Jump to content


Foto

Solicitação de análise de log

malware



Existem 19 respostas neste tópico

#11 sagatti    

sagatti
  • Participante
  • 16 mensagens

Publicado 03 February 2012 - 04:25 PM

Fala Joham!

Conforme recomendado, seguem abaixo os relatórios:
Valeu.


=========== Informations ===========

Mis à jour le : 07/08/2011 à 16h12 | 1.45 par 2011N2
Rapport de suppression de GabKiller par 2011N2
Contact : lot12@hotmail.fr
Site : http://2011n2.forumgratuit.fr/
Début du nettoyage : 16:48:25
###################################### Clés supprimées ####################################

============================ Section HKLM ============================

supprimé !! HKLM\Software\Classes\WlcUI.DialerWindow
supprimé !! HKLM\Software\Classes\WlcUI.DialerWindow.1
supprimé !! HKLM\Software\Classes\WlcUI.PhoneNumber
supprimé !! HKLM\Software\Classes\WlcUI.PhoneNumber.1

============================ Section HKCU ============================

Supprimé !! HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

============================ Section HKCR ============================


========================== Dossiers/Fichiers ========================


===================================






# AdwCleaner v1.408 - Logfile created 02/03/2012 at 16:49:47
# Updated 29/01/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Dario Jr - DARIOJR-PC (Administrator)
# Running from : C:\Users\Dario Jr\Desktop\virus\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\Dario Jr\AppData\Roaming\Babylon
Folder Found : C:\Users\Dario Jr\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Folder Found : C:\Users\Dario Jr\AppData\Local\Babylon
File Found : C:\Program Files\Windows live\messenger\msimg32.dll
File Found : C:\Users\Dario Jr\AppData\Roaming\Mozilla\Firefox\Profiles\p3l8ikjt.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\eRightSoft\OpenCandy
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\SoftwareUpdate.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Microsoft\RFC1156Agent
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (pt-BR)

Profile : p3l8ikjt.default
File : C:\Users\Dario Jr\AppData\Roaming\Mozilla\Firefox\Profiles\p3l8ikjt.default\prefs.js

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "321ea8a20000000000001c4bd62a340c");
Found : user_pref("extensions.BabylonToolbar_i.id", "321ea8a20000000000001c4bd62a340c");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15352");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:09:51");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Google Chrome v16.0.912.77

File : C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3430 octets] - [03/02/2012 02:11:37]
AdwCleaner[R2].txt - [3255 octets] - [03/02/2012 16:49:47]

########## EOF - C:\AdwCleaner[R2].txt - [3383 octets] ##########


Fin du nettoyage : 16:48:59

Copyright © 2011. Tous droits réservés.
======== EOF ========





ComboFix 12-01-31.01 - Dario Jr 03/02/2012 16:57:14.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3033.2010 [GMT -2:00]
Executando de: c:\users\Dario Jr\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Dario Jr\Desktop\CFScript.txt.txt
AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\user.js"
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LinhaDefensiva
c:\linhadefensiva\banker.bat
c:\linhadefensiva\BankerFix.vbs
c:\linhadefensiva\credits\exec.txt
c:\linhadefensiva\exec\download.exe
c:\linhadefensiva\exec\md5.exe
c:\linhadefensiva\exec\MoveEx.exe
c:\linhadefensiva\exec\pv.exe
c:\linhadefensiva\exec\unzip.exe
c:\linhadefensiva\func\lang.vbs
c:\linhadefensiva\func\reg.vbs
c:\linhadefensiva\func\scan.vbs
c:\linhadefensiva\func\strings.vbs
c:\linhadefensiva\func\wmi.vbs
c:\linhadefensiva\Iniciar-BankerFix.vbs
c:\linhadefensiva\lang\bat\antivirusnote.txt
c:\linhadefensiva\lang\bat\changepass.txt
c:\linhadefensiva\lang\bat\error-removing.txt
c:\linhadefensiva\lang\bat\filesremoved.txt
c:\linhadefensiva\lang\bat\logend.txt
c:\linhadefensiva\lang\bat\logremhelp.txt
c:\linhadefensiva\lang\bat\logremtif.txt
c:\linhadefensiva\lang\bat\noproblems.txt
c:\linhadefensiva\lang\bat\opening.txt
c:\linhadefensiva\lang\bat\rebootrequired.txt
c:\linhadefensiva\lang\bat\seeforum.txt
c:\linhadefensiva\lang\bat\wait.txt
c:\linhadefensiva\lang\bat\win95.txt
c:\linhadefensiva\lang\init\en.txt
c:\linhadefensiva\lang\init\ptb.txt
c:\linhadefensiva\lang\vb\bankerfix.txt
c:\linhadefensiva\lang\vb\loader.txt
c:\linhadefensiva\lang\vb\postreboot.txt
c:\linhadefensiva\leiame.txt
c:\linhadefensiva\QUA\backup.reg
c:\linhadefensiva\readme.txt
c:\linhadefensiva\reflist\fx.reg
c:\linhadefensiva\reflist\ref-allu
c:\linhadefensiva\reflist\ref-appdata
c:\linhadefensiva\reflist\ref-commonfiles
c:\linhadefensiva\reflist\ref-hosts
c:\linhadefensiva\reflist\ref-md5
c:\linhadefensiva\reflist\ref-mydoc
c:\linhadefensiva\reflist\ref-profile
c:\linhadefensiva\reflist\ref-programfiles
c:\linhadefensiva\reflist\ref-reg
c:\linhadefensiva\reflist\ref-start
c:\linhadefensiva\reflist\ref-startup
c:\linhadefensiva\reflist\ref-sysdrive
c:\linhadefensiva\reflist\ref-system
c:\linhadefensiva\reflist\ref-system32
c:\linhadefensiva\reflist\ref-tasks
c:\linhadefensiva\reflist\ref-temp
c:\linhadefensiva\reflist\ref-wincommon
c:\linhadefensiva\reflist\ref-windows
c:\linhadefensiva\reflist\reft-startup
c:\linhadefensiva\reflist\reg-proxy
c:\linhadefensiva\relatorio.txt
c:\linhadefensiva\relatorios\2012-02-01.txt
c:\linhadefensiva\relatorios\errorlog.txt
c:\linhadefensiva\rotinas\arquiva-relatorio.vbs
c:\linhadefensiva\rotinas\postreboot.bat
c:\linhadefensiva\rotinas\postreboot.vbs
c:\linhadefensiva\rotinas\remocao\driver.vbs
c:\linhadefensiva\rotinas\remocao\shell.vbs
c:\linhadefensiva\rotinas\remocao\userinit.vbs
c:\linhadefensiva\rotinas\remocao\winlogon.vbs
c:\linhadefensiva\rotinas\update.vbs
c:\linhadefensiva\VERSION
c:\programdata\Babylon
C:\user.js
c:\users\Dario Jr\AppData\Local\Babylon
c:\users\Dario Jr\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Dario Jr\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Dario Jr\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Dario Jr\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\common.js
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\page1.css
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\page1.html
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\page1.js
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\title1.png
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Dario Jr\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png
c:\users\Dario Jr\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\Dario Jr\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.34.zpb
c:\users\Dario Jr\AppData\Local\Babylon\Setup\Setup.exe
c:\users\Dario Jr\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Dario Jr\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Dario Jr\AppData\Roaming\Babylon
c:\users\Dario Jr\AppData\Roaming\Babylon\log_file.txt
c:\windows\system32\drivers\mgcscrd.sys
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-01-03 to 2012-02-03 ))))))))))))))))))))))))))))
.
.
2012-02-03 19:08 . 2012-02-03 19:12 -------- d-----w- c:\users\Dario Jr\AppData\Local\temp
2012-02-03 19:08 . 2012-02-03 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-01 16:33 . 2012-02-01 16:33 -------- d-----w- c:\users\Dario Jr\AppData\Roaming\Thunderbird
2012-02-01 16:33 . 2012-02-01 16:33 -------- d-----w- c:\users\Dario Jr\AppData\Local\Thunderbird
2012-02-01 16:33 . 2012-02-01 16:33 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-02-01 15:08 . 2012-02-01 15:08 42192 ----a-w- c:\windows\system32\drivers\gbpndisrd.sys
2012-01-30 20:20 . 2012-01-30 20:20 -------- d-----w- c:\users\Dario Jr\AppData\Roaming\ML
2012-01-30 18:05 . 2012-01-30 18:27 -------- d-----w- c:\users\Dario Jr\AppData\Local\LG Electronics
2012-01-30 18:02 . 2012-01-30 18:27 -------- d-----w- c:\program files\LG Electronics
2012-01-25 21:15 . 2012-01-25 21:27 -------- d-----w- c:\users\Dario Jr\AppData\Local\BlueStacks
2012-01-25 21:15 . 2012-01-25 21:27 -------- d-----w- c:\programdata\BlueStacks
2012-01-16 12:23 . 2012-01-16 12:23 -------- d-----w- c:\users\Dario Jr\AppData\Roaming\QuickScan
2012-01-13 13:09 . 2012-01-13 13:26 -------- d-----w- c:\users\Dario Jr\AppData\Roaming\MyPhoneExplorer
2012-01-13 13:09 . 2012-01-13 13:09 -------- d-----w- c:\program files\MyPhoneExplorer
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 00:15 . 2010-02-13 23:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-03 00:15 . 2003-03-18 22:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-31 19:21 . 2011-12-31 19:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-31 17:06 . 2011-10-17 17:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-21 18:32 . 2011-01-11 19:27 45896 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2011-12-10 17:24 . 2010-12-06 11:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2010-03-02 17:09 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-04-30 13:36 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-03-24 20:24 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-04-30 13:37 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-04-30 13:37 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-04-30 13:37 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-04-30 13:37 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2010-04-30 13:37 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-21 08:04 . 2011-10-26 20:17 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BisonHK"="c:\program files\BisonCam\BisonHK.exe" [2009-03-09 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Chrome3"="c:\program files\s3graphics\chrome3\Chrome3.exe" [2009-09-10 1299968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-20 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-20 151064]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-12-21 18:31 1738312 ------w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 18:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 04:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-13 05:20 135664 ----atw- c:\users\Dario Jr\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2009-07-22 15:40 83336 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 21:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 20:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-09-09 20:32 1833504 ----a-w- c:\windows\SkyTel.exe
.
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-10-17 13224]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-14 1343400]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2011-12-21 45896]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-18 40560]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-17 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2011-12-21 204872]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 S3Funkey;S3Funkey;c:\program files\s3graphics\chrome3\s3funkey.svc [2009-09-10 469504]
S2 S3LoadSv;S3LoadSv;c:\program files\s3graphics\chrome3\s3loadsv.svc [2009-09-10 417280]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 166912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-03-18 292864]
S3 UPCDRV;Utility Program Component Service;c:\windows\system32\DRIVERS\UPCDRV.sys [2009-07-06 10240]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2014276812-2303388161-280020652-1000Core.job
- c:\users\Dario Jr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-13 05:20]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2014276812-2303388161-280020652-1000UA.job
- c:\users\Dario Jr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-13 05:20]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.1.1 172.168.1.1
FF - ProfilePath - c:\users\Dario Jr\AppData\Roaming\Mozilla\Firefox\Profiles\p3l8ikjt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 321ea8a20000000000001c4bd62a340c
FF - user.js: extensions.BabylonToolbar_i.hardId - 321ea8a20000000000001c4bd62a340c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15352
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:09
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\S3Funkey]
"ImagePath"="c:\program files\s3graphics\chrome3\s3funkey.svc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\S3LoadSv]
"ImagePath"="c:\program files\s3graphics\chrome3\s3loadsv.svc"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
- - - - - - - > 'Explorer.exe'(7084)
c:\program files\GBPLUGIN\gbieh.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\conhost.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-02-03 17:18:52 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-02-03 19:18
ComboFix2.txt 2012-02-03 06:05
ComboFix3.txt 2012-02-01 14:43
.
Pré-execução: 131.358.662.656 bytes disponíveis
Pós execução: 131.055.448.064 bytes disponíveis
.
- - End Of File - - 286171F3F45B3F9F7633DCE169FE3268



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:23:45, on 03/02/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\BisonCam\BisonHK.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dario Jr\Desktop\virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [BisonHK] C:\Program Files\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Chrome3] ;;; C:\Program Files\s3graphics\chrome3\Chrome3.exe -chkautorun
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: S3Funkey - Unknown owner - C:\Program.exe (file missing)
O23 - Service: S3LoadSv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 6365 bytes

PUBLICIDADE  
 

#12 Anonymous    

Anonymous
  • Participante
  • 2947 mensagens

Publicado 03 February 2012 - 05:10 PM

Boa Noite! sagatti

# AdwCleaner v1.408 - Logfile created 02/03/2012 at 02:11:37
# Updated 29/01/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Dario Jr - DARIOJR-PC (Administrator)
# Running from : C:\Users\Dario Jr\Desktop\adwcleaner.exe
# Option [Search]

///////////////

# AdwCleaner v1.408 - Logfile created 02/03/2012 at 16:49:47
# Updated 29/01/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Dario Jr - DARIOJR-PC (Administrator)
# Running from : C:\Users\Dario Jr\Desktop\virus\adwcleaner.exe
# Option [Search]

|- Houve um engano ao executar pela vez AdwCleaner.
|- Ps: Nesta execução,a opção escolhida foi novamente a de "Recherche" ou "Scan".
|- Por gentileza,execute-a na opção "Suppression" e poste seu relatório!

Abraços!

#13 sagatti    

sagatti
  • Participante
  • 16 mensagens

Publicado 03 February 2012 - 10:25 PM

Boa noite Joram!

Fiz o que você orientou. Executei agora na opção "supression". Tenho quase certeza que está certo. Essa versão do AdwCleaner está em inglês, então creio que suppression = delete.

Segue abaixo o relatório. Muito obrigado!

# AdwCleaner v1.408 - Logfile created 02/03/2012 at 21:58:02
# Updated 29/01/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Dario Jr - DARIOJR-PC (Administrator)
# Running from : C:\Users\Dario Jr\Desktop\virus\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Dario Jr\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
File Deleted : C:\Users\Dario Jr\AppData\Roaming\Mozilla\Firefox\Profiles\p3l8ikjt.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\eRightSoft\OpenCandy
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SoftwareUpdate.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Microsoft\RFC1156Agent
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (pt-BR)

Profile : p3l8ikjt.default
File : C:\Users\Dario Jr\AppData\Roaming\Mozilla\Firefox\Profiles\p3l8ikjt.default\prefs.js

C:\Users\Dario Jr\AppData\Roaming\Mozilla\Firefox\Profiles\p3l8ikjt.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "321ea8a20000000000001c4bd62a340c");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "321ea8a20000000000001c4bd62a340c");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15352");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:09:51");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

-\\ Google Chrome v16.0.912.77

File : C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3430 octets] - [03/02/2012 02:11:37]
AdwCleaner[R2].txt - [3384 octets] - [03/02/2012 16:49:47]
AdwCleaner[S1].txt - [3253 octets] - [03/02/2012 21:58:02]

*************************

Temporary folder : : 1 folder(s) and 0 file(s) deleted

########## EOF - C:\AdwCleaner[S1].txt - [3469 octets] ##########

#14 Anonymous    

Anonymous
  • Participante
  • 2947 mensagens

Publicado 03 February 2012 - 11:56 PM

Bom Dia! sagatti

Fiz o que você orientou. Executei agora na opção "supression". Tenho quase certeza que está certo. Essa versão do AdwCleaner está em inglês, então creio que suppression = delete.

|- Sim! Está correta sua interpretação! (Y)

///°°°///

|- Desabilite seu antivírus!
|- Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

|- < Posted Image >

|- Clique em Executar --> Aguarde!
|- Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.
|- Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!
|- Ou,vá em Iniciar --> Executar --> Digite ou cole ( Paste ):

|- http://i275.photobuc...CFuninstall.gif

"%userprofile%\desktop\combofix" /uninstall

|- Clique OK.
|- Aguarde a desinstalação,e clique OK na mensagem.
|- Ps: Outra opção,seria renomear o Combofix.exe para uninstall.exe e executá-lo.

///°°°///

|- Baixe: < ToolbarShooter > ( ... de 2011N2 )
|- Salve-o no desktop!
|- Desabilite seu antivírus.
|- Execute a ferramenta,e escolha a opção 1. ( Recherche )
|- Ps: Para Windows Vista ou 7,execute-o como administrador!
|- Aperte o 1 -> Enter!
|- Ao concluir,aperte Enter,para dispormos do relatório.
|- Busque-o na pasta: C:\Rapport ToolbarShooter
|- Poste-o na sua resposta!

///°°°///

|- Baixe: < Posted Image > < Posted Image > ( ...par Nicolas Coolman )

|- Estando na página,clique em: < Posted Image >
|- Salve-o em Arquivos de programas.

Posted Image

|- Ps: Descompacte-o em Arquivos de programas.
|- Abra a ferramenta ZHPDiag e habilite todas as opções de diagnóstico,clicando em Posted Image ( Ícone da chave de fenda )

Posted Image

|- Clique em All.
|- Dê início ao diagnóstico ( Diag ),clicando no ícone da lupa.

Posted Image

|- Ao concluir,clique em "Save Report",para dispormos do relatório.
|- Salve-o em um local conveniente!
|- Poste-o,na sua resposta: ZHPDiag.txt
|- Ps: Caso tenha problemas ao postar esse relatório,acesse < Posted Image >
|- Maiores informações: |Aqui!| ou |pjjoint.malekal.com|

Abraços!

#15 sagatti    

sagatti
  • Participante
  • 16 mensagens

Publicado 04 February 2012 - 11:46 PM

Fala Joram! Boa noite.

Seguem anexos os relatórios conforme você orientou. Cara, uma dúvida que eu tive aqui. Essa infecção que está no meu computador é muito grave?
Obrigado. abrs.


================================== Informations ==================================

Rapport de recherche de ToolbarShooter.

Outil développé par 2011N2
Contact : lot12@hotmail.fr
Site : http://2011n2.forumgratuit.fr/
Mis à jour le : 20/01/2012 à 19h45 par 2011N2

Début du scan de recherche : 0:04:56
Nom du PC : DARIOJR-PC

Système d'exploitation : Windows 7 Ultimate
Internet Explorer : 8.0.7600.16385
Mozilla Firefox : 9.0.1 (pt-BR)
Mozilla Firefox : version 5
Mozilla Firefox : version 6

############################# Toolbars, pups et adwares néfastes détéctés #############################


Clé présente : HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Clé présente : HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Clé présente : HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Clé présente : HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Clé présente : HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL
Clé présente : HKLM\Software\Classes\AppID\NCTAudioFile3.DLL
Clé présente : HKLM\Software\Classes\AppID\NCTAudioFileWMA3.DLL
Clé présente : HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL
Clé présente : HKLM\Software\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Clé présente : HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Clé présente : HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Clé présente : HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Clé présente : HKLM\Software\Classes\AppID\{5e50ae1d-bc76-418b-94c4-efeac0cef80c}
Clé présente : HKLM\Software\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Clé présente : HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}
Clé présente : HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Clé présente : HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Clé présente : HKLM\Software\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Clé présente : HKLM\Software\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Clé présente : HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}









===============================================

Fin du scan de recherche de ToolbarShooter à 0:07:08 par DARIOJR-PC

############### EOF ###############

Merci d'envoyer le rapport à cette adresse, en précisant la raison d'emploi de cet outil. Cela permettera au développeur d'effectuer d'éventuelles modifications : lot12@hotmail.fr

Merci de votre contribution !





Rapport de ZHPDiag v1.28.315 par Nicolas Coolman, Update du 22/01/2012
Run by Dario Jr at 05/02/2012 00:26:23
Web site : http://www.premiumor...ss/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Your version is update.


---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385 (Defaut)
MFIE: Mozilla Firefox 9.0.1 v9.0.1
GCIE: Google Chrome v16.0.912.77

---\\ Windows Product Information
~ Langage: Anglais
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3032 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 121 GB (40%) free of 298 GB

---\\ Logged in mode
~ Computer Name: DARIOJR-PC
~ User Name: Dario Jr
~ All Users Names: HomeGroupUser$, Dario Jr, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Dario Jr\AppData\Roaming\
~ %Desktop% : C:\Users\Dario Jr\Desktop\
~ %Favorites% : C:\Users\Dario Jr\Favorites\
~ %LocalAppData% : C:\Users\Dario Jr\AppData\Local\
~ %StartMenu% : C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 121 Go of 298 Go)
D:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoDispScrSavPage: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Scan Security Center in 00mn 00s



---\\ Search Generic System Files
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Windows Explorer.) (.31/10/2009 - 02:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) (.13/07/2009 - 22:14:31.) -- C:\Windows\system32\rundll32.exe [44544]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\system32\Wininit.exe [96256]
[MD5.F1C359CE656BD76F90E0E6C4BC04A4BE] - (.Microsoft Corporation - Internet Extensions para Win32.) (.19/12/2009 - 06:02:55.) -- C:\Windows\system32\wininet.dll [977920]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\system32\Winlogon.exe [285696]
[MD5.D41D8CD98F00B204E9800998ECF8427E] - (....) (.13/07/2009 - 00:00:00.) -- C:\Windows\system32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\drivers\IpNat.sys [101888]
[MD5.9E5DD4EF01AED723ABF5342EF23FF012] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.08/01/2010 - 00:17:36.) -- C:\Windows\system32\drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\drivers\volsnap.sys [245328]
~ Scan Generic Processes in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 3/113
~ Mes Favoris (My Favorites) : Non accessible (Not found)
~ Mes Documents (My Documents) : 5/209
~ Mon Bureau (My Desktop) : 172/14698
~ Menu demarrer (Programs) : 7/32
~ Scan Hidden Files in 00mn 14s



---\\ Running Processes
[MD5.272DD72EC76077C7D37B3056C5CD8224] - (.mychat - BisonHK.) -- C:\Program Files\BisonCam\BisonHK.exe [81920] [PID.1924]
[MD5.22206C8921E91BF457FC70C1531D143D] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [6281760] [PID.1932]
[MD5.ED42244DCCCF367BAD825680274D6FD7] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.1996]
[MD5.8AE8B7F7A5D433E222CE07231BECD099] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.2020]
[MD5.A6E68C1552D032A32DB73555E2506564] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.2044]
[MD5.6E3245DF783E58375B3465F03274743E] - (.Sun Microsystems, Inc. - Java™ Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.716]
[MD5.C7EB8548D194FF5185FE781415F7782C] - (.TOSHIBA CORPORATION. - Bluetooth Manager.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2680160] [PID.1440]
[MD5.A1091A01468D5CF18BBE39A9A1749EDB] - (.TOSHIBA CORPORATION. - TosBtHid.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe [83272] [PID.2612]
[MD5.DD47DE39FB6CBB009AC14D86CB02C1E0] - (.TOSHIBA CORPORATION. - TosHdpProc.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe [354128] [PID.3388]
[MD5.F7226AA410954185160067D5FA82F3F2] - (.AVAST Software - avast! antivírus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3744552] [PID.17500]
[MD5.7B2D61A81906852CE38A46D09EFEEE9D] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.32664]
~ Scan Processes Running in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Dario Jr\AppData\Roaming\Mozilla\Firefox\Profiles\p3l8ikjt.default\prefs.js
M3 - MFPP: Plugins - [Dario Jr] -- C:\Program Files\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [Dario Jr] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Dario Jr] -- C:\Program Files\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [Dario Jr] -- C:\Program Files\Mozilla FireFox\searchplugins\twitter.xml
M3 - MFPP: Plugins - [Dario Jr] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [Dario Jr] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-br.xml
M0 - MFSP: prefs.js [Dario Jr - p3l8ikjt.default] http://www.google.com
M2 - MFEP: prefs.js [Dario Jr - p3l8ikjt.default\anttoolbar@ant.com] [] Ant Video Downloader v2.4.5 (.Ant.com.)
M2 - MFEP: prefs.js [Dario Jr - p3l8ikjt.default\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}] [] Forecastfox v2.0.21 (.Jon Stritar.)
M2 - MFEP: prefs.js [Dario Jr - p3l8ikjt.default\{87F8774F-B485-47E2-A755-A40A8A5E886C}] [] Modulo de Seguranca - Banco do Brasil v2.8.0.2.36 (.Jon Stritar.)
M2 - MFEP: prefs.js [Dario Jr - p3l8ikjt.default\{87F8774F-B485-47E2-A755-A40A8A5E886D}] [] Adicional de Seguranca CAIXA® v2.8.0.2.36 (.Caixa Economica Federal.)
M2 - MFEP: prefs.js [Dario Jr - p3l8ikjt.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.8 (.Michel Gutierrez.)
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java™ Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 2.0.0048.0.) -- C:\Program Files\Mozilla Firefox\Plugins\npOGAPlugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (...) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_30 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60531.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/wpi,version=1.4] - (.Microsoft Corp - wpidetector.) -- C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
P2 - FPN: [HKLM] [@playstation.com/PsndlCheck,version=1.00] - (.Sony Computer Entertainment Inc. - PlayStation®Network Downloader Check Plug-in.) -- C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
P2 - FPN: [HKLM] [@SonyCreativeSoftware.com/Media Go,version=1.0] - (.Sony Network Entertainment International LL - 2.0.) -- C:\Program Files\Sony\Media Go\npmediago.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\Dario Jr\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\Dario Jr\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navegador da Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects (O2)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} . (.Orbitdownloader.com - Orbitcth.) -- C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} . (.LG Electronics - No comment.) -- C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java™ Platform SE binary.) -- C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java™ Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
~ Scan BHO in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} . (.Unknown owner - Grab Pro.) -- C:\Program Files\Orbitdownloader\GrabPro.dll
~ Scan Toolbar in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [BisonHK] . (.mychat - BisonHK.) -- C:\Program Files\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKLM\..\Run: [Chrome3] ;;; C:\Program Files\s3graphics\chrome3\Chrome3.exe (.not file.)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\Run: [ITSecMng] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java™ Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2014276812-2303388161-280020652-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Scan Application in 00mn 00s



---\\ Other User Links (O4)
O4 - Global Startup: C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Dario Jr\Desktop\Desktop1.lnk . (...) -- C:\Pastas.area.de.trabalho\Desktop1
O4 - Global Startup: C:\Users\Dario Jr\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Users\Dario Jr\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\Dario Jr\Desktop\Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - Global Startup: C:\Users\Dario Jr\Desktop\Pastas.area.de.trabalho - Atalho.lnk . (...) -- C:\Pastas.area.de.trabalho
O4 - Global Startup: C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk . (.VSO Software SARL.) -- C:\Program Files\VSO\ConvertX\4\ConvertXtoDvd.exe
O4 - Global Startup: C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\LG PC Suite IV.lnk . (.Mobile Leader Co.,Ltd..) -- C:\Program Files\LG Electronics\LG PC Suite IV\LGUX.exe
O4 - Global Startup: C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk . (.Mozilla Messaging.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk . (.Nero AG.) -- C:\Program Files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
O4 - Global Startup: C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk . (.Orbitdownloader.com.) -- C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk . (...) -- C:\Program Files\VDownloader 1.13\VDownloader.exe
O4 - Global Startup: C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VideoDVDMaker FREE.lnk . (...) -- C:\Program Files\Video DVD Maker\dvd.exe
~ Scan Global Startup in 00mn 00s



---\\ IE Options icon not visible in Control Panel (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s



---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: &Download by Orbit . (.Orbitdownloader.com - Orbitmxt.) -- C:\Program Files\Orbitdownloader\orbitmxt.dll
O8 - Extra context menu item: &Grab video by Orbit . (.Orbitdownloader.com - Orbitmxt.) -- C:\Program Files\Orbitdownloader\orbitmxt.dll
O8 - Extra context menu item: Do&wnload selected by Orbit . (.Orbitdownloader.com - Orbitmxt.) -- C:\Program Files\Orbitdownloader\orbitmxt.dll
O8 - Extra context menu item: Down&load all by Orbit . (.Orbitdownloader.com - Orbitmxt.) -- C:\Program Files\Orbitdownloader\orbitmxt.dll
O8 - Extra context menu item: E&xportar para o Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~3\Office12\EXCEL.exe
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\System32\NapiNSP.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\System32\wshbth.dll
~ Scan Winsock in 00mn 00s



---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ Scan IE Zone Confiance in 00mn 00s



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...n/ieawsdc32.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.ad...Plus/1.6/gp.cab
~ Scan Objets ActiveX in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{13A1F423-73A3-4CE8-8ADA-D37E2022AD0D}: DhcpNameServer = 192.168.1.1 172.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{13A1F423-73A3-4CE8-8ADA-D37E2022AD0D}: DhcpNameServer = 192.168.1.1 172.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{13A1F423-73A3-4CE8-8ADA-D37E2022AD0D}: DhcpNameServer = 192.168.1.1 172.168.1.1
~ Scan Domain in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Scan Protocole Additionnel in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll
~ Scan Winlogon in 00mn 00s



---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Monitor de Sites.) -- C:\Windows\system32\webcheck.dll
~ Scan SSODL in 00mn 00s



---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! antivírus (avast! antivírus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) . (.Unknown owner - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: (S3Funkey) . (.S3 Graphics Co., Ltd. - s3funkey.) - C:\Program Files\s3graphics\chrome3\S3Funkey.svc
O23 - Service: (S3LoadSv) . (.S3 Graphics Co., Inc. - Service and HPD loader.) - C:\Program Files\s3graphics\chrome3\s3loadsv.svc
O23 - Service: StarWind AE Service (StarWindServiceAE) . (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
~ Scan Services in 00mn 00s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ Scan Keys in 00mn 00s



---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2014276812-2303388161-280020652-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2014276812-2303388161-280020652-1000UA.job
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskUserS-1-5-21-2014276812-2303388161-280020652-1000Core] (.Google Inc..) -- C:\Users\Dario Jr\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskUserS-1-5-21-2014276812-2303388161-280020652-1000UA] (.Google Inc..) -- C:\Users\Dario Jr\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-2014276812-2303388161-280020652-1000] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-2014276812-2303388161-280020652-1000] (...) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.52962EBA97805B3819D2A2A8C84FF879] [APT] [RNUpgradeHelperResumePrompt_Dario Jr] (.RealNetworks, Inc..) -- C:\Users\Dario Jr\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
[MD5.2E3CD4B7B42D5D231F8DA2EBC3988121] [APT] [{192F381E-ECC5-4514-B239-D8F782E55363}] (...) -- C:\Program Files\LG Electronics\LG Bluetooth Drivers\UninstallShld.exe
[MD5.1648893C7E21C4BCFB451F5BD985A8B4] [APT] [{1E9937AF-7A5F-4FA7-A960-2A3B23730CB0}] (.Rovio Mobile.) -- C:\Program Files\Rovio\Angry Birds Seasons\AngryBirdsSeasons.exe
~ Scan Scheduled Task in 00mn 03s



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java™ Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.3 r181.) -- C:\Windows\System32\Macromed\Flash\Flash10t.ocx
~ Scan Active Setup in 00mn 00s



---\\ Drivers launched at startup (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (Tosrfcom) . (.TOSHIBA Corporation - Bluetooth RFCOMM Driver.) - C:\Windows\system32\Drivers\tosrfcom.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
O41 - Driver: C:\Windows\system32\drivers\ws2ifsl.sys (ws2ifsl) . (.Microsoft Corporation - Winsock2 IFS Layer.) - C:\Windows\system32\drivers\ws2ifsl.sys
~ Scan Drivers in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}_PROPLUS_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE}_PROPLUS_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}
O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE}_PROPLUS_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- {0483BE07-260D-4E4D-815E-F737C0A72E40}
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.3 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A93000000001}
O42 - Logiciel: Angry Birds Seasons - (.Rovio.) [HKLM] -- {9E4F7DD0-C596-4501-AE16-77F18F7EE694}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {B3575D00-27EF-49C2-B9E0-14B3D954E992}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {C23CD6DA-1958-43A5-ADD0-59396572E02E}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
O42 - Logiciel: Assistente de Conexão do Windows Live - (.Microsoft Corporation.) [HKLM] -- {51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}
O42 - Logiciel: Atualização do produto Microsoft Office Word 2007 Help (KB963665) - (.Microsoft.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}_PROPLUS_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}
O42 - Logiciel: Audacity 1.3.12 (Unicode) - (.Audacity Team.) [HKLM] -- Audacity 1.3 Beta (Unicode)_is1
O42 - Logiciel: Auslogics BoostSpeed - (.Auslogics Software Pty Ltd.) [HKLM] -- {7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1
O42 - Logiciel: Auslogics Disk Defrag - (.Auslogics Software Pty Ltd.) [HKLM] -- {DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
O42 - Logiciel: Bison WebCam AP - (.Bison.) [HKLM] -- {5AB0B30D-4EBF-4897-894A-6B8865954694}
O42 - Logiciel: Bluetooth Stack for Windows by Toshiba - (.TOSHIBA CORPORATION.) [HKLM] -- {CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: CD/DVD-ROM Generator 1.50 - (.Unknown owner.) [HKLM] -- CD/DVD-ROM Generator
O42 - Logiciel: ConvertXtoDVD 4.1.10.348 - (.Unknown owner.) [HKLM] -- {DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1
O42 - Logiciel: CoreAAC - (.Unknown owner.) [HKLM] -- CoreAAC
O42 - Logiciel: CorelDRAW Graphics SUite X4 - ICA - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF010}
O42 - Logiciel: CorelDRAW Graphics Suite X4 - (.Corel Corporation.) [HKLM] -- {44A27085-0616-4181-A0C3-81C7ECA17F73}
O42 - Logiciel: CorelDRAW Graphics Suite X4 - Capture - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF012}
O42 - Logiciel: CorelDRAW Graphics Suite X4 - Content - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF016}
O42 - Logiciel: CorelDRAW Graphics Suite X4 - Draw - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF013}
O42 - Logiciel: CorelDRAW Graphics Suite X4 - Filters - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF017}
O42 - Logiciel: CorelDRAW Graphics Suite X4 - FontNav - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF019}
O42 - Logiciel: CorelDRAW Graphics Suite X4 - IPM - (.Corel Corporation.) [HKLM] -- {9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}
O42 - Logiciel: CorelDRAW Graphics Suite X4 - Lang BR - (.Corel Corporation.) [HKLM] -- {1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}
O42 - Logiciel: CorelDRAW Graphics Suite X4 - PP - (.Corel Corporation.) [HKLM] -- {7F05E704-30A6-421A-97A7-8EEB1C7FF014}
O42 - Logiciel: CorelDRAW Graphics Suite X4 - VBA - (.Corel Corporation.) [HKLM] -- {BF439B41-0252-48DE-8B8B-0430CB26A181}
O42 - Logiciel: CorelDRAW® Graphics Suite X4 - (.Corel Corporation.) [HKLM] -- _{7F05E704-30A6-421A-97A7-8EEB1C7FF010}
O42 - Logiciel: CorelDRAW® Graphics Suite X4 - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- _{CE2DA11A-917F-4CF5-AB55-755EC115DD10}
O42 - Logiciel: CorelDRAW® Graphics Suite X4 - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- {CE2DA11A-917F-4CF5-AB55-755EC115DD10}
O42 - Logiciel: DVD Decrypter (Remove Only) - (.Unknown owner.) [HKLM] -- DVD Decrypter
O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM] -- DVD Shrink_is1
O42 - Logiciel: Ferramenta de Carregamento do Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: FormatFactory 2.60 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: Foxit Reader - (.Foxit Software Company.) [HKLM] -- Foxit Reader
O42 - Logiciel: Free Screen Video Capture by Topviewsoft 4.1.7 - (.Topviewsoft, Inc..) [HKLM] -- {180CAD6C-B0ED-42A9-8C4A-CF49C6682A06}_is1
O42 - Logiciel: FreeRIP v3.6 - (.MGShareware.) [HKLM] -- {501451DE-5808-4599-B544-8BD0915B6B24}_is1
O42 - Logiciel: GIMP 2.6.8 - (.Unknown owner.) [HKLM] -- WinGimp-2.0_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: IsoBuster 2.7 - (.Smart Projects.) [HKLM] -- IsoBuster_is1
O42 - Logiciel: Java™ 6 Update 30 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216030FF}
O42 - Logiciel: K-Lite Codec Pack 4.2.5 (Full) - (.Unknown owner.) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: LAME v3.98.2 for Audacity - (.Unknown owner.) [HKLM] -- LAME for Audacity_is1
O42 - Logiciel: LG Bluetooth Drivers - (.LG Electronics.) [HKLM] -- {AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}
O42 - Logiciel: LG PC Suite IV - (.LG Electronics.) [HKLM] -- LG PC Suite IV
O42 - Logiciel: LG United Mobile Drivers - (.LG Electronics.) [HKLM] -- {74EAA5ED-7DDF-4647-8F90-C746BEB246F8}
O42 - Logiciel: MIKSOFT Mobile AMR converter - (.MIKSOFT.) [HKLM] -- MIKSOFT Mobile AMR converter_is1
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.) [HKLM] -- {716E0306-8318-4364-8B8F-0CC4E9376BAC}
O42 - Logiciel: MV RegClean 5.9 - (.Unknown owner.) [HKLM] -- MV RegClean 5.9_is1
O42 - Logiciel: Malwarebytes Anti-Malware versão 1.60.0.1800 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Media Go - (.Sony.) [HKLM] -- {167A1F6A-9BF2-4B24-83DB-C6D659F680EA}
O42 - Logiciel: Media Go Video Playback Engine 1.84.109.07010 - (.Sony.) [HKLM] -- {34EF7358-ABC7-8469-5FB6-C5C0146F099E}
O42 - Logiciel: Megacubo 8.0.0 - (.www.megacubo.net.) [HKLM] -- Megacubo_is1
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Default Manager - (.Microsoft Corporation.) [HKLM] -- {1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}
O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS
O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - KB2467175 - (.Microsoft Corporation.) [HKLM] -- {a0fe116e-9a8a-466f-aee0-625cb7c207e3}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM] -- {196BB40D-1578-3D01-B289-BEFC77A11A1E}
O42 - Logiciel: Microsoft Web Platform Installer 3.0 - (.Microsoft Corporation.) [HKLM] -- {CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}
O42 - Logiciel: Mozilla Firefox 9.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 9.0.1 (x86 pt-BR)
O42 - Logiciel: Mozilla Thunderbird 10.0 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird 10.0 (x86 pt-BR)
O42 - Logiciel: MyPhoneExplorer - (.F.J. Wechselberger.) [HKLM] -- MPE
O42 - Logiciel: Nero 9 - (.Nero AG.) [HKLM] -- {5975f669-8f16-4c54-aaed-2d48c19f9103}
O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] -- {B2544A03-10D0-4E5E-BA69-0362FFC20D18}
O42 - Logiciel: Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 - (.Orban, Inc..) [HKLM] -- {DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1
O42 - Logiciel: Orbit Downloader - (.www.orbitdownloader.com.) [HKLM] -- Orbit_is1
O42 - Logiciel: Paragon Partition Manager™ 11 Free Edition - (.Paragon Software.) [HKLM] -- {45F4941E-5E77-11DF-A71D-005056C00008}
O42 - Logiciel: PlayStation®Network Downloader - (.Sony Computer Entertainment Inc..) [HKLM] -- {B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}
O42 - Logiciel: PlayStation®Store - (.Sony Computer Entertainment Inc..) [HKLM] -- {0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
O42 - Logiciel: PrimoPDF -- brought to you by Nitro PDF Software - (.Nitro PDF Software.) [HKLM] -- PrimoPDF
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {57752979-A1C9-4C02-856B-FBB27AC4E02C}
O42 - Logiciel: REALTEK RTL8187B Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM] -- {7095FD27-37F0-4750-9DE8-D37DC0043706}
O42 - Logiciel: Real Alternative 1.7.5 - (.Unknown owner.) [HKLM] -- RealAlt_is1
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM] -- {96AE7E41-E34E-47D0-AC07-1091A8127911}
O42 - Logiciel: Rosetta Stone V3 - (.Rosetta Stone.) [HKLM] -- {7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
O42 - Logiciel: S3 Graphics Utilities - (.S3 Graphics Co., Ltd..) [HKLM] -- S3 Graphics Utilities
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB978380) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{667A88D1-0369-4070-A62A-70672D68A9BF}
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB978382) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6DE3DABF-0203-426B-B330-7287D1003E86}
O42 - Logiciel: Security Update for Microsoft Office Outlook 2007 (KB972363) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB957789) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7559E742-FF9F-4FAE-B279-008ED296CB4D}
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB980470) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB969613) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Skype™ 5.3 - (.Skype Technologies S.A..) [HKLM] -- {5335DADB-34BA-4AE8-A519-648D78498846}
O42 - Logiciel: Sony Ericsson PC Companion 2.02.015 - (.Sony Ericsson.) [HKLM] -- {F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}
O42 - Logiciel: Sony Ericsson Update Service - (.Sony Ericsson Mobile Communications AB.) [HKLM] -- Update Service
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for 2007 Microsoft Office System (KB981715) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
O42 - Logiciel: Update for Microsoft Office InfoPath 2007 (KB976416) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{432C5EE4-8096-4FF1-95E1-65219365DFF7}
O42 - Logiciel: Update for Microsoft Office Word 2007 (KB974561) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb981433) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A6859A6-042D-4DF7-84E2-79F8DEFB5D48}
O42 - Logiciel: VDownloader 1.13 - (.Vitzo Limited.) [HKLM] -- {CA567AD5-33A4-403D-86D1-EE2D38251951}_is1
O42 - Logiciel: Video DVD Maker v3.32.0.80 - (.Unknown owner.) [HKLM] -- {1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}
O42 - Logiciel: Vivo 3G - (.Unknown owner.) [HKLM] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
O42 - Logiciel: WinRAR archiver - (.Unknown owner.) [HKLM] -- WinRAR archiver
O42 - Logiciel: WinZip 12.0 - (.WinZip Computing, S.L. .) [HKLM] -- {CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
O42 - Logiciel: Windows Driver Package - First International Computer, Inc. (UPCDRV) System (07/06/2009 1.00.00) - (.First International Computer, Inc..) [HKLM] -- 65598B62062AF73D52DE409AF9970494193D0B8E
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {590035D9-BFA0-406A-A7F0-479C72C0DDB2}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- {0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {9ADC3E4F-34DA-48CD-8727-BB26D90257BD}
O42 - Logiciel: Windows Live OneCare safety scanner - (.Microsoft Corporation.) [HKLM] -- Windows Live OneCare safety scanner
O42 - Logiciel: Windows Live OneCare safety scanner - (.Microsoft Corporation.) [HKLM] -- {FE0646A7-19D0-41B4-A2BB-2C35D644270D}
O42 - Logiciel: aTube Catcher - (.DsNET Corp.) [HKLM] -- aTube Catcher
O42 - Logiciel: avast! Free antivírus - (.AVAST Software.) [HKLM] -- avast
O42 - Logiciel: iPhone Explorer 2.111 - (.Macroplant, LLC.) [HKLM] -- {7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {C73CA646-73B3-4AEF-A136-C37505745174}
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: ratDVD 0.78.1444 - (.ratDVD.) [HKLM] -- ratDVD
O42 - Logiciel: µTorrent - (.Unknown owner.) [HKLM] -- uTorrent

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3filter]
[HKCU\Software\ALWIL Software]
[HKCU\Software\AVAST Software]
[HKCU\Software\AWSoftware]
[HKCU\Software\Adobe]
[HKCU\Software\Afinador_XX]
[HKCU\Software\Alcohol Soft]
[HKCU\Software\AppDataLow\RealNetworks]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Armand_Morin]
[HKCU\Software\Audacity]
[HKCU\Software\Auslogics]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\BisonCam]
[HKCU\Software\BitDefender]
[HKCU\Software\BitTorrent]
[HKCU\Software\CDDB]
[HKCU\Software\Caphyon]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Connectix]
[HKCU\Software\Corel]
[HKCU\Software\DAMN]
[HKCU\Software\DT Soft]
[HKCU\Software\DVD Decrypter]
[HKCU\Software\DVD Shrink]
[HKCU\Software\DacIChobr_YY]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Elcom]
[HKCU\Software\Foxit Software]
[HKCU\Software\FreeTime]
[HKCU\Software\Freeware]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\GbAs]
[HKCU\Software\GbPlugin]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\IM Providers]
[HKCU\Software\Image Power]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\LG Electronics Inc]
[HKCU\Software\LG Electronics]
[HKCU\Software\Licenses]
[HKCU\Software\LowRegistry]
[HKCU\Software\MGShareware]
[HKCU\Software\MLSync]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\MyPhoneExplorer]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\Nico Mak Computing]
[HKCU\Software\ODBC]
[HKCU\Software\Orbit]
[HKCU\Software\PS2Eplugin]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\ProgSense]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\S3]
[HKCU\Software\SecuROM]
[HKCU\Software\Skype]
[HKCU\Software\Smart Projects]
[HKCU\Software\SoftVTU]
[HKCU\Software\Softonic]
[HKCU\Software\Sony Computer Entertainment]
[HKCU\Software\Sony Corporation]
[HKCU\Software\Sony Ericsson]
[HKCU\Software\StarSynergy]
[HKCU\Software\Sysinternals]
[HKCU\Software\Toshiba]
[HKCU\Software\Trolltech]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\VSO]
[HKCU\Software\Video DVD Maker FREE]
[HKCU\Software\VideoGrabber]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\WinZip Computing]
[HKCU\Software\iSilo]
[HKCU\Software\ratDVD]
[HKCU\Software\sYk0]
[HKLM\Software\<company>]
[HKLM\Software\A-Patch]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\Ahead]
[HKLM\Software\Alcohol Soft]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\AviSynth]
[HKLM\Software\BVRP Software]
[HKLM\Software\CDDB]
[HKLM\Software\Caphyon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\Corel]
[HKLM\Software\DAMN]
[HKLM\Software\DT Soft]
[HKLM\Software\Elcom]
[HKLM\Software\Foxit Software]
[HKLM\Software\GEAR Software]
[HKLM\Software\GNU]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\HighCriteria]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KLCodecPack]
[HKLM\Software\LG Electronics]
[HKLM\Software\Lame for Audacity]
[HKLM\Software\Licenses]
[HKLM\Software\MGShareware]
[HKLM\Software\Macromedia]
[HKLM\Software\Macrovision]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\Megacubo]
[HKLM\Software\MessPatch]
[HKLM\Software\Motorola]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\Nico Mak Computing]
[HKLM\Software\ODBC]
[HKLM\Software\On2 Technologies]
[HKLM\Software\Orbit]
[HKLM\Software\Osen Kusnadi]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Protexis]
[HKLM\Software\RealAlternative]
[HKLM\Software\RealNetworks]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RichFX]
[HKLM\Software\S3R521]
[HKLM\Software\S3]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\Sony Corporation]
[HKLM\Software\Sony Creative Software]
[HKLM\Software\Sony Ericsson]
[HKLM\Software\Sony Media Software]
[HKLM\Software\Sony]
[HKLM\Software\Swearware]
[HKLM\Software\Toshiba]
[HKLM\Software\TrendMicro]
[HKLM\Software\Trolltech]
[HKLM\Software\VSO]
[HKLM\Software\Volatile]
[HKLM\Software\WinRAR]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\ZTEUSBDriverFlag]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 16/04/2010 - 02:48:38 - [219,650] ----D- C:\Program Files\Adobe
O43 - CFD: 24/05/2010 - 17:02:46 - [10,656] ----D- C:\Program Files\Alcohol Soft
O43 - CFD: 13/02/2010 - 15:23:02 - [251,042] ----D- C:\Program Files\Alwil Software
O43 - CFD: 14/04/2011 - 17:45:10 - [5,798] ----D- C:\Program Files\AML Products
O43 - CFD: 27/07/2011 - 23:55:06 - [2,316] ----D- C:\Program Files\Apple Software Update
O43 - CFD: 13/02/2010 - 02:12:28 - [0] -SH-D- C:\Program Files\Arquivos Comuns
O43 - CFD: 07/07/2010 - 15:43:00 - [0,199] ----D- C:\Program Files\Audacity
O43 - CFD: 07/07/2010 - 15:43:50 - [32,781] ----D- C:\Program Files\Audacity 1.3 Beta (Unicode)
O43 - CFD: 13/06/2010 - 18:31:34 - [32,845] ----D- C:\Program Files\Auslogics
O43 - CFD: 09/02/2011 - 00:13:38 - [0,140] ----D- C:\Program Files\AviSynth 2.5
O43 - CFD: 13/02/2010 - 02:43:24 - [0,295] ----D- C:\Program Files\BisonCam
O43 - CFD: 23/11/2011 - 12:38:34 - [4,037] ----D- C:\Program Files\CCleaner
O43 - CFD: 24/04/2010 - 20:02:04 - [2,465] ----D- C:\Program Files\CD_DVD-ROM Generator 1.50
O43 - CFD: 03/02/2012 - 17:02:52 - [624,084] ----D- C:\Program Files\Common Files
O43 - CFD: 04/12/2010 - 21:47:56 - [0,349] ----D- C:\Program Files\CoreAAC
O43 - CFD: 01/11/2009 - 01:28:54 - [740,103] ----D- C:\Program Files\Corel
O43 - CFD: 17/02/2010 - 19:02:46 - [9,902] ----D- C:\Program Files\DAEMON Tools Lite
O43 - CFD: 24/04/2010 - 14:05:36 - [0,196] ----D- C:\Program Files\DAMN NFO Viewer
O43 - CFD: 13/02/2010 - 02:38:34 - [0,520] ----D- C:\Program Files\DIFX
O43 - CFD: 29/12/2011 - 01:48:04 - [34,810] ----D- C:\Program Files\DsNET Corp
O43 - CFD: 13/12/2010 - 03:41:52 - [0,902] ----D- C:\Program Files\DVD Decrypter
O43 - CFD: 14/07/2009 - 06:53:56 - [79,367] ----D- C:\Program Files\DVD Maker
O43 - CFD: 13/12/2010 - 03:44:34 - [0,926] ----D- C:\Program Files\DVD Shrink
O43 - CFD: 13/12/2010 - 11:11:52 - [0] ----D- C:\Program Files\Elaborate Bytes
O43 - CFD: 16/08/2010 - 01:24:30 - [0] ----D- C:\Program Files\ElcomSoft
O43 - CFD: 14/02/2010 - 11:40:52 - [9,179] ----D- C:\Program Files\Foxit Software
O43 - CFD: 18/07/2011 - 14:43:24 - [3,661] ----D- C:\Program Files\Free Screen Video Capture by Topviewsoft
O43 - CFD: 23/06/2011 - 12:17:04 - [5,896] ----D- C:\Program Files\FreeRIP3
O43 - CFD: 03/12/2010 - 20:39:12 - [112,602] ----D- C:\Program Files\FreeTime
O43 - CFD: 31/12/2011 - 15:01:10 - [3,356] ----D- C:\Program Files\GbPlugin
O43 - CFD: 24/03/2010 - 00:10:54 - [94,621] ----D- C:\Program Files\GIMP-2.0
O43 - CFD: 05/12/2010 - 14:30:52 - [0] ----D- C:\Program Files\GRETECH
O43 - CFD: 18/07/2011 - 17:52:48 - [0,388] ----D- C:\Program Files\IDoser v4
O43 - CFD: 13/01/2012 - 10:37:28 - [28,299] --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 17/09/2011 - 19:47:12 - [0] ----D- C:\Program Files\Intel
O43 - CFD: 08/10/2010 - 02:27:16 - [5,905] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 30/07/2011 - 01:00:40 - [2,939] ----D- C:\Program Files\iPhone Explorer
O43 - CFD: 27/07/2011 - 23:57:22 - [1,782] ----D- C:\Program Files\iPod
O43 - CFD: 27/07/2011 - 23:58:06 - [119,254] ----D- C:\Program Files\iTunes
O43 - CFD: 31/12/2011 - 17:21:08 - [84,980] ----D- C:\Program Files\Java
O43 - CFD: 14/02/2010 - 03:30:10 - [29,264] ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD: 08/09/2010 - 21:38:46 - [0,084] ----D- C:\Program Files\KeyNote
O43 - CFD: 07/07/2010 - 15:45:42 - [1,170] ----D- C:\Program Files\Lame for Audacity
O43 - CFD: 30/01/2012 - 16:27:36 - [119,076] ----D- C:\Program Files\LG Electronics
O43 - CFD: 08/01/2012 - 12:30:56 - [11,462] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 16/03/2010 - 17:50:34 - [2,341] ----D- C:\Program Files\Marcos Velasco Security
O43 - CFD: 25/05/2011 - 01:09:34 - [19,679] ----D- C:\Program Files\Megacubo
O43 - CFD: 18/06/2011 - 15:46:26 - [5,603] ----D- C:\Program Files\Microsoft
O43 - CFD: 14/07/2009 - 06:53:54 - [140,936] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 17/02/2010 - 21:55:40 - [276,153] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 18/06/2011 - 15:59:46 - [36,632] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 17/02/2010 - 21:55:40 - [0,014] ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 17/02/2010 - 21:54:18 - [1,204] ----D- C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 17/02/2010 - 21:57:30 - [3,554] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 17/02/2010 - 21:55:30 - [7,774] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 09/02/2011 - 00:18:56 - [0,747] ----D- C:\Program Files\MIKSOFT
O43 - CFD: 23/12/2011 - 11:39:54 - [38,451] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 01/02/2012 - 14:33:02 - [37,315] ----D- C:\Program Files\Mozilla Thunderbird
O43 - CFD: 17/02/2010 - 21:55:42 - [0,025] ----D- C:\Program Files\MSBuild
O43 - CFD: 14/03/2010 - 06:27:48 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 13/01/2012 - 11:09:40 - [11,649] ----D- C:\Program Files\MyPhoneExplorer
O43 - CFD: 16/03/2010 - 19:13:40 - [829,842] ----D- C:\Program Files\Nero
O43 - CFD: 11/10/2011 - 11:08:02 - [12,400] ----D- C:\Program Files\Nitro PDF
O43 - CFD: 16/03/2010 - 17:59:44 - [1,762] ----D- C:\Program Files\Orban
O43 - CFD: 08/11/2011 - 19:30:22 - [13,535] ----D- C:\Program Files\Orbitdownloader
O43 - CFD: 02/11/2010 - 15:11:36 - [36,764] ----D- C:\Program Files\Paragon Software
O43 - CFD: 08/10/2010 - 02:26:42 - [0] ----D- C:\Program Files\Primal Pictures
O43 - CFD: 27/07/2011 - 23:55:26 - [72,787] ----D- C:\Program Files\QuickTime
O43 - CFD: 17/08/2011 - 00:16:44 - [8,075] ----D- C:\Program Files\ratDVD
O43 - CFD: 04/01/2012 - 20:55:22 - [0,480] ----D- C:\Program Files\Real
O43 - CFD: 14/02/2010 - 03:32:22 - [19,049] ----D- C:\Program Files\Real Alternative
O43 - CFD: 06/12/2011 - 18:19:50 - [7,912] ----D- C:\Program Files\Realtek
O43 - CFD: 13/02/2010 - 02:40:20 - [0,698] ----D- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
O43 - CFD: 14/07/2009 - 02:52:32 - [36,727] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 23/08/2010 - 15:11:32 - [136,196] ----D- C:\Program Files\Rosetta Stone
O43 - CFD: 26/11/2011 - 12:34:16 - [28,149] ----D- C:\Program Files\Rovio
O43 - CFD: 06/12/2011 - 17:21:38 - [15,363] ----D- C:\Program Files\s3graphics
O43 - CFD: 14/04/2011 - 21:54:34 - [14,444] R---D- C:\Program Files\Skype
O43 - CFD: 24/04/2010 - 17:10:12 - [10,065] ----D- C:\Program Files\Smart Projects
O43 - CFD: 17/10/2011 - 15:26:08 - [105,327] ----D- C:\Program Files\Sony
O43 - CFD: 17/10/2011 - 15:19:34 - [240,410] ----D- C:\Program Files\Sony Ericsson
O43 - CFD: 17/10/2011 - 15:26:02 - [99,743] ----D- C:\Program Files\Sony Media Go Install
O43 - CFD: 19/04/2011 - 02:09:10 - [102,896] ----D- C:\Program Files\Sony Setup
O43 - CFD: 03/12/2010 - 20:41:04 - [2,039] ----D- C:\Program Files\sub2divX
O43 - CFD: 12/03/2010 - 00:19:12 - [25,398] ----D- C:\Program Files\Sun
O43 - CFD: 29/05/2011 - 03:26:26 - [4,649] ----D- C:\Program Files\SupportInfo
O43 - CFD: 15/12/2011 - 00:03:54 - [65,561] ----D- C:\Program Files\Toshiba
O43 - CFD: 06/03/2010 - 02:35:14 - [0,058] ----D- C:\Program Files\UltraISO
O43 - CFD: 14/07/2009 - 02:53:24 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 05/12/2010 - 14:30:14 - [0] ----D- C:\Program Files\URUSoft
O43 - CFD: 03/04/2011 - 01:34:22 - [0,381] ----D- C:\Program Files\uTorrent
O43 - CFD: 16/05/2010 - 21:55:12 - [6,411] ----D- C:\Program Files\VDownloader 1.13
O43 - CFD: 18/07/2011 - 15:29:58 - [27,180] ----D- C:\Program Files\Video DVD Maker
O43 - CFD: 29/05/2011 - 18:28:52 - [24,576] ----D- C:\Program Files\Vivo 3G
O43 - CFD: 26/12/2010 - 21:01:28 - [65,129] ----D- C:\Program Files\VSO
O43 - CFD: 14/07/2009 - 06:31:04 - [2,896] ----D- C:\Program Files\Windows Defender
O43 - CFD: 14/07/2009 - 06:53:50 - [6,685] ----D- C:\Program Files\Windows Journal
O43 - CFD: 29/01/2011 - 15:02:56 - [59,491] ----D- C:\Program Files\Windows Live
O43 - CFD: 15/10/2011 - 21:05:24 - [56,467] ----D- C:\Program Files\Windows Live Safety Center
O43 - CFD: 29/01/2011 - 15:02:44 - [0,234] ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 14/07/2009 - 06:31:04 - [5,869] ----D- C:\Program Files\Windows Mail
O43 - CFD: 14/03/2010 - 06:36:48 - [6,289] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 13/02/2010 - 02:12:28 - [11,627] ----D- C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 06:31:04 - [4,210] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 02:52:34 - [0,181] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 06:31:04 - [25,779] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 13/04/2010 - 23:10:24 - [4,719] ----D- C:\Program Files\WinRAR
O43 - CFD: 24/03/2010 - 00:34:00 - [14,235] ----D- C:\Program Files\WinZip
O43 - CFD: 05/02/2012 - 00:26:40 - [10,098] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 16/04/2010 - 02:48:42 - [5,980] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 27/07/2011 - 23:57:22 - [88,874] ----D- C:\Program Files\Common Files\Apple
O43 - CFD: 01/11/2009 - 01:29:12 - [18,160] ----D- C:\Program Files\Common Files\Corel
O43 - CFD: 17/02/2010 - 21:55:40 - [0,089] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 19/04/2011 - 02:32:18 - [0] ----D- C:\Program Files\Common Files\DVDVideoSoft
O43 - CFD: 13/02/2010 - 02:41:46 - [3,632] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 31/12/2011 - 17:21:54 - [1,201] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 23/08/2010 - 15:11:42 - [0,628] ----D- C:\Program Files\Common Files\Macrovision Shared
O43 - CFD: 29/01/2011 - 15:02:50 - [206,286] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 16/03/2010 - 19:26:50 - [196,087] ----D- C:\Program Files\Common Files\Nero
O43 - CFD: 01/11/2009 - 01:30:40 - [1,577] ----D- C:\Program Files\Common Files\Protexis
O43 - CFD: 14/07/2009 - 00:37:06 - [0,003] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 13/02/2010 - 02:12:28 - [0] -SH-D- C:\Program Files\Common Files\Sistema
O43 - CFD: 17/10/2011 - 15:30:52 - [20,404] ----D- C:\Program Files\Common Files\Sony Shared
O43 - CFD: 14/07/2009 - 00:37:06 - [39,200] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 14/07/2009 - 06:31:04 - [41,965] ----D- C:\Program Files\Common Files\System
O43 - CFD: 13/02/2010 - 03:51:38 - [0] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 16/04/2010 - 02:59:06 - [11,302] ----D- C:\ProgramData\Adobe
O43 - CFD: 13/02/2010 - 15:23:02 - [32,447] ----D- C:\ProgramData\Alwil Software
O43 - CFD: 30/07/2011 - 01:01:38 - [39,897] ----D- C:\ProgramData\Apple
O43 - CFD: 28/07/2011 - 02:19:04 - [64,071] ----D- C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 02:53:56 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 22/11/2010 - 21:18:36 - [0,000] ----D- C:\ProgramData\Avanquest Bluetooth SDK
O43 - CFD: 25/01/2012 - 19:27:32 - [0,045] ----D- C:\ProgramData\BlueStacks
O43 - CFD: 22/11/2010 - 18:32:12 - [0] ----D- C:\ProgramData\BVRP Software
O43 - CFD: 01/11/2009 - 01:30:42 - [63,347] ----D- C:\ProgramData\Corel
O43 - CFD: 13/02/2010 - 02:12:28 - [0] -SH-D- C:\ProgramData\Dados de aplicativos
O43 - CFD: 17/02/2010 - 19:01:42 - [0,001] ----D- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 14/07/2009 - 02:53:56 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 13/02/2010 - 02:12:28 - [0] -SH-D- C:\ProgramData\Documentos
O43 - CFD: 14/07/2009 - 02:53:56 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 13/12/2010 - 03:46:12 - [0,012] ----D- C:\ProgramData\DVD Shrink
O43 - CFD: 02/11/2010 - 15:12:38 - [0] ----D- C:\ProgramData\explauncher
O43 - CFD: 14/07/2009 - 02:53:56 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 13/02/2010 - 02:12:28 - [0] -SH-D- C:\ProgramData\Favoritos
O43 - CFD: 23/08/2010 - 15:30:36 - [0,001] ----D- C:\ProgramData\FLEXnet
O43 - CFD: 23/06/2011 - 12:16:26 - [0,013] ----D- C:\ProgramData\FreeRIP
O43 - CFD: 09/08/2011 - 11:01:42 - [7,181] ----D- C:\ProgramData\gas
O43 - CFD: 31/12/2011 - 15:01:12 - [0,085] ----D- C:\ProgramData\GbPlugin
O43 - CFD: 17/09/2011 - 19:47:12 - [0,002] ----D- C:\ProgramData\Intel
O43 - CFD: 02/11/2010 - 15:12:38 - [0] ----D- C:\ProgramData\launcher
O43 - CFD: 28/04/2010 - 18:17:42 - [16,267] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 13/02/2010 - 02:12:28 - [0] -SH-D- C:\ProgramData\Menu Iniciar
O43 - CFD: 29/01/2011 - 13:42:50 - [897,265] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 28/04/2010 - 11:38:26 - [0,057] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 13/02/2010 - 02:12:28 - [0] -SH-D- C:\ProgramData\Modelos
O43 - CFD: 16/03/2010 - 19:50:48 - [10,201] ----D- C:\ProgramData\Nero
O43 - CFD: 08/10/2010 - 02:27:00 - [0,009] ----D- C:\ProgramData\QuickTime
O43 - CFD: 03/11/2011 - 00:37:22 - [0,068] ----D- C:\ProgramData\Real
O43 - CFD: 06/09/2011 - 00:28:32 - [1671,341] ----D- C:\ProgramData\Rosetta Stone
O43 - CFD: 14/04/2011 - 21:54:28 - [19,315] ----D- C:\ProgramData\Skype
O43 - CFD: 17/10/2011 - 15:30:52 - [0,028] ----D- C:\ProgramData\Sony Corporation
O43 - CFD: 17/10/2011 - 15:13:02 - [6,836] ----D- C:\ProgramData\Sony Ericsson
O43 - CFD: 14/07/2009 - 02:53:56 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 31/12/2011 - 17:21:54 - [0,000] ----D- C:\ProgramData\Sun
O43 - CFD: 01/11/2009 - 01:54:00 - [0] ---AD- C:\ProgramData\TEMP
O43 - CFD: 14/07/2009 - 02:53:56 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 15/12/2011 - 00:16:30 - [0,012] ----D- C:\ProgramData\TOSHIBA
O43 - CFD: 09/04/2011 - 16:42:16 - [0,000] ----D- C:\ProgramData\vsosdk
O43 - CFD: 24/03/2010 - 00:35:06 - [0,000] ----D- C:\ProgramData\WinZip
O43 - CFD: 27/07/2011 - 23:58:06 - [0,517] ----D- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
O43 - CFD: 23/06/2011 - 12:09:50 - [0] ----D- C:\Users\Dario Jr\AppData\Roaming\AccurateRip
O43 - CFD: 16/04/2010 - 02:49:10 - [4,939] ----D- C:\Users\Dario Jr\AppData\Roaming\Adobe
O43 - CFD: 30/07/2011 - 01:05:12 - [439,864] ----D- C:\Users\Dario Jr\AppData\Roaming\Apple Computer
O43 - CFD: 06/01/2012 - 19:24:08 - [0,024] ----D- C:\Users\Dario Jr\AppData\Roaming\Audacity
O43 - CFD: 11/11/2011 - 23:51:32 - [0,408] ----D- C:\Users\Dario Jr\AppData\Roaming\Auslogics
O43 - CFD: 01/11/2009 - 01:32:04 - [1,057] ----D- C:\Users\Dario Jr\AppData\Roaming\Corel
O43 - CFD: 23/11/2011 - 12:39:40 - [0] ----D- C:\Users\Dario Jr\AppData\Roaming\DAEMON Tools Lite
O43 - CFD: 23/06/2011 - 12:09:48 - [0,145] ----D- C:\Users\Dario Jr\AppData\Roaming\EAC
O43 - CFD: 14/02/2010 - 11:41:32 - [0,033] ----D- C:\Users\Dario Jr\AppData\Roaming\Foxit
O43 - CFD: 08/11/2011 - 19:31:56 - [0,000] ----D- C:\Users\Dario Jr\AppData\Roaming\GrabPro
O43 - CFD: 26/12/2011 - 18:39:18 - [0,000] ----D- C:\Users\Dario Jr\AppData\Roaming\gtk-2.0
O43 - CFD: 13/02/2010 - 02:12:54 - [0] ----D- C:\Users\Dario Jr\AppData\Roaming\Identities
O43 - CFD: 13/02/2010 - 02:40:08 - [0] ----D- C:\Users\Dario Jr\AppData\Roaming\InstallShield
O43 - CFD: 28/03/2010 - 18:59:22 - [0,004] ----D- C:\Users\Dario Jr\AppData\Roaming\iSilo
O43 - CFD: 08/10/2010 - 03:07:28 - [0,003] ----D- C:\Users\Dario Jr\AppData\Roaming\Macromedia
O43 - CFD: 28/04/2010 - 18:17:52 - [8,306] ----D- C:\Users\Dario Jr\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 06:52:56 - [0] ----D- C:\Users\Dario Jr\AppData\Roaming\Media Center Programs
O43 - CFD: 13/02/2010 - 21:28:36 - [0,000] ----D- C:\Users\Dario Jr\AppData\Roaming\Media Player Classic
O43 - CFD: 30/07/2011 - 01:01:24 - [5,574] -S--D- C:\Users\Dario Jr\AppData\Roaming\Microsoft
O43 - CFD: 30/01/2012 - 18:20:34 - [0] ----D- C:\Users\Dario Jr\AppData\Roaming\ML
O43 - CFD: 13/02/2010 - 03:11:28 - [29,297] ----D- C:\Users\Dario Jr\AppData\Roaming\Mozilla
O43 - CFD: 13/01/2012 - 11:26:54 - [67,512] ----D- C:\Users\Dario Jr\AppData\Roaming\MyPhoneExplorer
O43 - CFD: 16/03/2010 - 19:49:58 - [1,312] ----D- C:\Users\Dario Jr\AppData\Roaming\Nero
O43 - CFD: 02/01/2012 - 23:10:46 - [5,566] ----D- C:\Users\Dario Jr\AppData\Roaming\Orbit
O43 - CFD: 03/02/2012 - 23:54:44 - [0,002] ----D- C:\Users\Dario Jr\AppData\Roaming\PrimoPDF
O43 - CFD: 18/07/2011 - 14:52:26 - [0,000] ----D- C:\Users\Dario Jr\AppData\Roaming\ProgSense
O43 - CFD: 16/01/2012 - 10:23:22 - [0,029] ----D- C:\Users\Dario Jr\AppData\Roaming\QuickScan
O43 - CFD: 04/01/2012 - 20:55:12 - [2,584] ----D- C:\Users\Dario Jr\AppData\Roaming\Real
O43 - CFD: 26/11/2011 - 12:36:50 - [0,006] ----D- C:\Users\Dario Jr\AppData\Roaming\Rovio
O43 - CFD: 23/11/2011 - 12:39:40 - [1,319] ----D- C:\Users\Dario Jr\AppData\Roaming\Skype
O43 - CFD: 18/07/2011 - 14:49:56 - [0] ----D- C:\Users\Dario Jr\AppData\Roaming\Solveig Multimedia
O43 - CFD: 24/03/2010 - 22:21:24 - [2,730] ----D- C:\Users\Dario Jr\AppData\Roaming\Sonic Solutions
O43 - CFD: 17/10/2011 - 15:27:28 - [25,176] ----D- C:\Users\Dario Jr\AppData\Roaming\Sony
O43 - CFD: 01/02/2012 - 14:33:08 - [2,070] ----D- C:\Users\Dario Jr\AppData\Roaming\Thunderbird
O43 - CFD: 15/12/2011 - 00:23:18 - [0] ----D- C:\Users\Dario Jr\AppData\Roaming\Toshiba
O43 - CFD: 04/02/2012 - 01:03:54 - [5,045] ----D- C:\Users\Dario Jr\AppData\Roaming\uTorrent
O43 - CFD: 18/07/2011 - 15:31:06 - [0] ----D- C:\Users\Dario Jr\AppData\Roaming\Video DVD Maker FREE
O43 - CFD: 18/07/2011 - 17:54:56 - [0,035] ----D- C:\Users\Dario Jr\AppData\Roaming\Vso
O43 - CFD: 13/02/2010 - 12:30:18 - [0] ----D- C:\Users\Dario Jr\AppData\Roaming\WinRAR
O43 - CFD: 16/04/2010 - 02:59:48 - [0,182] ----D- C:\Users\Dario Jr\AppData\Local\Adobe
O43 - CFD: 13/02/2010 - 03:23:40 - [0] ----D- C:\Users\Dario Jr\AppData\Local\Apple
O43 - CFD: 28/07/2011 - 02:18:06 - [77,066] ----D- C:\Users\Dario Jr\AppData\Local\Apple Computer
O43 - CFD: 13/04/2010 - 01:08:10 - [0,029] ----D- C:\Users\Dario Jr\AppData\Local\Ares
O43 - CFD: 25/01/2012 - 19:27:32 - [0,044] ----D- C:\Users\Dario Jr\AppData\Local\BlueStacks
O43 - CFD: 13/02/2010 - 02:12:36 - [0] -SH-D- C:\Users\Dario Jr\AppData\Local\Dados de aplicativos
O43 - CFD: 30/01/2012 - 12:40:26 - [0] ----D- C:\Users\Dario Jr\AppData\Local\Diagnostics
O43 - CFD: 17/10/2011 - 15:25:42 - [8,421] ----D- C:\Users\Dario Jr\AppData\Local\Downloaded Installations
O43 - CFD: 15/01/2012 - 02:50:14 - [0] ----D- C:\Users\Dario Jr\AppData\Local\ElevatedDiagnostics
O43 - CFD: 13/02/2010 - 03:20:26 - [274,215] ----D- C:\Users\Dario Jr\AppData\Local\Google
O43 - CFD: 13/02/2010 - 02:12:36 - [0] -SH-D- C:\Users\Dario Jr\AppData\Local\Histórico
O43 - CFD: 30/01/2012 - 16:27:54 - [25,692] ----D- C:\Users\Dario Jr\AppData\Local\LG Electronics
O43 - CFD: 30/07/2011 - 01:01:14 - [0,001] ----D- C:\Users\Dario Jr\AppData\Local\Macroplant
O43 - CFD: 15/10/2011 - 21:02:34 - [1171,319] ----D- C:\Users\Dario Jr\AppData\Local\Microsoft
O43 - CFD: 28/03/2010 - 21:31:42 - [0,518] ----D- C:\Users\Dario Jr\AppData\Local\Microsoft Games
O43 - CFD: 29/11/2011 - 17:45:20 - [0,187] ----D- C:\Users\Dario Jr\AppData\Local\Microsoft Help
O43 - CFD: 13/02/2010 - 03:11:20 - [42,010] ----D- C:\Users\Dario Jr\AppData\Local\Mozilla
O43 - CFD: 24/04/2011 - 21:39:36 - [0,097] ----D- C:\Users\Dario Jr\AppData\Local\optBeruby
O43 - CFD: 24/04/2011 - 21:39:34 - [0,024] ----D- C:\Users\Dario Jr\AppData\Local\QuickStores
O43 - CFD: 16/08/2011 - 23:19:14 - [0,002] ----D- C:\Users\Dario Jr\AppData\Local\ratDVD
O43 - CFD: 14/02/2010 - 03:32:18 - [0] ----D- C:\Users\Dario Jr\AppData\Local\Real
O43 - CFD: 17/10/2011 - 15:31:00 - [0,020] ----D- C:\Users\Dario Jr\AppData\Local\Sony
O43 - CFD: 03/11/2011 - 23:07:34 - [0,058] ----D- C:\Users\Dario Jr\AppData\Local\Sony Ericsson
O43 - CFD: 05/02/2012 - 00:21:20 - [0,086] ----D- C:\Users\Dario Jr\AppData\Local\temp
O43 - CFD: 13/02/2010 - 02:12:36 - [0] -SH-D- C:\Users\Dario Jr\AppData\Local\Temporary Internet Files
O43 - CFD: 01/02/2012 - 14:33:08 - [0,851] ----D- C:\Users\Dario Jr\AppData\Local\Thunderbird
O43 - CFD: 13/02/2010 - 03:37:28 - [0,006] ----D- C:\Users\Dario Jr\AppData\Local\Toshiba
O43 - CFD: 16/05/2010 - 21:55:14 - [0,000] ----D- C:\Users\Dario Jr\AppData\Local\vdownloader
O43 - CFD: 14/12/2011 - 23:27:04 - [3,761] ----D- C:\Users\Dario Jr\AppData\Local\VirtualStore
O43 - CFD: 28/01/2011 - 20:08:38 - [0,035] ----D- C:\Users\Dario Jr\AppData\Local\Windows Live
O43 - CFD: 24/03/2010 - 00:35:08 - [0,061] ----D- C:\Users\Dario Jr\AppData\Local\WinZip
O43 - CFD: 28/01/2011 - 19:06:14 - [0] ----D- C:\Users\Dario Jr\AppData\Local\{DA2145F5-136E-4FBC-8491-9A80D45D3CE2}
~ Scan Program Folder in 00mn 05s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.F82BFA47E8FC8B467EC495CAEB7D1122] - 04/02/2012 - 23:16:46 ---A- . (...) -- C:\Windows\WindowsUpdate.log [61880]
O44 - LFC:[MD5.7CC762AD28B3A345CF440A4DE9F2083D] - 04/02/2012 - 23:07:08 ---A- . (...) -- C:\Rapport ToolbarShooter.txt [2669]
O44 - LFC:[MD5.D74E3C688AA4F552EB9F55CB8EA67170] - 04/02/2012 - 15:03:34 ---A- . (...) -- C:\Windows\setupact.log [56]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04/02/2012 - 15:03:34 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.22739BD4911D25FFD85C424F2BC5E483] - 04/02/2012 - 15:03:26 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.69BB7541337F6B995268C0AE62C761DB] - 04/02/2012 - 00:04:27 ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1491932]
O44 - LFC:[MD5.5C44FF27BD6075D8847862E56B3E6281] - 04/02/2012 - 00:04:27 ---A- . (...) -- C:\Windows\system32\perfc009.dat [103568]
O44 - LFC:[MD5.444C7A1B32839A2454353F3F1342DB5D] - 04/02/2012 - 00:04:27 ---A- . (...) -- C:\Windows\system32\perfh009.dat [607190]
O44 - LFC:[MD5.A472EE22E6D4FCFF90C6BD9F0D417B14] - 04/02/2012 - 00:04:27 ---A- . (...) -- C:\Windows\system32\prfc0416.dat [124922]
O44 - LFC:[MD5.FE33B06460EDF19FF01241DEC7E0A1AA] - 04/02/2012 - 00:04:27 ---A- . (...) -- C:\Windows\system32\prfh0416.dat [654470]
O44 - LFC:[MD5.1BA4E9ADB8FA5BC39AB549E5E13B06F3] - 03/02/2012 - 20:58:15 ---A- . (...) -- C:\AdwCleaner[S1].txt [3470]
O44 - LFC:[MD5.F41E5DED39AFCE993B9E44EFF06FAB67] - 03/02/2012 - 16:18:53 ---A- . (...) -- C:\ComboFix.txt [19566]
O44 - LFC:[MD5.A33584CD1E47A9E43D3DD053B57C865E] - 03/02/2012 - 16:12:19 ---A- . (...) -- C:\Windows\system.ini [272]
O44 - LFC:[MD5.37598CDB7A685878CD2EE6799D5416E7] - 03/02/2012 - 15:49:48 ---A- . (...) -- C:\AdwCleaner[R2].txt [3384]
O44 - LFC:[MD5.EF3874729B9948C64325918118FD9AF5] - 03/02/2012 - 15:48:59 ---A- . (...) -- C:\Gabkiller_supp.txt [1120]
O44 - LFC:[MD5.97DE7307A1CBA8BFFDA15D66356AF1F6] - 03/02/2012 - 01:11:38 ---A- . (...) -- C:\AdwCleaner[R1].txt [3430]
O44 - LFC:[MD5.54D48C29DB77588161F7E6839A475668] - 01/02/2012 - 12:08:58 ---A- . (...) -- C:\Windows\system32\drivers\gas.cer [1398]
O44 - LFC:[MD5.A2410FD14DD6D0274429FCEC75AE1250] - 01/02/2012 - 12:08:58 ---A- . (...) -- C:\Windows\system32\drivers\ndisrd.cat [8524]
O44 - LFC:[MD5.E3626AB6E571F7CF8ADDAC2A6621B39E] - 01/02/2012 - 12:08:58 ---A- . (...) -- C:\Windows\system32\drivers\ndisrd.inf [3633]
O44 - LFC:[MD5.16F95DB8488D196C323B2C09C09F658B] - 01/02/2012 - 12:08:58 ---A- . (...) -- C:\Windows\system32\drivers\ndisrd_m.inf [1814]
O44 - LFC:[MD5.C4A2EC41DFB9619FA3B792EA1E7A4B46] - 01/02/2012 - 12:08:58 ---A- . (.GAS Tecnologia - GbPlugin NDIS Device Driver.) -- C:\Windows\system32\drivers\gbpndisrd.sys [42192]
~ Scan Files in 00mn 02s



---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.536280BFDBB4E612E91A858AD9786FF7] - 01/02/2012 - 12:05:00 ---A- - C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-6EDA53FB.pf
O45 - LFCP:[MD5.7B290524A9A312DB85FE002F1917DD11] - 01/02/2012 - 12:09:09 ---A- - C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf
O45 - LFCP:[MD5.24F56A481DC9FA22E9ABEE334793C9EA] - 01/02/2012 - 13:18:02 ---A- - C:\Windows\Prefetch\JAVA.EXE-E27B75C2.pf
O45 - LFCP:[MD5.E2B21993B54781EA751EAD1E72F807AB] - 02/02/2012 - 21:19:57 ---A- - C:\Windows\Prefetch\MSNMSGR.EXE-9974F251.pf
O45 - LFCP:[MD5.76E1021776F2DFE8E3B55840808057BB] - 02/02/2012 - 21:20:18 ---A- - C:\Windows\Prefetch\WLCOMM.EXE-272FF9F7.pf
O45 - LFCP:[MD5.D66F19A53F1E7E15B1D066F894F969AC] - 03/02/2012 - 12:07:21 ---A- - C:\Windows\Prefetch\MPLAYERC.EXE-AAF9E605.pf
O45 - LFCP:[MD5.47725B472573BC4D0905D62F3426BF70] - 03/02/2012 - 14:05:45 ---A- - C:\Windows\Prefetch\AGCP.EXE-E9B1E8E1.pf
O45 - LFCP:[MD5.5C4408DA28BC2C9775991D003FF68576] - 03/02/2012 - 15:33:41 ---A- - C:\Windows\Prefetch\Layout.ini
O45 - LFCP:[MD5.AD51862F707CC75D1BC3377414695963] - 03/02/2012 - 15:48:45 ---A- - C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
O45 - LFCP:[MD5.D46D0B8A5CF5A65868CE5016698330E7] - 03/02/2012 - 16:12:15 ---A- - C:\Windows\Prefetch\DEFMGR.EXE-D7F1B97C.pf
O45 - LFCP:[MD5.E3AA50EBEA6AC186B04DC25E078E31C2] - 03/02/2012 - 16:12:17 ---A- - C:\Windows\Prefetch\BISONHK.EXE-F53ECE98.pf
O45 - LFCP:[MD5.191BBEFD03101E386AC9E6EE9DD2CF7B] - 03/02/2012 - 16:12:19 ---A- - C:\Windows\Prefetch\RTHDVCPL.EXE-B116E9FD.pf
O45 - LFCP:[MD5.E43292D69D616317FE88B20DA6A4E595] - 03/02/2012 - 16:12:26 ---A- - C:\Windows\Prefetch\ITSECMNG.EXE-E90CEC34.pf
O45 - LFCP:[MD5.8EB5E30C8E5B47AA5C350B1FA2755957] - 03/02/2012 - 16:12:28 ---A- - C:\Windows\Prefetch\TOSBTMNG.EXE-0F82C6A8.pf
O45 - LFCP:[MD5.BDE9624A99F2B35D2908A1950B95FDD2] - 03/02/2012 - 16:12:29 ---A- - C:\Windows\Prefetch\SIDEBAR.EXE-FA75EA61.pf
O45 - LFCP:[MD5.60D1971E5003424AC9A0EF8F9F4E8E3E] - 03/02/2012 - 16:12:39 ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf
O45 - LFCP:[MD5.3A167B8E1CB0F0684EC08A1AC353CBF5] - 03/02/2012 - 16:12:41 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-007FEA55.pf
O45 - LFCP:[MD5.E2DC0CA35080305ED551C7C549ECEC83] - 03/02/2012 - 21:02:14 ---A- - C:\Windows\Prefetch\APPLEMOBILEDEVICESERVICE.EXE-CCCE4FAC.pf
O45 - LFCP:[MD5.B1BBB695FDA30ADC9922313749275B1E] - 03/02/2012 - 22:18:49 ---A- - C:\Windows\Prefetch\SNDVOL.EXE-5D4CC7D6.pf
O45 - LFCP:[MD5.2667A2303ABB86CC997CB243669CABC9] - 03/02/2012 - 22:54:10 ---A- - C:\Windows\Prefetch\JAVAWS.EXE-5FA6EB7C.pf
O45 - LFCP:[MD5.9BA24D359284E6457A5F006EA7BA6A52] - 03/02/2012 - 22:54:53 ---A- - C:\Windows\Prefetch\PRIMORUN.EXE-AF7E1DD9.pf
O45 - LFCP:[MD5.13737D000EBAC295C93F5839504F0D96] - 03/02/2012 - 22:54:56 ---A- - C:\Windows\Prefetch\PRIMOPDF.EXE-5637A63A.pf
O45 - LFCP:[MD5.79609D52D6F5F64780DA9C9AAE94C31D] - 03/02/2012 - 22:55:10 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-172CF576.pf
O45 - LFCP:[MD5.8C20A46AF97D59BFA13B01252942F5B7] - 03/02/2012 - 22:56:47 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf
O45 - LFCP:[MD5.0C0A341FD4458ECECB79565FDDDE278C] - 04/02/2012 - 00:02:06 ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
O45 - LFCP:[MD5.6B0504551D27A2261C5D835F6178AE64] - 04/02/2012 - 00:02:33 ---A- - C:\Windows\Prefetch\AXSHLEXHLPER.EXE-A70B8881.pf
O45 - LFCP:[MD5.F9DE0FB9A00CD2872352DAD49C65F48C] - 04/02/2012 - 00:05:54 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.AD0F6A0D659F0CC42AA932A17592B4F2] - 04/02/2012 - 15:05:57 ---A- - C:\Windows\Prefetch\AVAST.SETUP-3DA1C849.pf
O45 - LFCP:[MD5.748AAB206874CD82387B6DBCB9CE5604] - 04/02/2012 - 15:05:57 ---A- - C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf
O45 - LFCP:[MD5.0A7218152A8081AE3226AB6792EF1AE2] - 04/02/2012 - 15:05:57 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-FEDB32D0.pf
O45 - LFCP:[MD5.6C89964F67B7C5EAFE71B20FC714875B] - 04/02/2012 - 15:05:57 ---A- - C:\Windows\Prefetch\TOSBTAVAC.EXE-72B919D5.pf
O45 - LFCP:[MD5.E6AF0273F2EFC88FDA363458C8AA3082] - 04/02/2012 - 15:05:59 ---A- - C:\Windows\Prefetch\BTASSIST.EXE-13109403.pf
O45 - LFCP:[MD5.B109F375A84349C435EA4FA78143BFE3] - 04/02/2012 - 15:05:59 ---A- - C:\Windows\Prefetch\REMODEM.EXE-968D75EF.pf
O45 - LFCP:[MD5.1C5155B0C32DB5D02DA7704D8738C214] - 04/02/2012 - 15:06:08 ---A- - C:\Windows\Prefetch\TOSHDPPROC.EXE-D8889C48.pf
O45 - LFCP:[MD5.49884FB1A1B4EC26E2E9E547A1C196B0] - 04/02/2012 - 15:06:09 ---A- - C:\Windows\Prefetch\TOSBTHSP.EXE-33C4BF7D.pf
O45 - LFCP:[MD5.F6A4C5F4FF9DEFC3D29A91092F7C1975] - 04/02/2012 - 15:06:19 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-C871F054.pf
O45 - LFCP:[MD5.A937195C8D4BB578C8AFA1A40B62C75F] - 04/02/2012 - 15:07:41 ---A- - C:\Windows\Prefetch\MBAMSERVICE.EXE-447DC311.pf
O45 - LFCP:[MD5.4BC98B646992898A1EEA5A7BE487E6AD] - 04/02/2012 - 15:07:41 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-05F624AB.pf
O45 - LFCP:[MD5.4C7FA75629F6C77E461B8D10CB940A60] - 04/02/2012 - 15:09:07 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
O45 - LFCP:[MD5.CF8F3829DD085799AF38B140399D8952] - 04/02/2012 - 15:13:03 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf
O45 - LFCP:[MD5.DB1411409E4EA0F26F6D5DC65CFD1318] - 04/02/2012 - 15:14:48 ---A- - C:\Windows\Prefetch\TOSBTPSS.EXE-75C268B4.pf
O45 - LFCP:[MD5.EBB73614ECBA4A46985F727E869B7C22] - 04/02/2012 - 22:33:16 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
O45 - LFCP:[MD5.6171A5FCC4FA74A65A553F2AB9EBDF57] - 04/02/2012 - 22:34:04 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf
O45 - LFCP:[MD5.6E9B546FCBF3FDBD78968385CCD043C0] - 04/02/2012 - 22:34:04 ---A- - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
O45 - LFCP:[MD5.2914594EBF1EB832937AD8E433E7F929] - 04/02/2012 - 22:34:08 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf
O45 - LFCP:[MD5.412609E9F2D3DA1D741E7EECE4C12037] - 04/02/2012 - 22:34:30 ---A- - C:\Windows\Prefetch\LongTermHist.db.bt
O45 - LFCP:[MD5.2A8E3990E191468615BB977CA48C8909] - 04/02/2012 - 22:34:30 ---A- - C:\Windows\Prefetch\LongTermHist.db.dx
O45 - LFCP:[MD5.1EF59B005E8FE2454274C9B70BC6740C] - 04/02/2012 - 22:34:31 ---A- - C:\Windows\Prefetch\LongTermHist.db
O45 - LFCP:[MD5.952CE5CE4397C76DFEB4C4A455CA6B2F] - 04/02/2012 - 22:35:17 ---A- - C:\Windows\Prefetch\AgCx_SC2.db
O45 - LFCP:[MD5.461E4B7D7E10ACCD335FC096AE5D994F] - 04/02/2012 - 22:39:44 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2014276812-2303388161-280020652-1000.db
O45 - LFCP:[MD5.06BA0B14C125026F2836E4EC4E444CD4] - 04/02/2012 - 22:39:44 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2014276812-2303388161-280020652-1000.db
O45 - LFCP:[MD5.BBE9C683950AB4095875DD54FDE0B85E] - 04/02/2012 - 22:52:58 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
O45 - LFCP:[MD5.BC2D6BFB299CA8361D74A42225430304] - 04/02/2012 - 22:52:58 ---A- - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf
O45 - LFCP:[MD5.DF74E0374846C36C9EEF72538703C867] - 04/02/2012 - 22:54:29 ---A- - C:\Windows\Prefetch\AVASTUI.EXE-6398125B.pf
O45 - LFCP:[MD5.38BE2F46DC8FC1ED1A1E6B46AF72BFFB] - 04/02/2012 - 22:58:16 ---A- - C:\Windows\Prefetch\CHROME.EXE-5CE23033.pf
O45 - LFCP:[MD5.540D34FE169D422AABF1E7E4A6D128F9] - 04/02/2012 - 23:01:06 ---A- - C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf
O45 - LFCP:[MD5.B15F4D6063694B470E4F95D42D8DBDE3] - 04/02/2012 - 23:03:34 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-BF41066B.pf
O45 - LFCP:[MD5.DB65889735D482352A149C3571024BB5] - 04/02/2012 - 23:19:01 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-1070971C.pf
O45 - LFCP:[MD5.AD66993C81B13FCF855A29A3E69194B5] - 04/02/2012 - 23:26:48 ---A- - C:\Windows\Prefetch\ACRORD32INFO.EXE-1C0557AA.pf
O45 - LFCP:[MD5.D421189060ADA2098AF31081A1C7FF05] - 04/02/2012 - 23:56:28 ---A- - C:\Windows\Prefetch\WINRAR.EXE-94E7D80C.pf
O45 - LFCP:[MD5.C547E60352C6A525BF3C0AB6CEBC71D3] - 04/02/2012 - 23:57:07 ---A- - C:\Windows\Prefetch\WMPSHARE.EXE-90B956F1.pf
O45 - LFCP:[MD5.9AB896AA89974973737D0CA86A8B09B1] - 04/02/2012 - 23:57:11 ---A- - C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf
O45 - LFCP:[MD5.51F3B5D100A37B1AA24941A59508E001] - 05/02/2012 - 23:05:09 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
O45 - LFCP:[MD5.1DBA0516B114CB4E254D90D15864F819] - 05/02/2012 - 23:05:09 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
O45 - LFCP:[MD5.13847BF3EDBF0F93CB1276BDD53C495F] - 05/02/2012 - 23:06:56 ---A- - C:\Windows\Prefetch\REG.EXE-E7E8BD26.pf
O45 - LFCP:[MD5.B5861E8EAA5CD5D900E9E08EE8A1F8FF] - 05/02/2012 - 23:07:19 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
O45 - LFCP:[MD5.1231643E6AE51A60607D02050091C724] - 05/02/2012 - 23:08:15 ---A- - C:\Windows\Prefetch\WINWORD.EXE-C91725A1.pf
O45 - LFCP:[MD5.0EFB4A6B4961514C165E4CBAA195588D] - 05/02/2012 - 23:09:15 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.1C72CDB97B68155D49DC89AD9EE45C2D] - 05/02/2012 - 23:09:15 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.BF8CC7B4515AA588901772ED2D53CCE5] - 05/02/2012 - 23:09:15 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.87DE3F3B038610A08AAF5AE5B9D353A6] - 05/02/2012 - 23:09:15 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.1E1172C41CA929F6375C49F70E7B02BE] - 05/02/2012 - 23:09:48 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
O45 - LFCP:[MD5.DB39BF69FE563FFEA332E3CFF42661BF] - 05/02/2012 - 23:10:00 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B5050E1E.pf
O45 - LFCP:[MD5.C0B0F800A329CCB1A91EBD459A073CE3] - 05/02/2012 - 23:10:10 ---A- - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
O45 - LFCP:[MD5.0D5B5FBF9655614F66D8022A831D2077] - 05/02/2012 - 23:10:56 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf
O45 - LFCP:[MD5.B86B553A1B30A677BDF90FCB4E7CE2B2] - 05/02/2012 - 23:11:12 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-7226D1F8.pf
O45 - LFCP:[MD5.63677E4E20E3BB8860867D3CA02E010D] - 05/02/2012 - 23:13:40 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
O45 - LFCP:[MD5.C5F6EFCC8F930220D8522CC8C51DEF3E] - 05/02/2012 - 23:13:43 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
O45 - LFCP:[MD5.FBD89F22006AFECC0329837DDAE9F2A8] - 05/02/2012 - 23:13:43 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
O45 - LFCP:[MD5.BF8052777A0E48F8CB1B7903E58FCFF2] - 05/02/2012 - 23:25:25 ---A- - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf
O45 - LFCP:[MD5.7F6CF13F7753829A93727D7E75B3E9DE] - 05/02/2012 - 23:25:30 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf
O45 - LFCP:[MD5.7F9181AF8F19D5330D3C780379C364FA] - 05/02/2012 - 23:25:33 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
O45 - LFCP:[MD5.4A98E491E8610DB9645A63C2A0365152] - 05/02/2012 - 23:26:09 ---A- - C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
O45 - LFCP:[MD5.A8C564C204152F15A952D309340AC52C] - 05/02/2012 - 23:26:30 ---A- - C:\Windows\Prefetch\S3LOADSV.SVC-950C7BEF.pf
O45 - LFCP:[MD5.9DC3A506BAE60794DE539BDF6BC976B5] - 05/02/2012 - 23:26:31 ---A- - C:\Windows\Prefetch\S3FUNKEY.SVC-1075E5D4.pf
O45 - LFCP:[MD5.227EBC26C44D11D06F047C4566C1A166] - 05/02/2012 - 23:26:43 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf
O45 - LFCP:[MD5.079F1F77D6C64368D9FF0221465379E6] - 16/01/2012 - 07:25:04 ---A- - C:\Windows\Prefetch\SILVERLIGHT.CONFIGURATION.EXE-0E511FF1.pf
O45 - LFCP:[MD5.DA27650D78AC328C3C08BF3EC543E22D] - 16/01/2012 - 09:05:52 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf
O45 - LFCP:[MD5.4D457DEA3E44DE2766FF33307928A020] - 16/01/2012 - 09:06:00 ---A- - C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf
O45 - LFCP:[MD5.8F2B7FBB47A5E187B05C289F70569907] - 18/01/2012 - 08:48:42 ---A- - C:\Windows\Prefetch\WINZIP32.EXE-C4F1E224.pf
O45 - LFCP:[MD5.2B46C4E8039E7DFB1C6E676FD012A574] - 18/01/2012 - 09:33:30 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-9E77C4DD.pf
O45 - LFCP:[MD5.A70FA1ACF88F1AC861F1BFDCE1A35C3A] - 19/01/2012 - 18:10:27 ---A- - C:\Windows\Prefetch\SF.BIN-95344F7B.pf
O45 - LFCP:[MD5.1270ECDE89131D644E01581B1F9C1DFE] - 19/01/2012 - 18:46:16 ---A- - C:\Windows\Prefetch\SOUNDRECORDER.EXE-9865DC1B.pf
O45 - LFCP:[MD5.BEF2BC2379A501889B8AB121DF9329CF] - 19/01/2012 - 18:48:06 ---A- - C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
O45 - LFCP:[MD5.8A4AAF2E43959FFA0AD20DC4A52C31F3] - 19/01/2012 - 18:48:16 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-98A1AB93.pf
O45 - LFCP:[MD5.710FC8E9142FEBE2FDA286856570DD99] - 23/01/2012 - 07:02:36 ---A- - C:\Windows\Prefetch\SF.BIN-5D4F91EF.pf
O45 - LFCP:[MD5.B480A15CD3591DEE5FEAF800FEEB654C] - 23/01/2012 - 07:42:06 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F8247785.pf
O45 - LFCP:[MD5.DD7A3D8E1B09101497ECA2DB8AC4A052] - 23/01/2012 - 11:26:00 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D476F14D.pf
O45 - LFCP:[MD5.1EAA3E7A586060AC4B8C8F6B118CA837] - 24/01/2012 - 09:56:10 ---A- - C:\Windows\Prefetch\SF.BIN-20F37369.pf
O45 - LFCP:[MD5.10F9184856E2EDB98BE821FF6931D7F3] - 25/01/2012 - 18:01:55 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-AE64D343.pf
O45 - LFCP:[MD5.74706D95EC5228CED1C8CE8D243D22DA] - 25/01/2012 - 18:15:17 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-CE87A2CB.pf
O45 - LFCP:[MD5.32FD45B8CC63D13005C647DD8152C49D] - 25/01/2012 - 18:15:19 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-B3BB4F66.pf
O45 - LFCP:[MD5.CCE9F470F50C5BB24A202983E933693E] - 25/01/2012 - 18:15:20 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-B884EADC.pf
O45 - LFCP:[MD5.3D5004D60A7C4DF5FF48D48C3E52641B] - 25/01/2012 - 18:15:21 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-7B33014B.pf
O45 - LFCP:[MD5.2480B4FA34CB17249B6E2668F50403FA] - 25/01/2012 - 18:15:21 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-9F8B10AE.pf
O45 - LFCP:[MD5.97BDF02C1CF163F20010840B457970FA] - 25/01/2012 - 18:15:22 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-66A660F3.pf
O45 - LFCP:[MD5.B8DCE0B088D4406A0182BEEB0A32FD21] - 25/01/2012 - 18:15:24 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-490823AF.pf
O45 - LFCP:[MD5.02F1C3019395AA0B72F38375B4C0C05C] - 25/01/2012 - 18:15:46 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D77064F0.pf
O45 - LFCP:[MD5.A37CB7ECF2AA67BCE0B489A70CFA44F3] - 25/01/2012 - 18:15:50 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-ADCDFF5B.pf
O45 - LFCP:[MD5.CEC00A80C9908780014EC6F4845C4131] - 25/01/2012 - 18:15:52 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-7B20AA83.pf
O45 - LFCP:[MD5.109E511048F1AD48946CFFD2958F391D] - 25/01/2012 - 18:15:54 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-CC198D20.pf
O45 - LFCP:[MD5.4092275B3BCF44D505B545F422B1A3CD] - 25/01/2012 - 18:16:00 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-9F5D8018.pf
O45 - LFCP:[MD5.E79A20DE067985C49F810013460E760E] - 25/01/2012 - 18:16:06 ---A- - C:\Windows\Prefetch\HD-AGENT.EXE-2FDE746B.pf
O45 - LFCP:[MD5.C91B9EC5E0BA5F06E2BBCBF3FDE64A22] - 25/01/2012 - 18:16:09 ---A- - C:\Windows\Prefetch\HD-SERVICE.EXE-0A5B1B8D.pf
O45 - LFCP:[MD5.7B36CECB7F933AD01BBB4EB342997B1C] - 25/01/2012 - 18:16:11 ---A- - C:\Windows\Prefetch\HD-BLOCKDEVICE.EXE-45FF6CDF.pf
O45 - LFCP:[MD5.7D572CB602516A31312B5F9CA9693409] - 25/01/2012 - 18:16:13 ---A- - C:\Windows\Prefetch\HD-NETWORK.EXE-9B4EE6CA.pf
O45 - LFCP:[MD5.18C6FC996A7C599355B6D2CD5FC4D10F] - 25/01/2012 - 18:25:07 ---A- - C:\Windows\Prefetch\UNZIP.EXE-C84A41F1.pf
O45 - LFCP:[MD5.22BF67774708DD6FB264DD0DD887880E] - 25/01/2012 - 18:25:36 ---A- - C:\Windows\Prefetch\HD-FRONTEND.EXE-F4FA1040.pf
O45 - LFCP:[MD5.64E5A90D5D1D838DC1812B719165178C] - 25/01/2012 - 18:27:17 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-FBF4DE32.pf
O45 - LFCP:[MD5.E59A7AC260B894931D156C8E1B7AEA8D] - 25/01/2012 - 18:27:19 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-55C3C914.pf
O45 - LFCP:[MD5.791484EAC8ED3F067C25F9C506D58CFD] - 25/01/2012 - 18:27:22 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-EA48C804.pf
O45 - LFCP:[MD5.D9BA1D3E8619928EF0EB065C1AE8D79A] - 25/01/2012 - 18:27:23 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F8F66BFB.pf
O45 - LFCP:[MD5.33A6905A472C60EDEBC956B5663A227B] - 25/01/2012 - 18:27:25 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-1CE458A3.pf
O45 - LFCP:[MD5.4A8FE9F42557E1FA68AA6FD17425E708] - 25/01/2012 - 18:27:26 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-BF2B422E.pf
O45 - LFCP:[MD5.C72AD9A5BE942CD3642C22F1C5559EA2] - 25/01/2012 - 18:27:26 ---A- - C:\Windows\Prefetch\SC.EXE-945D79AE.pf
O45 - LFCP:[MD5.E301E68AA0E3DDE325E77DA1D26084CA] - 25/01/2012 - 18:27:33 ---A- - C:\Windows\Prefetch\NGEN.EXE-3CFD6908.pf
O45 - LFCP:[MD5.098C1F9915FA828C0DFEA0295E8AA0F9] - 26/01/2012 - 18:26:28 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf
O45 - LFCP:[MD5.F2621C645952D457CF77EE1C2A4D556A] - 26/01/2012 - 23:03:35 ---A- - C:\Windows\Prefetch\SF.BIN-E99F1673.pf
O45 - LFCP:[MD5.9CD65F4A8910F0464E701FDA5E746E6F] - 29/01/2012 - 15:42:37 ---A- - C:\Windows\Prefetch\JP2LAUNCHER.EXE-7C1F11C1.pf
O45 - LFCP:[MD5.F321488617B18FFF43C1A5AFF5957447] - 29/01/2012 - 22:53:12 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx
O45 - LFCP:[MD5.AEE3A39918665460D36A459856703D42] - 29/01/2012 - 22:54:12 ---A- - C:\Windows\Prefetch\AgCx_SC1.db
O45 - LFCP:[MD5.714472DDCD63EA02E51520F67613920C] - 30/01/2012 - 11:39:59 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf
O45 - LFCP:[MD5.666A48F2B9D0DEF42C2CCD766B58E485] - 30/01/2012 - 14:45:38 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.481F7AC845D63B19E114B0EA9AFF19CC] - 30/01/2012 - 14:56:57 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-6EB01457.pf
O45 - LFCP:[MD5.47A7ACD62C5CB66DA4B0D16E6C2BA7F9] - 30/01/2012 - 15:10:26 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D2DE1108.pf
O45 - LFCP:[MD5.0BCE37D5C3AD8CC350B6A5602DE086A8] - 30/01/2012 - 16:42:13 ---A- - C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf
O45 - LFCP:[MD5.7149277DDEE494C98E1E56D66E96A076] - 30/01/2012 - 16:58:14 ---A- - C:\Windows\Prefetch\DINOTIFY.EXE-35A869D6.pf
O45 - LFCP:[MD5.CCDAF798B08AA7B1F616F1595A10C32F] - 30/01/2012 - 17:39:13 ---A- - C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-17410B90.pf
O45 - LFCP:[MD5.5FF75B15CEE747EE78884C2B368D8110] - 31/01/2012 - 09:36:42 ---A- - C:\Windows\Prefetch\JUSCHED.EXE-D10FBD13.pf
O45 - LFCP:[MD5.9ABE32350B97B9907E483FBCADF033B0] - 31/01/2012 - 09:36:42 ---A- - C:\Windows\Prefetch\MBAMGUI.EXE-4FE652ED.pf
O45 - LFCP:[MD5.3F5517D49D3466E237D527E8E5A50872] - 31/01/2012 - 11:58:55 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf
O45 - LFCP:[MD5.E53021CFE42986B9CCD755BB6CE411E7] - 31/01/2012 - 12:50:33 ---A- - C:\Windows\Prefetch\MPLAYERC.EXE-9E5CA335.pf
O45 - LFCP:[MD5.507CFB7A7CD0DEA9776A70C10C943261] - 31/01/2012 - 13:06:00 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-6249C3D8.pf
~ Scan Prefetcher in 00mn 00s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Orbitdownloader\orbitdm.exe" [Enabled] .(.Orbitdownloader.com - Orbit Downloader.) -- C:\Program Files\Orbitdownloader\orbitdm.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orbitdownloader\orbitnet.exe" [Enabled] .(.Orbitdownloader.com - P2P service of Orbit Downloader.) -- C:\Program Files\Orbitdownloader\orbitnet.exe
~ Scan Keys in 00mn 00s



---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ Scan Keys in 00mn 00s



---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51) (None)

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.i420"="i420vfw.dll" . (.www.helixcommunity.org - Helix I420 YUV Codec.) -- C:\Windows\System32\i420vfw.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"VIDC.DIVX"="DivX.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\System32\divx.dll
O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (...) -- C:\Windows\System32\xvidvfw.dll
O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\Windows\System32\yv12vfw.dll
O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\lameACM.acm
O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (...) -- C:\Windows\System32\ff_vfw.dll
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"msacm.msg723"="msg723.acm" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"msacm.msaudio1"="msaud32.acm" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"msacm.voxacm160"="vct3216.acm" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\Windows\System32\ir50_32.dll
O52 - TDSD: \Drivers32\"vidc.mp42"="MPG4C32.dll" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Intel® Corporation - No comment.) -- C:\Windows\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Intel® Corporation - No comment.) -- C:\Windows\System32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\Windows\System32\ir41_32.ax
O52 - TDSD: \Drivers32\"vidc.M263"="msh263.drv" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"vidc.M261"="msh261.drv" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"vidc.VP70"="vp7vfw.dll" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp7vfw.dll
O52 - TDSD: \Drivers32\"vidc.X264"="x264vfw.dll" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"vidc.VP60"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
O52 - TDSD: \Drivers32\"vidc.VP61"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
O52 - TDSD: \Drivers32\"vidc.VP62"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
O52 - TDSD: \Drivers32\"VIDC.WMV3"="wmv9vcm.dll" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"VIDC.VP40"="vp4vfw.dll" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"VIDC.FPS1"="frapsvid.dll" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"VIDC.DRAW"="DVIDEO.DLL" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"VIDC.MSUD"="msulvc05.dll" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\\Windows\\system32\\iac25_32.ax" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"vidc.LAGS"="lagarith.dll" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"vidc.CSCD"="camcodec.dll" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"vidc.IPJ2"="jp2avi.dll" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"VIDC.FMVC"="fmcodec.dll" . (.Fox Magic Software - FM Screen Capture Codec (VFW).) -- C:\Windows\System32\fmcodec.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"divx.dll"="DivX 6.8.4" . (...) -- (.not file.)
O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec v1.2-dev" . (...) -- (.not file.)
O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.98" . (...) -- (.not file.)
O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm
O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (...) -- C:\Windows\System32\ff_vfw.dll
~ Scan Keys in 00mn 00s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O53 - SMSR:HKLM\...\startupreg\AlcoholAutomount [Key] . (.Alcohol Soft Development Team - Alcohol Virual Drive Auto-mount Service.) -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (.Google Inc. - Google Installer.) -- C:\Users\Dario Jr\AppData\Local\Google\Update\GoogleUpdate.exe
O53 - SMSR:HKLM\...\startupreg\ITSecMng [Key] . (.TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
~ Scan SMSR Keys in 00mn 00s



---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0
O55 - MWPS:[HKCU\...\Policies\System] - "disableregistrytools"=0
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0
~ Scan Keys in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]
O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]
O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]
O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [79952]
O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]
O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [23616]
O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]
O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]
O58 - SDL:[MD5.054DF24C92B55427E0757CFFF160E4F2] - 28/11/2011 - 14:51:50 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20568]
O58 - SDL:[MD5.258143605E77E4008F1758481D6A977D] - 28/11/2011 - 14:52:07 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [55128]
O58 - SDL:[MD5.352D5A48EBAB35A7693B048679304831] - 28/11/2011 - 14:52:19 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [34392]
O58 - SDL:[MD5.8D34D2B24297E27D93E847319ABFDEC4] - 28/11/2011 - 14:53:53 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\system32\drivers\aswSnx.sys [435032]
O58 - SDL:[MD5.010012597333DA1F46C3243F33F8409E] - 28/11/2011 - 14:53:35 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [314456]
O58 - SDL:[MD5.F9F84364416658E9786235904D448D37] - 28/11/2011 - 14:52:16 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [52952]
O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]
O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]
O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]
O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]
O58 - SDL:[MD5.98149DB90FB1425E904E9724F4FDE9C5] - 21/12/2011 - 15:32:06 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\system32\drivers\gbpkm.sys [45896]
O58 - SDL:[MD5.C4A2EC41DFB9619FA3B792EA1E7A4B46] - 01/02/2012 - 12:08:58 ---A- . (.GAS Tecnologia - GbPlugin NDIS Device Driver.) -- C:\Windows\system32\drivers\gbpndisrd.sys [42192]
O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 18/05/2009 - 13:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys [26600]
O58 - SDL:[MD5.007AEA2E06E7CEF7372E40C277163959] - 17/10/2011 - 14:20:33 ---A- . (.Sony Ericsson Mobile Communications - SEMC USB Flash Driver Filter.) -- C:\Windows\system32\drivers\ggflt.sys [13224]
O58 - SDL:[MD5.C73DE35960CA75C5AB4AE636B127C64E] - 17/10/2011 - 14:20:33 ---A- . (.Sony Ericsson Mobile Communications - SEMC USB Flash Driver.) -- C:\Windows\system32\drivers\ggsemc.sys [25512]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.48ED16C0C98C950843E673EEEE02AC94] - 18/05/2010 - 10:25:52 ---A- . (.Paragon Software Group - A part of Paragon System Utilities.) -- C:\Windows\system32\drivers\hotcore3.sys [40560]
O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]
O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 13/07/2009 - 22:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332352]
O58 - SDL:[MD5.C7FEE838FD0216EE0AD3D765AB4F40F4] - 13/08/2009 - 14:48:00 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd32.sys [5946368]
O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]
O58 - SDL:[MD5.3E59DF4984FBD6800D6621480B38A34E] - 07/12/2010 - 13:22:58 ---A- . (.LG Electronics Inc. - LGE Android Platform Driver.) -- C:\Windows\system32\drivers\lgandbus.sys [14336]
O58 - SDL:[MD5.8E0BF6F3B2C9C292BC7CE0DE727CDD56] - 07/12/2010 - 13:23:00 ---A- . (.LG Electronics Inc. - LGE Android Platform Driver.) -- C:\Windows\system32\drivers\lganddiag.sys [20736]
O58 - SDL:[MD5.1D2C90E25483363D54B652898BBC8F2A] - 07/12/2010 - 13:23:00 ---A- . (.LG Electronics Inc. - LGE Android Platform Driver.) -- C:\Windows\system32\drivers\lgandgps.sys [20096]
O58 - SDL:[MD5.B1B06A95DA2CAC7FA19832C60C348C85] - 07/12/2010 - 13:23:00 ---A- . (.LG Electronics Inc. - LGE Android Platform Driver.) -- C:\Windows\system32\drivers\lgandmodem.sys [25088]
O58 - SDL:[MD5.1D038CA6C529203087A990E5E97887B4] - 29/09/2009 - 07:11:20 ---A- . (.LG Electronics Inc. - LG BT Bus Enumerator.) -- C:\Windows\system32\drivers\lgbtbus.sys [10496]
O58 - SDL:[MD5.4DD47B5AF0B24871EBB9EFC012A7474E] - 29/09/2009 - 07:11:22 ---A- . (.LG Electronics Inc. - LG Bluetooth Transport Driver.) -- C:\Windows\system32\drivers\lgbtport.sys [12160]
O58 - SDL:[MD5.26F1976A330195D62A6224C76968CF0D] - 29/09/2009 - 07:11:20 ---A- . (.LG Electronics Inc. - LG Virtual Modem Driver.) -- C:\Windows\system32\drivers\lgvmodem.sys [12928]
O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]
O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]
O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]
O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]
O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 14:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464]
O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]
O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]
O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]
O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117312]
O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [142416]
O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]
O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064]
O58 - SDL:[MD5.7DFD48E24479B68B258D8770121155A0] - 13/07/2009 - 19:02:52 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\Windows\system32\drivers\Rt86win7.sys [139776]
O58 - SDL:[MD5.2E06052066CE4489CDFBFB8329EA52B1] - 09/09/2008 - 17:06:44 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys [2167128]
O58 - SDL:[MD5.5139A6C37C2D854E7B0EE6FA1F93CCDA] - 18/03/2008 - 17:02:18 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL8187B NDIS Driver.) -- C:\Windows\system32\drivers\RTL8187B.SYS [292864]
O58 - SDL:[MD5.434DCF7AE4300C876AA40873E3113983] - 04/06/2009 - 16:45:48 ---A- . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/Vista/Windows 7.) -- C:\Windows\system32\drivers\RtsUStor.sys [166912]
O58 - SDL:[MD5.1C5C2CB892553D2CF3F45A4BB323FCD6] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 Driver.) -- C:\Windows\system32\drivers\s1018bus.sys [86824]
O58 - SDL:[MD5.2AB45CEDAA214125501A0C7F91E105A4] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s1018cm.sys [12200]
O58 - SDL:[MD5.2AB45CEDAA214125501A0C7F91E105A4] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s1018cmnt.sys [12200]
O58 - SDL:[MD5.130A3049E2A66AF0877DA7E9B18DDE90] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Ericsson Mobile Platform S1018 USB WMC Extended Ethernet (WDM c.) -- C:\Windows\system32\drivers\s1018cr.sys [10792]
O58 - SDL:[MD5.38F5EA219593F19B6B3A1B9C169E3B61] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 USB WMC Modem Filter Driver.) -- C:\Windows\system32\drivers\s1018mdfl.sys [15016]
O58 - SDL:[MD5.666AF6B64FC7DF92D3CA4819EA91631D] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 USB WMC Modem WDM Driver.) -- C:\Windows\system32\drivers\s1018mdm.sys [114728]
O58 - SDL:[MD5.F4CEDA6E2DDFF2AF8BD745615A7CA9C0] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 USB WMC Device Management Driver.) -- C:\Windows\system32\drivers\s1018mgmt.sys [106208]
O58 - SDL:[MD5.3622D9FF2253DCBE885B10736609A4CA] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Ericsson Mobile Platform S1018 USB WMC Extended Ethernet (NDIS.) -- C:\Windows\system32\drivers\s1018nd5.sys [26024]
O58 - SDL:[MD5.49431EFDA842B474531C29FFAE9F5D09] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 USB WMC OBEX Interface Device Driver.) -- C:\Windows\system32\drivers\s1018obex.sys [104744]
O58 - SDL:[MD5.AC6B514CB4474F4C867D7CDC9CD54F05] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 USB Ethernet Emulation.) -- C:\Windows\system32\drivers\s1018unic.sys [109864]
O58 - SDL:[MD5.5DD0D936FD9E503C96B9D41A284F815E] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s1018wh.sys [12200]
O58 - SDL:[MD5.5DD0D936FD9E503C96B9D41A284F815E] - 25/03/2009 - 16:48:00 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s1018whnt.sys [12200]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016]
O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888]
O58 - SDL:[MD5.19301C27F3425DC39F6C599F527E507D] - 13/07/2009 - 19:13:45 ---A- . (.Motorola Inc. - Motorola SM56 Modem WDM Driver.) -- C:\Windows\system32\drivers\smserial.sys [1068032]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 17/02/2010 - 00:00:00 ---A- . (...) -- C:\Windows\system32\drivers\sptd.sys [691696]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072]
O58 - SDL:[MD5.90AFA1A4451BBBEE87C9F18A665D8121] - 17/06/2009 - 10:59:46 ---A- . (.TOSHIBA Corporation - TOSHIBA Bluetooth Port Emulation Driver.) -- C:\Windows\system32\drivers\tosporte.sys [46984]
O58 - SDL:[MD5.B168B345FB7073930C31E0D8B85E8353] - 07/07/2009 - 20:38:34 ---A- . (.TOSHIBA CORPORATION - Bluetooth RF Bus Driver.) -- C:\Windows\system32\drivers\tosrfbd.sys [168936]
O58 - SDL:[MD5.74392BAB3F0D4810DA8436EC79D6955D] - 19/06/2009 - 08:56:48 ---A- . (.TOSHIBA Corporation - Bluetooth RFBNEP Driver.) -- C:\Windows\system32\drivers\tosrfbnp.sys [42472]
O58 - SDL:[MD5.1AD9EB1B5ABD0AEEE4084C8153476F1E] - 28/07/2009 - 19:01:26 ---A- . (.TOSHIBA Corporation - Bluetooth RFCOMM Driver.) -- C:\Windows\system32\drivers\tosrfcom.sys [69480]
O58 - SDL:[MD5.A72A3473180F378CC07D342803FFD580] - 19/06/2009 - 08:57:20 ---A- . (.TOSHIBA Corporation. - Bluetooth HID Driver from TOSHIBA.) -- C:\Windows\system32\drivers\Tosrfhid.sys [79872]
O58 - SDL:[MD5.B2A1A6538245FD69578224BBF2FD4677] - 24/07/2009 - 10:31:58 ---A- . (.TOSHIBA Corporation. - Bluetooth BNEP Driver.) -- C:\Windows\system32\drivers\tosrfnds.sys [21608]
O58 - SDL:[MD5.8B877E24550E7962DA820C8C354EC33A] - 27/07/2009 - 19:09:28 ---A- . (.TOSHIBA Corporation - Bluetooth Audio Driver (WDM).) -- C:\Windows\system32\drivers\TosRfSnd.sys [55680]
O58 - SDL:[MD5.97529D04178BF604C62C5BE4B8BB2129] - 28/07/2009 - 17:38:00 ---A- . (.TOSHIBA CORPORATION - Bluetooth USB Miniport Driver.) -- C:\Windows\system32\drivers\tosrfusb.sys [49016]
O58 - SDL:[MD5.DCC7FEA364B3798E52B61B749FE02246] - 06/07/2009 - 10:49:52 ---A- . (.First International Computer, Inc. - Utility Program Component.) -- C:\Windows\system32\drivers\UPCDRV.sys [10240]
O58 - SDL:[MD5.83CAFCB53201BBAC04D822F32438E244] - 10/05/2011 - 08:06:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\system32\drivers\usbaapl.sys [42496]
O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976]
O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904]
O58 - SDL:[MD5.3862318F85BE7A91957ADA5E814ED58C] - 27/11/2010 - 15:50:48 ---A- . (.ZTE Inc. - USB Modem/Serial Device Driver.) -- C:\Windows\system32\drivers\ZTEusbmdm6k.sys [105088]
O58 - SDL:[MD5.3862318F85BE7A91957ADA5E814ED58C] - 27/11/2010 - 15:50:48 ---A- . (.ZTE Inc. - USB Modem/Serial Device Driver.) -- C:\Windows\system32\drivers\ZTEusbnmea.sys [105088]
O58 - SDL:[MD5.3862318F85BE7A91957ADA5E814ED58C] - 27/11/2010 - 15:50:48 ---A- . (.ZTE Inc. - USB Modem/Serial Device Driver.) -- C:\Windows\system32\drivers\ZTEusbser6k.sys [105088]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]
O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 04/10/2010 - 20:59:32 ---A- . (...) -- C:\Windows\system32\StarOpen.sys [5632]
~ Scan Drivers in 00mn 02s



---\\ Last modified or created user files (O61)
O61 - LFC:Last File Created 02/02/2012 - 21:20:08 ---A- C:\Users\Dario Jr\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml [163]
O61 - LFC:Last File Created 03/02/2012 - 01:03:24 ---A- C:\Users\Dario Jr\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt00.sqm [7540]
O61 - LFC:Last File Created 03/02/2012 - 01:03:30 ---A- C:\Users\Dario Jr\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt01.sqm [284]
O61 - LFC:Last File Created 03/02/2012 - 02:57:27 ---A- C:\Users\All Users\Nero\Nero BackItUp 4\Cache\BIUD142.txt [918]
O61 - LFC:Last File Created 03/02/2012 - 02:57:27 ---A- C:\Users\Todos os Usuários\Nero\Nero BackItUp 4\Cache\BIUD142.txt [918]
O61 - LFC:Last File Created 03/02/2012 - 12:00:30 ---A- C:\Users\All Users\Nero\Nero BackItUp 4\Cache\BIUB318.txt [918]
O61 - LFC:Last File Created 03/02/2012 - 12:00:30 ---A- C:\Users\Todos os Usuários\Nero\Nero BackItUp 4\Cache\BIUB318.txt [918]
O61 - LFC:Last File Created 03/02/2012 - 12:34:44 ---A- C:\Users\Dario Jr\AppData\Roaming\Media Player Classic\default.mpcpl [99]
O61 - LFC:Last File Created 03/02/2012 - 14:14:09 ---A- C:\Users\Dario Jr\Music\iTunes\iTunes Library Extras.itdb [12288]
O61 - LFC:Last File Created 03/02/2012 - 14:17:02 ---A- C:\Users\Dario Jr\AppData\Local\Apple Computer\iTunes\Cache.db [57431040]
O61 - LFC:Last File Created 03/02/2012 - 14:20:55 ---A- C:\Users\Dario Jr\AppData\Local\Apple Computer\iTunes\iTunesPrefs.xml [989433]
O61 - LFC:Last File Created 03/02/2012 - 14:20:55 ---A- C:\Users\Dario Jr\AppData\Roaming\Apple Computer\iTunes\iTunesPrefs.xml [318644]
O61 - LFC:Last File Created 03/02/2012 - 14:20:55 ---A- C:\Users\Dario Jr\Music\iTunes\iTunes Library.itl [29931]
O61 - LFC:Last File Created 03/02/2012 - 14:20:56 ---A- C:\Users\Dario Jr\AppData\Roaming\Apple Computer\iTunes\Cookies\Cookies.plist [3877]
O61 - LFC:Last File Created 03/02/2012 - 15:33:53 ---A- C:\Users\Dario Jr\AppData\Roaming\Thunderbird\Profiles\vlh88yxg.default\cookies.sqlite [524288]
O61 - LFC:Last File Created 03/02/2012 - 15:47:44 ---A- C:\Users\All Users\Nero\Nero BackItUp 4\Cache\BIUE0CC.txt [918]
O61 - LFC:Last File Created 03/02/2012 - 15:47:44 ---A- C:\Users\Todos os Usuários\Nero\Nero BackItUp 4\Cache\BIUE0CC.txt [918]
O61 - LFC:Last File Created 03/02/2012 - 15:48:35 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001 [65536]
O61 - LFC:Last File Created 03/02/2012 - 15:48:35 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002 [65536]
O61 - LFC:Last File Created 03/02/2012 - 15:48:53 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001 [65536]
O61 - LFC:Last File Created 03/02/2012 - 15:48:53 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002 [65536]
O61 - LFC:Last File Created 03/02/2012 - 15:48:53 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\SETTINGS.DIA [4]
O61 - LFC:Last File Created 03/02/2012 - 15:48:57 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001 [65536]
O61 - LFC:Last File Created 03/02/2012 - 15:48:57 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002 [65536]
O61 - LFC:Last File Created 03/02/2012 - 15:58:07 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002 [65536]
O61 - LFC:Last File Created 03/02/2012 - 15:58:08 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001 [65536]
O61 - LFC:Last File Created 03/02/2012 - 15:58:12 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002 [65536]
O61 - LFC:Last File Created 03/02/2012 - 15:58:15 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.001 [65536]
O61 - LFC:Last File Created 03/02/2012 - 16:11:12 ---A- C:\Users\All Users\Nero\Nero BackItUp 4\Cache\BIU8AF0.txt [918]
O61 - LFC:Last File Created 03/02/2012 - 16:11:12 ---A- C:\Users\Todos os Usuários\Nero\Nero BackItUp 4\Cache\BIU8AF0.txt [918]
O61 - LFC:Last File Created 03/02/2012 - 16:12:21 ---A- C:\Users\Dario Jr\AppData\Local\temp\FXSAPIDebugLogFile.txt [0]
O61 - LFC:Last File Created 03/02/2012 - 20:52:43 ---A- C:\Users\Dario Jr\AppData\Local\temp\Uninst.bat [477]
O61 - LFC:Last File Created 03/02/2012 - 21:01:30 ---A- C:\Users\All Users\Nero\Nero BackItUp 4\Cache\BIUA89D.txt [918]
O61 - LFC:Last File Created 03/02/2012 - 21:01:30 ---A- C:\Users\Todos os Usuários\Nero\Nero BackItUp 4\Cache\BIUA89D.txt [918]
O61 - LFC:Last File Created 03/02/2012 - 21:05:20 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl [1778]
O61 - LFC:Last File Created 03/02/2012 - 21:09:42 ---A- C:\Users\All Users\Alwil Software\Avast5\report\FileSystemShield.txt [173573]
O61 - LFC:Last File Created 03/02/2012 - 21:09:42 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\report\FileSystemShield.txt [173573]
O61 - LFC:Last File Created 03/02/2012 - 21:10:31 ---A- C:\Users\Dario Jr\AppData\Local\temp\~DFAC0D6EDF8C531EC3.TMP [1536]
O61 - LFC:Last File Created 03/02/2012 - 22:34:43 ----- C:\Users\Dario Jr\AppData\Roaming\uTorrent\Tell me More 8 English DVD 1+2+3 Multilanguage.rar.torrent [20538]
O61 - LFC:Last File Created 03/02/2012 - 22:34:57 ----- C:\Users\Dario Jr\AppData\Roaming\uTorrent\Tell Me More Advance.iso.torrent [17533]
O61 - LFC:Last File Created 03/02/2012 - 22:55:06 ---A- C:\Users\Dario Jr\AppData\Roaming\PrimoPDF\PrimoSet.xml [1580]
O61 - LFC:Last File Created 03/02/2012 - 22:58:54 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr [5326]
O61 - LFC:Last File Created 04/02/2012 - 00:00:11 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Last Tabs [54012]
O61 - LFC:Last File Created 04/02/2012 - 00:00:12 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Last Session [63702]
O61 - LFC:Last File Created 04/02/2012 - 00:00:12 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1 [270336]
O61 - LFC:Last File Created 04/02/2012 - 00:02:36 ---A- C:\Users\All Users\Alwil Software\Avast5\FileInfo.db [69632]
O61 - LFC:Last File Created 04/02/2012 - 00:02:36 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\FileInfo.db [69632]
O61 - LFC:Last File Created 04/02/2012 - 00:03:34 ---A- C:\Users\Dario Jr\AppData\Roaming\uTorrent\resume.dat.old [93444]
O61 - LFC:Last File Created 04/02/2012 - 00:03:53 ---A- C:\Users\Dario Jr\AppData\Roaming\uTorrent\dht.dat [3650]
O61 - LFC:Last File Created 04/02/2012 - 00:03:53 ---A- C:\Users\Dario Jr\AppData\Roaming\uTorrent\resume.dat [92698]
O61 - LFC:Last File Created 04/02/2012 - 00:03:53 ---A- C:\Users\Dario Jr\AppData\Roaming\uTorrent\rss.dat [99]
O61 - LFC:Last File Created 04/02/2012 - 00:03:53 ---A- C:\Users\Dario Jr\AppData\Roaming\uTorrent\settings.dat [10757]
O61 - LFC:Last File Created 04/02/2012 - 00:05:54 ---A- C:\Users\All Users\Alwil Software\Avast5\Log.db [60416]
O61 - LFC:Last File Created 04/02/2012 - 00:05:54 ---A- C:\Users\All Users\Alwil Software\Avast5\log\AshWebSv.ws.ori [1343]
O61 - LFC:Last File Created 04/02/2012 - 00:05:54 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\Log.db [60416]
O61 - LFC:Last File Created 04/02/2012 - 00:05:54 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\log\AshWebSv.ws.ori [1343]
O61 - LFC:Last File Created 04/02/2012 - 00:05:54 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid [65536]
O61 - LFC:Last File Created 04/02/2012 - 00:06:02 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci [294912]
O61 - LFC:Last File Created 04/02/2012 - 00:06:02 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir [4096]
O61 - LFC:Last File Created 04/02/2012 - 15:03:08 ---A- C:\Users\All Users\Alwil Software\Avast5\snx_lconfig.xml [446]
O61 - LFC:Last File Created 04/02/2012 - 15:03:08 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\snx_lconfig.xml [446]
O61 - LFC:Last File Created 04/02/2012 - 15:04:03 ---A- C:\Users\All Users\Alwil Software\Avast5\report\EmailShield.txt [173592]
O61 - LFC:Last File Created 04/02/2012 - 15:04:03 ---A- C:\Users\All Users\Alwil Software\Avast5\report\IMShield.txt [173592]
O61 - LFC:Last File Created 04/02/2012 - 15:04:03 ---A- C:\Users\All Users\Alwil Software\Avast5\report\NetworkShield.txt [173592]
O61 - LFC:Last File Created 04/02/2012 - 15:04:03 ---A- C:\Users\All Users\Alwil Software\Avast5\report\P2PShield.txt [173592]
O61 - LFC:Last File Created 04/02/2012 - 15:04:03 ---A- C:\Users\All Users\Alwil Software\Avast5\report\ScriptShield.txt [27937]
O61 - LFC:Last File Created 04/02/2012 - 15:04:03 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\report\EmailShield.txt [173592]
O61 - LFC:Last File Created 04/02/2012 - 15:04:03 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\report\IMShield.txt [173592]
O61 - LFC:Last File Created 04/02/2012 - 15:04:03 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\report\NetworkShield.txt [173592]
O61 - LFC:Last File Created 04/02/2012 - 15:04:03 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\report\P2PShield.txt [173592]
O61 - LFC:Last File Created 04/02/2012 - 15:04:03 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\report\ScriptShield.txt [27937]
O61 - LFC:Last File Created 04/02/2012 - 15:04:04 ---A- C:\Users\All Users\Alwil Software\Avast5\log\AshWebSv.ws [0]
O61 - LFC:Last File Created 04/02/2012 - 15:04:04 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\log\AshWebSv.ws [0]
O61 - LFC:Last File Created 04/02/2012 - 15:04:05 ---A- C:\Users\All Users\Alwil Software\Avast5\report\WebShield.txt [175611]
O61 - LFC:Last File Created 04/02/2012 - 15:04:05 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\report\WebShield.txt [175611]
O61 - LFC:Last File Created 04/02/2012 - 15:05:05 ---A- C:\Users\All Users\Nero\Nero BackItUp 4\Cache\BIUE81C.txt [918]
O61 - LFC:Last File Created 04/02/2012 - 15:05:05 ---A- C:\Users\Todos os Usuários\Nero\Nero BackItUp 4\Cache\BIUE81C.txt [918]
O61 - LFC:Last File Created 04/02/2012 - 15:05:38 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs [1048576]
O61 - LFC:Last File Created 04/02/2012 - 15:05:38 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs [1048576]
O61 - LFC:Last File Created 04/02/2012 - 15:05:51 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\MSS.chk [8192]
O61 - LFC:Last File Created 04/02/2012 - 15:07:06 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid [65536]
O61 - LFC:Last File Created 04/02/2012 - 15:07:07 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.dir [16384]
O61 - LFC:Last File Created 04/02/2012 - 15:07:08 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci [2519040]
O61 - LFC:Last File Created 04/02/2012 - 15:07:09 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid [65536]
O61 - LFC:Last File Created 04/02/2012 - 15:07:11 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.Crwl [1374]
O61 - LFC:Last File Created 04/02/2012 - 15:07:11 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci [20480]
O61 - LFC:Last File Created 04/02/2012 - 15:07:11 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir [4096]
O61 - LFC:Last File Created 04/02/2012 - 22:33:16 ---A- C:\Users\Dario Jr\AppData\Local\Toshiba\BluetoothStack\V1.0\SDP00062.sdb [4012]
O61 - LFC:Last File Created 04/02/2012 - 22:33:52 ---A- C:\Users\All Users\TOSHIBA\C11DACE4-A272-487e-83EB-32BF198C5E5D\dat0.bin [12780]
O61 - LFC:Last File Created 04/02/2012 - 22:33:52 ---A- C:\Users\Todos os Usuários\TOSHIBA\C11DACE4-A272-487e-83EB-32BF198C5E5D\dat0.bin [12780]
O61 - LFC:Last File Created 04/02/2012 - 22:34:48 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid [65536]
O61 - LFC:Last File Created 04/02/2012 - 22:34:49 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci [2318336]
O61 - LFC:Last File Created 04/02/2012 - 22:34:49 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir [12288]
O61 - LFC:Last File Created 04/02/2012 - 22:38:12 ---A- C:\Users\Todos os Usuários\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf [1462272]
O61 - LFC:Last File Created 04/02/2012 - 22:38:12 ---A- C:\Users\Todos os Usuários\Microsoft\RAC\StateData\RacDatabase.sdf [544768]
O61 - LFC:Last File Created 04/02/2012 - 22:38:12 ---A- C:\Users\Todos os Usuários\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat [16412]
O61 - LFC:Last File Created 04/02/2012 - 22:38:12 ---A- C:\Users\Todos os Usuários\Microsoft\RAC\StateData\RacWmiEventData.dat [16777244]
O61 - LFC:Last File Created 04/02/2012 - 22:52:58 ---A- C:\Users\All Users\Alwil Software\Avast5\report\BehaviorShield.txt [293133]
O61 - LFC:Last File Created 04/02/2012 - 22:52:58 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\report\BehaviorShield.txt [293133]
O61 - LFC:Last File Created 04/02/2012 - 22:53:22 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.2.gthr [19544]
O61 - LFC:Last File Created 04/02/2012 - 22:54:20 ---A- C:\Users\Dario Jr\AppData\Local\temp\~DF0E35276E3FF673E3.TMP [1536]
O61 - LFC:Last File Created 04/02/2012 - 22:54:30 ---A- C:\Users\Dario Jr\AppData\Local\temp\amline_data.xml [39155]
O61 - LFC:Last File Created 04/02/2012 - 22:54:30 ---A- C:\Users\Dario Jr\AppData\Local\temp\amline_settings.xml [2007]
O61 - LFC:Last File Created 04/02/2012 - 22:56:16 ---A- C:\Users\Todos os Usuários\Microsoft\Windows Defender\LocalCopy\{C7F40E5B-534E-4078-BCED-9DCAA00B95E6}-ToolbarShooter.exe [227328]
O61 - LFC:Last File Created 04/02/2012 - 22:57:42 ---A- C:\Users\Todos os Usuários\Microsoft\Windows Defender\LocalCopy\{AE35E6B2-9925-45B8-8D0D-063248B509EC}-ToolbarShooter.exe [227328]
O61 - LFC:Last File Created 04/02/2012 - 22:58:18 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Top Sites [20480]
O61 - LFC:Last File Created 04/02/2012 - 22:58:18 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Web Data [73728]
O61 - LFC:Last File Created 04/02/2012 - 22:58:20 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001 [26722]
O61 - LFC:Last File Created 04/02/2012 - 22:58:21 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002 [119896]
O61 - LFC:Last File Created 04/02/2012 - 22:58:23 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Current Tabs [7374]
O61 - LFC:Last File Created 04/02/2012 - 22:58:23 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache [11]
O61 - LFC:Last File Created 04/02/2012 - 22:58:23 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Local State [12822]
O61 - LFC:Last File Created 04/02/2012 - 22:58:24 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Current Session [7475]
O61 - LFC:Last File Created 04/02/2012 - 22:58:24 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Favicons [26624]
O61 - LFC:Last File Created 04/02/2012 - 22:58:24 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\History [86016]
O61 - LFC:Last File Created 04/02/2012 - 22:58:24 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-02 [36864]
O61 - LFC:Last File Created 04/02/2012 - 22:58:25 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 [45056]
O61 - LFC:Last File Created 04/02/2012 - 22:58:25 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 [270336]
O61 - LFC:Last File Created 04/02/2012 - 22:58:25 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 [1056768]
O61 - LFC:Last File Created 04/02/2012 - 22:58:25 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 [4202496]
O61 - LFC:Last File Created 04/02/2012 - 22:58:25 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Cookies [47104]
O61 - LFC:Last File Created 04/02/2012 - 22:58:25 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Preferences [26508]
O61 - LFC:Last File Created 04/02/2012 - 22:58:25 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Visited Links [131072]
O61 - LFC:Last File Created 04/02/2012 - 22:58:25 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC:Last File Created 04/02/2012 - 22:59:17 ---A- C:\Users\Todos os Usuários\Microsoft\Windows Defender\Scans\History\Results\Resource\{78165D70-961D-4DBD-8A3B-59C12EA1931A} [8462]
O61 - LFC:Last File Created 04/02/2012 - 22:59:32 ---A- C:\Users\Todos os Usuários\Microsoft\Windows Defender\Scans\History\Results\Resource\{50C3215D-D079-45B5-A053-E3F9891461DC} [8462]
O61 - LFC:Last File Created 04/02/2012 - 22:59:32 ---A- C:\Users\Todos os Usuários\Microsoft\Windows Defender\Scans\History\Service\History.Log [78]
O61 - LFC:Last File Created 04/02/2012 - 23:00:29 ---A- C:\Users\Dario Jr\AppData\Roaming\uTorrent\dht.dat.old [2896]
O61 - LFC:Last File Created 04/02/2012 - 23:00:29 ---A- C:\Users\Dario Jr\AppData\Roaming\uTorrent\rss.dat.old [99]
O61 - LFC:Last File Created 04/02/2012 - 23:19:41 ---A- C:\Users\Dario Jr\AppData\Roaming\uTorrent\VA_-_Music_for_Striptease-4CD-2008-CSM.torrent [25526]
O61 - LFC:Last File Created 04/02/2012 - 23:37:50 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom [6651236]
O61 - LFC:Last File Created 04/02/2012 - 23:37:50 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Safe Browsing Download [3425988]
O61 - LFC:Last File Created 04/02/2012 - 23:37:51 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2 [2278878]
O61 - LFC:Last File Created 04/02/2012 - 23:37:51 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist [134252]
O61 - LFC:Last File Created 04/02/2012 - 23:38:42 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid [65536]
O61 - LFC:Last File Created 04/02/2012 - 23:38:42 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb [65536]
O61 - LFC:Last File Created 04/02/2012 - 23:45:33 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci [646463488]
O61 - LFC:Last File Created 04/02/2012 - 23:45:33 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir [2015232]
O61 - LFC:Last File Created 04/02/2012 - 23:45:33 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001 [65536]
O61 - LFC:Last File Created 04/02/2012 - 23:45:33 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002 [65536]
O61 - LFC:Last File Created 04/02/2012 - 23:48:52 ---A- C:\Users\Dario Jr\AppData\Roaming\uTorrent\settings.dat.old [10727]
O61 - LFC:Last File Created 04/02/2012 - 23:59:42 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Cache\index [524656]
O61 - LFC:Last File Created 04/02/2012 - 23:59:43 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0 [8192]
O61 - LFC:Last File Created 04/02/2012 - 23:59:43 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2 [8192]
O61 - LFC:Last File Created 04/02/2012 - 23:59:43 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3 [8192]
O61 - LFC:Last File Created 04/02/2012 - 23:59:43 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index [524656]
O61 - LFC:Last File Created 04/02/2012 - 23:59:44 ---A- C:\Users\Dario Jr\AppData\Local\Google\Chrome\User Data\Default\Archived History [53248]
O61 - LFC:Last File Created 05/02/2012 - 23:00:10 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.Crwl [2]
O61 - LFC:Last File Created 05/02/2012 - 23:02:04 ---A- C:\Users\Dario Jr\AppData\Roaming\Microsoft\Office\Word12.pip [1712]
O61 - LFC:Last File Created 05/02/2012 - 23:03:14 ---A- C:\Users\All Users\Alwil Software\Avast5\db1caac61f8aca29f-321ea8a2.dat [3962616]
O61 - LFC:Last File Created 05/02/2012 - 23:03:14 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\db1caac61f8aca29f-321ea8a2.dat [3962616]
O61 - LFC:Last File Created 05/02/2012 - 23:03:28 ---A- C:\Users\Todos os Usuários\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.3.gthr [634]
O61 - LFC:Last File Created 05/02/2012 - 23:06:32 ---A- C:\Users\Todos os Usuários\Microsoft\RAC\StateData\RacMetaData.dat [8]
O61 - LFC:Last File Created 05/02/2012 - 23:08:06 ---A- C:\Users\Dario Jr\AppData\Roaming\Microsoft\Office\Recente\Novo(a) Documento do Microsoft Office Word.LNK [1196]
O61 - LFC:Last File Created 05/02/2012 - 23:08:06 ---A- C:\Users\Dario Jr\AppData\Roaming\Microsoft\Office\Recente\Área de Trabalho.LNK [884]
O61 - LFC:Last File Created 05/02/2012 - 23:13:33 ---A- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk [967]
O61 - LFC:Last File Created 05/02/2012 - 23:13:56 ---A- C:\Users\All Users\Alwil Software\Avast5\URL.db [2044928]
O61 - LFC:Last File Created 05/02/2012 - 23:13:56 ---A- C:\Users\Todos os Usuários\Alwil Software\Avast5\URL.db [2044928]
O61 - LFC:Last File Created 30/01/2012 - 15:02:43 ----- C:\Users\Todos os Usuários\Microsoft\Windows\WER\ReportQueue\NonCritical_UninstallShld.ex_5e566fff0f18f9dfa8068d5cf343f299d45d_cab_2fd6906c\appcompat.txt [7498]
O61 - LFC:Last File Created 30/01/2012 - 15:02:43 ---A- C:\Users\Todos os Usuários\Microsoft\Windows\WER\ReportQueue\NonCritical_UninstallShld.ex_5e566fff0f18f9dfa8068d5cf343f299d45d_cab_2fd6906c\Report.wer [2510]
O61 - LFC:Last File Created 30/12/1899 - 00:05:49 --HA- C:\Users\Dario Jr\AppData\Local\IconCache.db [4462200]
O61 - LFC:Last File Created 30/12/1899 - 14:20:55 --HA- C:\Users\Dario Jr\Music\iTunes\sentinel [8]
O61 - LFC:Last File Created 30/12/1899 - 15:05:49 -SHA- C:\Users\Todos os Usuários\Microsoft\Windows\DRM\drmstore.hds [167936]
O61 - LFC:Last File Created 30/12/1899 - 23:08:06 --H-- C:\Users\Dario Jr\AppData\Roaming\Microsoft\Office\Recente\index.dat [1601]
~ Scan Files in 04mn 08s



---\\ Alternate Data Stream File (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\system32\drivers\:GbpKmAp.lst
O62 - ADS:Alternate Data Stream File - C:\Windows\system32\Drivers\:GbpKmAp.lst
~ Scan ADS in 00mn 01s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ Scan ADS in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\aswFsBlk.sys (aswFsBlk) .(.AVAST Software - avast! File System Access Blocking Driver.) - LEGACY_ASWFSBLK
O64 - Services: CurCS - 28/11/2011 - C:\Windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) - LEGACY_ASWMONFLT
O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\aswRdr.sys (aswRdr) .(.AVAST Software - avast! TDI RDR Driver.) - LEGACY_ASWRDR
O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\aswSnx.sys (aswSnx) .(.AVAST Software - avast! Virtualization Driver.) - LEGACY_ASWSNX
O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\aswSP.sys (aswSP) .(.AVAST Software - avast! self protection module.) - LEGACY_ASWSP
O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\aswTdi.sys (aswTdi) .(.AVAST Software - avast! TDI Filter Driver.) - LEGACY_ASWTDI
O64 - Services: CurCS - 21/12/2011 - C:\Windows\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 18/05/2010 - C:\Windows\system32\DRIVERS\hotcore3.sys (hotcore3) .(.Paragon Software Group - A part of Paragon System Utilities.) - LEGACY_HOTCORE3
O64 - Services: CurCS - 10/12/2011 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\sptd.sys - sptd (sptd) .(...) - LEGACY_SPTD
~ Scan Services in 00mn 00s



---\\ List unsigned files (LUF) (O65) (None)

---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\system32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\system32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {071AF45E-8EED-44BE-965D-21728179654F} - (Ask Search) - http://websearch.ask.com
~ Scan Keys in 00mn 00s



---\\ Crack & Keygen Files (CKF) (O82)
C:\Pastas.area.de.trabalho\Desktop1\programas\Corel.draw.e.photoshop\CorelDraw_X4_Keygen_By_Eliseu32_www.TheRebels.de.rar
C:\Pastas.area.de.trabalho\Desktop1\programas\Corel.draw.e.photoshop\CorelDraw_X4_Keygen_By_Eliseu32_www.TheRebels.de.rar
~ Scan Files in 05mn 33s



---\\ Search Svchost Services (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\system32\aelupsvc.dll [62464]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\system32\certprop.dll [67584]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\system32\certprop.dll [67584]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\system32\srvsvc.dll [168448]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\system32\gpsvc.dll [591360]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\system32\ikeext.dll [667136]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\system32\Audiosrv.dll [473088]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\system32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\system32\rasmans.dll [285184]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\system32\mprdim.dll [75264]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\system32\sens.dll [49664]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\system32\ipnathlp.dll [300544]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows™.) -- C:\Windows\system32\tapisrv.dll [241664]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\system32\termsrv.dll [543232]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\system32\wuaueng.dll [1912832]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\system32\qmgr.dll [589312]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\system32\shsvcs.dll [328192]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\system32\iphlpsvc.dll [497152]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [21504]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\system32\appinfo.dll [46592]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\system32\iscsiexe.dll [114688]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\system32\mmcss.dll [49664]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\system32\wercplsupport.dll [61440]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\system32\eapsvc.dll [98304]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [162816]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\system32\schedsvc.dll [743424]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\system32\kmsvc.dll [71168]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\system32\sessenv.dll [99328]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [168960]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\system32\browser.dll [102400]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\system32\themeservice.dll [37376]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\system32\bdesvc.dll [76800]
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\system32\appmgmts.dll [149504]
~ Scan Services in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.6FBA2FF8C8CFDA9A19C66C592DFCDD97] [SPRF][03/02/2012] (...) -- C:\Users\Dario Jr\AppData\Local\Temp\Uninst.bat [477]
[MD5.F5E5A9671897BBC08516AB90A579B790] [SPRF][31/01/2012] (.Mozilla - Thunderbird.) -- C:\Users\Dario Jr\Desktop\Thunderbird Setup 10.0.exe [16665512]
[MD5.A37E08226423BBD4994FE7C66DDF0C9D] [SPRF][04/02/2012] (...) -- C:\Users\Dario Jr\Desktop\ToolbarShooter.exe [227328]
[MD5.405D25F66C0EA02D5E4F6B1F72F0884D] [SPRF][04/02/2012] (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag2.exe [3901292]
~ Scan Files in 00mn 01s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{37E92506-B138-444A-AD35-C3027D34751D}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{A37BC553-2D9E-4156-A6F2-B9AD52D2C2CE}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{251C525B-9520-4524-91EB-26F118E99332}" | In - None - P17 - TRUE | .(.Unknown owner - WrapperP Application.) -- C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe
O87 - FAEL: "{97557ACA-81DE-416F-B7FF-ACE31A34F821}" | Out - None - P6 - TRUE | .(.Unknown owner - WrapperP Application.) -- C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe
O87 - FAEL: "{83919BAC-1C88-43D9-95BE-0A3EF967810E}" | In - None - P6 - TRUE | .(...) -- C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe
O87 - FAEL: "{9207C08D-C186-4044-98D9-8D063739F548}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O87 - FAEL: "TCP Query User{6B307F50-EEE9-4A52-A33D-D5D657555311}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" | In - Private - P6 - TRUE | .(.DsNET.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O87 - FAEL: "UDP Query User{350A1072-8A8B-4AB0-AA91-C7F9C8E28559}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" | In - Private - P17 - TRUE | .(.DsNET.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O87 - FAEL: "{7373C3E4-7A25-4245-96B8-40CC760AF700}" | In - Private - P6 - TRUE | .(.www.megacubo.net - No comment.) -- C:\Program Files\Megacubo\megacubo.exe
O87 - FAEL: "{9DDF3EDA-0610-428F-AC75-BEE00523FB8B}" | In - Private - P17 - TRUE | .(.www.megacubo.net - No comment.) -- C:\Program Files\Megacubo\megacubo.exe
O87 - FAEL: "{107EBD85-376A-4B4F-A47F-043485E6A485}" | In - None - P17 - TRUE | .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
O87 - FAEL: "{E7F1391C-0A2D-4C67-BA1A-0BFB6D4CAEC9}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
O87 - FAEL: "{98493B23-564B-4182-9C51-2C242B856EF1}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
O87 - FAEL: "TCP Query User{A6D47FFE-99B0-4012-9C1A-63478055D21F}C:\program files\mozilla firefox\firefox.exe" | In - Private - P6 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O87 - FAEL: "UDP Query User{E195244F-2FF6-46A1-BBDD-6845E526A270}C:\program files\mozilla firefox\firefox.exe" | In - Private - P17 - TRUE | .(.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O87 - FAEL: "TCP Query User{61C3CEED-B5DE-4988-B9BA-54747A1D21D2}C:\program files\orbitdownloader\orbitnet.exe" | In - Private - P6 - TRUE | .(.Orbitdownloader.com - P2P service of Orbit Downloader.) -- C:\Program Files\Orbitdownloader\orbitnet.exe
O87 - FAEL: "UDP Query User{7DD391F8-A415-4625-8CC5-AD3BDB7DD69C}C:\program files\orbitdownloader\orbitnet.exe" | In - Private - P17 - TRUE | .(.Orbitdownloader.com - P2P service of Orbit Downloader.) -- C:\Program Files\Orbitdownloader\orbitnet.exe
~ Scan Firewall in 00mn 02s



---\\ Additionnal Scan (O88)
Database Version : 9053 - (22/01/2012)
Clés trouvées (Keys found) : 20
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFile3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFileWMA3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}] =>PUP.BearShare
[HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}] =>PUP.BearShare
[HKLM\Software\Classes\AppID\{5e50ae1d-bc76-418b-94c4-efeac0cef80c}] =>Toolbar.Kiwee
[HKLM\Software\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}] =>PUP.iMesh
[HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}] =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}] =>PUP.BearShare
[HKLM\Software\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}] =>PUP.BearShare
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}] =>PUP.iMesh
[HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}] =>PUP.iMesh
~ Scan Additionnel in 00mn 11s



---\\ Router Hijack DNS (O89)
DNS request timed out.
timeout was 2 seconds.
Servidor: UnKnown
Address: 192.168.1.1
Nome: www-cctld.l.google.com
Address: 74.125.234.24
Aliases: www.google.fr
~ Scan DNS in 00mn 05s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 28/11/2011 44768 | (avast! antivírus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SS - | Demand 23/08/2010 658432 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 204872 | (GbpSv) . (...) - C:\Program Files\GbPlugin\gbpsv.exe
SS - | Demand 19/07/2011 821096 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 24/12/2011 652872 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 24/09/2008 935208 | Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 10/09/2009 469504 | (S3Funkey) . (.S3 Graphics Co., Ltd..) - C:\Program Files\s3graphics\chrome3\S3Funkey.svc
SR - | Auto 10/09/2009 417280 | (S3LoadSv) . (.S3 Graphics Co., Inc..) - C:\Program Files\s3graphics\chrome3\s3loadsv.svc
SS - | Demand 29/06/2011 155344 | (Sony Ericsson PCCompanion) . (.Avanquest Software.) - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
SR - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SR - | Demand 30/07/2009 144752 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Scan Services in 00mn 08s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Dario Jr at 05/02/2012 00:37:23

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x869431F8]<<
1 ntkrnlpa!IofCallDriver[0x83C47448] -> \Device\Harddisk0\DR0[0x87841AC8]
3 CLASSPNP[0x8C58659E] -> ntkrnlpa!IofCallDriver[0x83C47448] -> \Device\Ide\IdeDeviceP0T0L0-0[0x876C1908]
\Driver\atapi[0x876B83B8] -> IRP_MJ_CREATE -> 0x869431F8
kernel: MBR read successfully
user & kernel MBR OK
~ Scan MBR in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Dario Jr at 05/02/2012 00:37:25

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ Scan MBR in 00mn 04s



---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 17/02/2010 - 00:00:00 ---A- . (...) -- C:\Windows\system32\drivers\sptd.sys [691696]
~ Scan Emulateurs in 00mn 04s



End of the scan (1887 lines in 11mn 02s)(2)

#16 Anonymous    

Anonymous
  • Participante
  • 2947 mensagens

Publicado 06 February 2012 - 08:37 AM

Bom Dia! sagatti

Seguem anexos os relatórios conforme você orientou. Cara, uma dúvida que eu tive aqui. Essa infecção que está no meu computador é muito grave?

|- Não! A gravidade seria se fosse rootkit ou infectors,o que não ocorre com sua máquina. Ela,apenas,apresentava adwares,PUPs e Toolbars maliciosas.

///°°°///

|- Lance,novamente,ToolbarShooter na opção "Suppression" ou "Delete".
|- Poste o relatório! ( Rapport de Suppression de ToolbarShooter )

///°°°///

|- Feche programas/pastas que estejam abertas.
|- Para Windows Vista,desabilite a UAC.

Posted Image

|- Dê um duplo clique em ZHPFix.

|- Clique no menu,H < Posted Image >

O45 - LFCP:[MD5.1EF59B005E8FE2454274C9B70BC6740C] - 04/02/2012 - 22:34:31 ---A- - C:\Windows\Prefetch\LongTermHist.db
O45 - LFCP:[MD5.952CE5CE4397C76DFEB4C4A455CA6B2F] - 04/02/2012 - 22:35:17 ---A- - C:\Windows\Prefetch\AgCx_SC2.db
O45 - LFCP:[MD5.461E4B7D7E10ACCD335FC096AE5D994F] - 04/02/2012 - 22:39:44 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2014276812-2303388161-280020652-1000.db
O45 - LFCP:[MD5.06BA0B14C125026F2836E4EC4E444CD4] - 04/02/2012 - 22:39:44 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2014276812-2303388161-280020652-1000.db

[HKLM\Software\Swearware]
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL]
[HKLM\Software\Classes\AppID\NCTAudioFile3.DLL]
[HKLM\Software\Classes\AppID\NCTAudioFileWMA3.DLL]
[HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL]
[HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}]
[HKLM\Software\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}]
[HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}]
[HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}]
[HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}]
[HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}]
[HKLM\Software\Classes\AppID\{5e50ae1d-bc76-418b-94c4-efeac0cef80c}]
[HKLM\Software\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}]
[HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}]
[HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}]
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}]
[HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}]
[HKLM\Software\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}]
[HKLM\Software\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}]
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}]
[HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}]

emptytemp
emptyflash
firewallraz
sysrestore

|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.
|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.
|- Clique em GO -> Oui.
|- Ao concluir,e caso tenha desaparecido todos os ícones de seu desktop,faça o seguinte:
|- Abra o Gerenciador de tarefas. ( ctrl+alt+del )
|- Clique na aba "Aplicativos".
|- Clique em "Nova tarefa..."
|- Digite na caixa: explorer.exe
|- Clique em OK.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
|- Ps: Também,serão gerados os seguintes relatórios,que não serão postados!

|- ZHPExportRegistry-dia-mes-2012-hs-min-seg;
|- ZHPADSReport;
|- ZHPFixQuarantine;

Abraços!

#17 sagatti    

sagatti
  • Participante
  • 16 mensagens

Publicado 06 February 2012 - 10:55 PM

Olá Joram!

Muito obrigado pela paciência e disposição.
Fiz conforme recomendado e seguem os relatórios. Tive um pequeno problema após passar o ToolbarShooter na opção supression, eu escolhi a opção de reiniciar o sistema e perdi o relatório. Dessa forma, passei novamente, na opção recherche. Postarei abaixo o relatório gerado nessa opção. Peço desculpas pela falta de destreza.
abrs.

================================== Informations ==================================

Rapport de recherche de ToolbarShooter.

Outil développé par 2011N2
Contact : lot12@hotmail.fr
Site : http://2011n2.forumgratuit.fr/
Mis à jour le : 20/01/2012 à 19h45 par 2011N2

Début du scan de recherche : 23:32:47
Nom du PC : DARIOJR-PC

Système d'exploitation : Windows 7 Ultimate
Internet Explorer : 8.0.7600.16385
Mozilla Firefox : 9.0.1 (pt-BR)
Mozilla Firefox : version 5
Mozilla Firefox : version 6

############################# Toolbars, pups et adwares néfastes détéctés #############################


Clé présente : HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Clé présente : HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Clé présente : HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Clé présente : HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Clé présente : HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL
Clé présente : HKLM\Software\Classes\AppID\NCTAudioFile3.DLL
Clé présente : HKLM\Software\Classes\AppID\NCTAudioFileWMA3.DLL
Clé présente : HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL
Clé présente : HKLM\Software\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Clé présente : HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Clé présente : HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Clé présente : HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Clé présente : HKLM\Software\Classes\AppID\{5e50ae1d-bc76-418b-94c4-efeac0cef80c}
Clé présente : HKLM\Software\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Clé présente : HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}
Clé présente : HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Clé présente : HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Clé présente : HKLM\Software\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Clé présente : HKLM\Software\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Clé présente : HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}









===============================================

Fin du scan de recherche de ToolbarShooter à 23:35:00 par DARIOJR-PC

############### EOF ###############

Merci d'envoyer le rapport à cette adresse, en précisant la raison d'emploi de cet outil. Cela permettera au développeur d'effectuer d'éventuelles modifications : lot12@hotmail.fr

Merci de votre contribution !


-----------


Rapport de ZHPFix 1.12.3379 par Nicolas Coolman, Update du 22/01/2011
Fichier d'export Registre :
Run by Dario Jr at 06/02/2012 23:44:55
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Web site : http://www.premiumor...ess/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Registry Key ==========
DELETED Key: HKLM\Software\Swearware
DELETED Key: HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL
DELETED Key: HKLM\Software\Classes\AppID\NCTAudioFile3.DLL
DELETED Key: HKLM\Software\Classes\AppID\NCTAudioFileWMA3.DLL
DELETED Key: HKLM\Software\Classes\AppID\NCTAudioFormatSettings3.DLL
DELETED Key: HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
DELETED Key: HKLM\Software\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
DELETED Key: HKLM\Software\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
DELETED Key: HKLM\Software\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
DELETED Key: HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
DELETED Key: HKLM\Software\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
DELETED Key: HKLM\Software\Classes\AppID\{5e50ae1d-bc76-418b-94c4-efeac0cef80c}
DELETED Key: HKLM\Software\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
DELETED Key: HKLM\Software\Classes\CLSID\{6BC38BF4-E84D-46E1-920B-42D31AEA617E}
DELETED Key: HKLM\Software\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
DELETED Key: HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
DELETED Key: HKLM\Software\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
DELETED Key: HKLM\Software\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
DELETED Key: HKLM\Software\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
DELETED Key: HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
DELETED Key: HKLM\Software\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}

========== Registry Value ==========
No Value in Domain Profile Register Key FirewallRaz :
DELETED FirewallRaz (None) : {FB8E0939-98E3-4D75-B59A-F32E325425B4}

========== Repertory ==========
DELETED Window Temporary: : 80
DELETED Flash Cookies: 1

========== File ==========
DELETED File: c:\windows\prefetch\longtermhist.db
DELETED File: c:\windows\prefetch\agcx_sc2.db
DELETED File: c:\windows\prefetch\aggluad_p_s-1-5-21-2014276812-2303388161-280020652-1000.db
DELETED File: c:\windows\prefetch\aggluad_s-1-5-21-2014276812-2303388161-280020652-1000.db
DELETED Window Temporary: : 40
DELETED Flash Cookies: 0

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
21 : Registry Key
2 : Registry Value
2 : Repertory
6 : File
1 : Restoration


End of clean in 00mn 22s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 06/02/2012 23:44:55 [2836]

#18 Anonymous    

Anonymous
  • Participante
  • 2947 mensagens

Publicado 07 February 2012 - 06:27 AM

Bom Dia! sagatti

Fiz conforme recomendado e seguem os relatórios. Tive um pequeno problema após passar o ToolbarShooter na opção supression, eu escolhi a opção de reiniciar o sistema e perdi o relatório. Dessa forma, passei novamente, na opção recherche. Postarei abaixo o relatório gerado nessa opção. Peço desculpas pela falta de destreza.

|- Não se preocupe,já que ZHPFix em idêntica detecção,removeu as entradas.

///°°°///

-------------
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {071AF45E-8EED-44BE-965D-21728179654F} - (Ask Search) - http://websearch.ask.com

-------------

|- Caso queira,cole no campo "amarelo claro" de ZHPFix estas entradas ou desabilite-as em seu navegador IE.
|- Clique em "GO",se optar pela .
|- Escolha a Google,para "SearchScopes" nas configurações do seu navegador.

///°°°///

-------------
---\\ Crack & Keygen Files (CKF) (O82)
C:\Pastas.area.de.trabalho\Desktop1\programas\Corel.draw.e.photoshop\CorelDraw_X4_Keygen_By_Eliseu32_www.TheRebels.de.rar
C:\Pastas.area.de.trabalho\Desktop1\programas\Corel.draw.e.photoshop\CorelDraw_X4_Keygen_By_Eliseu32_www.TheRebels.de.rar
~ Scan Files in 05mn 33s

-------------

|- Cracks e/ou Keygens,são pontos frágeis em sua máquina,podendo comprometer sua segurança.
|- Ps: Analistas Franceses são radicais quanto à esses objetos,e sempre pedem a remoção.
|- Fica,portanto,à seu critério essa decisão.

///°°°///

|- Baixe: |DelFix| ( ... de Xplode )
|- Estando na página,clique em "Télécharger",para o download.
|- Salve-a no desktop!
|- Feche aplicativos que estejam abertos.

Posted Image

|- Clique em "Suppression".
|- Ao concluir e para remover DelFix,abra a ferramenta e clique em "Désinstallation".
|- Seus logs estão limpos! (Y)
|- Sua solicitação,ao pedir essa análise,foi concluída!

Abraços!

#19 sagatti    

sagatti
  • Participante
  • 16 mensagens

Publicado 07 February 2012 - 12:22 PM

Olá Joram!

Muito obrigado pela ajuda!
Eu estou com um pouco de medo de ainda estar infectado. Ontem a noite eu entrei no email do yahoo para ver se continuava mandando spam para os contatos. E hoje cedo ainda havia alguns emails daquele tipo "failure-daemon" e um spam mandado de mim para mim sem que eu houvesse mandado.
Vou aguardar até a noite ou até amanhã para verificar novamente.

abrs e parabéns a você e ao forum pelo trabalho que desempenham e pelo profissionalismo.

#20 Anonymous    

Anonymous
  • Participante
  • 2947 mensagens

Publicado 07 February 2012 - 01:08 PM

Olá Joram!

Muito obrigado pela ajuda!
Eu estou com um pouco de medo de ainda estar infectado. Ontem a noite eu entrei no email do yahoo para ver se continuava mandando spam para os contatos. E hoje cedo ainda havia alguns emails daquele tipo "failure-daemon" e um spam mandado de mim para mim sem que eu houvesse mandado.
Vou aguardar até a noite ou até amanhã para verificar novamente.

abrs e parabéns a você e ao forum pelo trabalho que desempenham e pelo profissionalismo.

Olá!

|- Redefina todas as senhas utilizadas ( MSN,ORKUT,FACEBOOK,OUTLOOK,EMAIL,SOFTWARES,... ).
|- Utilize um bom gerenciador de senhas!
|- Creio que isso minimizará ou eliminará esse problema.

Abraços!


PUBLICIDADE  
 









Tópicos com palavra-chave: malware