Edvan] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml

M3 - MFPP: Plugins - [Edvan] -- C:\Program Files\Mozilla FireFox\searchplugins\buscape.xml

M3 - MFPP: Plugins - [Edvan] -- C:\Program Files\Mozilla FireFox\searchplugins\fcmdSrch.xml

M3 - MFPP: Plugins - [Edvan] -- C:\Program Files\Mozilla FireFox\searchplugins\fcmdSrchpcmega.xml

M3 - MFPP: Plugins - [Edvan] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [Edvan] -- C:\Program Files\Mozilla FireFox\searchplugins\mercadolivre.xml

M3 - MFPP: Plugins - [Edvan] -- C:\Program Files\Mozilla FireFox\searchplugins\twitter.xml

M3 - MFPP: Plugins - [Edvan] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-br.xml

M3 - MFPP: Plugins - [Edvan] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml

M0 - MFSP: prefs.js [Edvan - 15q1nmpg.default] http://www.google.com

M2 - MFEP: prefs.js [Edvan - 15q1nmpg.default\DefaultManager@Microsoft] [] Default Manager v2.3 (.Microsoft Corporation.)

M2 - MFEP: prefs.js [Edvan - 15q1nmpg.default\ffxtlbr@babylon.com] [] Babylon v1.1.9 (.Babylon.)

M2 - MFEP: prefs.js [Edvan - 15q1nmpg.default\{C9B68337-E93A-44EA-94DC-CB300EC06444}] [] IMinent Toolbar v4.45.0 (.IMinent.)

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_25 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60831.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3538.0513] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@real.com/nppl3260;version=12.0.1.647] - (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

P2 - FPN: [HKLM] [@real.com/nprjplug;version=12.0.1.647] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

P2 - FPN: [HKLM] [@real.com/nprpchromebrowserrecordext;version=12.0.1.652] - (.RealNetworks, Inc. - RealNetworks RealPlayer Chrome Background Extension Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserre

P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=12.0.1.652] - (.RealNetworks, Inc. - RealPlayer HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

P2 - FPN: [HKLM] [@real.com/nprpjplug;version=12.0.1.647] - (.RealNetworks, Inc. - 12.0.1.647.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

~ Scan Firefox Browser in 00mn 00s

 

 

 

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.fr

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navegador da Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

~ Scan IE Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

 

 

 

---\\ Changed inifile Value, Mapped to Registry (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 21

 

 

 

---\\ Browser Helper Objects (O2)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

~ Scan BHO in 00mn 00s

 

 

 

---\\ Internet Explorer toolbars (O3)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

~ Scan Toolbar in 00mn 00s

 

 

 

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

~ Scan Application in 00mn 00s

 

 

 

---\\ Other User Links (O4)

O4 - Global Startup: C:\Users\Edvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Edvan\Desktop\A Bíblia Sagrada Versão Digital 6.7 Freeware.lnk . (...) -- C:\ABSVD\absvd.exe (.not file.)

O4 - Global Startup: C:\Users\Edvan\Desktop\Auslogics Disk Defrag.lnk . (.Auslogics.) -- C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe

O4 - Global Startup: C:\Users\Edvan\Desktop\Foxit PDF Editor.lnk . (.Foxit Corporation.) -- C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe

O4 - Global Startup: C:\Users\Edvan\Desktop\GeanyPortable - Atalho.lnk . (.PortableApps.com.) -- C:\PortableApps\GeanyPortable\GeanyPortable.exe

O4 - Global Startup: C:\Users\Edvan\Desktop\MV RegClean 6.0.lnk . (...) -- C:\Program Files\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.EXE

O4 - Global Startup: C:\Users\Edvan\Desktop\Nero StartSmart.lnk . (.Nero AG.) -- C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe

O4 - Global Startup: C:\Users\Edvan\Desktop\TeamViewer 7.lnk . (.TeamViewer GmbH.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe

O4 - Global Startup: C:\Users\Edvan\Desktop\Windows Live Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Photo Gallery\MovieMaker.Exe

O4 - Global Startup: C:\Users\Edvan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Edvan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

O4 - Global Startup: C:\Users\Edvan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

O4 - Global Startup: C:\Users\Edvan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk . (.Nero AG.) -- C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe

O4 - Global Startup: C:\Users\Edvan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk . (...) -- C:\Program Files\PhotoScape\PhotoScape.exe

~ Scan Global Startup in 00mn 00s

 

 

 

---\\ IE Options icon not visible in Control Panel (O5)

O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no

~ Scan IE Control Panel in 00mn 00s

 

 

 

---\\ Extra items in the IE right-click menu (O8)

O8 - Extra context menu item: E&xportar para o Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~3\Office12\EXCEL.exe

~ Scan IE Menu Contextuel in 00mn 00s

 

 

 

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBro

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO

~ Scan IE Extra Buttons in 00mn 00s

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\System32\mswsock.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\System32\NapiNSP.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\System32\wshbth.dll

O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll

O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll

~ Scan Winsock in 00mn 00s

 

 

 

---\\ ActiveX Objects (Downloaded Program Files) (O16)

O16 - DPF: {27932703-59C1-4B18-A46D-ED8FC2D35BAA} (NEWIE Control) - http://vurdson.dyndns.org:8080/NEWIE.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} () - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

~ Scan Objets ActiveX in 00mn 00s

 

 

 

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{F8ED010B-0291-4504-A7C7-F6852397D316}: DhcpNameServer = 187.0.32.67 187.0.32.66 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{F8ED010B-0291-4504-A7C7-F6852397D316}: DhcpNameServer = 187.0.32.67 187.0.32.66 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{F8ED010B-0291-4504-A7C7-F6852397D316}: DhcpNameServer = 187.0.32.67 187.0.32.66 192.168.1.1

~ Scan Domain in 00mn 00s

 

 

 

---\\ Extra protocols (O18)

O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\MSVidCtl.dll

O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll

O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll

O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\MSVidCtl.dll

O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll

~ Scan Protocole Additionnel in 00mn 00s

 

 

 

---\\ AppInit_DLLs Registry value Autorun (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll

~ Scan Winlogon in 00mn 00s

 

 

 

---\\ ShellServiceObjectDelayLoad (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Monitor de Sites.) -- C:\Windows\system32\webcheck.dll

~ Scan SSODL in 00mn 00s

 

 

 

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)

O23 - Service: Acronis Serviço Scheduler2 (AcrSch2Svc) . (.Acronis - Acronis Scheduler 2.) - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) - C:\Windows\System32\IoctlSvc.exe

O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

~ Scan Services in 00mn 00s

 

 

 

---\\ Windows Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Scan Desktop Component in 00mn 00s

 

 

 

---\\

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

~ Scan Keys in 00mn 00s

 

 

 

---\\ Task Planned Automatically(039)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

[MD5.F3DC87E158FED1AA1A84B8BCFB012663] [APT] [PandaUSBVaccine] (...) -- C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe

[MD5.FD8DCAE8AAE888D8BAD0E6C2DAAAFB6D] [APT] [RealUpgradeLogonTaskS-1-5-21-3402164469-1559782933-1922221369-1001] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

[MD5.FD8DCAE8AAE888D8BAD0E6C2DAAAFB6D] [APT] [RealUpgradeScheduledTaskS-1-5-21-3402164469-1559782933-1922221369-1001] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

[MD5.00000000000000000000000000000000] [APT] [{11093E2E-8056-4FCB-A85D-5065F5BBE618}] (...) -- C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.

[MD5.00000000000000000000000000000000] [APT] [{2FD9DE13-099C-4DD4-84C7-5463CA8D6ED9}] (...) -- C:\Program Files\Active Ports\aports.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{344BDC5A-D727-445F-8F10-59E3CBD8694C}] (...) -- C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{3F856E6C-96C3-4014-852A-4418C5CE784C}] (...) -- C:\downloads\TrueImage2010_d_pt.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{66C18394-2001-46DB-A739-4570DC3210EE}] (...) -- C:\Users\Edvan\AppData\Local\Temp\Uninstal.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{6B1B2A89-3CCD-43DD-BC91-165D44C3C448}] (...) -- C:\Users\Edvan\Downloads\51942_bankerfix_30.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{6FF5A974-C41E-4034-8BDE-1618FC8A88FD}] (...) -- C:\Users\Edvan\Desktop\Edvan-CFTV\MultiView\DMMultiView.exe (.not file.)

[MD5.9A2347903D6EDB84C10F288BC0578C1C] [APT] [{9BEB025B-AE91-48E7-93A0-5DB826138016}] (.Trend Micro Inc..) -- C:\HiJackThis.exe

[MD5.00000000000000000000000000000000] [APT] [{CB39FF99-B8C4-4EB4-968D-B77A9FC5F8E0}] (...) -- F:\Oficce 2003 e 2007\Office 2007 Completo\setup.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{D30A95A0-6AD2-4811-905F-2D6122B9D37D}] (...) -- C:\downloads\TrueImage2010_d_pt.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{DDF2D4E6-3010-4446-9475-EFA2F582D8EB}] (...) -- C:\Users\Edvan\Desktop\VANIA\creativity_mmfull_baixaki.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{ED813E01-077A-4317-8ADB-1DB6E44C3755}] (...) -- C:\Users\Edvan\Desktop\51942_bankerfix_30(1).exe (.not file.)

[MD5.CC04069D56DED2DBD54D8240B44C9F5C] [APT] [{EF31CA8B-BF29-40C3-8111-A55F746532A5}] (...) -- C:\Program Files\Ares\uninstall.exe

[MD5.9A2347903D6EDB84C10F288BC0578C1C] [APT] [{F6B17997-5CB7-4A86-81DE-A48E95A50630}] (.Trend Micro Inc..) -- C:\HiJackThis.exe

~ Scan Scheduled Task in 00mn 04s

 

 

 

---\\ ActiveSetup Installed Components (O40)

O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll

O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll

O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll

O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll

O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll

O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.1 r102.) -- C:\Windows\System32\Macromed\Flash\Flash11e.ocx

~ Scan Active Setup in 00mn 00s

 

 

 

---\\ Drivers launched at startup (O41)

O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys

O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys

O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\system32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\system32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\Windows\system32\DRIVERS\serial.sys

O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys

~ Scan Drivers in 00mn 00s

 

 

 

---\\ Software installed (O42)

O42 - Logiciel: Acronis True Image Home - (.Acronis.) [HKLM] -- {67ED38A3-4882-448B-B44D-3428AB00D7D5}

O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Reader 9.4.4 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A94000000001}

O42 - Logiciel: Apostila IBGE 2011 versão 1.0 - (.Autodidata Editora.) [HKLM] -- {AC8C3DBD-1CD0-49CA-ADC2-1706A9311C79}_is1

O42 - Logiciel: Ares 2.1.7 - (.Ares Development Group.) [HKLM] -- Ares

O42 - Logiciel: Arquivo do WinRAR - (.Unknown owner.) [HKLM] -- WinRAR archiver

O42 - Logiciel: Atualização do produto Microsoft Office Excel 2007 Help (KB963678) - (.Microsoft.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}

O42 - Logiciel: Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) - (.Microsoft.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}

O42 - Logiciel: Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) - (.Microsoft.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}

O42 - Logiciel: Atualização do produto Microsoft Office Word 2007 Help (KB963665) - (.Microsoft.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}

O42 - Logiciel: Auslogics Disk Defrag - (.Auslogics Software Pty Ltd.) [HKLM] -- {DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1

O42 - Logiciel: BrOffice 3.3 - (.LibreOffice.) [HKLM] -- {CEE2613D-3B53-4447-BA2D-E88C08272581}

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: CPUID CPU-Z 1.57.1 - (.Unknown owner.) [HKLM] -- CPUID CPU-Z_is1

O42 - Logiciel: Controle ActiveX do Windows Live Mesh para Conexões Remotas - (.Microsoft Corporation.) [HKLM] -- {39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}

O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}

O42 - Logiciel: DMMultiView - (.Unknown owner.) [HKLM] -- {0434E275-020A-4A2E-B35A-D5652E464E32}

O42 - Logiciel: Digital Camera Driver - (.Unknown owner.) [HKLM] -- Digital Camera Driver

O42 - Logiciel: FormatFactory 2.60 - (.Free Time.) [HKLM] -- FormatFactory

O42 - Logiciel: Foxit PDF Editor - (.Foxit Corporation.) [HKLM] -- Foxit PDF Editor

O42 - Logiciel: GeoVision ADPCM - (.Unknown owner.) [HKLM] -- GeoADPCM

O42 - Logiciel: GeoVision H264 - (.Unknown owner.) [HKLM] -- Codec_264

O42 - Logiciel: GeoVision JPEG - (.Unknown owner.) [HKLM] -- Codec_jpeg

O42 - Logiciel: GeoVision MPEG2 - (.Unknown owner.) [HKLM] -- Codec_mp2

O42 - Logiciel: GeoVision MPEG4 - (.Unknown owner.) [HKLM] -- GEOXCodec

O42 - Logiciel: GeoVision MPEG4 ASP - (.Unknown owner.) [HKLM] -- Codec_amp4

O42 - Logiciel: GeoVision MPEG4 AVC - (.Unknown owner.) [HKLM] -- Codec_AVC

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI

O42 - Logiciel: Intel® TV Wizard - (.Intel Corporation.) [HKLM] -- TVWiz

O42 - Logiciel: Java 6 Update 25 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216022FF}

O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

O42 - Logiciel: MV RegClean 6.0 - (.Unknown owner.) [HKLM] -- MV RegClean 6.0_is1

O42 - Logiciel: Malwarebytes Anti-Malware versão 1.60.0.1800 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile PTB Language Pack - (.Microsoft Corporation.) [HKLM] -- {20A15757-4AE4-3C82-9711-863C84AFE6AA}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- ENTERPRISE

O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Outlook Connector - (.Microsoft Corporation.) [HKLM] -- {95140000-007A-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}

O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}

O42 - Logiciel: Mozilla Firefox 9.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 9.0.1 (x86 pt-BR)

O42 - Logiciel: Nero 8 - (.Nero AG.) [HKLM] -- {3C5F1B30-B10B-4579-86DD-D00F662E1046}

O42 - Logiciel: Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile PTB Language Pack

O42 - Logiciel: Panda USB Vaccine 1.0.1.4 - (.Panda Security.) [HKLM] -- {55A41219-9B22-4098-BAE7-AE289B3C569A}_is1

O42 - Logiciel: PhotoScape - (.Unknown owner.) [HKLM] -- PhotoScape

O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {7BE15435-2D3E-4B58-867F-9C75BED0208C}

O42 - Logiciel: RealNetworks - Microsoft Visual C++ 2008 Runtime - (.RealNetworks, Inc.) [HKLM] -- {7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}

O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0

O42 - Logiciel: RealUpgrade 1.1 - (.RealNetworks, Inc..) [HKLM] -- {28C2DED6-325B-4CC7-983A-1777C8F7FBAB}

O42 - Logiciel: Recuva - (.Piriform.) [HKLM] -- Recuva

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5C497F0B-2061-4CC9-A61C-6B45B867354D}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CD769337-C8AC-46DB-A7DC-643E50089263}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{536FB502-775F-4494-BACE-C02CC90B7A5B}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2553089) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2553090) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{643C12A2-AF9A-4712-B8BE-3B7650AFE00A}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2584063) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7F207DCA-3399-40CB-A968-6E5991B1421A}

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351

O42 - Logiciel: Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}

O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5A4E43D5-858F-49BD-BA72-8F30E1793060}

O42 - Logiciel: Security Update for Microsoft Office Groove 2007 (KB2552997) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3A1CBF7D-4704-40BC-B31C-AA761884A3E4}

O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB2510061) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5D930261-AA5B-48D1-931F-425C9D767490}

O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}

O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{AEA16A27-0B97-4670-818F-A98D06EC0A6F}

O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}

O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}

O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}

O42 - Logiciel: Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {20A15757-4AE4-3C82-9711-863C84AFE6AA}.KB2478663

O42 - Logiciel: Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {20A15757-4AE4-3C82-9711-863C84AFE6AA}.KB2518870

O42 - Logiciel: TeamViewer 7 - (.TeamViewer.) [HKLM] -- TeamViewer 7

O42 - Logiciel: USB Disk Security - (.Zbshareware Lab.) [HKLM] -- USB Disk Security_is1

O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523

O42 - Logiciel: Update for Microsoft Office 2007 (KB2508958) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

O42 - Logiciel: Update for Microsoft Office 2007 System (KB2539530) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}

O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}

O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{48202D27-A6D4-4264-A184-51A6E8AD7C40}

O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C20964A7-5181-45E5-9E82-72F5D400DEBF}

O42 - Logiciel: Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{567103D1-96CD-4B76-93B9-2681A187DEFF}

O42 - Logiciel: Update for Microsoft Office OneNote 2007 (KB980729) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{329050A9-EF80-40F9-B633-74508F54C1FF}

O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB2583910) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BDC21583-5601-4B2B-88F3-7919F6DE8FB1}

O42 - Logiciel: VCRedistSetup - (.Nero AG.) [HKLM] -- {3921A67A-5AB1-4E48-9444-C71814CF3027}

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- {43B43577-2514-4CE0-B14A-7E85C17C0453}

O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}

O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {E31B6056-1954-423B-9883-451F9F15887B}

O42 - Logiciel: Windows Live Galeria de Fotos - (.Microsoft Corporation.) [HKLM] -- {F7A46527-DF1F-4B0F-9637-98547E189442}

O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}

O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}

O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {AF844339-2F8A-4593-81B3-9F4C54038C4E}

O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9D56775A-93F3-44A3-8092-840E3826DE30}

O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9DA3F03B-2CEE-4344-838E-117861E61FAF}

O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {644063FA-ABA3-42AC-A8AC-3EDC0706018B}

O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {C9E1343D-E21E-4508-A1BE-04A089EC137D}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {E5B21F11-6933-4E0B-A25C-7963E3C07D11}

O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {92EA4134-10D1-418A-91E1-5A0453131A38}

O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}

O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {83C292B7-38A5-440B-A731-07070E81A64F}

O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {B33B61FE-701F-425F-98AB-2B85725CBF68}

O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}

O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {19A4A990-5343-4FF7-B3B5-6F046C091EDF}

O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {41B72CAF-036B-4E0A-8D22-F5DF7C970434}

O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}

O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {E6617B44-D556-49AC-B2A3-01451E115043}

O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}

O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}

O42 - Logiciel: Windows Live Sync - (.Microsoft Corporation.) [HKLM] -- {2DF215E0-BD3C-4C98-8616-AFEF09747285}

O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {DF71ABBB-B834-41C0-BB58-80B0545D754C}

O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}

O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {B3BE54A4-8DFE-4593-8E66-56AB7133B812}

O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM] -- {4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}

O42 - Logiciel: Xilisoft DVD to 3GP Converter - (.Xilisoft.) [HKLM] -- Xilisoft DVD to 3GP Converter

O42 - Logiciel: aTube Catcher - (.DsNET Corp.) [HKLM] -- aTube Catcher

O42 - Logiciel: avast! Free Antivirus - (.AVAST Software.) [HKLM] -- avast

O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AVAST Software]

[HKCU\Software\AVI ReComp]

[HKCU\Software\Acronis]

[HKCU\Software\Adobe]

[HKCU\Software\Ahead]

[HKCU\Software\AppDataLow\LastScanTime]

[HKCU\Software\AppDataLow\RealNetworks]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Apple Computer, Inc.]

[HKCU\Software\Apple Inc.]

[HKCU\Software\Ares]

[HKCU\Software\Armand_Morin]

[HKCU\Software\Auslogics]

[HKCU\Software\AutodidataEditora]

[HKCU\Software\CDDB]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\Foxit Corporation]

[HKCU\Software\FreeTime]

[HKCU\Software\Gabest]

[HKCU\Software\GeoVision]

[HKCU\Software\Google]

[HKCU\Software\IM Providers]

[HKCU\Software\INTEL]

[HKCU\Software\InstallCore]

[HKCU\Software\JavaSoft]

[HKCU\Software\LAV]

[HKCU\Software\LibreOffice]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\Mooii]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\Nero]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\OrolixCommunicator]

[HKCU\Software\Panda Security]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\ProgSense]

[HKCU\Software\RealNetworks]

[HKCU\Software\Softonic]

[HKCU\Software\Stardock]

[HKCU\Software\Sysinternals]

[HKCU\Software\TeamViewer]

[HKCU\Software\Trolltech]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\Wow6432Node]

[HKCU\Software\Xilisoft]

[HKCU\Software\eBook Maestro Books]

[HKLM\Software\ATI Technologies]

[HKLM\Software\AVAST Software]

[HKLM\Software\Acronis]

[HKLM\Software\Adobe]

[HKLM\Software\Ahead]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\AviSynth]

[HKLM\Software\Babylon]

[HKLM\Software\CDDB]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Eset]

[HKLM\Software\Foxit Software]

[HKLM\Software\GeoVision]

[HKLM\Software\Google]

[HKLM\Software\Iminent]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\LibreOffice]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\Mooii]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\NeroDigital]

[HKLM\Software\Nero]

[HKLM\Software\ODBC]

[HKLM\Software\Panda Security]

[HKLM\Software\Panda Software]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\RealNetworks]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Sonic]

[HKLM\Software\Sony Creative Software]

[HKLM\Software\Sony Media Software]

[HKLM\Software\Swearware]

[HKLM\Software\TeamViewer]

[HKLM\Software\TrendMicro]

[HKLM\Software\Volatile]

[HKLM\Software\WinRAR]

[HKLM\Software\Wow6432Node]

[HKLM\Software\Xing Technology Corp.]

[HKLM\Software\d53apcama]

[HKLM\Software\mozilla.org]

~ Scan Softwares in 00mn 00s

 

 

 

---\\ Contents of the Common Files folders (O43)

O43 - CFD: 26/05/2011 - 22:49:30 - [77,155] ----D- C:\Program Files\Acronis

O43 - CFD: 22/05/2011 - 22:12:52 - [147,124] ----D- C:\Program Files\Adobe

O43 - CFD: 27/09/2011 - 00:07:40 - [88,773] ----D- C:\Program Files\Apostila IBGE 2011

O43 - CFD: 10/12/2011 - 20:33:24 - [4,783] ----D- C:\Program Files\Ares

O43 - CFD: 13/05/2011 - 21:35:20 - [0] -SH-D- C:\Program Files\Arquivos Comuns

O43 - CFD: 15/06/2011 - 22:59:42 - [8,966] ----D- C:\Program Files\Auslogics

O43 - CFD: 13/05/2011 - 23:26:10 - [179,840] ----D- C:\Program Files\AVAST Software

O43 - CFD: 06/12/2011 - 22:12:58 - [4,120] ----D- C:\Program Files\CCleaner

O43 - CFD: 18/01/2012 - 23:42:24 - [504,141] ----D- C:\Program Files\Common Files

O43 - CFD: 14/06/2011 - 21:32:54 - [2,843] ----D- C:\Program Files\CPUID

O43 - CFD: 09/07/2011 - 16:35:42 - [0,158] ----D- C:\Program Files\Digital Camera

O43 - CFD: 15/10/2011 - 17:29:28 - [48,454] ----D- C:\Program Files\DMMultiView

O43 - CFD: 20/11/2011 - 16:55:48 - [34,810] ----D- C:\Program Files\DsNET Corp

O43 - CFD: 14/07/2009 - 05:54:14 - [79,367] ----D- C:\Program Files\DVD Maker

O43 - CFD: 11/09/2011 - 15:00:06 - [6,476] ----D- C:\Program Files\Foxit Software

O43 - CFD: 20/05/2011 - 15:21:28 - [112,602] ----D- C:\Program Files\FreeTime

O43 - CFD: 19/01/2012 - 11:45:18 - [4,926] ----D- C:\Program Files\Google

O43 - CFD: 24/01/2012 - 20:20:24 - [1,484] --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 13/05/2011 - 22:09:48 - [11,479] ----D- C:\Program Files\Intel

O43 - CFD: 07/01/2012 - 19:09:34 - [5,357] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 19/05/2011 - 00:32:02 - [87,262] ----D- C:\Program Files\Java

O43 - CFD: 12/07/2011 - 22:40:22 - [435,438] ----D- C:\Program Files\LibreOffice 3

O43 - CFD: 26/01/2012 - 23:21:42 - [11,436] ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 15/06/2011 - 01:04:24 - [6,382] ----D- C:\Program Files\Marcos Velasco Security

O43 - CFD: 18/01/2012 - 23:39:48 - [0] ----D- C:\Program Files\Microsoft

O43 - CFD: 18/05/2011 - 19:26:06 - [386,967] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 13/10/2011 - 11:42:56 - [36,633] ----D- C:\Program Files\Microsoft Silverlight

O43 - CFD: 19/07/2011 - 22:35:42 - [1,745] ----D- C:\Program Files\Microsoft SQL Server Compact Edition

O43 - CFD: 18/05/2011 - 19:26:00 - [0,014] ----D- C:\Program Files\Microsoft Visual Studio

O43 - CFD: 24/05/2011 - 03:03:04 - [3,554] ----D- C:\Program Files\Microsoft Works

O43 - CFD: 18/05/2011 - 19:25:40 - [7,789] ----D- C:\Program Files\Microsoft.NET

O43 - CFD: 08/01/2012 - 16:00:48 - [36,429] ----D- C:\Program Files\Mozilla Firefox

O43 - CFD: 14/07/2009 - 01:52:32 - [0,025] ----D- C:\Program Files\MSBuild

O43 - CFD: 16/05/2011 - 11:53:50 - [53,909] ----D- C:\Program Files\MSECache

O43 - CFD: 17/05/2011 - 03:01:04 - [0] ----D- C:\Program Files\MSXML 4.0

O43 - CFD: 15/05/2011 - 23:12:44 - [421,812] ----D- C:\Program Files\Nero

O43 - CFD: 16/05/2011 - 21:26:44 - [0] ----D- C:\Program Files\OpenOffice.org 3

O43 - CFD: 16/05/2011 - 21:57:24 - [2,032] ----D- C:\Program Files\Panda USB Vaccine

O43 - CFD: 18/09/2011 - 11:47:50 - [0] ----D- C:\Program Files\PaqTool

O43 - CFD: 16/05/2011 - 00:29:50 - [23,275] ----D- C:\Program Files\PhotoScape

O43 - CFD: 07/01/2012 - 19:09:34 - [72,430] ----D- C:\Program Files\QuickTime

O43 - CFD: 29/05/2011 - 23:24:22 - [91,497] ----D- C:\Program Files\Real

O43 - CFD: 09/06/2011 - 22:03:36 - [1,993] ----D- C:\Program Files\Recuva

O43 - CFD: 14/07/2009 - 01:52:32 - [36,731] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 08/01/2012 - 18:00:24 - [102,896] ----D- C:\Program Files\Sony Setup

O43 - CFD: 24/05/2011 - 21:31:14 - [0,034] ----D- C:\Program Files\Stardock

O43 - CFD: 08/01/2012 - 19:31:26 - [107,428] ----D- C:\Program Files\TeamViewer

O43 - CFD: 20/05/2011 - 23:24:14 - [0,007] ----D- C:\Program Files\TrendMicro

O43 - CFD: 14/07/2009 - 01:53:24 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 16/05/2011 - 22:07:20 - [11,546] ----D- C:\Program Files\USB Disk Security

O43 - CFD: 24/01/2012 - 20:20:26 - [11,972] ----D- C:\Program Files\v8200

O43 - CFD: 07/08/2011 - 11:23:04 - [0,056] ----D- C:\Program Files\Velocidade Do PC

O43 - CFD: 14/07/2009 - 05:31:04 - [2,896] ----D- C:\Program Files\Windows Defender

O43 - CFD: 14/07/2009 - 05:54:14 - [6,685] ----D- C:\Program Files\Windows Journal

O43 - CFD: 26/01/2012 - 19:52:34 - [182,215] ----D- C:\Program Files\Windows Live

O43 - CFD: 14/05/2011 - 11:17:02 - [5,869] ----D- C:\Program Files\Windows Mail

O43 - CFD: 14/05/2011 - 11:16:56 - [6,289] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 13/05/2011 - 21:35:20 - [11,630] ----D- C:\Program Files\Windows NT

O43 - CFD: 14/07/2009 - 05:31:04 - [4,210] ----D- C:\Program Files\Windows Photo Viewer

O43 - CFD: 14/07/2009 - 01:52:34 - [0,181] ----D- C:\Program Files\Windows Portable Devices

O43 - CFD: 14/07/2009 - 05:31:04 - [25,144] ----D- C:\Program Files\Windows Sidebar

O43 - CFD: 13/05/2011 - 23:50:16 - [5,071] ----D- C:\Program Files\WinRAR

O43 - CFD: 09/06/2011 - 22:28:06 - [14,431] ----D- C:\Program Files\Xilisoft

O43 - CFD: 29/01/2012 - 11:08:04 - [10,094] ----D- C:\Program Files\ZHPDiag

O43 - CFD: 26/05/2011 - 22:50:10 - [81,020] ----D- C:\Program Files\Common Files\Acronis

O43 - CFD: 09/11/2011 - 23:53:20 - [6,259] ----D- C:\Program Files\Common Files\Adobe

O43 - CFD: 18/05/2011 - 19:26:00 - [0,089] ----D- C:\Program Files\Common Files\DESIGNER

O43 - CFD: 11/06/2011 - 14:44:12 - [1,102] ----D- C:\Program Files\Common Files\InstallShield

O43 - CFD: 19/05/2011 - 00:32:36 - [1,194] ----D- C:\Program Files\Common Files\Java

O43 - CFD: 20/12/2011 - 20:53:44 - [191,702] ----D- C:\Program Files\Common Files\microsoft shared

O43 - CFD: 15/05/2011 - 23:13:46 - [136,899] ----D- C:\Program Files\Common Files\Nero

O43 - CFD: 13/07/2009 - 23:37:06 - [0,003] ----D- C:\Program Files\Common Files\Services

O43 - CFD: 13/05/2011 - 21:35:20 - [0] -SH-D- C:\Program Files\Common Files\Sistema

O43 - CFD: 13/07/2009 - 23:37:06 - [39,200] ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 10/11/2011 - 14:37:34 - [46,338] ----D- C:\Program Files\Common Files\System

O43 - CFD: 01/01/2005 - 00:13:56 - [0] ----D- C:\Program Files\Common Files\Windows Live

O43 - CFD: 29/05/2011 - 23:24:20 - [0,336] ----D- C:\Program Files\Common Files\xing shared

O43 - CFD: 26/05/2011 - 22:50:10 - [0,264] ----D- C:\ProgramData\Acronis

O43 - CFD: 22/05/2011 - 22:12:56 - [60,923] ----D- C:\ProgramData\Adobe

O43 - CFD: 07/01/2012 - 19:08:04 - [0] ----D- C:\ProgramData\Apple

O43 - CFD: 07/01/2012 - 19:09:08 - [25,578] ----D- C:\ProgramData\Apple Computer

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Application Data

O43 - CFD: 13/05/2011 - 23:26:10 - [5,810] ----D- C:\ProgramData\AVAST Software

O43 - CFD: 13/05/2011 - 21:35:20 - [0] -SH-D- C:\ProgramData\Dados de aplicativos

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Desktop

O43 - CFD: 13/05/2011 - 21:35:20 - [0] -SH-D- C:\ProgramData\Documentos

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Documents

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Favorites

O43 - CFD: 13/05/2011 - 21:35:20 - [0] -SH-D- C:\ProgramData\Favoritos

O43 - CFD: 18/01/2012 - 23:43:22 - [0,502] ----D- C:\ProgramData\Google

O43 - CFD: 31/05/2011 - 21:00:50 - [16,419] ----D- C:\ProgramData\Malwarebytes

O43 - CFD: 13/05/2011 - 21:35:20 - [0] -SH-D- C:\ProgramData\Menu Iniciar

O43 - CFD: 18/01/2012 - 23:39:48 - [283,509] -S--D- C:\ProgramData\Microsoft

O43 - CFD: 11/01/2012 - 16:38:20 - [0,160] ----D- C:\ProgramData\Microsoft Help

O43 - CFD: 13/05/2011 - 21:35:20 - [0] -SH-D- C:\ProgramData\Modelos

O43 - CFD: 15/05/2011 - 23:12:46 - [5,269] ----D- C:\ProgramData\Nero

O43 - CFD: 16/05/2011 - 21:57:28 - [0,001] ----D- C:\ProgramData\Panda Security

O43 - CFD: 18/10/2011 - 00:26:06 - [1,461] ----D- C:\ProgramData\Real

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Start Menu

O43 - CFD: 16/05/2011 - 12:00:40 - [0,000] ----D- C:\ProgramData\Sun

O43 - CFD: 14/07/2009 - 01:53:56 - [0] -SH-D- C:\ProgramData\Templates

O43 - CFD: 16/05/2011 - 22:07:22 - [0] ----D- C:\ProgramData\Zbshareware Lab

O43 - CFD: 26/05/2011 - 21:59:30 - [0] ----D- C:\Users\Edvan\AppData\Roaming\62485F94-B869-4F25-B694-59D315331889

O43 - CFD: 25/05/2011 - 23:02:46 - [0] ----D- C:\Users\Edvan\AppData\Roaming\96265808-6C00-4407-A78F-021853402432

O43 - CFD: 25/05/2011 - 23:02:46 - [0,156] ----D- C:\Users\Edvan\AppData\Roaming\A1A6FCDB-0BD3-4595-ADD8-3DE36C2C3791

O43 - CFD: 25/05/2011 - 21:41:40 - [0,007] ----D- C:\Users\Edvan\AppData\Roaming\Acronis

O43 - CFD: 14/05/2011 - 11:43:58 - [5,625] ----D- C:\Users\Edvan\AppData\Roaming\Adobe

O43 - CFD: 08/01/2012 - 14:43:26 - [0,019] ----D- C:\Users\Edvan\AppData\Roaming\Apple Computer

O43 - CFD: 13/05/2011 - 23:51:00 - [0,124] ----D- C:\Users\Edvan\AppData\Roaming\Auslogics

O43 - CFD: 11/06/2011 - 17:29:32 - [0] ----D- C:\Users\Edvan\AppData\Roaming\AVI ReComp

O43 - CFD: 26/05/2011 - 22:50:16 - [0] ----D- C:\Users\Edvan\AppData\Roaming\C736FD1E-7FA3-4110-BFCD-D0F5C7D2EBB5

O43 - CFD: 10/07/2011 - 23:40:52 - [0,000] ----D- C:\Users\Edvan\AppData\Roaming\dvdcss

O43 - CFD: 10/12/2011 - 21:02:22 - [0] ----D- C:\Users\Edvan\AppData\Roaming\GetRightToGo

O43 - CFD: 16/05/2011 - 10:59:26 - [0] ----D- C:\Users\Edvan\AppData\Roaming\Google

O43 - CFD: 14/05/2011 - 13:57:18 - [0] ----D- C:\Users\Edvan\AppData\Roaming\GrabPro

O43 - CFD: 23/10/2011 - 14:41:14 - [0,000] ----D- C:\Users\Edvan\AppData\Roaming\gtk-2.0

O43 - CFD: 13/05/2011 - 21:35:40 - [0] ----D- C:\Users\Edvan\AppData\Roaming\Identities

O43 - CFD: 17/05/2011 - 23:55:08 - [1,814] ----D- C:\Users\Edvan\AppData\Roaming\LibreOffice

O43 - CFD: 14/05/2011 - 00:31:52 - [0,001] ----D- C:\Users\Edvan\AppData\Roaming\Macromedia

O43 - CFD: 31/05/2011 - 21:00:56 - [1,808] ----D- C:\Users\Edvan\AppData\Roaming\Malwarebytes

O43 - CFD: 14/07/2009 - 05:53:12 - [0] ----D- C:\Users\Edvan\AppData\Roaming\Media Center Programs

O43 - CFD: 03/11/2011 - 22:49:12 - [3,362] -S--D- C:\Users\Edvan\AppData\Roaming\Microsoft

O43 - CFD: 18/01/2012 - 23:43:06 - [20,087] ----D- C:\Users\Edvan\AppData\Roaming\Mozilla

O43 - CFD: 15/05/2011 - 23:14:58 - [0,255] ----D- C:\Users\Edvan\AppData\Roaming\Nero

O43 - CFD: 16/05/2011 - 12:02:02 - [1,413] ----D- C:\Users\Edvan\AppData\Roaming\OpenOffice.org

O43 - CFD: 19/09/2011 - 20:42:04 - [4,013] ----D- C:\Users\Edvan\AppData\Roaming\Orbit

O43 - CFD: 17/07/2011 - 21:29:16 - [0,027] ----D- C:\Users\Edvan\AppData\Roaming\PhotoScape

O43 - CFD: 14/05/2011 - 13:57:22 - [0,000] ----D- C:\Users\Edvan\AppData\Roaming\ProgSense

O43 - CFD: 08/01/2012 - 18:06:18 - [0] ----D- C:\Users\Edvan\AppData\Roaming\Publish Providers

O43 - CFD: 18/10/2011 - 00:25:56 - [9,518] ----D- C:\Users\Edvan\AppData\Roaming\Real

O43 - CFD: 08/01/2012 - 18:06:12 - [0,000] ----D- C:\Users\Edvan\AppData\Roaming\Sony

O43 - CFD: 24/05/2011 - 21:31:24 - [0,030] ----D- C:\Users\Edvan\AppData\Roaming\Stardock

O43 - CFD: 17/05/2011 - 23:09:04 - [0,009] ----D- C:\Users\Edvan\AppData\Roaming\TeamViewer

O43 - CFD: 09/11/2011 - 21:38:44 - [0,400] ----D- C:\Users\Edvan\AppData\Roaming\uTorrent

O43 - CFD: 13/01/2012 - 21:14:56 - [0] ----D- C:\Users\Edvan\AppData\Roaming\Windows Live Writer

O43 - CFD: 16/05/2011 - 00:28:10 - [0,000] ----D- C:\Users\Edvan\AppData\Roaming\WinRAR

O43 - CFD: 16/05/2011 - 22:07:22 - [0] ----D- C:\Users\Edvan\AppData\Roaming\Zbshareware Lab

O43 - CFD: 15/07/2011 - 20:06:46 - [0,078] ----D- C:\Users\Edvan\AppData\Local\Adobe

O43 - CFD: 21/09/2011 - 22:53:22 - [10,955] ----D- C:\Users\Edvan\AppData\Local\Ahead

O43 - CFD: 07/01/2012 - 19:08:06 - [0] ----D- C:\Users\Edvan\AppData\Local\Apple

O43 - CFD: 07/01/2012 - 19:45:14 - [0] ----D- C:\Users\Edvan\AppData\Local\Apple Computer

O43 - CFD: 14/12/2011 - 15:03:14 - [0,172] ----D- C:\Users\Edvan\AppData\Local\Ares

O43 - CFD: 13/05/2011 - 21:35:32 - [0] -SH-D- C:\Users\Edvan\AppData\Local\Dados de aplicativos

O43 - CFD: 22/06/2011 - 21:43:32 - [0] ----D- C:\Users\Edvan\AppData\Local\Diagnostics

O43 - CFD: 25/01/2012 - 11:19:32 - [2,466] ----D- C:\Users\Edvan\AppData\Local\ElevatedDiagnostics

O43 - CFD: 19/01/2012 - 11:56:10 - [0,154] ----D- C:\Users\Edvan\AppData\Local\Google

O43 - CFD: 13/05/2011 - 21:35:32 - [0] -SH-D- C:\Users\Edvan\AppData\Local\Histórico

O43 - CFD: 23/01/2012 - 23:02:04 - [0,564] ----D- C:\Users\Edvan\AppData\Local\MessengerDiscovery

O43 - CFD: 18/01/2012 - 23:39:48 - [-1727,378] ----D- C:\Users\Edvan\AppData\Local\Microsoft

O43 - CFD: 20/05/2011 - 15:44:56 - [0,194] ----D- C:\Users\Edvan\AppData\Local\Microsoft Help

O43 - CFD: 26/05/2011 - 23:07:02 - [77,961] ----D- C:\Users\Edvan\AppData\Local\Mozilla

O43 - CFD: 17/07/2011 - 12:45:48 - [0,061] ----D- C:\Users\Edvan\AppData\Local\Nero

O43 - CFD: 24/05/2011 - 21:31:40 - [0,001] ----D- C:\Users\Edvan\AppData\Local\ODUI

O43 - CFD: 24/05/2011 - 21:31:06 - [0] ----D- C:\Users\Edvan\AppData\Local\PackageAware

O43 - CFD: 08/01/2012 - 18:03:30 - [0,000] ----D- C:\Users\Edvan\AppData\Local\Sony

O43 - CFD: 24/05/2011 - 21:31:28 - [0,022] ----D- C:\Users\Edvan\AppData\Local\Stardock

O43 - CFD: 29/01/2012 - 11:02:20 - [1,739] ----D- C:\Users\Edvan\AppData\Local\Temp

O43 - CFD: 13/05/2011 - 21:35:32 - [0] -SH-D- C:\Users\Edvan\AppData\Local\Temporary Internet Files

O43 - CFD: 20/05/2011 - 23:24:18 - [0,009] ----D- C:\Users\Edvan\AppData\Local\VirtualStore

O43 - CFD: 29/01/2012 - 02:02:26 - [0,188] ----D- C:\Users\Edvan\AppData\Local\Windows Live

O43 - CFD: 13/01/2012 - 21:15:04 - [0,618] ----D- C:\Users\Edvan\AppData\Local\Windows Live Writer

O43 - CFD: 23/12/2011 - 11:20:24 - [0] ----D- C:\Users\Edvan\AppData\Local\{00BAC806-76C7-4DB6-9757-169342E93992}

O43 - CFD: 04/01/2012 - 21:24:48 - [0] ----D- C:\Users\Edvan\AppData\Local\{010A573F-03F1-4368-A1A0-CE7605AEC225}

O43 - CFD: 23/12/2011 - 23:21:08 - [0] ----D- C:\Users\Edvan\AppData\Local\{04365D45-C07F-4FCE-B4DC-DC4B0A89D420}

O43 - CFD: 18/01/2012 - 12:17:08 - [0] ----D- C:\Users\Edvan\AppData\Local\{05437F4B-6C9C-459C-B529-E39D35975843}

O43 - CFD: 31/12/2011 - 00:24:12 - [0] ----D- C:\Users\Edvan\AppData\Local\{054B28BB-ED66-4543-B8D4-E1033D8BCA5F}

O43 - CFD: 10/07/2011 - 01:54:00 - [0] ----D- C:\Users\Edvan\AppData\Local\{057AA8C3-06D9-4D37-BB5C-6BA16AC57BD9}

O43 - CFD: 14/01/2012 - 11:14:16 - [0] ----D- C:\Users\Edvan\AppData\Local\{07286582-2879-4D71-A047-1D1067E0DB99}

O43 - CFD: 23/12/2011 - 11:20:12 - [0] ----D- C:\Users\Edvan\AppData\Local\{07AEE1ED-F72C-44C8-BE8E-03A3AF9D01C3}

O43 - CFD: 07/01/2012 - 12:11:00 - [0] ----D- C:\Users\Edvan\AppData\Local\{082B582A-7931-4E08-A338-C0473ADDB84A}

O43 - CFD: 27/12/2011 - 23:56:38 - [0] ----D- C:\Users\Edvan\AppData\Local\{09CD3055-4987-446A-9D26-F2568DF834CE}

O43 - CFD: 11/07/2011 - 13:12:46 - [0] ----D- C:\Users\Edvan\AppData\Local\{0A05EE8D-5369-4AE1-9E63-836C475F67E9}

O43 - CFD: 24/12/2011 - 11:22:14 - [0] ----D- C:\Users\Edvan\AppData\Local\{0A9E4943-72C6-44DD-84C4-B1C38F4AA3B8}

O43 - CFD: 21/12/2011 - 10:28:48 - [0] ----D- C:\Users\Edvan\AppData\Local\{0BDC9E7C-CBD3-40B3-A46B-25CD01EAFA36}

O43 - CFD: 25/01/2012 - 14:49:00 - [0] ----D- C:\Users\Edvan\AppData\Local\{0D452222-244B-428C-8320-8C5DD183FF57}

O43 - CFD: 07/01/2012 - 12:10:48 - [0] ----D- C:\Users\Edvan\AppData\Local\{0FA67F70-068D-49E1-A7FA-DA2B01EF5C00}

O43 - CFD: 14/01/2012 - 11:14:48 - [0] ----D- C:\Users\Edvan\AppData\Local\{12FB3F6F-9D05-4C5B-9507-B6F0B507176C}

O43 - CFD: 12/01/2012 - 12:52:30 - [0] ----D- C:\Users\Edvan\AppData\Local\{12FB8A37-B960-44F9-809B-F6DF9A7F71C7}

O43 - CFD: 30/12/2011 - 12:23:14 - [0] ----D- C:\Users\Edvan\AppData\Local\{1318513F-5C5D-4EA9-ACBF-388173DF7E13}

O43 - CFD: 16/07/2011 - 00:24:26 - [0] ----D- C:\Users\Edvan\AppData\Local\{15A88984-87AE-4E8F-A29B-39D35BE45378}

O43 - CFD: 12/07/2011 - 12:02:48 - [0] ----D- C:\Users\Edvan\AppData\Local\{160AB742-BE44-4423-BEE2-8365FEF579D0}

O43 - CFD: 13/01/2012 - 22:37:28 - [0] ----D- C:\Users\Edvan\AppData\Local\{169E0FA6-F3AF-411F-9DE4-C5A67879C3E4}

O43 - CFD: 12/01/2012 - 12:52:44 - [0] ----D- C:\Users\Edvan\AppData\Local\{18BB6489-C5B3-4C85-81B0-4186A02554B3}

O43 - CFD: 14/01/2012 - 23:15:26 - [0] ----D- C:\Users\Edvan\AppData\Local\{1BBA278E-C256-4C55-A3D7-3AAD0808CF24}

O43 - CFD: 02/01/2012 - 23:35:38 - [0] ----D- C:\Users\Edvan\AppData\Local\{1C3781BD-9059-4C7E-A214-D3651BF4AEC4}

O43 - CFD: 13/07/2011 - 12:04:00 - [0] ----D- C:\Users\Edvan\AppData\Local\{1FAB1145-F6BA-41ED-9FDD-726D7B95796E}

O43 - CFD: 27/01/2012 - 10:49:44 - [0] ----D- C:\Users\Edvan\AppData\Local\{223CB62F-BB80-42D0-A1C5-B96B4F0E52CD}

O43 - CFD: 06/01/2012 - 23:40:26 - [0] ----D- C:\Users\Edvan\AppData\Local\{22EDBDEE-6B2C-4281-8133-1D1F80B8D887}

O43 - CFD: 22/01/2012 - 01:33:10 - [0] ----D- C:\Users\Edvan\AppData\Local\{238B68C7-93A4-4FD8-BC64-F4F91580540C}

O43 - CFD: 11/01/2012 - 00:36:02 - [0] ----D- C:\Users\Edvan\AppData\Local\{23DAC110-1E18-4349-852A-4B9A87B2A00F}

O43 - CFD: 23/01/2012 - 11:26:36 - [0] ----D- C:\Users\Edvan\AppData\Local\{271943CE-C0A8-42DD-B68A-E3F59DA59343}

O43 - CFD: 01/01/2012 - 00:26:08 - [0] ----D- C:\Users\Edvan\AppData\Local\{287B9371-EF14-4A8E-85FC-F05DBBA1A926}

O43 - CFD: 24/12/2011 - 11:22:02 - [0] ----D- C:\Users\Edvan\AppData\Local\{2ADE6EEB-DF73-4158-94FD-255849F8AFFE}

O43 - CFD: 08/01/2012 - 00:11:52 - [0] ----D- C:\Users\Edvan\AppData\Local\{2B6C201A-EC86-4D3B-9DE0-275E7FD78C94}

O43 - CFD: 26/12/2011 - 23:54:46 - [0] ----D- C:\Users\Edvan\AppData\Local\{3075C39A-A857-44DF-916F-369D8D7AABA4}

O43 - CFD: 17/07/2011 - 14:20:56 - [0] ----D- C:\Users\Edvan\AppData\Local\{36601EF1-070D-43D3-9945-63F209C4D4A6}

O43 - CFD: 15/01/2012 - 12:28:24 - [0] ----D- C:\Users\Edvan\AppData\Local\{36FA3E03-FCD9-46FF-99C4-C54EAE9D1E15}

O43 - CFD: 20/01/2012 - 13:15:10 - [0] ----D- C:\Users\Edvan\AppData\Local\{3803E7A5-77F2-48C8-B18B-A189559E4E03}

O43 - CFD: 27/12/2011 - 23:56:26 - [0] ----D- C:\Users\Edvan\AppData\Local\{38B35A60-183D-401C-8575-904467DD66CC}

O43 - CFD: 04/01/2012 - 21:24:36 - [0] ----D- C:\Users\Edvan\AppData\Local\{3936E291-3073-43C6-BCF4-8869D0C1DC4D}

O43 - CFD: 30/12/2011 - 12:23:28 - [0] ----D- C:\Users\Edvan\AppData\Local\{39A6DCAD-84E1-4BC8-BAD0-7B31800542F6}

O43 - CFD: 05/01/2012 - 10:56:16 - [0] ----D- C:\Users\Edvan\AppData\Local\{3A3BC78E-0395-4E9D-99CB-9EF1925FEFBD}

O43 - CFD: 25/01/2012 - 14:51:26 - [0] ----D- C:\Users\Edvan\AppData\Local\{3A5FC623-7ED2-44BD-A20B-446684E7ADB0}

O43 - CFD: 28/01/2012 - 14:01:22 - [0] ----D- C:\Users\Edvan\AppData\Local\{3DEA2CC8-D259-4912-BA5C-BFFA2F30CF54}

O43 - CFD: 03/01/2012 - 13:33:30 - [0] ----D- C:\Users\Edvan\AppData\Local\{3E5374CF-4F2E-4982-8EC4-00AE6F018293}

O43 - CFD: 09/01/2012 - 12:33:22 - [0] ----D- C:\Users\Edvan\AppData\Local\{3FC07770-CF7C-4301-8145-9EA2922E5E88}

O43 - CFD: 10/01/2012 - 00:34:16 - [0] ----D- C:\Users\Edvan\AppData\Local\{40EA4261-49EC-4F04-965D-511743511EB4}

O43 - CFD: 25/12/2011 - 15:01:36 - [0] ----D- C:\Users\Edvan\AppData\Local\{426026B3-CFDB-49B0-9D15-F918E49911F0}

O43 - CFD: 26/12/2011 - 23:54:34 - [0] ----D- C:\Users\Edvan\AppData\Local\{42D46254-43AC-432C-B0CB-81FBD6C523D3}

O43 - CFD: 29/01/2012 - 02:02:10 - [0] ----D- C:\Users\Edvan\AppData\Local\{4332C853-0E10-48B3-8439-E419A2AE8A62}

O43 - CFD: 18/07/2011 - 14:14:30 - [0] ----D- C:\Users\Edvan\AppData\Local\{43843673-6B63-40B7-9114-26D768DDA888}

O43 - CFD: 15/01/2012 - 12:28:12 - [0] ----D- C:\Users\Edvan\AppData\Local\{44310D77-E069-4B39-9E7A-1659C875542E}

O43 - CFD: 17/07/2011 - 00:41:58 - [0] ----D- C:\Users\Edvan\AppData\Local\{451FBF3E-1171-4CC5-881D-2789DD834639}

O43 - CFD: 28/12/2011 - 23:58:22 - [0] ----D- C:\Users\Edvan\AppData\Local\{45353BAC-5583-48F1-B28D-888499E1C073}

O43 - CFD: 16/01/2012 - 22:11:42 - [0] ----D- C:\Users\Edvan\AppData\Local\{45670279-50DA-4A16-8336-4E9774D956AD}

O43 - CFD: 28/12/2011 - 11:57:18 - [0] ----D- C:\Users\Edvan\AppData\Local\{48D8F79F-7A1B-40BE-9770-D7CB7B43C707}

O43 - CFD: 24/01/2012 - 10:54:26 - [0] ----D- C:\Users\Edvan\AppData\Local\{4AB81BAE-E568-46F8-AD82-4ACA67AD48AB}

O43 - CFD: 25/01/2012 - 14:49:36 - [0] ----D- C:\Users\Edvan\AppData\Local\{4BCEC00B-B9B9-4A2C-B5F8-412522792D7E}

O43 - CFD: 25/12/2011 - 15:01:50 - [0] ----D- C:\Users\Edvan\AppData\Local\{4CFD4050-1A34-411D-9062-44926F1BABF0}

O43 - CFD: 07/07/2011 - 23:47:26 - [0] ----D- C:\Users\Edvan\AppData\Local\{4EAA27A2-4B13-42A9-A21B-5D1CB129F6C5}

O43 - CFD: 01/01/2012 - 13:00:18 - [0] ----D- C:\Users\Edvan\AppData\Local\{50997A0D-CE3E-4788-BD7D-FEAB9B22AAA0}

O43 - CFD: 22/12/2011 - 13:36:02 - [0] ----D- C:\Users\Edvan\AppData\Local\{51B361A4-47C9-4B76-AAD5-A8072EC5DFE6}

O43 - CFD: 26/12/2011 - 11:28:48 - [0] ----D- C:\Users\Edvan\AppData\Local\{52884F95-2B92-4BA8-BE90-BBE18EEDD02E}

O43 - CFD: 14/01/2012 - 11:14:38 - [0] ----D- C:\Users\Edvan\AppData\Local\{52B2FCF0-C054-43FD-A9FB-9F41D7A8920E}

O43 - CFD: 06/01/2012 - 11:39:08 - [0] ----D- C:\Users\Edvan\AppData\Local\{53D24FF1-4167-41EA-9BA7-9F983C6D4B4D}

O43 - CFD: 11/07/2011 - 13:12:48 - [0] ----D- C:\Users\Edvan\AppData\Local\{5485D671-1BB3-4C92-89ED-7BF2BE18C90A}

O43 - CFD: 20/12/2011 - 21:25:14 - [0] ----D- C:\Users\Edvan\AppData\Local\{5EA654E0-9392-4C7C-8092-E157DEAB6BA8}

O43 - CFD: 05/01/2012 - 22:57:10 - [0] ----D- C:\Users\Edvan\AppData\Local\{5F4C937C-B9DA-4940-9FBB-EC1F52F67E2B}

O43 - CFD: 23/12/2011 - 23:21:20 - [0] ----D- C:\Users\Edvan\AppData\Local\{6297BD3F-3296-4AED-A99F-AA180605D3D9}

O43 - CFD: 17/01/2012 - 23:29:48 - [0] ----D- C:\Users\Edvan\AppData\Local\{6680D91B-5708-4E55-B5F7-F84DE8CA2120}

O43 - CFD: 28/12/2011 - 23:58:10 - [0] ----D- C:\Users\Edvan\AppData\Local\{66BADF71-25C3-4728-92B8-F8E56791CF09}

O43 - CFD: 08/01/2012 - 14:44:22 - [0] ----D- C:\Users\Edvan\AppData\Local\{69DCDADB-AE5B-4C6E-ABAF-94984CC716F5}

O43 - CFD: 13/07/2011 - 00:03:36 - [0] ----D- C:\Users\Edvan\AppData\Local\{73C477D4-3A90-4143-9620-48AB87D1E163}

O43 - CFD: 22/12/2011 - 13:35:50 - [0] ----D- C:\Users\Edvan\AppData\Local\{73FED204-FB60-4E96-AF66-0E921F39C4B9}

O43 - CFD: 04/01/2012 - 09:23:44 - [0] ----D- C:\Users\Edvan\AppData\Local\{7434F68C-9573-432C-B4C6-9865A0A2FD65}

O43 - CFD: 26/12/2011 - 11:28:36 - [0] ----D- C:\Users\Edvan\AppData\Local\{747A350B-6085-4429-A5C2-63EF552BCC0A}

O43 - CFD: 17/01/2012 - 23:29:58 - [0] ----D- C:\Users\Edvan\AppData\Local\{75CAED2F-8025-44B4-87F8-FFD33883945C}

O43 - CFD: 21/01/2012 - 01:16:04 - [0] ----D- C:\Users\Edvan\AppData\Local\{76A5258E-9C76-4EF8-8057-1784C7A68354}

O43 - CFD: 04/01/2012 - 09:23:56 - [0] ----D- C:\Users\Edvan\AppData\Local\{77F94CBE-B0C7-4962-9A1F-81F67D8744E5}

O43 - CFD: 31/12/2011 - 12:25:14 - [0] ----D- C:\Users\Edvan\AppData\Local\{80919C7F-0515-4FD5-BC1C-0BA91DA98BF6}

O43 - CFD: 26/01/2012 - 19:53:06 - [0] ----D- C:\Users\Edvan\AppData\Local\{8383BF64-D4B2-44AF-BDEB-771BF462C553}

O43 - CFD: 10/01/2012 - 12:35:08 - [0] ----D- C:\Users\Edvan\AppData\Local\{83AE4653-15B8-4E78-9C04-F8B6E4EE2730}

O43 - CFD: 13/01/2012 - 10:36:36 - [0] ----D- C:\Users\Edvan\AppData\Local\{89AEF048-F9B3-49E1-A886-345082806B47}

O43 - CFD: 25/12/2011 - 00:09:56 - [0] ----D- C:\Users\Edvan\AppData\Local\{8DCCD0A2-D5FB-43D2-B579-5A80B5C07A97}

O43 - CFD: 29/12/2011 - 11:58:54 - [0] ----D- C:\Users\Edvan\AppData\Local\{8E567B68-BE84-49E6-9396-64EA06B50C9D}

O43 - CFD: 08/01/2012 - 00:11:40 - [0] ----D- C:\Users\Edvan\AppData\Local\{8EC52E9F-66BE-4EE0-995B-2FD8A81E90E4}

O43 - CFD: 24/01/2012 - 10:54:58 - [0] ----D- C:\Users\Edvan\AppData\Local\{8F77ECD6-213E-4DC4-8188-A89953394332}

O43 - CFD: 31/12/2011 - 12:25:02 - [0] ----D- C:\Users\Edvan\AppData\Local\{91F90062-318B-46BC-8C9E-4FCF7DE693A7}

O43 - CFD: 27/01/2012 - 10:50:00 - [0] ----D- C:\Users\Edvan\AppData\Local\{9266183C-FCCA-4390-BD0D-4E02D4F5EF47}

O43 - CFD: 10/07/2011 - 14:30:20 - [0] ----D- C:\Users\Edvan\AppData\Local\{93016EE6-D498-4E37-B60C-B38DA7D89F92}

O43 - CFD: 31/12/2011 - 00:24:24 - [0] ----D- C:\Users\Edvan\AppData\Local\{9388EFD6-28F2-4129-ABA8-FBB8C29ABDFF}

O43 - CFD: 20/12/2011 - 21:24:28 - [0] ----D- C:\Users\Edvan\AppData\Local\{9419FBFE-B729-4CD7-A536-DA0832DE5B25}

O43 - CFD: 19/01/2012 - 12:25:48 - [0] ----D- C:\Users\Edvan\AppData\Local\{94C312F0-EDA0-47D5-9E8A-1DE17F8CF2D0}

O43 - CFD: 02/01/2012 - 23:35:52 - [0] ----D- C:\Users\Edvan\AppData\Local\{955B6CF1-40F5-4662-B8A7-771147A2D344}

O43 - CFD: 21/12/2011 - 10:29:00 - [0] ----D- C:\Users\Edvan\AppData\Local\{95A33A8D-AFD3-498F-9FAC-68ED80B156B1}

O43 - CFD: 16/01/2012 - 10:10:50 - [0] ----D- C:\Users\Edvan\AppData\Local\{99F69E6A-179E-43AD-973B-CF54557BA99B}

O43 - CFD: 05/01/2012 - 10:56:30 - [0] ----D- C:\Users\Edvan\AppData\Local\{9A75EBB9-60D0-492E-BD2E-E92908492A7A}

O43 - CFD: 29/12/2011 - 11:59:06 - [0] ----D- C:\Users\Edvan\AppData\Local\{9BDCAA61-A33A-481A-A3B7-BDAC92E36096}

O43 - CFD: 20/01/2012 - 13:15:22 - [0] ----D- C:\Users\Edvan\AppData\Local\{9C7941BB-DE80-44B4-8C2F-A9891B48286D}

O43 - CFD: 19/01/2012 - 11:48:10 - [0] ----D- C:\Users\Edvan\AppData\Local\{9E9765D1-7FA6-4A25-9AA1-1D020F5D87B4}

O43 - CFD: 25/12/2011 - 00:10:08 - [0] ----D- C:\Users\Edvan\AppData\Local\{A277AA32-0CB7-4E66-B580-C1D2ECD45CEB}

O43 - CFD: 25/01/2012 - 12:37:18 - [0] ----D- C:\Users\Edvan\AppData\Local\{A2E25EEB-0A6E-4E4E-8AC9-B42F0FA77E97}

O43 - CFD: 13/01/2012 - 22:37:16 - [0] ----D- C:\Users\Edvan\AppData\Local\{A3FABB2A-ED7F-4469-9ED1-FFD5DE1BC287}

O43 - CFD: 10/01/2012 - 00:34:04 - [0] ----D- C:\Users\Edvan\AppData\Local\{A408EA45-9CB0-4752-B97A-F9A063EB7CF2}

O43 - CFD: 07/07/2011 - 20:33:44 - [0] ----D- C:\Users\Edvan\AppData\Local\{A64B8F0C-3CAE-4071-A6E8-D8303B4D93C3}

O43 - CFD: 14/01/2012 - 23:15:36 - [0] ----D- C:\Users\Edvan\AppData\Local\{AE40DC42-1E27-4496-B25F-A4FCCF0D18F6}

O43 - CFD: 09/07/2011 - 00:51:16 - [0] ----D- C:\Users\Edvan\AppData\Local\{AF752A2F-FE05-4C50-B1FB-5078FABC42FD}

O43 - CFD: 21/01/2012 - 13:32:12 - [0] ----D- C:\Users\Edvan\AppData\Local\{B03BAA0E-2F7B-4340-9EB9-1CA16C446E30}

O43 - CFD: 13/01/2012 - 10:36:26 - [0] ----D- C:\Users\Edvan\AppData\Local\{B23EC72D-C997-455C-A043-6716007900FB}

O43 - CFD: 28/12/2011 - 11:57:28 - [0] ----D- C:\Users\Edvan\AppData\Local\{B3B2F394-F99C-4D4A-949C-D8C6362F6C7A}

O43 - CFD: 22/01/2012 - 13:43:48 - [0] ----D- C:\Users\Edvan\AppData\Local\{B572EDE7-F0BE-477E-A40C-DBC1E4CD4313}

O43 - CFD: 05/01/2012 - 22:57:22 - [0] ----D- C:\Users\Edvan\AppData\Local\{B74B19CB-D2A7-416B-A126-33825C56B5B1}

O43 - CFD: 17/01/2012 - 11:28:40 - [0] ----D- C:\Users\Edvan\AppData\Local\{BAF36AD8-E340-4EDF-B73B-D86369FE4990}

O43 - CFD: 25/01/2012 - 14:52:00 - [0] ----D- C:\Users\Edvan\AppData\Local\{BB7F491B-5DC5-43AF-8FC7-C86D49C85810}

O43 - CFD: 27/01/2012 - 22:50:40 - [0] ----D- C:\Users\Edvan\AppData\Local\{BC36C01A-1B65-4F4C-96BA-29BCC12A2751}

O43 - CFD: 25/01/2012 - 13:50:44 - [0] ----D- C:\Users\Edvan\AppData\Local\{BC53EC96-5060-45F4-BE8D-37FDF0B36000}

O43 - CFD: 02/01/2012 - 11:34:44 - [0] ----D- C:\Users\Edvan\AppData\Local\{BDA72B3A-87C0-4D20-84F1-C9084C29A01E}

O43 - CFD: 24/01/2012 - 22:55:50 - [0] ----D- C:\Users\Edvan\AppData\Local\{C0E073FF-2856-4848-86FE-7CF3283E4F63}

O43 - CFD: 17/01/2012 - 11:29:06 - [0] ----D- C:\Users\Edvan\AppData\Local\{C1452407-795B-4D93-ACAC-FDD881DED74F}

O43 - CFD: 27/12/2011 - 11:55:44 - [0] ----D- C:\Users\Edvan\AppData\Local\{C185A28B-6718-42A3-8584-F232A4B2DEF8}

O43 - CFD: 14/01/2012 - 11:14:26 - [0] ----D- C:\Users\Edvan\AppData\Local\{C23F8F3D-79F5-4AC1-A623-0770362D3193}

O43 - CFD: 11/01/2012 - 12:36:56 - [0] ----D- C:\Users\Edvan\AppData\Local\{C315F358-D257-401A-8120-2611FB881E81}

O43 - CFD: 28/01/2012 - 14:01:08 - [0] ----D- C:\Users\Edvan\AppData\Local\{C65DFC6E-EBC7-4FA7-9F92-44F5CDF922EA}

O43 - CFD: 08/01/2012 - 14:44:36 - [0] ----D- C:\Users\Edvan\AppData\Local\{C9C10E5A-EF6A-4578-ADD3-73D37A6D5827}

O43 - CFD: 18/01/2012 - 12:17:20 - [0] ----D- C:\Users\Edvan\AppData\Local\{C9CD2A8E-2F8B-47F0-B6E2-9EE3B6BAE4A3}

O43 - CFD: 29/12/2011 - 23:59:48 - [0] ----D- C:\Users\Edvan\AppData\Local\{CA9CC53C-5DAA-4DAC-BF7C-DE5D84FF89C5}

O43 - CFD: 21/01/2012 - 01:16:16 - [0] ----D- C:\Users\Edvan\AppData\Local\{CACDC000-4946-4F6F-A3F1-5B6C596A5D39}

O43 - CFD: 16/01/2012 - 10:10:40 - [0] ----D- C:\Users\Edvan\AppData\Local\{CCB84212-E9B1-4EFD-92F3-EF4F6925C3C3}

O43 - CFD: 03/01/2012 - 13:33:08 - [0] ----D- C:\Users\Edvan\AppData\Local\{CEBD11ED-46EE-40DB-8DE1-D39F8D9BF08A}

O43 - CFD: 27/01/2012 - 22:50:52 - [0] ----D- C:\Users\Edvan\AppData\Local\{CEC5E21F-65E7-4AE5-9FDD-E77FDB0DB93A}

O43 - CFD: 21/12/2011 - 22:29:50 - [0] ----D- C:\Users\Edvan\AppData\Local\{CFE07D43-21D9-4A32-831F-C9B35957DAB9}

O43 - CFD: 21/01/2012 - 13:32:22 - [0] ----D- C:\Users\Edvan\AppData\Local\{DA1260D6-6BBD-4E7F-A564-885A69016659}

O43 - CFD: 29/01/2012 - 02:02:22 - [0] ----D- C:\Users\Edvan\AppData\Local\{DF806F6C-59D8-4036-B879-5637BF672CA8}

O43 - CFD: 09/07/2011 - 13:53:12 - [0] ----D- C:\Users\Edvan\AppData\Local\{E048D8C8-089F-4514-843C-180381D59BCD}

O43 - CFD: 13/05/2011 - 23:18:10 - [0] ----D- C:\Users\Edvan\AppData\Local\{E07EF66B-CF14-433F-BE50-05407C70F377}

O43 - CFD: 02/01/2012 - 11:34:58 - [0] ----D- C:\Users\Edvan\AppData\Local\{E0D31E23-46E2-4886-8625-DFEC214CC97E}

O43 - CFD: 15/07/2011 - 12:23:36 - [0] ----D- C:\Users\Edvan\AppData\Local\{E19882D4-F08A-489B-842B-71504252AA75}

O43 - CFD: 21/12/2011 - 22:29:40 - [0] ----D- C:\Users\Edvan\AppData\Local\{E19C1329-3FE3-493A-9382-8FB6F8ADFB4B}

O43 - CFD: 19/01/2012 - 12:26:00 - [0] ----D- C:\Users\Edvan\AppData\Local\{E3E654C8-4B3C-4A5B-80A3-35388CF29A6D}

O43 - CFD: 23/01/2012 - 11:26:24 - [0] ----D- C:\Users\Edvan\AppData\Local\{E65DF274-2D4E-47A9-97D9-3A655E78F6A9}

O43 - CFD: 09/01/2012 - 12:33:10 - [0] ----D- C:\Users\Edvan\AppData\Local\{E9909623-3F52-40B9-B4B1-2BD46961C14E}

O43 - CFD: 18/07/2011 - 14:24:32 - [0] ----D- C:\Users\Edvan\AppData\Local\{EB69418F-573E-4D1F-936A-514E81FC57F4}

O43 - CFD: 11/01/2012 - 12:36:44 - [0] ----D- C:\Users\Edvan\AppData\Local\{EBBF55EC-C504-475A-9BAE-9F5660CA3E3B}

O43 - CFD: 17/01/2012 - 11:28:54 - [0] ----D- C:\Users\Edvan\AppData\Local\{ED861982-5893-4E52-A500-FC8550AC9860}

O43 - CFD: 11/01/2012 - 00:35:52 - [0] ----D- C:\Users\Edvan\AppData\Local\{EEF6B980-A3A5-4FDF-A4D3-DCF19D049EC7}

O43 - CFD: 16/01/2012 - 22:11:30 - [0] ----D- C:\Users\Edvan\AppData\Local\{EEF8DB80-0BAE-4316-912C-4F549012912D}

O43 - CFD: 08/07/2011 - 11:48:12 - [0] ----D- C:\Users\Edvan\AppData\Local\{F3578E07-C1CD-48C1-BBE2-D4E06A98F5E3}

O43 - CFD: 06/01/2012 - 11:39:32 - [0] ----D- C:\Users\Edvan\AppData\Local\{F4621777-14C8-4FE6-AFC3-2FC96A986D77}

O43 - CFD: 19/07/2011 - 13:39:32 - [0] ----D- C:\Users\Edvan\AppData\Local\{F6316670-F379-4258-B3F2-95801642F0C0}

O43 - CFD: 16/07/2011 - 12:41:10 - [0] ----D- C:\Users\Edvan\AppData\Local\{F64026B1-CDEB-4B8B-8EC3-A1729DD28EF1}

O43 - CFD: 22/01/2012 - 13:44:00 - [0] ----D- C:\Users\Edvan\AppData\Local\{F6740B2F-1207-4D1B-9474-BB8697714A3C}

O43 - CFD: 06/01/2012 - 23:40:16 - [0] ----D- C:\Users\Edvan\AppData\Local\{F72069B8-41E9-44A4-9345-29223C2AC861}

O43 - CFD: 22/01/2012 - 01:33:00 - [0] ----D- C:\Users\Edvan\AppData\Local\{F86DD966-6945-4E1A-8A7E-40CE05A5EA61}

O43 - CFD: 14/07/2011 - 21:35:10 - [0] ----D- C:\Users\Edvan\AppData\Local\{F898ED49-7F89-47ED-9024-F92F10FD0032}

O43 - CFD: 10/01/2012 - 12:34:56 - [0] ----D- C:\Users\Edvan\AppData\Local\{F8DEAB35-8D5A-451F-864C-E5EE632C9F9E}

O43 - CFD: 30/12/2011 - 00:00:10 - [0] ----D- C:\Users\Edvan\AppData\Local\{FAD16FD1-AACE-466D-9A4C-5F243926D9CD}

O43 - CFD: 27/12/2011 - 11:55:20 - [0] ----D- C:\Users\Edvan\AppData\Local\{FE746E46-B3B3-43E9-B9AB-F0DFCD76832B}

O43 - CFD: 24/01/2012 - 22:56:16 - [0] ----D- C:\Users\Edvan\AppData\Local\{FE949EC7-3504-4951-B22F-DBF6C1B7C060}

O43 - CFD: 01/01/2012 - 12:59:28 - [0] ----D- C:\Users\Edvan\AppData\Local\{FEC618BC-B5CB-4BE1-A1D4-A05135437F4D}

O43 - CFD: 01/01/2012 - 00:25:56 - [0] ----D- C:\Users\Edvan\AppData\Local\{FF7ADA6B-8DDB-4FFD-98D5-44318E964E2B}

~ Scan Program Folder in 00mn 16s

 

 

 

---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.AC5817F32DF5AC7594FE12F91326EBF1] - 29/01/2012 - 10:58:43 ---A- . (...) -- C:\ToolbarShooterSUP.txt [3691]

O44 - LFC:[MD5.13BE005DFA7C6EC8DC41827EE039E454] - 29/01/2012 - 10:51:09 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1664464]

O44 - LFC:[MD5.B0EC8C6756A84C17ADB89B58786DD8E4] - 29/01/2012 - 10:41:33 ---A- . (...) -- C:\Windows\setupact.log [280]

O44 - LFC:[MD5.0F9DF7E5AB78AA70E03C9876C49A446F] - 29/01/2012 - 10:41:32 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.696D97E99F34F3E64422A214EF6A8875] - 28/01/2012 - 15:15:53 ---A- . (...) -- C:\Windows\multiview.ini [146]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 28/01/2012 - 13:59:00 ---A- . (...) -- C:\Windows\setuperr.log [0]

O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 27/01/2012 - 20:35:06 ---A- . (...) -- C:\Windows\NeroDigital.ini [69]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 25/01/2012 - 11:21:33 RSHA- . (...) -- C:\IO.SYS [0]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 25/01/2012 - 11:21:33 RSHA- . (...) -- C:\MSDOS.SYS [0]

O44 - LFC:[MD5.E0BAECEA2D436AC15553CF9B71914B2E] - 24/01/2012 - 22:35:09 ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1524858]

O44 - LFC:[MD5.3BE6D042CC3F84C2E75E21180DE1E128] - 24/01/2012 - 22:35:09 ---A- . (...) -- C:\Windows\system32\perfc009.dat [107034]

O44 - LFC:[MD5.B0C9C0E74AFC537D0DBEBA954B431FC0] - 24/01/2012 - 22:35:09 ---A- . (...) -- C:\Windows\system32\perfh009.dat [618714]

O44 - LFC:[MD5.59037C21897B02E4BDB0D19327171F00] - 24/01/2012 - 22:35:09 ---A- . (...) -- C:\Windows\system32\prfc0416.dat [128740]

O44 - LFC:[MD5.00BCBC4378811FBD62B9B7DBAD96C786] - 24/01/2012 - 22:35:09 ---A- . (...) -- C:\Windows\system32\prfh0416.dat [666510]

O44 - LFC:[MD5.8F71A250C4A8257EE0CDA01F6791B3E9] - 01/01/2012 - 02:28:04 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\system32\FlashPlayerCPLApp.cpl [414368]

~ Scan Files in 00mn 04s

 

 

 

---\\ Last files created in Windows Prefetcher (O45)

O45 - LFCP:[MD5.96DB4A81E59936851F16170755609315] - 19/01/2012 - 11:56:09 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-17E9AB0E.pf

O45 - LFCP:[MD5.3C8356727629F5F184B2CE8993A1444B] - 23/01/2012 - 11:22:36 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf

O45 - LFCP:[MD5.CBFA446C95B34DFE82174DCB570C4771] - 25/01/2012 - 22:58:37 ---A- - C:\Windows\Prefetch\REALPLAY.EXE-D1FF8B46.pf

O45 - LFCP:[MD5.F4D52C89B8F9D58B01A9A9A928B10C2F] - 27/01/2012 - 15:51:55 ---A- - C:\Windows\Prefetch\FORMATFACTORY.EXE-8395F982.pf

O45 - LFCP:[MD5.6A53A33CCFC7BF27D5429E5B2CD9CF99] - 27/01/2012 - 16:10:12 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-8D561148.pf

O45 - LFCP:[MD5.17B51E1C7AA05E32955E05CC85D4A33F] - 27/01/2012 - 20:30:40 ---A- - C:\Windows\Prefetch\SF.BIN-E6FB4DBB.pf

O45 - LFCP:[MD5.582B8D461F715484AFA0ED3937CBCDCD] - 27/01/2012 - 20:35:10 ---A- - C:\Windows\Prefetch\MOVIEMAKER.EXE-19AE582C.pf

O45 - LFCP:[MD5.1E08E180EE30D7DE5A50193C990CD9BB] - 27/01/2012 - 20:35:23 ---A- - C:\Windows\Prefetch\WERFAULT.EXE-D0500CA3.pf

O45 - LFCP:[MD5.1D3D03A1058C67A94F886CA895EC197E] - 27/01/2012 - 20:43:21 ---A- - C:\Windows\Prefetch\FIND.EXE-DDEF04D6.pf

O45 - LFCP:[MD5.559A61787C0F6DAB143464CD60796D70] - 27/01/2012 - 20:43:21 ---A- - C:\Windows\Prefetch\SYSTEMINFO.EXE-D53EFE56.pf

O45 - LFCP:[MD5.5BCFF2D89A7F8B72837BB38A91DBAA7A] - 28/01/2012 - 00:52:11 ---A- - C:\Windows\Prefetch\SETUP_WM.EXE-F7FC5C83.pf

O45 - LFCP:[MD5.4912F2D274C691900FE89650D58DFC5D] - 28/01/2012 - 01:26:22 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-BF11F137.pf

O45 - LFCP:[MD5.3F4B9C380DDDF90ED30624639F489E95] - 28/01/2012 - 09:12:35 ---A- - C:\Windows\Prefetch\CCLEANER.EXE-FFB83DF9.pf

O45 - LFCP:[MD5.5C325EBDEBBAB44AAA4A5D9152135366] - 28/01/2012 - 09:13:02 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-A8F1A9B4.pf

O45 - LFCP:[MD5.D8353407E408B6AD16AE12C5AD5F0CB0] - 28/01/2012 - 09:13:02 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-A8F334DA.pf

O45 - LFCP:[MD5.C522907CBA71D5BC3D983A50B694C210] - 28/01/2012 - 14:59:42 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-18203843.pf

O45 - LFCP:[MD5.B5C7F57C6FB272E2B9427B5CAACA0853] - 28/01/2012 - 14:59:42 ---A- - C:\Windows\Prefetch\DRVINST.EXE-EE70D0BB.pf

O45 - LFCP:[MD5.154DB8C98EF9B7FC2CC107851326ECE7] - 28/01/2012 - 15:00:00 ---A- - C:\Windows\Prefetch\WINWORD.EXE-A09D70BA.pf

O45 - LFCP:[MD5.9D7ACECF829D28543AA7975BEEA4C7A6] - 28/01/2012 - 15:00:03 ---A- - C:\Windows\Prefetch\ADOBEARM.EXE-4A52B088.pf

O45 - LFCP:[MD5.BB20B677957EB6418605B1DC11ACD94F] - 28/01/2012 - 15:09:03 ---A- - C:\Windows\Prefetch\TEAMVIEWER.EXE-D5E0567E.pf

O45 - LFCP:[MD5.0F74A92A67F427EB134CFA8407DFAFB9] - 28/01/2012 - 15:09:15 ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-99AF9BC5.pf

O45 - LFCP:[MD5.7FB389499E15B6A6B83F1D289303A105] - 28/01/2012 - 15:11:21 ---A- - C:\Windows\Prefetch\MULTIVIEW.EXE-FC677444.pf

O45 - LFCP:[MD5.BCDCFCFDD7B10B50F2DE62A6DDE31F7D] - 28/01/2012 - 15:14:37 ---A- - C:\Windows\Prefetch\TEAMVIEWER_DESKTOP.EXE-5B203EEB.pf

O45 - LFCP:[MD5.B318EDDA786C8076AE88518C4FB40B9D] - 28/01/2012 - 22:59:09 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C8471742.pf

O45 - LFCP:[MD5.DB7004D7960F155C88EDF3ABCE0CF19A] - 28/01/2012 - 23:02:04 ---A- - C:\Windows\Prefetch\WMPLAYER.EXE-4B83B48C.pf

O45 - LFCP:[MD5.66A68853680360D685A57601B415FB57] - 28/01/2012 - 23:40:27 ---A- - C:\Windows\Prefetch\Layout.ini

O45 - LFCP:[MD5.A8DFB264860DB6EB7927678A05D9523B] - 28/01/2012 - 23:40:36 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-D1DA8086.pf

O45 - LFCP:[MD5.7B929ED987D20BFD75A8DBE01993F76C] - 28/01/2012 - 23:40:37 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-1C83139B.pf

O45 - LFCP:[MD5.ADF38A4F164E7C0854BAB4A14236EB09] - 28/01/2012 - 23:43:37 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-2ACAD5D6.pf

O45 - LFCP:[MD5.15CDD1D324134B53E216EA41ADE1A26F] - 28/01/2012 - 23:47:43 ---A- - C:\Windows\Prefetch\SF.BIN-AFA6F0C5.pf

O45 - LFCP:[MD5.0F562009FD31F212458C1BBF224F9CD0] - 28/01/2012 - 23:49:08 ---A- - C:\Windows\Prefetch\MPCMDRUN.EXE-0ECD430D.pf

O45 - LFCP:[MD5.5CB24134239F511DEA895039A13979F3] - 28/01/2012 - 23:50:38 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-0CC0685B.pf

O45 - LFCP:[MD5.E23C8A7DEF7FC322CE65D099F26EBAA8] - 29/01/2012 - 00:06:16 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-8CBA30F8.pf

O45 - LFCP:[MD5.458B12BEDD64219BF4922D2D3B7A968A] - 29/01/2012 - 00:06:18 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx

O45 - LFCP:[MD5.B030607CE50CDD908F126B3ECD5D8358] - 29/01/2012 - 00:06:30 ---A- - C:\Windows\Prefetch\MOBSYNC.EXE-679EC7C0.pf

O45 - LFCP:[MD5.64869231CF026503570009C8B1374642] - 29/01/2012 - 00:06:59 ---A- - C:\Windows\Prefetch\REALUPGRADE.EXE-CECAD7C7.pf

O45 - LFCP:[MD5.361A247CA6C7986DA6C67726E91867CC] - 29/01/2012 - 00:07:19 ---A- - C:\Windows\Prefetch\AgCx_SC1.db

O45 - LFCP:[MD5.915C310BA0936F03BC70CC91595797D2] - 29/01/2012 - 00:10:59 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3402164469-1559782933-1922221369-1001.db

O45 - LFCP:[MD5.DEC9DC08CAA25CB5B4F2650CF4D646AA] - 29/01/2012 - 00:10:59 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3402164469-1559782933-1922221369-1001.db

O45 - LFCP:[MD5.0A9C2825AC8F1B57352612F2C4637612] - 29/01/2012 - 00:11:10 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-D99D24E9.pf

O45 - LFCP:[MD5.31283E4094C9937056464F0EEF075D2E] - 29/01/2012 - 00:26:15 ---A- - C:\Windows\Prefetch\AGCP.EXE-CC6CBA69.pf

O45 - LFCP:[MD5.70CBDF9213E84834B0FA052400693A2B] - 29/01/2012 - 02:12:33 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-909DDEDE.pf

O45 - LFCP:[MD5.2FE8153849A59602A2FC4A704980178F] - 29/01/2012 - 02:13:09 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-9CD1A8E8.pf

O45 - LFCP:[MD5.3749BD94A8B6C07EEBE9ED398A550800] - 29/01/2012 - 02:55:10 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-AAD0A372.pf

O45 - LFCP:[MD5.E7042C2C727B8F89C99654CB0E65F012] - 29/01/2012 - 02:55:14 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db

O45 - LFCP:[MD5.A49017E620413F8159FA3E50D5052DF0] - 29/01/2012 - 02:55:14 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db

O45 - LFCP:[MD5.29C925C6511F837F598987F297D9FB77] - 29/01/2012 - 02:55:14 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db

O45 - LFCP:[MD5.2C5FB7803628260EF58211D09CF2562F] - 29/01/2012 - 02:55:14 ---A- - C:\Windows\Prefetch\AgRobust.db

O45 - LFCP:[MD5.B9E457D897FE13746A091201ACCE1245] - 29/01/2012 - 02:55:14 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin

O45 - LFCP:[MD5.6E611BA382D174549C2A860063DEFD71] - 29/01/2012 - 10:42:35 ---A- - C:\Windows\Prefetch\AVAST.SETUP-3EFDFE37.pf

O45 - LFCP:[MD5.D5CE1B69074520E0EE5CF03FC1D6D34C] - 29/01/2012 - 10:42:52 ---A- - C:\Windows\Prefetch\MSNMSGR.EXE-466B0222.pf

O45 - LFCP:[MD5.3CAC51BC61895E8E2CF372CAFB159E69] - 29/01/2012 - 10:43:21 ---A- - C:\Windows\Prefetch\WLCOMM.EXE-F49DDED8.pf

O45 - LFCP:[MD5.FDA2574BB923B5BB2C461E5BF5982228] - 29/01/2012 - 10:43:59 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-65EC0A25.pf

O45 - LFCP:[MD5.00F6D06BEC153BB970478824A81D1362] - 29/01/2012 - 10:44:02 ---A- - C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-B5E8AC28.pf

O45 - LFCP:[MD5.E3957FC61ACA9E961280290006737B60] - 29/01/2012 - 10:44:02 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-4787A8CB.pf

O45 - LFCP:[MD5.48325B3C12EFC6633681E768174C7E6F] - 29/01/2012 - 10:44:02 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-B153D8B6.pf

O45 - LFCP:[MD5.42BCF05C9EB6E18C70793263F256194B] - 29/01/2012 - 10:44:10 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1A0BCDB9.pf

O45 - LFCP:[MD5.0C59D5778004D5826265BAA0ADFF3E8E] - 29/01/2012 - 10:44:13 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-A7B2C41C.pf

O45 - LFCP:[MD5.072EB388A3D20DD21F2D964C1A7E353D] - 29/01/2012 - 10:44:19 ---A- - C:\Windows\Prefetch\EXCEL.EXE-B69989C5.pf

O45 - LFCP:[MD5.3AAAE5752B8CACD893FD42B8E9DB17FA] - 29/01/2012 - 10:45:16 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-5D163506.pf

O45 - LFCP:[MD5.C4A5992B2167360CA310209DC2FF1F34] - 29/01/2012 - 10:45:18 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-11EE2502.pf

O45 - LFCP:[MD5.68D86D44565374A74CD3D8206EA669C2] - 29/01/2012 - 10:45:55 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-C42984CB.pf

O45 - LFCP:[MD5.DFB3041F70E8EF8A03D3F81CF3F42575] - 29/01/2012 - 10:50:44 ---A- - C:\Windows\Prefetch\VSSVC.EXE-3C0C319A.pf

O45 - LFCP:[MD5.425D765FB551EC9D18D0B0FC3E40BB9D] - 29/01/2012 - 10:50:45 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-1EBB7E14.pf

O45 - LFCP:[MD5.2C30A0B15CD09A78A31C26E82D7562DC] - 29/01/2012 - 10:50:49 ---A- - C:\Windows\Prefetch\WINDOWSLIVEPHOTOVIEWER.EXE-58AAE537.pf

O45 - LFCP:[MD5.1875886BEE1FB8B4EE7AFB4239441063] - 29/01/2012 - 10:50:59 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-5BE99666.pf

O45 - LFCP:[MD5.E7C37604E3913B79F4534190CCFC113A] - 29/01/2012 - 10:54:36 ---A- - C:\Windows\Prefetch\SF.BIN-CB08EEF5.pf

O45 - LFCP:[MD5.B2935F137675FC339E1232AD67F2DCEA] - 29/01/2012 - 10:54:49 ---A- - C:\Windows\Prefetch\ACRORD32INFO.EXE-34512E4B.pf

O45 - LFCP:[MD5.628F6669D828FB2F35C86C70874D20D3] - 29/01/2012 - 10:54:49 ---A- - C:\Windows\Prefetch\WERMGR.EXE-8875B865.pf

O45 - LFCP:[MD5.43EAE86C24B9E48BFF932274F65BBC05] - 29/01/2012 - 10:55:00 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-EC7D4248.pf

O45 - LFCP:[MD5.2B6B803FC2F9CCCBD418FBAB2172301F] - 29/01/2012 - 10:56:34 ---A- - C:\Windows\Prefetch\CTFMON.EXE-0D9B7444.pf

O45 - LFCP:[MD5.ED8DCEC57080682BF08F75ED3C3C7EF9] - 29/01/2012 - 10:56:44 ---A- - C:\Windows\Prefetch\IGFXSRVC.EXE-805536ED.pf

O45 - LFCP:[MD5.5D998D40E42C8F35F84045CFE41BFABA] - 29/01/2012 - 10:56:55 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-70E7A76D.pf

O45 - LFCP:[MD5.4E7A7D4C92D1BFCA7FB583DBC0DBB384] - 29/01/2012 - 10:56:59 ---A- - C:\Windows\Prefetch\TASKENG.EXE-EA9181FA.pf

O45 - LFCP:[MD5.834B61DD5D52CE7FA18D03CD50DBB979] - 29/01/2012 - 10:57:00 ---A- - C:\Windows\Prefetch\MODE.COM-D70045EB.pf

O45 - LFCP:[MD5.B351295921ABC98BFBCA1A234228652C] - 29/01/2012 - 10:57:05 ---A- - C:\Windows\Prefetch\REG.EXE-AE7F6BB7.pf

O45 - LFCP:[MD5.BC424B84B7D4783B9C5D167E81DE8349] - 29/01/2012 - 10:57:10 ---A- - C:\Windows\Prefetch\TOOLBARSHOOTER.EXE-D020F139.pf

O45 - LFCP:[MD5.1398571DC0F2EA80595512C32F6139F6] - 29/01/2012 - 10:57:51 ---A- - C:\Windows\Prefetch\ATTRIB.EXE-22DBBB5F.pf

O45 - LFCP:[MD5.F58FE3137055D087F39414129DA47275] - 29/01/2012 - 10:58:54 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-79FDEF08.pf

O45 - LFCP:[MD5.4A53368F30BAFCE2E7603139919C4F3E] - 29/01/2012 - 11:00:23 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-DDF28657.pf

O45 - LFCP:[MD5.A4D4EC7A6DFE6B4B191EB672B1D6C6EE] - 29/01/2012 - 11:02:00 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-0003997E.pf

O45 - LFCP:[MD5.DAB3B70E69FC01A116FA4371FDB4F4FF] - 29/01/2012 - 11:02:18 ---A- - C:\Windows\Prefetch\ZHPDIAG2.EXE-AAA9737B.pf

O45 - LFCP:[MD5.51388AEBA84B3BE796456C3DC8BCF0B6] - 29/01/2012 - 11:02:18 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-0C9F049C.pf

O45 - LFCP:[MD5.FBE6908AFC6E68BFCCFB63F61206CD8C] - 29/01/2012 - 11:02:27 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-774E2D1B.pf

O45 - LFCP:[MD5.3AEC1902966C42B8B60AF6AE66E7B93A] - 29/01/2012 - 11:02:39 ---A- - C:\Windows\Prefetch\ZHPDIAG.EXE-2A9A7755.pf

O45 - LFCP:[MD5.864B0572B177628172EB9D590BF90771] - 29/01/2012 - 11:02:44 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-5FB9CF9A.pf

O45 - LFCP:[MD5.A851320A8AAFC6650BF8B31445F1C74D] - 29/01/2012 - 11:07:21 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-22B146F5.pf

O45 - LFCP:[MD5.ABF9C0E455F1D35C4BB4A992506642FF] - 29/01/2012 - 11:07:51 ---A- - C:\Windows\Prefetch\CMD.EXE-111861F5.pf

O45 - LFCP:[MD5.B16E5BBAAB46C7FFA480003FF53B3B23] - 29/01/2012 - 11:07:51 ---A- - C:\Windows\Prefetch\CONHOST.EXE-C0FB3CEF.pf

O45 - LFCP:[MD5.CA1B458C61394E1977E9494E96360329] - 29/01/2012 - 11:07:51 ---A- - C:\Windows\Prefetch\CSCRIPT.EXE-73ABE6D9.pf

O45 - LFCP:[MD5.DFA074D5069F39A12E7FDEA436515F0B] - 29/01/2012 - 11:07:52 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-2A4302F4.pf

O45 - LFCP:[MD5.2871FA18DE1E7BBF35F59D4D0A27C1D6] - 29/01/2012 - 11:07:52 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-32FC3D5D.pf

O45 - LFCP:[MD5.07F9DB71006C0CF958D608CA1CE9EECE] - 29/01/2012 - 11:08:02 ---A- - C:\Windows\Prefetch\PV.EXE-1D464158.pf

O45 - LFCP:[MD5.70CF8F71A976A8A52A43D5E05DAF9889] - 29/01/2012 - 11:08:09 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-4654FA7D.pf

~ Scan Prefetcher in 00mn 01s

 

 

 

---\\ Local Security Authority-LSA Deny (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\LIVESSP.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Safe Boot Control (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\system32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\system32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys

~ Scan CSB in 00mn 00s

 

 

 

---\\ MountPoints2 Shell Key (MPKS) (O51) (None)

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.GEOS"="C:\Windows\system32\v8300\GEO-MPEG4\2008.11.21.11.52\GeoCodecD.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8300\GEO-MPEG4\2008.11.21.11.52\GeoCodecD.dll

O52 - TDSD: \Drivers32\"vidc.GEOV"="C:\Windows\system32\v8300\GEO-MPEG4\2008.11.21.11.52\GeoCodec.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8300\GEO-MPEG4\2008.11.21.11.52\GeoCodec.dll

O52 - TDSD: \Drivers32\"vidc.GEOX"="C:\Windows\system32\v8300\GEO-MPEG4\2008.11.21.11.52\GeoCodec.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8300\GEO-MPEG4\2008.11.21.11.52\GeoCodec.dll

O52 - TDSD: \Drivers32\"vidc.GM40"="C:\Windows\system32\v8310\GEO-MPEG4-ASP\2009.4.13.18.50\GXAMP4.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8310\GEO-MPEG4-ASP\2009.4.13.18.50\GXAMP4.dll

O52 - TDSD: \Drivers32\"vidc.GMP4"="C:\Windows\system32\v8310\GEO-MPEG4-ASP\2009.4.13.18.50\GXAMP4.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8310\GEO-MPEG4-ASP\2009.4.13.18.50\GXAMP4.dll

O52 - TDSD: \Drivers32\"vidc.GM4H"="C:\Windows\system32\v8310\GEO-MPEG4-ASP\2009.4.13.18.50\GXAMP4D.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8310\GEO-MPEG4-ASP\2009.4.13.18.50\GXAMP4D.dll

O52 - TDSD: \Drivers32\"vidc.GM4S"="C:\Windows\system32\v8310\GEO-MPEG4-ASP\2009.4.13.18.50\GXAMP4D.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8310\GEO-MPEG4-ASP\2009.4.13.18.50\GXAMP4D.dll

O52 - TDSD: \Drivers32\"vidc.G264"="C:\Windows\system32\v8300\GEO-H264\2008.11.17.11.45\GX264.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8300\GEO-H264\2008.11.17.11.45\GX264.dll

O52 - TDSD: \Drivers32\"vidc.G26S"="C:\Windows\system32\v8300\GEO-H264\2008.11.17.11.45\GX264D.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8300\GEO-H264\2008.11.17.11.45\GX264D.dll

O52 - TDSD: \Drivers32\"vidc.GM20"="C:\Windows\system32\v8300\GEO-MPEG2\2008.12.16.16.38\GXGM20.dll" . (.GeoVision Inc. - GeoMpeg2 Dynamic Link Library.) -- C:\Windows\System32\v8300\GEO-MPEG2\2008.12.16.16.38\GXGM20.dll

O52 - TDSD: \Drivers32\"vidc.GJPG"="C:\Windows\system32\v8310\GEO-JPEG\2009.2.13.11.5\GXJPG.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8310\GEO-JPEG\2009.2.13.11.5\GXJPG.dll

O52 - TDSD: \Drivers32\"vidc.GAVC"="C:\Windows\system32\v8310\GEO-H264-V2\2009.4.14.19.37\GXAVC.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8310\GEO-H264-V2\2009.4.14.19.37\GXAVC.dll

O52 - TDSD: \Drivers32\"vidc.GAVS"="C:\Windows\system32\v8310\GEO-H264-V2\2009.4.14.19.37\GXAVCD.dll" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\v8310\GEO-H264-V2\2009.4.14.19.37\GXAVCD.dll

O52 - TDSD: \Drivers32\"msacm.geoadpcm"="C:\Windows\system32\v8200\GEO-ADPCM\2007.8.13.17.32\GeoADPCM.acm" . (.GeoVision Inc. - GeoVision ADPCM CODEC for MSACM.) -- C:\Windows\System32\v8200\GEO-ADPCM\2007.8.13.17.32\GeoADPCM.acm

O52 - TDSD: \Drivers32\"VIDC.FMVC"="fmcodec.dll" . (.Fox Magic Software - FM Screen Capture Codec (VFW).) -- C:\Windows\System32\fmcodec.dll

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"GeoCodec.dll"="GeoVision MPEG4" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\GeoCodec.dll

O52 - TDSD: \drivers.desc\"GeoCodecD.dll"="GeoVision MPEG4 Decoder" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\GeoCodecD.dll

O52 - TDSD: \drivers.desc\"GXAMP4.dll"="GeoVision MPEG4 ASP" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\GXAMP4.dll

O52 - TDSD: \drivers.desc\"GXAMP4D.dll"="GeoVision MPEG4 ASP Decoder" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\GXAMP4D.dll

O52 - TDSD: \drivers.desc\"GX264.dll"="GeoVision H264" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\GX264.dll

O52 - TDSD: \drivers.desc\"GX264D.dll"="GeoVision H264 Decoder" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\GX264D.dll

O52 - TDSD: \drivers.desc\"GXGM20.dll"="GeoVision MPEG2" . (.GeoVision Inc. - GeoMpeg2 Dynamic Link Library.) -- C:\Windows\System32\GXGM20.dll

O52 - TDSD: \drivers.desc\"GXJPG.dll"="GeoVision JPEG" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\GXJPG.dll

O52 - TDSD: \drivers.desc\"GXAVC.dll"="GeoVision MPEG4 AVC" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\GXAVC.dll

O52 - TDSD: \drivers.desc\"GXAVCD.dll"="GeoVision MPEG4 AVC Decoder" . (.GeoVision - GeoVision® Codec.) -- C:\Windows\System32\GXAVCD.dll

O52 - TDSD: \drivers.desc\"GeoADPCM.acm"="GeoVision ADPCM" . (.GeoVision Inc. - GeoVision ADPCM CODEC for MSACM.) -- C:\Windows\System32\GeoADPCM.acm

~ Scan Keys in 00mn 00s

 

 

 

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Acronis Serviço Scheduler2 [Key] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe

O53 - SMSR:HKLM\...\startupreg\facemoods [Key] . (...) -- C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (...) -- C:\Users\Edvan\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe

O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe

O53 - SMSR:HKLM\...\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [Key] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

O53 - SMSR:HKLM\...\startupreg\NBKeyScan [Key] . (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe

O53 - SMSR:HKLM\...\startupreg\PlusService [Key] . (...) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe

O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe

O53 - SMSR:HKLM\...\startupreg\swg [Key] . (...) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe

O53 - SMSR:HKLM\...\startupreg\TrueImageMonitor.exe [Key] . (...) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O53 - SMSR:HKLM\...\startupreg\USB Security [Key] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe

O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Program Files\uTorrent\uTorrent.exe (.not file.)

~ Scan SMSR Keys in 00mn 00s

 

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1

O55 - MWPS:[HKCU\...\Policies\System] - "disableregistrytools"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]

O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]

O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]

O58 - SDL:[MD5.53696AD8FFC5FAC51949A525FF65A689] - 26/05/2011 - 22:50:10 ---A- . (.Acronis - File Level CDP Kernel Helper.) -- C:\Windows\system32\drivers\afcdp.sys [167968]

O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]

O58 - SDL:[MD5.19CE906B4CDC11FC4FEF5745F33A63B6] - 11/03/2011 - 02:43:46 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [80256]

O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]

O58 - SDL:[MD5.869E67D66BE326A5A9159FBA8746FA70] - 11/03/2011 - 02:43:46 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [22400]

O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]

O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]

O58 - SDL:[MD5.054DF24C92B55427E0757CFFF160E4F2] - 28/11/2011 - 14:51:50 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20568]

O58 - SDL:[MD5.258143605E77E4008F1758481D6A977D] - 28/11/2011 - 14:52:07 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [55128]

O58 - SDL:[MD5.352D5A48EBAB35A7693B048679304831] - 28/11/2011 - 14:52:19 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [34392]

O58 - SDL:[MD5.8D34D2B24297E27D93E847319ABFDEC4] - 28/11/2011 - 14:53:53 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\system32\drivers\aswSnx.sys [435032]

O58 - SDL:[MD5.010012597333DA1F46C3243F33F8409E] - 28/11/2011 - 14:53:35 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [314456]

O58 - SDL:[MD5.F9F84364416658E9786235904D448D37] - 28/11/2011 - 14:52:16 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [52952]

O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]

O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]

O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]

O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]

O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]

O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]

O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]

O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]

O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]

O58 - SDL:[MD5.C2EB4539A4F6AB6EDD01BDC191619975] - 09/11/2010 - 15:35:30 ---A- . (.CPUID - CPUID Driver.) -- C:\Windows\system32\drivers\cpuz135_x32.sys [21992]

O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]

O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]

O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]

O58 - SDL:[MD5.F5CB6CB6D12F495516BE27CFFCCDE4BF] - 13/07/2009 - 19:02:53 ---A- . (.VIA Technologies, Inc. - NDIS 6.0 miniport driver.) -- C:\Windows\system32\drivers\fetnd6.sys [44032]

O58 - SDL:[MD5.833051C6C6C42117191935F734CFBD97] - 30/12/1899 - 17:35:40 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\system32\drivers\hamachi.sys [26176]

O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]

O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]

O58 - SDL:[MD5.71F1A494FEDF4B33C02C4A6A28D6D9E9] - 11/03/2011 - 02:43:55 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332160]

O58 - SDL:[MD5.9467514EA189475A6E7FDC5D7BDE9D3F] - 23/09/2009 - 19:18:14 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd32.sys [4808192]

O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]

O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]

O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]

O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]

O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]

O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 15:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464]

O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]

O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]

O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]

O58 - SDL:[MD5.F1B0BED906F97E16F6D0C3629D2F21C6] - 11/03/2011 - 02:44:01 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117120]

O58 - SDL:[MD5.4520B63899E867F354EE012D34E11536] - 11/03/2011 - 02:44:01 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [143744]

O58 - SDL:[MD5.4197AA61A58BBCD4BFCBCB57C6B51ADF] - 12/10/2006 - 17:40:00 ---A- . (.NTK - 96610 PC Camera mini Driver.) -- C:\Windows\system32\drivers\nvtcam.sys [55808]

O58 - SDL:[MD5.EE2B84F206C774EC1F735AC9FE31A783] - 12/10/2006 - 17:39:56 ---A- . (.Windows ® 2000 DDK provider - Universal Serial Bus Camera Driver.) -- C:\Windows\system32\drivers\NVTCAMD2.SYS [24192]

O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]

O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064]

O58 - SDL:[MD5.7DFD48E24479B68B258D8770121155A0] - 13/07/2009 - 19:02:52 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\Windows\system32\drivers\Rt86win7.sys [139776]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016]

O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888]

O58 - SDL:[MD5.85BADA660D57BC5AEF52B11CABD6D8F9] - 26/05/2011 - 22:49:46 ---A- . (.Acronis - Acronis Snapshot API.) -- C:\Windows\system32\drivers\snapman.sys [170464]

O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072]

O58 - SDL:[MD5.431801FCC97034E04A6EFF81136578D7] - 26/05/2011 - 22:50:04 ---A- . (.Acronis - Acronis Try&Decide Volume Filter Driver.) -- C:\Windows\system32\drivers\tdrpm273.sys [752128]

O58 - SDL:[MD5.3E06987FEDBCDFBFF8E85EF8108565F9] - 26/05/2011 - 22:50:01 ---A- . (.Acronis - Acronis Backup Archive Explorer.) -- C:\Windows\system32\drivers\timntr.sys [581984]

O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976]

O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\system32\country.sys [27097]

O58 - SDL:[MD5.833051C6C6C42117191935F734CFBD97] - 30/12/1899 - 17:35:40 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\system32\hamachi.sys [26176]

O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]

O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]

O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]

O58 - SDL:[MD5.3CFFAEF

[DigRam 144]

Bom Dia! Edvan

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Clique em Télécharger! < >

 

|- Salve-o no desktop!

 

|- Dê início ao scan,clicando em "Suppression" < >

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

///°°°///

 

|- Ps: O relatório de ZHPDiag veio incompleto.

 

 

|- Abra a ferramenta e clique no ícone do pergaminho. ( ZHPDiag )

 

 

|- Escolha a opção de idiomas que desejar!

|- Atualize-a,clicando na seta verde. < >

 

|- Clique no ícone do 'capetinha!' < >

|- Poste o relatório: Rapport de ZHPScan

 

Abraços!

[Edvan 30]

fiz um scan, depois cliquei em delete, o AdwCleaner pegou algumas coisas e já deletei....

 

# AdwCleaner v1.408 - Logfile created 01/30/2012 at 20:45:08

# Updated 29/01/2012 by Xplode

# Operating system : Windows 7 Professional (32 bits)

# User : Edvan - EDVAN-PC (Administrator)

# Running from : C:\Users\Edvan\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v9.0.1 (pt-BR)

 

Profile : 15q1nmpg.default

File : C:\Users\Edvan\AppData\Roaming\Mozilla\Firefox\Profiles\15q1nmpg.default\prefs.js

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R2].txt - [803 octets] - [30/01/2012 20:44:48]

AdwCleaner[s2].txt - [735 octets] - [30/01/2012 20:45:08]

 

*************************

 

Temporary folder : : 3 folder(s) and 6 file(s) deleted

 

########## EOF - C:\AdwCleaner[s2].txt - [950 octets] ##########

 

 

------------\\----------------------

 

O log do ZHPDiag, link abaixo:

 

Link: http://cjoint.com/12jv/BAFm5i2XnPl.htm

 

b]OBS:[/b] Quando tento atualizar clicando na seta aparece essa mensagem da imagem abaixo:

 

[DigRam 144]

Bom Dia! Edvan

 

|- A versão de ZHPDiag,pela mensagem,já encontra-se atualizada.

 

///°°°///

 

|- Desinstale: IMinent Toolbar

 

///°°°///

 

O16 - DPF: {27932703-59C1-4B18-A46D-ED8FC2D35BAA} (NEWIE Control) - http://vurdson.dyndn...:8080/NEWIE.cab

|- Você conhece este componente ativo? ( NEWIE.cab )

 

///°°°///

 

|- Baixe: < RogueKiller > ( ... par tigzy )

|- Salve-o no desktop!

|- Feche aplicativos que estejam abertos!

 

 

|- Execute a ferramenta,escolhendo a opção ( 1 ) Recherche ou Scan <- Confirme!

|- Ps: Para Windows Vista ou 7,execute-o como administrador.

|- Poste o relatório: RKreport[1].txt

 

///°°°///

 

|- Baixe: < > ( ...by El Desaparecido )

 

|- Salve-o no desktop!

|- Feche programas que estejam abertos.

|- Desabilite a proteção residente de seu antivírus.

|- Instale a ferramenta,e aceite todas as condições pedidas.

|- Ao concluir,execute-a com um duplo clique,em "FyK.exe" que está no desktop.

|- Para Windows Vista ou 7,clique direito e escolha executar como administrador.

|- No prompt,aperte o P -> Enter. <- Opção de linguas para Portugues!

 

 

|- Escolha a opção 1 # Procura . -> Enter!

|- Aguarde a conclusão e poste o relatório: C:\FindyKill.txt

 

///°°°///

 

|- Feche programas/pastas que estejam abertas.

 

 

|- Dê um duplo clique em ZHPFix.

 

|- Clique no menu,H < >

 

M3 - MFPP: Plugins - [Edvan] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml

M2 - MFEP: prefs.js [Edvan - 15q1nmpg.default\ffxtlbr@babylon.com] [] Babylon v1.1.9 (.Babylon.)

M2 - MFEP: prefs.js [Edvan - 15q1nmpg.default\{C9B68337-E93A-44EA-94DC-CB300EC06444}] [] IMinent Toolbar v4.45.0 (.IMinent.)

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com

O4 - Global Startup: C:\Users\Edvan\Desktop\A Bíblia Sagrada Versão Digital 6.7 Freeware.lnk . (...) -- C:\ABSVD\absvd.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{11093E2E-8056-4FCB-A85D-5065F5BBE618}] (...) -- C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.

[MD5.00000000000000000000000000000000] [APT] [{2FD9DE13-099C-4DD4-84C7-5463CA8D6ED9}] (...) -- C:\Program Files\Active Ports\aports.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{344BDC5A-D727-445F-8F10-59E3CBD8694C}] (...) -- C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{3F856E6C-96C3-4014-852A-4418C5CE784C}] (...) -- C:\downloads\TrueImage2010_d_pt.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{66C18394-2001-46DB-A739-4570DC3210EE}] (...) -- C:\Users\Edvan\AppData\Local\Temp\Uninstal.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{6B1B2A89-3CCD-43DD-BC91-165D44C3C448}] (...) -- C:\Users\Edvan\Downloads\51942_bankerfix_30.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{6FF5A974-C41E-4034-8BDE-1618FC8A88FD}] (...) -- C:\Users\Edvan\Desktop\Edvan-CFTV\MultiView\DMMultiView.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{CB39FF99-B8C4-4EB4-968D-B77A9FC5F8E0}] (...) -- F:\Oficce 2003 e 2007\Office 2007 Completo\setup.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{D30A95A0-6AD2-4811-905F-2D6122B9D37D}] (...) -- C:\downloads\TrueImage2010_d_pt.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{DDF2D4E6-3010-4446-9475-EFA2F582D8EB}] (...) -- C:\Users\Edvan\Desktop\VANIA\creativity_mmfull_baixaki.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{ED813E01-077A-4317-8ADB-1DB6E44C3755}] (...) -- C:\Users\Edvan\Desktop\51942_bankerfix_30(1).exe (.not file.)

O42 - Logiciel: Java™ 6 Update 25 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216022FF}

O45 - LFCP:[MD5.B318EDDA786C8076AE88518C4FB40B9D] - 28/01/2012 - 22:59:09 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C8471742.pf

O45 - LFCP:[MD5.7B929ED987D20BFD75A8DBE01993F76C] - 28/01/2012 - 23:40:37 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-1C83139B.pf

O45 - LFCP:[MD5.ADF38A4F164E7C0854BAB4A14236EB09] - 28/01/2012 - 23:43:37 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-2ACAD5D6.pf

O45 - LFCP:[MD5.5CB24134239F511DEA895039A13979F3] - 28/01/2012 - 23:50:38 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-0CC0685B.pf

O45 - LFCP:[MD5.2FE8153849A59602A2FC4A704980178F] - 29/01/2012 - 02:13:09 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-9CD1A8E8.pf

O45 - LFCP:[MD5.0C59D5778004D5826265BAA0ADFF3E8E] - 29/01/2012 - 10:44:13 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-A7B2C41C.pf

O45 - LFCP:[MD5.425D765FB551EC9D18D0B0FC3E40BB9D] - 29/01/2012 - 10:50:45 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-1EBB7E14.pf

O45 - LFCP:[MD5.43EAE86C24B9E48BFF932274F65BBC05] - 29/01/2012 - 10:55:00 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-EC7D4248.pf

O45 - LFCP:[MD5.A851320A8AAFC6650BF8B31445F1C74D] - 29/01/2012 - 11:07:21 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-22B146F5.pf

O53 - SMSR:HKLM\...\startupreg\facemoods [Key] . (...) -- C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (...) -- C:\Users\Edvan\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\PlusService [Key] . (...) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\swg [Key] . (...) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Program Files\uTorrent\uTorrent.exe (.not file.)

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Facemoods]

[HKLM\Software\Babylon]

[HKLM\Software\Iminent]

[HKLM\Software\Swearware]

[HKCU\Software\Softonic]

 

emptytemp

emptyflash

firewallraz

sysrestore

|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.

|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.

|- Ps: As que estão em vermelho escuro,no script,fica à seu critério se deseja removê-las!

|- Clique em GO -> Oui.

|- Ao concluir,e caso tenha desaparecido todos os ícones de seu desktop,faça o seguinte:

|- Abra o Gerenciador de tarefas. ( ctrl+alt+del )

|- Clique na aba "Aplicativos".

|- Clique em "Nova tarefa..."

|- Digite na caixa: explorer.exe

|- Clique em OK.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

|- Ps: Também,será gerado os seguintes relatórios,que não serão postados!

 

|- ZHPExportRegistry-dia-mes-2012-hs-min-seg;

|- ZHPADSReport;

|- ZHPFixQuarantine;

 

Abraços!

[Edvan 30]

Não encontrei o IMinent Toolbar para desinstalar..

 

ha!! desconheço o link abaixo:

 

O16 - DPF: {27932703-59C1-4B18-A46D-ED8FC2D35BAA} (NEWIE Control) - http://vurdson.dyndn...:8080/NEWIE.cab

 

RogueKiller V7.0.2 [01/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User: Edvan [Admin rights]

Mode: Scan -- Date : 02/01/2012 00:27:22

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] {6FF5A974-C41E-4034-8BDE-1618FC8A88FD}.job : C:\Users\Edvan\Desktop\Edvan-CFTV\MultiView\DMMultiView.exe -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD161HJ ATA Device +++++

--- User ---

[MBR] 2c15983366b94a89307c7a5e0d04ff4b

[bSP] 6414d364a00c0d9aaacc3d5ec815bc17 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 99166 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 203110400 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 203315200 | Size: 52730 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 311307570 | Size: 619 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1].txt >>

RKreport[1].txt

 

 

 

-------------------------\-\---------------------------------------

 

 

############################## | FindyKill V5.056 |

 

# User : Edvan (Administradores) # EDVAN-PC

# Update on 20/11/2011 by El Desaparecido

# Start at: 00:30:34 | 01/02/2012

# Website : http://eldesaparecido.com/

# Contact : contact@eldesaparecido.com

 

# Intel® Celeron® CPU E3200 @ 2.40GHz

# Microsoft Windows 7 Professional (6.1.7600 32-bit) #

# Internet Explorer 9.0.8112.16421

# Windows Firewall Status : Enabled

 

# C:\ # Local Fixed Disk # 51,49 Go (2,05 Go free) [Windows 7] # NTFS

# D:\ # Local Fixed Disk # 34,33 Go (15,21 Go free) [Andreza] # NTFS

# E:\ # Local Fixed Disk # 14,85 Go (3,9 Go free) [Eduardo] # NTFS

# F:\ # Local Fixed Disk # 24,67 Go (4,52 Go free) [MEUS DADOS] # NTFS

# G:\ # Local Fixed Disk # 619,69 Mo (561,37 Mo free) [Rodar o Crack do Seven] # NTFS

# H:\ # CD-ROM Disc

 

################## | Processos infetàdos bloqueados |

 

 

################## | Ficheiros infeciosos |

 

 

################## | Reference Bagle MD5 ... |

 

 

################## | MD5 ... |

 

 

################## | Bagle Trace ... |

 

 

################## | Crack .... |

 

[09/11/2011 23:32|--a------|485053679] C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!.rar

[01/11/2007 05:01|--a------|2687320] C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\apsCS4\Setup.exe

[01/11/2007 04:46|--a------|4584688] C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\apsCS4\redist\WindowsXP-KB898715-x64-enu.exe

[01/11/2007 04:44|--a------|23900160] C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\PS_CS4_crack\Photoshop.exe

[08/08/2008 10:48|--a------|2084745] C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\TRADU€ÇO\Tradu‡Æo.exe

 

################## | Registro |

 

 

################## | Estado |

 

# Affichagem dos arquivos ocultos : OK

 

# Safe mode : OK

 

# (!) Uac = 0x0 ( Good = 0x1 | Bad = 0x0 )

 

# Ndisuio ( NDIS User Mode ) -> Start = 3 ( Good = 3 | Bad = 4 )

 

# EapHost ( Extensible Authentication Protocol Host ) -> Start = 3 ( Good = 2 | Bad = 4 )

 

# WwanSvc ( AutoConfig Service WWAN ) -> Start = 3 ( Good = 2 | Bad = 4 )

 

# MpsSvc ( Windows Firewall ) -> Start = 2 ( Good = 2 | Bad = 4 )

 

# SharedAccess ( Windows Firewall - Internet Connection Sharing ) -> Start = 3 ( Good = 2 | Bad = 4 )

 

# windefend ( Windows Defender ) -> Start = 2 ( Good = 2 | Bad = 4 )

 

# wuauserv ( Windows Update ) -> Start = 2 ( Good = 2 | Bad = 4 )

 

# wscsvc ( Windows Security Center ) -> Start = 2 ( Good = 2 | Bad = 4 )

 

 

################## | ! Fim do relatório # FindyKill V5.056 ! |

 

--------------------------\\-------------------------------------------

 

Rapport de ZHPFix 1.12.3378 par Nicolas Coolman, Update du 10/01/2011

Fichier d'export Registre :

Run by Edvan at 01/02/2012 00:42:18

Windows 7 Business Edition, 32-bit (Build 7600)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Software ==========

DELETED Java™ 6 Update 25

 

========== Registry Key ==========

DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FF}]

DELETED Key: StartupReg: facemoods

DELETED Key: StartupReg: Google Update

DELETED Key: StartupReg: PlusService

DELETED Key: StartupReg: swg

DELETED Key: StartupReg: uTorrent

NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}

NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}

NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}

NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}

DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

NOT FOUND Key: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Facemoods

NOT FOUND Key: HKLM\Software\Babylon

NOT FOUND Key: HKLM\Software\Iminent

DELETED Key: HKLM\Software\Swearware

DELETED Key: HKCU\Software\Softonic

 

========== Registry Value ==========

DELETED [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (None) : {A5E4B34F-963B-4ED2-8463-AC4AF5389429}

 

========== Repertory ==========

DELETED Window Temporary: : 82

DELETED Flash Cookies: 4

 

========== File ==========

NOT FOUND File: c:\program files\mozilla firefox\searchplugins\babylon.xml

NOT FOUND File: c:\users\edvan\desktop\a bíblia sagrada versão digital 6.7 freeware.lnk

NOT FOUND File: c:\absvd\absvd.exe

NOT FOUND Folder/File: c:\users\edvan\downloads\adobe cs4 + crack e tradu€Ço by eas www.therebels.de mais do que um f¢rum.... uma famÖlia!!!!\adobe cs4 + crack e tradu€Ço by eas www.

NOT FOUND File: c:\windows\prefetch\rundll32.exe-c8471742.pf

NOT FOUND File: c:\windows\prefetch\svchost.exe-1c83139b.pf

DELETED File: c:\windows\prefetch\rundll32.exe-2acad5d6.pf

DELETED File: c:\windows\prefetch\rundll32.exe-0cc0685b.pf

NOT FOUND File: c:\windows\prefetch\rundll32.exe-9cd1a8e8.pf

DELETED File: c:\windows\prefetch\svchost.exe-a7b2c41c.pf

DELETED File: c:\windows\prefetch\svchost.exe-1ebb7e14.pf

NOT FOUND File: c:\windows\prefetch\rundll32.exe-ec7d4248.pf

NOT FOUND File: c:\windows\prefetch\svchost.exe-22b146f5.pf

NOT FOUND File: c:\program files\facemoods.com

NOT FOUND File: c:\users\edvan\appdata\local\google\update\googleupdate.exe

NOT FOUND File: c:\program files\yuna software\messenger plus!\plusservice.exe

NOT FOUND File: c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe

NOT FOUND File: c:\program files\utorrent\utorrent.exe

DELETED Window Temporary: : 77

DELETED Flash Cookies: 3

 

========== Task ==========

DELETED Task: {11093E2E-8056-4FCB-A85D-5065F5BBE618}

DELETED Task: {2FD9DE13-099C-4DD4-84C7-5463CA8D6ED9}

DELETED Task: {344BDC5A-D727-445F-8F10-59E3CBD8694C}

DELETED Task: {3F856E6C-96C3-4014-852A-4418C5CE784C}

DELETED Task: {66C18394-2001-46DB-A739-4570DC3210EE}

DELETED Task: {6B1B2A89-3CCD-43DD-BC91-165D44C3C448}

DELETED Task: {6FF5A974-C41E-4034-8BDE-1618FC8A88FD}

DELETED Task: {CB39FF99-B8C4-4EB4-968D-B77A9FC5F8E0}

DELETED Task: {D30A95A0-6AD2-4811-905F-2D6122B9D37D}

DELETED Task: {DDF2D4E6-3010-4446-9475-EFA2F582D8EB}

DELETED Task: {ED813E01-077A-4317-8ADB-1DB6E44C3755}

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

17 : Registry Key

4 : Registry Value

2 : Repertory

20 : File

1 : Software

11 : Task

1 : Restoration

 

 

End of clean in 00mn 34s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 01/02/2012 00:42:18 [4281]

[DigRam 144]

Bom Dia! Edvan

 

################## | Crack .... |

 

[09/11/2011 23:32|--a------|485053679] C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!.rar

[01/11/2007 05:01|--a------|2687320] C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\apsCS4\Setup.exe

[01/11/2007 04:46|--a------|4584688] C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\apsCS4\redist\WindowsXP-KB898715-x64-enu.exe

[01/11/2007 04:44|--a------|23900160] C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\PS_CS4_crack\Photoshop.exe

[08/08/2008 10:48|--a------|2084745] C:\Users\Edvan\Downloads\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\ADOBE CS4 + CRACK E TRADU€ÇO BY EAS www.therebels.de mais do que um f¢rum.... uma FAMÖLIA!!!!\TRADU€ÇO\Tradu‡Æo.exe

 

##################

|- Esses cracks são 'portas' para infecções! Se possível,procure removê-los.

 

O16 - DPF: {27932703-59C1-4B18-A46D-ED8FC2D35BAA} (NEWIE Control) - http://vurdson.dyndn...:8080/NEWIE.cab

|- Com o HijackThis,dê Fix nesta entrada.

 

///ººº///

 

|- Lance,novamente,RogueKiller e escolha a opção "Suppression" ou "Delete".

|- Poste o relatório!

 

///°°°///

 

|- Baixe: < GabKiller > ( ... par 2011N2 )

|- Salve-o no desktop!

|- Feche pastas que estejam abertas e execute a ferramenta.

|- Para Windows Vista ou 7,clique direito e execute como administrador.

 

 

|- Escolha a opção 2. Suppression -> Aperte Enter!

|- Aguarde a conclusão e poste o relatório: Rapport de suppression de GabKiller

|- Para sair,aperte a opção "4. Quitter" -> Enter!

 

///°°°///

 

|- Ps: Procure seguir na ordem em que estão dispostos,estes procedimentos.

|- A ferramenta FyK,além dos Cracks,mostrou desajustes que devemos tentar corrigir.

|- Poste novo relatório de FyK,para confirmarmos se RogueKiller efetuou alguma delas.

 

--------

--------

# (!) Uac = 0x0 ( Good = 0x1 | Bad = 0x0 )

# EapHost ( Extensible Authentication Protocol Host ) -> Start = 3 ( Good = 2 | Bad = 4 )

# WwanSvc ( AutoConfig Service WWAN ) -> Start = 3 ( Good = 2 | Bad = 4 )

# SharedAccess ( Windows Firewall - Internet Connection Sharing ) -> Start = 3 ( Good = 2 | Bad = 4 )

--------

--------

 

|- Ps: Somente para constar,eis as correções que devemos efetuar e que ficarão à cargo de FyK.

 

Abraços!

[Edvan 30]

Ok..Digram!

 

Se faltar alguma coisa fale por favor..

 

 

1º as pastas que tinha o ADOBE CS4 + CRACK eu removi..

 

2ºCom o HijackThis, dei Fix na entrada que você falou.

 

Vão os loges agora..

 

RogueKiller V7.0.2 [01/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User: Edvan [Admin rights]

Mode: Scan -- Date : 02/01/2012 20:39:20

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD161HJ ATA Device +++++

--- User ---

[MBR] 2c15983366b94a89307c7a5e0d04ff4b

[bSP] 6414d364a00c0d9aaacc3d5ec815bc17 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 99166 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 203110400 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 203315200 | Size: 52730 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 311307570 | Size: 619 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1].txt >>

RKreport[1].txt

 

 

 

------------------\\----------------------

 

=========== Informations ===========

 

Mis à jour le : 07/08/2011 à 16h12 | 1.45 par 2011N2

Rapport de suppression de GabKiller par 2011N2

Contact : lot12@hotmail.fr

Site : http://2011n2.forumgratuit.fr/

Début du nettoyage : 20:47:33

###################################### Clés supprimées ####################################

 

============================ Section HKLM ============================

 

 

============================ Section HKCU ============================

 

 

============================ Section HKCR ============================

 

 

========================== Dossiers/Fichiers ========================

 

 

===================================

 

Fin du nettoyage : 20:47:49

 

Copyright © 2011. Tous droits réservés.

======== EOF ========

[DigRam 144]

Boa Noite! Edvan

 

Mode: Scan -- Date : 02/01/2012 20:39:20

|- O log postado de RogueKiller,é o de diagnóstico.

|- Ps: Veja se localiza o de "Suppression",e poste-o à seguir.

 

///°°°///

 

|- Lance,novamente,FyK mas na opção 2 # Exclusão .

|- Poste o relatório,ao concluir!

|- Poste,também,HijackThis atualizado.

 

Abraços!

[Edvan 30]

Quando abro o RogueKiller a opção de "delete" está apagada, só ascende quando clico no scan daí dar a opção para deletar alguma coisa..

 

 

RogueKiller V7.0.2 [01/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User: Edvan [Admin rights]

Mode: Remove -- Date : 02/01/2012 22:29:44

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD161HJ ATA Device +++++

--- User ---

[MBR] 2c15983366b94a89307c7a5e0d04ff4b

[bSP] 6414d364a00c0d9aaacc3d5ec815bc17 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 99166 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 203110400 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 203315200 | Size: 52730 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 311307570 | Size: 619 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

 

 

 

 

 

 

############################## | FindyKill V5.056 |

 

# User : Edvan (Administradores) # EDVAN-PC

# Update on 20/11/2011 by El Desaparecido

# Start at: 22:33:37 | 01/02/2012

# Website : http://eldesaparecido.com/

# Contact : contact@eldesaparecido.com

 

# Intel® Celeron® CPU E3200 @ 2.40GHz

# Microsoft Windows 7 Professional (6.1.7600 32-bit) #

# Internet Explorer 9.0.8112.16421

# Windows Firewall Status : Enabled

 

# C:\ # Local Fixed Disk # 51,49 Go (2,43 Go free) [Windows 7] # NTFS

# D:\ # Local Fixed Disk # 34,33 Go (17,19 Go free) [Andreza] # NTFS

# E:\ # Local Fixed Disk # 14,85 Go (3,9 Go free) [Eduardo] # NTFS

# F:\ # Local Fixed Disk # 24,67 Go (4,52 Go free) [MEUS DADOS] # NTFS

# G:\ # Local Fixed Disk # 619,69 Mo (561,37 Mo free) [Rodar o Crack do Seven] # NTFS

# H:\ # CD-ROM Disc

 

################## | Ficheiros infeciosos |

 

 

################## | Reference Bagle MD5 ... |

 

 

################## | MD5 ... |

 

 

################## | Bagle Trace ... |

 

 

################## | Crack .... |

 

 

################## | Registro |

 

 

################## | Estado |

 

# Safe mode : OK

 

 

# Affichagem dos arquivos ocultos : OK

 

# Uac : OK

 

# Ndisuio ( NDIS User Mode ) -> Start = 3 ( Good = 3 | Bad = 4 )

 

# EapHost ( Extensible Authentication Protocol Host ) -> Start = 2 ( Good = 2 | Bad = 4 )

 

# WwanSvc ( AutoConfig Service WWAN ) -> Start = 3 ( Good = 2 | Bad = 4 )

 

# MpsSvc ( Windows Firewall ) -> Start = 2 ( Good = 2 | Bad = 4 )

 

# SharedAccess ( Windows Firewall - Internet Connection Sharing ) -> Start = 2 ( Good = 2 | Bad = 4 )

 

# windefend ( Windows Defender ) -> Start = 2 ( Good = 2 | Bad = 4 )

 

# wuauserv ( Windows Update ) -> Start = 2 ( Good = 2 | Bad = 4 )

 

# wscsvc ( Windows Security Center ) -> Start = 2 ( Good = 2 | Bad = 4 )

 

 

################## | Ficheiros corruptos |

 

... OK !

 

################## | Upload |

 

Favor enviar o arquivo : C:\FindyKill_Upload_Me_Edvan-PC.zip : http://eldesaparecido.com/upload.html

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # FindyKill V5.056 ! |

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:13:58, on 01/02/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Acronis Serviço Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Serviço de Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

 

--

End of file - 4856 bytes

[DigRam 144]

Bom Dia! Edvan

 

Quando abro o RogueKiller a opção de "delete" está apagada, só ascende quando clico no scan daí dar a opção para deletar alguma coisa..

|- Essa nova versão ( v7.02 ) de RogueKiller alterou muita coisa,seu layout está mais moderno e parecendo que ascendeu à categoria de software generalista.

|- Terei que realizar mudanças em meus canneds e no 'tuto'.

 

///°°°///

 

|- # WwanSvc ( AutoConfig Service WWAN ) -> Start = 3 ( Good = 2 | Bad = 4 )

 

Reinicie o serviço WWAN AutoConfig.

Para fazer isso, execute essas etapas:

Clique em Iniciar, digite Services na caixa de pesquisa e clique em serviços.

No snap-in Serviços, clique com o botão direito do mouse o serviço WWAN AutoConfig e clique em reiniciar.

|- Apenas o dispositivo de rede sem fio de longa distância ( WWAN ) que se conecta a uma rede 3 G,está fora de seus parâmetros de entrada ao registro.

|- Ps: Acredito que não lhe seja crítica essa mudança,à menos que utilize o serviço.

|- Maiores informações: < The Elder Geek >

 

///°°°///

 

################## | Upload |

 

Favor enviar o arquivo : C:\FindyKill_Upload_Me_Edvan-PC.zip : http://eldesaparecido.com/upload.html

Obrigado pela sua contribuição .

------------------

|- Caso queira contribuir com El Desaparecido,envie o arquivo.

 

///°°°///

 

|- Abra o Firefox.

|- Na barra de endereços,digite: about:config

 

 

|- Clique no botão que aparece com o texto “Serei cuidadoso, prometo!”.

|- Na barra de busca,pesquise pelo seguinte termo: dom.ipc.plugins

|- Altere os valores das opções abaixo de “true” para “false”.

 

dom.ipc.plugins.enabled.npctrl.dll

dom.ipc.plugins.enabled.npqtplugin.dll

dom.ipc.plugins.enabled.npswf32.dll

dom.ipc.plugins.enabled.nptest.dll

 

|-

 

|- Para isso,basta dar um clique duplo sobre os valores,segundo a imagem.

|- Depois de mudar os valores,reinicie o Firefox.

|- Créditos! Edsouza.net;"Como desativar o plugin-container.exe"

 

///°°°///

 

|- Caso queira desabilitar o Plugin Container,motivo da detecção pelo Avast,siga estas instruções.

|- No mais,seus logs estão limpos!

|- Tudo Ok?

 

Abraços!

[Edvan 30]

Ok.. Obrigado mais uma vez Digram.

 

Grande abraço.. :thumbsup:

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.