Remoção de vírus

Wolf, segue o log solicitado de hoje (15/02).

2012/02/15 16:38:49 -0200 LUIZ-39B50F04AD MESSAGE Starting protection
2012/02/15 16:38:56 -0200 LUIZ-39B50F04AD MESSAGE Protection started successfully
2012/02/15 16:38:59 -0200 LUIZ-39B50F04AD Luiz MESSAGE Starting IP protection
2012/02/15 16:39:14 -0200 LUIZ-39B50F04AD Luiz MESSAGE IP Protection started successfully
2012/02/15 16:53:35 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.146 (Type: outgoing)
2012/02/15 16:53:38 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.146 (Type: outgoing)
2012/02/15 16:53:44 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.146 (Type: outgoing)
2012/02/15 16:53:56 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.146 (Type: outgoing)
2012/02/15 16:53:59 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.146 (Type: outgoing)
2012/02/15 16:54:05 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.146 (Type: outgoing)
2012/02/15 17:02:03 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:02:06 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:02:12 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:02:24 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:02:27 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:02:33 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:02:44 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:02:47 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:02:47 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:02:53 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:02:53 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:03 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:05 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:05 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:06 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:08 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:08 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:12 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:14 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:14 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:24 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:27 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:33 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:48 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:48 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:48 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:48 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:49 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:51 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:51 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:51 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:51 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:57 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:57 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:57 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:03:57 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:04:09 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:04:10 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:04:10 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:04:10 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:04:12 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:04:13 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:04:18 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:04:19 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
2012/02/15 17:04:19 -0200 LUIZ-39B50F04AD Luiz IP-BLOCK 94.198.240.149 (Type: outgoing)
 
Caro,

Segue o log do OTL:

OTL logfile created on: 16/02/2012 18:53:24 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Anderson Backup\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 57,95% Memory free
6,00 Gb Paging File | 4,23 Gb Available in Paging File | 70,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54,52 Gb Total Space | 11,84 Gb Free Space | 21,71% Space Free | Partition Type: NTFS
Drive D: | 199,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 20,00 Gb Total Space | 4,45 Gb Free Space | 22,26% Space Free | Partition Type: NTFS

Computer Name: AND-PC | User Name: Anderson Backup | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/15 19:21:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
PRC - [2012/02/12 01:30:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/29 20:29:10 | 000,341,920 | ---- | M] () -- C:\Program Files\TIM Communicator\orolixcommunicator.exe
PRC - [2012/01/27 22:49:39 | 000,026,528 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) -- C:\Program Files\TIM Communicator\module\devicemon.exe
PRC - [2012/01/16 16:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/01/11 16:18:14 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/01/11 16:18:14 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/01/11 14:56:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/01/11 14:56:08 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe
PRC - [2011/11/12 14:56:14 | 001,479,168 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Explorer++.exe
PRC - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 06:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 06:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/15 15:17:06 | 000,603,456 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\OneClick.exe
PRC - [2011/08/15 15:16:42 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\Integrator.exe
PRC - [2011/08/15 15:11:40 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/08/15 15:09:06 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/08/15 15:05:48 | 000,426,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TUDefragBackend32.exe
PRC - [2011/06/24 02:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/06 18:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/12/23 19:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/08/10 15:59:50 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/08/10 15:59:48 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2008/06/25 03:08:20 | 001,855,488 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\Windows\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/12 01:30:03 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/29 20:29:10 | 000,341,920 | ---- | M] () -- C:\Program Files\TIM Communicator\orolixcommunicator.exe
MOD - [2012/01/29 20:24:34 | 000,032,160 | ---- | M] () -- C:\Program Files\TIM Communicator\module\modqoscommunicator.dll
MOD - [2012/01/27 21:32:02 | 000,968,704 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012/01/11 16:18:42 | 000,861,112 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\SpamMonitor\SMPlugin.dll
MOD - [2012/01/11 16:18:16 | 000,376,248 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\PCTUI\PCTUI.dll
MOD - [2012/01/09 16:56:56 | 000,079,872 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\extensions\{8c311d0a-7d76-4f96-a7b6-0a2758dee5a4}\components\RadioWMPCoreGecko10.dll
MOD - [2011/11/12 14:56:14 | 001,479,168 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Explorer++.exe
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/08/15 15:14:16 | 000,544,064 | ---- | M] () -- C:\Program Files\TuneUp Utilities 2011\TUSqlDB32.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/06/29 19:15:40 | 000,337,312 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\sqldrivers\qsqlite4.dll
MOD - [2010/06/29 19:15:40 | 000,222,624 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\phonon_backend\phonon_ds94.dll
MOD - [2010/06/29 19:15:40 | 000,189,856 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qjpeg4.dll
MOD - [2010/06/29 19:15:40 | 000,075,168 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qico4.dll
MOD - [2010/06/29 19:15:40 | 000,075,168 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qgif4.dll
MOD - [2010/06/29 11:15:56 | 007,796,128 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtWebKit4.dll
MOD - [2010/06/29 11:15:56 | 006,350,240 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtGui4.dll
MOD - [2010/06/29 11:15:56 | 001,770,912 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtCore4.dll
MOD - [2010/06/29 11:15:56 | 001,451,424 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtNetwork4.dll
MOD - [2010/06/29 11:15:56 | 000,263,584 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtXml4.dll
MOD - [2010/06/29 11:15:56 | 000,206,240 | ---- | M] () -- C:\Program Files\TIM Communicator\module\phonon4.dll
MOD - [2010/06/29 11:15:56 | 000,152,992 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtSql4.dll
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/11 22:26:26 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/27 22:49:39 | 000,026,528 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) [Auto | Running] -- C:\Program Files\TIM Communicator\module\devicemon.exe -- (OrolixDeviceMonitor)
SRV - [2012/01/16 16:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/01/11 16:18:14 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/01/11 14:56:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/01/11 14:56:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/15 15:09:06 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/15 15:03:24 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/06 18:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/01/24 14:49:34 | 000,310,640 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2011/01/08 13:44:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/23 19:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/10 15:59:50 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/08/10 15:59:48 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/02/13 20:01:42 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0ca6E9B.sys -- (0ca6E9B)
DRV - [2012/02/13 19:47:57 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\6c3223.sys -- (6c3223)
DRV - [2012/02/13 19:37:05 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\6c67A4E.sys -- (6c67A4E)
DRV - [2012/02/13 19:28:17 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\19bB13E.sys -- (19bB13E)
DRV - [2012/01/11 16:19:24 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/01/11 16:19:12 | 000,125,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/01/11 16:14:30 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/01/11 14:56:12 | 000,574,424 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/01/11 14:56:12 | 000,054,328 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/01/11 14:56:12 | 000,035,264 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/30 09:19:48 | 000,058,400 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctNdisLW.sys -- (pctNdisLW)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/11/14 15:12:24 | 000,162,584 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/11/09 16:33:30 | 000,091,136 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2011/10/15 06:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/05/31 15:03:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/01/08 16:57:36 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/30 11:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/06/02 10:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ONDAusbvoice.sys -- (ONDAusbvoice)
DRV - [2010/06/02 10:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbser6k.sys -- (ONDAusbser6k)
DRV - [2010/06/02 10:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbnmea.sys -- (ONDAusbnmea)
DRV - [2010/06/02 10:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbmdm6k.sys -- (ONDAusbmdm6k)
DRV - [2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/13 20:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2008/06/25 03:08:20 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2007/11/08 11:30:08 | 000,454,656 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.sys -- (PAC7302)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.7hv.com/
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 CE EF 32 65 4E CC 01 [binary data]
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "socialbrowser Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3083266&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: iobit@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.1
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.74.0
FF - prefs.js..extensions.enabledItems: glasser@sixxgate.com:3.5.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2
FF - prefs.js..extensions.enabledItems: {d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}:3.5.0.12
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3083266&SearchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/01 22:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/02/11 17:00:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 01:30:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/01 22:40:27 | 000,000,000 | ---D | M]

[2011/07/28 21:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Extensions
[2012/02/10 06:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions
[2012/01/30 22:19:36 | 000,000,000 | ---D | M] (socialbrowser Community Toolbar) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions\{8c311d0a-7d76-4f96-a7b6-0a2758dee5a4}
[2012/01/29 23:29:21 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions\foxmarks@kei.com
[2012/01/29 23:29:23 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions\support@lastpass.com
[2012/02/10 06:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce9qzd59.default\extensions\trash
[2011/08/02 07:15:01 | 000,002,394 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\searchplugins\askcom.xml
[2011/09/01 02:35:48 | 000,000,929 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\searchplugins\conduit.xml
[2012/01/31 19:34:42 | 000,001,390 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce9qzd59.default\searchplugins\yahoo-zugo.xml
[2012/02/01 22:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE9QZD59.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE9QZD59.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE9QZD59.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/12 01:30:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/05/04 05:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/10/12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/02/01 22:17:18 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2012/02/01 22:17:18 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2012/02/01 22:17:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/01 22:17:18 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/02/01 22:17:18 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2012/02/02 21:05:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [C-Media Speaker Configuration] C:\Program Files\C-Media\WIN_ME\Setup.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKU\S-1-5-21-497863422-237361048-368514812-1007..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-497863422-237361048-368514812-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Enviar para o OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DF936A8-3AA1-425E-BE05-C82D535A9FEE}: NameServer = 200.220.227.56 200.142.130.202
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 06:37:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 06:37:51 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 06:37:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 06:37:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 06:37:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 06:37:47 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 19:23:46 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anderson Backup\Desktop\tdsskiller.exe
[2012/02/15 19:21:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
[2012/02/15 06:53:14 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/15 06:47:34 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/13 22:26:01 | 003,932,160 | ---- | C] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall(1).exe
[2012/02/13 21:29:18 | 002,901,264 | ---- | C] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall.exe
[2012/02/13 19:53:19 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/02/13 19:27:41 | 001,774,432 | ---- | C] (McAfee, Inc.) -- C:\Users\Anderson Backup\Desktop\Rootkit_Detective.exe
[2012/02/12 13:00:12 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86
[2012/02/12 03:40:28 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\best
[2012/02/12 03:00:44 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\captchatrader
[2012/02/12 02:38:29 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/02/12 02:37:22 | 000,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Users\Anderson Backup\Desktop\KillBox.exe
[2012/02/12 02:26:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Anderson Backup\Desktop\HijackThis.exe
[2012/02/12 01:49:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/12 01:49:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/12 01:40:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/12 01:40:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/12 01:40:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/12 01:39:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/12 01:29:21 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282301016
[2012/02/11 17:44:57 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\PC Tools
[2012/02/11 17:44:54 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\Spam Monitor
[2012/02/11 17:00:50 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/02/11 17:00:49 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/02/11 17:00:48 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/02/11 17:00:48 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/02/11 16:59:50 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/02/11 16:59:50 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/02/11 16:59:36 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/02/11 16:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/02/11 16:59:34 | 000,574,424 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2012/02/11 16:59:34 | 000,054,328 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2012/02/11 16:59:34 | 000,035,264 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2012/02/11 16:59:24 | 000,091,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2012/02/11 16:59:24 | 000,058,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdisLW.sys
[2012/02/11 16:59:23 | 000,125,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2012/02/11 16:59:23 | 000,032,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2012/02/11 16:59:20 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/02/11 16:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/02/11 13:53:23 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/02/11 13:53:22 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/02/11 13:53:21 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/02/11 13:53:21 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/02/11 13:53:19 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/02/11 13:40:12 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\TestApp
[2012/02/11 07:39:38 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282219266
[2012/02/11 07:30:35 | 004,354,969 | R--- | C] (Swearware) -- C:\Users\Anderson Backup\Desktop\60329_combofix_1112282.exe
[2012/02/11 07:19:40 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282
[2012/02/08 19:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/02/08 19:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/02/06 20:34:38 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Local\Ubisoft Game Launcher
[2012/02/06 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed Revelations
[2012/02/06 19:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\AC Revelations
[2012/02/04 11:24:27 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Documents\Assassin's Creed Revelations
[2012/02/01 22:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/02/01 22:40:09 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012/02/01 22:39:54 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012/02/01 22:39:54 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012/02/01 22:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/01/31 19:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/01/31 19:34:26 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2012/01/31 19:34:17 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2012/01/30 00:59:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/30 00:59:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/30 00:18:30 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/30 00:18:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/30 00:16:21 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/01/30 00:16:21 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/01/30 00:15:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/01/30 00:02:06 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/01/29 23:58:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/29 23:57:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/01/29 23:53:59 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/01/29 23:53:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/01/29 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\License(6).avastlic
[2012/01/29 14:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/01/29 14:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Driver Installer
[2012/01/28 15:32:44 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/01/28 15:32:44 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/01/28 15:32:44 | 010,327,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/01/28 15:32:44 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/01/28 15:32:43 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/01/28 15:32:43 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/01/28 15:32:43 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/01/28 15:32:43 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/01/27 20:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIM Communicator
[2012/01/27 20:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\OrolixCommunicator
[2012/01/27 20:05:11 | 000,114,688 | ---- | C] (ONDA Corporation) -- C:\Windows\System32\drivers\ONDAusbnet.sys
[2012/01/27 20:05:11 | 000,105,088 | ---- | C] (Onda Communication) -- C:\Windows\System32\drivers\ONDAusbvoice.sys
[2012/01/27 20:05:11 | 000,105,088 | ---- | C] (Onda Communication) -- C:\Windows\System32\drivers\Ondausbser6k.sys
[2012/01/27 20:05:11 | 000,105,088 | ---- | C] (Onda Communication) -- C:\Windows\System32\drivers\Ondausbnmea.sys
[2012/01/27 20:05:11 | 000,105,088 | ---- | C] (Onda Communication) -- C:\Windows\System32\drivers\Ondausbmdm6k.sys
[2012/01/27 20:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\TIM Communicator
[2011/08/01 23:06:39 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe
[2011/08/01 23:06:39 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/16 07:19:15 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 07:19:15 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 07:11:56 | 001,856,693 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/02/16 07:09:34 | 000,413,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/16 07:08:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/16 06:40:13 | 000,675,200 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/02/16 06:40:13 | 000,626,678 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/16 06:40:13 | 000,133,936 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/02/16 06:40:13 | 000,111,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/15 19:26:31 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anderson Backup\Desktop\tdsskiller.exe
[2012/02/15 19:21:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
[2012/02/13 22:33:10 | 003,932,160 | ---- | M] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall(1).exe
[2012/02/13 22:20:08 | 002,901,264 | ---- | M] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall.exe
[2012/02/13 20:03:07 | 295,042,925 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/13 20:01:42 | 000,054,624 | ---- | M] () -- C:\Windows\System32\0ca6E9B.sys
[2012/02/13 20:01:39 | 002,335,270 | ---- | M] () -- C:\Windows\System32\9f96547.mht
[2012/02/13 19:47:57 | 000,054,624 | ---- | M] () -- C:\Windows\System32\6c3223.sys
[2012/02/13 19:47:49 | 002,335,270 | ---- | M] () -- C:\Windows\System32\88eE06F.mht
[2012/02/13 19:37:05 | 000,054,624 | ---- | M] () -- C:\Windows\System32\6c67A4E.sys
[2012/02/13 19:36:52 | 002,335,270 | ---- | M] () -- C:\Windows\System32\0404826.mht
[2012/02/13 19:28:17 | 000,054,624 | ---- | M] () -- C:\Windows\System32\19bB13E.sys
[2012/02/13 19:28:14 | 002,335,270 | ---- | M] () -- C:\Windows\System32\a77A5D8.mht
[2012/02/13 19:27:59 | 002,335,270 | ---- | M] () -- C:\Windows\System32\e096ABC.mht
[2012/02/13 19:22:07 | 000,744,853 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\PAVARK.exe
[2012/02/12 18:47:04 | 000,097,953 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\and.jpg
[2012/02/12 03:14:18 | 000,000,038 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\captchatrader.properties
[2012/02/12 03:08:24 | 000,592,189 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86.zip
[2012/02/12 02:59:58 | 000,382,525 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\captchatrader4jdownloader_win.zip
[2012/02/12 02:36:29 | 000,090,350 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Killbox 2.0.0.881.rar
[2012/02/12 02:27:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Anderson Backup\Desktop\HijackThis.exe
[2012/02/11 17:34:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SM.lock
[2012/02/11 16:59:42 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/02/11 13:40:13 | 000,001,544 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\sdsetup.exe.lnk
[2012/02/11 07:37:41 | 004,354,969 | R--- | M] (Swearware) -- C:\Users\Anderson Backup\Desktop\60329_combofix_1112282.exe
[2012/02/09 18:36:25 | 000,001,634 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Dungeon Siege III.exe - Atalho.lnk
[2012/02/09 06:43:36 | 000,002,664 | ---- | M] () -- C:\Users\Anderson Backup\Documents\ax_files.xml
[2012/02/08 19:42:26 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/06 20:33:55 | 000,001,124 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\UbisoftGameLauncher.exe - Atalho.lnk
[2012/02/06 19:41:03 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Ñêà÷àòü Åùå Èãðû.lnk
[2012/02/06 19:41:03 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Assassin's Creed Revelations.lnk
[2012/02/02 21:05:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/02 06:36:05 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/02 06:36:04 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/01 22:40:24 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/02/01 22:40:09 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012/02/01 22:39:54 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012/02/01 22:39:54 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012/02/01 22:39:53 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/01/31 23:21:31 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/01/29 23:35:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/29 21:35:20 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/27 20:05:20 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\TIM Communicator.lnk
[2012/01/27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/25 16:00:00 | 000,079,360 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/13 20:01:42 | 000,054,624 | ---- | C] () -- C:\Windows\System32\0ca6E9B.sys
[2012/02/13 20:01:39 | 002,335,270 | ---- | C] () -- C:\Windows\System32\9f96547.mht
[2012/02/13 19:49:47 | 295,042,925 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/13 19:47:57 | 000,054,624 | ---- | C] () -- C:\Windows\System32\6c3223.sys
[2012/02/13 19:47:49 | 002,335,270 | ---- | C] () -- C:\Windows\System32\88eE06F.mht
[2012/02/13 19:37:05 | 000,054,624 | ---- | C] () -- C:\Windows\System32\6c67A4E.sys
[2012/02/13 19:36:52 | 002,335,270 | ---- | C] () -- C:\Windows\System32\0404826.mht
[2012/02/13 19:28:17 | 000,054,624 | ---- | C] () -- C:\Windows\System32\19bB13E.sys
[2012/02/13 19:28:14 | 002,335,270 | ---- | C] () -- C:\Windows\System32\a77A5D8.mht
[2012/02/13 19:27:59 | 002,335,270 | ---- | C] () -- C:\Windows\System32\e096ABC.mht
[2012/02/13 19:19:54 | 000,744,853 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\PAVARK.exe
[2012/02/12 18:47:01 | 000,097,953 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\and.jpg
[2012/02/12 13:01:13 | 001,479,168 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Explorer++.exe
[2012/02/12 03:14:17 | 000,000,038 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\captchatrader.properties
[2012/02/12 03:07:15 | 000,592,189 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86.zip
[2012/02/12 02:59:31 | 000,382,525 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\captchatrader4jdownloader_win.zip
[2012/02/12 02:37:22 | 000,001,710 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Mina de Download.url
[2012/02/12 02:35:30 | 000,090,350 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Killbox 2.0.0.881.rar
[2012/02/12 01:40:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/12 01:40:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/12 01:40:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/12 01:40:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/12 01:40:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/11 17:34:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SM.lock
[2012/02/11 17:00:49 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/02/11 17:00:49 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/02/11 17:00:49 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/02/11 17:00:49 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/02/11 17:00:49 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/02/11 16:59:42 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/02/11 13:40:13 | 000,001,544 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\sdsetup.exe.lnk
[2012/02/09 18:36:25 | 000,001,634 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Dungeon Siege III.exe - Atalho.lnk
[2012/02/08 19:42:26 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/06 20:33:55 | 000,001,124 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\UbisoftGameLauncher.exe - Atalho.lnk
[2012/02/06 19:41:03 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Ñêà÷àòü Åùå Èãðû.lnk
[2012/02/06 19:41:03 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Assassin's Creed Revelations.lnk
[2012/02/01 22:40:24 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/31 19:34:26 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/01/31 19:34:26 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/01/31 19:34:26 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2012/01/31 19:34:15 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/27 20:05:20 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\TIM Communicator.lnk
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/27 20:12:00 | 000,637,215 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/07/31 12:50:06 | 000,007,887 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Roaming\pcouffin.cat
[2011/07/31 12:50:06 | 000,001,144 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Roaming\pcouffin.inf
[2011/07/28 23:59:51 | 000,062,464 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/28 22:45:44 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/09 17:09:20 | 000,000,022 | ---- | C] () -- C:\Windows\cmm.dat
[2011/04/09 17:09:11 | 000,000,186 | ---- | C] () -- C:\Windows\System32\CleanMem.ini
[2011/04/05 09:54:49 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2011/04/05 09:54:49 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2011/02/27 19:52:39 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2011/02/06 01:53:19 | 000,101,072 | ---- | C] () -- C:\Windows\UTP.exe
[2011/01/22 17:36:42 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/01/20 21:17:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/20 21:16:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/01/08 17:24:00 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/08 15:46:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/01/08 15:46:47 | 000,004,333 | ---- | C] () -- C:\Windows\mixerdef.ini
[2011/01/08 15:46:27 | 000,039,279 | ---- | C] () -- C:\Windows\cmijack.dat
[2011/01/08 15:46:27 | 000,028,165 | ---- | C] () -- C:\Windows\cmijack.ini
[2011/01/08 15:46:27 | 000,023,041 | ---- | C] () -- C:\Windows\cmaudio.dat
[2011/01/08 15:46:27 | 000,018,240 | ---- | C] () -- C:\Windows\cmaudio.ini
[2011/01/08 15:46:26 | 000,000,462 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2011/01/08 15:10:37 | 000,006,136 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/01/08 12:58:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/27 00:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/07/14 06:31:12 | 000,675,200 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2009/07/14 06:31:12 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2009/07/14 06:31:12 | 000,133,936 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2009/07/14 06:31:12 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2009/07/14 02:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:33:53 | 000,413,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 00:05:48 | 000,626,678 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 00:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 00:05:48 | 000,111,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 00:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 00:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 00:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 21:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/06/21 04:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

========== LOP Check ==========

[2011/12/08 21:07:49 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Activision
[2012/02/10 22:31:55 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Azureus
[2011/08/17 22:16:22 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\bizarre creations
[2011/08/10 21:27:36 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\FreeArc
[2011/08/04 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\ICAClient
[2012/02/10 22:13:19 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\IObit
[2011/09/18 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Need for Speed World
[2011/09/27 20:12:25 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\QuickScan
[2012/02/11 17:44:54 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Spam Monitor
[2012/02/11 13:40:12 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\TestApp
[2011/10/10 23:54:08 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\TuneUp Software
[2012/02/01 23:14:53 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Vso
[2012/02/10 20:20:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/10/11 20:33:39 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/10/11 20:28:28 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 272 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 20 bytes -> C:\Users\Anderson Backup\Desktop\PAVARK.exe:License
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP: DE406C3E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP: 430C6D84

< End of report >



< End of report >


------------
 
Última edição:
log do TDSS

19:17:57.0541 3652 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
19:17:59.0547 3652 ============================================================
19:17:59.0547 3652 Current date / time: 2012/02/16 19:17:59.0547
19:17:59.0548 3652 SystemInfo:
19:17:59.0548 3652
19:17:59.0548 3652 OS Version: 6.1.7601 ServicePack: 1.0
19:17:59.0548 3652 Product type: Workstation
19:17:59.0548 3652 ComputerName: AND-PC
19:17:59.0548 3652 UserName: Anderson Backup
19:17:59.0548 3652 Windows directory: C:\Windows
19:17:59.0548 3652 System windows directory: C:\Windows
19:17:59.0548 3652 Processor architecture: Intel x86
19:17:59.0548 3652 Number of processors: 1
19:17:59.0548 3652 Page size: 0x1000
19:17:59.0548 3652 Boot type: Normal boot
19:17:59.0548 3652 ============================================================
19:18:00.0593 3652 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:18:00.0603 3652 \Device\Harddisk0\DR0:
19:18:00.0603 3652 MBR used
19:18:00.0603 3652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2800A34
19:18:00.0620 3652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800AB2, BlocksNum 0x6D09B4E
19:18:00.0651 3652 Initialize success
19:18:00.0651 3652 ============================================================
19:18:06.0492 5768 ============================================================
19:18:06.0492 5768 Scan started
19:18:06.0492 5768 Mode: Manual; TDLFS;
19:18:06.0492 5768 ============================================================
19:18:07.0382 5768 0ca6E9B (43b0076b3ab8996b84d2cc8f990b582f) C:\Windows\system32\0ca6E9B.sys
19:18:07.0418 5768 0ca6E9B - ok
19:18:07.0504 5768 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:18:07.0505 5768 1394ohci - ok
19:18:07.0606 5768 19bB13E (43b0076b3ab8996b84d2cc8f990b582f) C:\Windows\system32\19bB13E.sys
19:18:07.0609 5768 19bB13E - ok
19:18:07.0798 5768 6c3223 (43b0076b3ab8996b84d2cc8f990b582f) C:\Windows\system32\6c3223.sys
19:18:07.0800 5768 6c3223 - ok
19:18:07.0913 5768 6c67A4E (43b0076b3ab8996b84d2cc8f990b582f) C:\Windows\system32\6c67A4E.sys
19:18:07.0915 5768 6c67A4E - ok
19:18:08.0013 5768 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:18:08.0015 5768 ACPI - ok
19:18:08.0133 5768 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:18:08.0134 5768 AcpiPmi - ok
19:18:08.0244 5768 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:18:08.0247 5768 adp94xx - ok
19:18:08.0377 5768 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:18:08.0379 5768 adpahci - ok
19:18:08.0515 5768 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:18:08.0517 5768 adpu320 - ok
19:18:08.0654 5768 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:18:08.0657 5768 AFD - ok
19:18:08.0856 5768 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:18:08.0857 5768 agp440 - ok
19:18:08.0953 5768 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:18:08.0954 5768 aic78xx - ok
19:18:09.0076 5768 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:18:09.0077 5768 aliide - ok
19:18:09.0190 5768 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:18:09.0191 5768 amdagp - ok
19:18:09.0374 5768 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:18:09.0374 5768 amdide - ok
19:18:09.0507 5768 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:18:09.0508 5768 AmdK8 - ok
19:18:09.0661 5768 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
19:18:09.0662 5768 AmdLLD - ok
19:18:09.0780 5768 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:18:09.0781 5768 AmdPPM - ok
19:18:09.0912 5768 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:18:09.0913 5768 amdsata - ok
19:18:10.0052 5768 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:18:10.0053 5768 amdsbs - ok
19:18:10.0169 5768 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:18:10.0170 5768 amdxata - ok
19:18:10.0246 5768 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:18:10.0247 5768 AppID - ok
19:18:10.0418 5768 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:18:10.0419 5768 arc - ok
19:18:10.0661 5768 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:18:10.0662 5768 arcsas - ok
19:18:10.0855 5768 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:18:10.0855 5768 AsyncMac - ok
19:18:10.0975 5768 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:18:10.0975 5768 atapi - ok
19:18:11.0155 5768 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:18:11.0158 5768 b06bdrv - ok
19:18:11.0295 5768 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:18:11.0297 5768 b57nd60x - ok
19:18:11.0493 5768 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:18:11.0494 5768 Beep - ok
19:18:11.0626 5768 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:18:11.0627 5768 blbdrive - ok
19:18:11.0744 5768 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:18:11.0745 5768 bowser - ok
19:18:11.0864 5768 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:18:11.0864 5768 BrFiltLo - ok
19:18:11.0992 5768 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:18:11.0993 5768 BrFiltUp - ok
19:18:12.0133 5768 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
19:18:12.0134 5768 BridgeMP - ok
19:18:12.0301 5768 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:18:12.0304 5768 Brserid - ok
19:18:12.0418 5768 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:18:12.0419 5768 BrSerWdm - ok
19:18:12.0551 5768 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:18:12.0552 5768 BrUsbMdm - ok
19:18:12.0676 5768 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:18:12.0677 5768 BrUsbSer - ok
19:18:12.0804 5768 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
19:18:12.0805 5768 BthEnum - ok
19:18:12.0926 5768 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:18:12.0927 5768 BTHMODEM - ok
19:18:13.0062 5768 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:18:13.0064 5768 BthPan - ok
19:18:13.0173 5768 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
19:18:13.0177 5768 BTHPORT - ok
19:18:13.0305 5768 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
19:18:13.0306 5768 BTHUSB - ok
19:18:13.0432 5768 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:18:13.0434 5768 cdfs - ok
19:18:13.0567 5768 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
19:18:13.0568 5768 cdrom - ok
19:18:13.0695 5768 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:18:13.0696 5768 circlass - ok
19:18:13.0824 5768 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:18:13.0828 5768 CLFS - ok
19:18:13.0961 5768 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:18:13.0961 5768 CmBatt - ok
19:18:14.0086 5768 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:18:14.0087 5768 cmdide - ok
19:18:14.0165 5768 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\Windows\system32\drivers\cmaudio.sys
19:18:14.0169 5768 cmpci - ok
19:18:14.0293 5768 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:18:14.0298 5768 CNG - ok
19:18:14.0364 5768 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:18:14.0365 5768 Compbatt - ok
19:18:14.0543 5768 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:18:14.0544 5768 CompositeBus - ok
19:18:14.0705 5768 cpuz134 - ok
19:18:14.0769 5768 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:18:14.0769 5768 crcdisk - ok
19:18:14.0907 5768 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
19:18:14.0909 5768 CSC - ok
19:18:15.0034 5768 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
19:18:15.0037 5768 ctxusbm - ok
19:18:15.0375 5768 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:18:15.0376 5768 DfsC - ok
19:18:15.0506 5768 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:18:15.0506 5768 discache - ok
19:18:15.0631 5768 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:18:15.0632 5768 Disk - ok
19:18:15.0732 5768 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
19:18:15.0733 5768 driverhardwarev2 - ok
19:18:16.0034 5768 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:18:16.0035 5768 drmkaud - ok
19:18:16.0179 5768 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:18:16.0187 5768 DXGKrnl - ok
19:18:16.0405 5768 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:18:16.0437 5768 ebdrv - ok
19:18:16.0586 5768 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:18:16.0589 5768 elxstor - ok
19:18:16.0703 5768 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:18:16.0704 5768 ErrDev - ok
19:18:16.0863 5768 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:18:16.0866 5768 exfat - ok
19:18:17.0028 5768 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:18:17.0029 5768 fastfat - ok
19:18:17.0156 5768 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:18:17.0157 5768 fdc - ok
19:18:17.0312 5768 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:18:17.0313 5768 FileInfo - ok
19:18:17.0441 5768 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:18:17.0441 5768 Filetrace - ok
19:18:17.0544 5768 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:18:17.0545 5768 flpydisk - ok
19:18:17.0675 5768 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:18:17.0677 5768 FltMgr - ok
19:18:17.0814 5768 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:18:17.0815 5768 FsDepends - ok
19:18:17.0927 5768 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:18:17.0927 5768 Fs_Rec - ok
19:18:18.0040 5768 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:18:18.0042 5768 fvevol - ok
19:18:18.0236 5768 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:18:18.0237 5768 gagp30kx - ok
19:18:18.0594 5768 gdrv - ok
19:18:18.0687 5768 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:18:18.0688 5768 hcw85cir - ok
19:18:18.0793 5768 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:18:18.0795 5768 HdAudAddService - ok
19:18:18.0930 5768 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:18:18.0931 5768 HDAudBus - ok
19:18:19.0050 5768 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:18:19.0051 5768 HidBatt - ok
19:18:19.0684 5768 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:18:19.0688 5768 HidBth - ok
19:18:20.0427 5768 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:18:20.0428 5768 HidIr - ok
19:18:20.0553 5768 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:18:20.0554 5768 HidUsb - ok
19:18:20.0695 5768 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:18:20.0695 5768 HpSAMD - ok
19:18:20.0831 5768 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:18:20.0834 5768 HTTP - ok
19:18:20.0954 5768 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:18:20.0954 5768 hwpolicy - ok
19:18:21.0079 5768 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:18:21.0080 5768 i8042prt - ok
19:18:21.0205 5768 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:18:21.0207 5768 iaStorV - ok
19:18:21.0344 5768 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:18:21.0344 5768 iirsp - ok
19:18:21.0466 5768 IntcAzAudAddService - ok
19:18:21.0542 5768 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:18:21.0542 5768 intelide - ok
19:18:21.0671 5768 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:18:21.0672 5768 intelppm - ok
19:18:21.0809 5768 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:18:21.0810 5768 IpFilterDriver - ok
19:18:21.0937 5768 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:18:21.0942 5768 IPMIDRV - ok
19:18:22.0105 5768 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:18:22.0106 5768 IPNAT - ok
19:18:22.0257 5768 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:18:22.0258 5768 IRENUM - ok
19:18:22.0425 5768 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:18:22.0436 5768 isapnp - ok
19:18:22.0657 5768 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:18:22.0668 5768 iScsiPrt - ok
19:18:22.0810 5768 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:18:22.0810 5768 kbdclass - ok
19:18:23.0018 5768 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:18:23.0058 5768 kbdhid - ok
19:18:24.0010 5768 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
19:18:24.0019 5768 KMWDFILTERx86 - ok
19:18:24.0212 5768 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:18:24.0213 5768 KSecDD - ok
19:18:24.0314 5768 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:18:24.0317 5768 KSecPkg - ok
19:18:24.0487 5768 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:18:24.0488 5768 lltdio - ok
19:18:24.0619 5768 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:18:24.0619 5768 LSI_FC - ok
19:18:24.0756 5768 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:18:24.0756 5768 LSI_SAS - ok
19:18:24.0992 5768 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:18:24.0992 5768 LSI_SAS2 - ok
19:18:25.0140 5768 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:18:25.0141 5768 LSI_SCSI - ok
19:18:25.0422 5768 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:18:25.0424 5768 luafv - ok
19:18:25.0953 5768 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:18:25.0954 5768 megasas - ok
19:18:26.0229 5768 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:18:26.0230 5768 MegaSR - ok
19:18:26.0755 5768 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:18:26.0755 5768 Modem - ok
19:18:26.0898 5768 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:18:26.0899 5768 monitor - ok
19:18:27.0015 5768 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:18:27.0016 5768 mouclass - ok
19:18:27.0077 5768 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:18:27.0078 5768 mouhid - ok
19:18:27.0197 5768 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:18:27.0198 5768 mountmgr - ok
19:18:27.0324 5768 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
19:18:27.0328 5768 MpFilter - ok
19:18:27.0751 5768 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:18:27.0755 5768 mpio - ok
19:18:27.0861 5768 MpKsl112e3f14 - ok
19:18:27.0960 5768 MpKsl1e7b1acd - ok
19:18:28.0051 5768 MpKsl21100e5e - ok
19:18:28.0084 5768 MpKsl2ab3674e - ok
19:18:28.0134 5768 MpKsl336aff6a - ok
19:18:28.0197 5768 MpKsl414dc95e - ok
19:18:28.0251 5768 MpKsl43084ae7 - ok
19:18:28.0309 5768 MpKsl5f506651 - ok
19:18:28.0351 5768 MpKsl617b1074 - ok
19:18:28.0384 5768 MpKsl746aace1 - ok
19:18:28.0425 5768 MpKsl954575db - ok
19:18:28.0459 5768 MpKsl98549e39 - ok
19:18:28.0500 5768 MpKsl9dc75644 - ok
19:18:28.0560 5768 MpKslae988eeb - ok
19:18:28.0631 5768 MpKslb152a0fe - ok
19:18:28.0681 5768 MpKslc5169394 - ok
19:18:28.0731 5768 MpKslcb2f27f9 - ok
19:18:28.0767 5768 MpKslcc071ffd - ok
19:18:28.0859 5768 MpKsle9cf861c - ok
19:18:28.0892 5768 MpKslef3d111f - ok
19:18:28.0934 5768 MpKslf177cf41 - ok
19:18:28.0967 5768 MpKslf5d76c26 - ok
19:18:29.0009 5768 MpKslff93c9c4 - ok
19:18:29.0073 5768 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:18:29.0075 5768 MpNWMon - ok
19:18:29.0228 5768 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:18:29.0229 5768 mpsdrv - ok
19:18:29.0362 5768 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:18:29.0363 5768 MRxDAV - ok
19:18:29.0491 5768 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:18:29.0497 5768 mrxsmb - ok
19:18:29.0645 5768 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:18:29.0648 5768 mrxsmb10 - ok
19:18:29.0792 5768 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:18:29.0794 5768 mrxsmb20 - ok
19:18:29.0927 5768 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:18:29.0927 5768 msahci - ok
19:18:30.0099 5768 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:18:30.0100 5768 msdsm - ok
19:18:30.0461 5768 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:18:30.0464 5768 Msfs - ok
19:18:30.0600 5768 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:18:30.0600 5768 mshidkmdf - ok
19:18:30.0719 5768 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:18:30.0720 5768 msisadrv - ok
19:18:30.0848 5768 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:18:30.0849 5768 MSKSSRV - ok
19:18:31.0008 5768 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:18:31.0009 5768 MSPCLOCK - ok
19:18:31.0138 5768 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:18:31.0139 5768 MSPQM - ok
19:18:31.0267 5768 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:18:31.0268 5768 MsRPC - ok
19:18:31.0781 5768 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:18:31.0781 5768 mssmbios - ok
19:18:31.0899 5768 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:18:31.0899 5768 MSTEE - ok
19:18:32.0076 5768 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:18:32.0077 5768 MTConfig - ok
19:18:32.0219 5768 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:18:32.0220 5768 Mup - ok
19:18:32.0359 5768 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:18:32.0361 5768 NativeWifiP - ok
19:18:32.0648 5768 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:18:32.0652 5768 NDIS - ok
19:18:32.0771 5768 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:18:32.0772 5768 NdisCap - ok
19:18:32.0880 5768 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:18:32.0880 5768 NdisTapi - ok
19:18:33.0042 5768 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:18:33.0042 5768 Ndisuio - ok
19:18:33.0362 5768 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:18:33.0365 5768 NdisWan - ok
19:18:33.0798 5768 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:18:33.0798 5768 NDProxy - ok
19:18:33.0919 5768 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:18:33.0920 5768 NetBIOS - ok
19:18:34.0022 5768 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:18:34.0023 5768 NetBT - ok
19:18:34.0280 5768 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:18:34.0281 5768 nfrd960 - ok
19:18:34.0459 5768 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:18:34.0461 5768 NisDrv - ok
19:18:34.0605 5768 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:18:34.0605 5768 Npfs - ok
19:18:34.0755 5768 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:18:34.0755 5768 nsiproxy - ok
19:18:34.0904 5768 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:18:34.0912 5768 Ntfs - ok
19:18:35.0089 5768 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:18:35.0090 5768 Null - ok
19:18:35.0277 5768 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
19:18:35.0279 5768 NVENETFD - ok
19:18:35.0835 5768 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:18:35.0971 5768 nvlddmkm - ok
19:18:36.0167 5768 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
19:18:36.0171 5768 NVNET - ok
19:18:36.0303 5768 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:18:36.0304 5768 nvraid - ok
19:18:36.0459 5768 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:18:36.0461 5768 nvstor - ok
19:18:36.0594 5768 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
19:18:36.0599 5768 nvstor32 - ok
19:18:36.0817 5768 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:18:36.0819 5768 nv_agp - ok
19:18:36.0993 5768 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:18:36.0994 5768 ohci1394 - ok
19:18:37.0117 5768 ONDAusbmdm6k (6899bdba16765bf728983917a80f7926) C:\Windows\system32\DRIVERS\ONDAusbmdm6k.sys
19:18:37.0118 5768 ONDAusbmdm6k - ok
19:18:37.0258 5768 ONDAusbnmea (6899bdba16765bf728983917a80f7926) C:\Windows\system32\DRIVERS\ONDAusbnmea.sys
19:18:37.0260 5768 ONDAusbnmea - ok
19:18:37.0384 5768 ONDAusbser6k (6899bdba16765bf728983917a80f7926) C:\Windows\system32\DRIVERS\ONDAusbser6k.sys
19:18:37.0386 5768 ONDAusbser6k - ok
19:18:37.0531 5768 ONDAusbvoice (6899bdba16765bf728983917a80f7926) C:\Windows\system32\DRIVERS\ONDAusbvoice.sys
19:18:37.0533 5768 ONDAusbvoice - ok
19:18:37.0765 5768 PAC7302 (0406a7c99a2a0b41d530db4dc6093e17) C:\Windows\system32\DRIVERS\PAC7302.SYS
19:18:37.0771 5768 PAC7302 - ok
19:18:37.0913 5768 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:18:37.0914 5768 Parport - ok
19:18:38.0041 5768 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:18:38.0042 5768 partmgr - ok
19:18:38.0198 5768 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:18:38.0199 5768 Parvdm - ok
19:18:38.0336 5768 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:18:38.0338 5768 pci - ok
19:18:38.0461 5768 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:18:38.0462 5768 pciide - ok
19:18:38.0572 5768 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:18:38.0573 5768 pcmcia - ok
19:18:38.0725 5768 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
19:18:38.0726 5768 pcouffin - ok
19:18:38.0854 5768 PCTAppEvent (4bb87c2afb75f8ab3c24f2af59e3b172) C:\Windows\system32\drivers\PCTAppEvent.sys
19:18:38.0856 5768 PCTAppEvent - ok
19:18:39.0001 5768 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
19:18:39.0002 5768 PCTBD - ok
19:18:39.0149 5768 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
19:18:39.0152 5768 PCTCore - ok
19:18:39.0303 5768 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
19:18:39.0307 5768 pctDS - ok
19:18:39.0817 5768 pctEFA (653d8079cc000ec454789740a07b84a8) C:\Windows\system32\drivers\pctEFA.sys
19:18:39.0827 5768 pctEFA - ok
19:18:39.0963 5768 PCTFW-PacketFilter (da67f33614e36aef1b8fdcc80699aae0) C:\Windows\system32\drivers\pctNdis-PacketFilter.sys
19:18:39.0965 5768 PCTFW-PacketFilter - ok
19:18:40.0182 5768 pctgntdi (00bfb1452ed8bb69fd135eb6a682303e) C:\Windows\System32\drivers\pctgntdi.sys
19:18:40.0424 5768 pctgntdi - ok
19:18:40.0768 5768 pctNdisLW (1623220615f0afabf9027c6f8d4da58a) C:\Windows\system32\DRIVERS\pctNdisLW.sys
19:18:40.0769 5768 pctNdisLW - ok
19:18:40.0905 5768 pctplfw (efe5a32ee53cfe0de11ddc7755526c8b) C:\Windows\System32\drivers\pctplfw.sys
19:18:40.0907 5768 pctplfw - ok
19:18:41.0155 5768 pctplsg (9e68be6aadbc3d688bac161f28af0ce0) C:\Windows\System32\drivers\pctplsg.sys
19:18:41.0156 5768 pctplsg - ok
19:18:41.0270 5768 PCTSD (ec49993baa9a86adf1cb6fa1cd895882) C:\Windows\system32\Drivers\PCTSD.sys
19:18:41.0272 5768 PCTSD - ok
19:18:41.0385 5768 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:18:41.0386 5768 pcw - ok
19:18:41.0527 5768 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:18:41.0530 5768 PEAUTH - ok
19:18:41.0836 5768 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:18:41.0837 5768 PptpMiniport - ok
19:18:41.0951 5768 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:18:41.0952 5768 Processor - ok
19:18:42.0131 5768 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:18:42.0132 5768 Psched - ok
19:18:42.0356 5768 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:18:42.0363 5768 ql2300 - ok
19:18:42.0514 5768 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:18:42.0515 5768 ql40xx - ok
19:18:42.0658 5768 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:18:42.0659 5768 QWAVEdrv - ok
19:18:42.0784 5768 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:18:42.0785 5768 RasAcd - ok
19:18:42.0907 5768 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:18:42.0907 5768 RasAgileVpn - ok
19:18:43.0029 5768 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:18:43.0030 5768 Rasl2tp - ok
19:18:43.0170 5768 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:18:43.0171 5768 RasPppoe - ok
19:18:43.0225 5768 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:18:43.0226 5768 RasSstp - ok
19:18:43.0376 5768 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:18:43.0378 5768 rdbss - ok
19:18:43.0494 5768 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:18:43.0494 5768 rdpbus - ok
19:18:43.0613 5768 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:18:43.0613 5768 RDPCDD - ok
19:18:43.0768 5768 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
19:18:43.0769 5768 RDPDR - ok
19:18:43.0906 5768 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:18:43.0907 5768 RDPENCDD - ok
19:18:44.0039 5768 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:18:44.0040 5768 RDPREFMP - ok
19:18:44.0191 5768 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
19:18:44.0192 5768 RdpVideoMiniport - ok
19:18:44.0334 5768 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:18:44.0338 5768 RDPWD - ok
19:18:44.0436 5768 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:18:44.0438 5768 rdyboost - ok
19:18:44.0576 5768 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:18:44.0577 5768 RFCOMM - ok
19:18:44.0838 5768 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:18:44.0839 5768 rspndr - ok
19:18:44.0967 5768 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
19:18:44.0968 5768 s3cap - ok
19:18:45.0167 5768 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:18:45.0168 5768 sbp2port - ok
19:18:45.0334 5768 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:18:45.0335 5768 scfilter - ok
19:18:45.0776 5768 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:18:45.0777 5768 secdrv - ok
19:18:45.0914 5768 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:18:45.0915 5768 Serenum - ok
19:18:46.0042 5768 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:18:46.0043 5768 Serial - ok
19:18:46.0194 5768 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:18:46.0195 5768 sermouse - ok
19:18:46.0389 5768 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:18:46.0390 5768 sffdisk - ok
19:18:46.0531 5768 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:18:46.0532 5768 sffp_mmc - ok
19:18:46.0665 5768 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:18:46.0666 5768 sffp_sd - ok
19:18:46.0784 5768 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:18:46.0784 5768 sfloppy - ok
19:18:46.0951 5768 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:18:46.0952 5768 sisagp - ok
19:18:47.0091 5768 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:18:47.0092 5768 SiSRaid2 - ok
19:18:47.0244 5768 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:18:47.0245 5768 SiSRaid4 - ok
19:18:47.0387 5768 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:18:47.0388 5768 Smb - ok
19:18:47.0549 5768 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:18:47.0550 5768 spldr - ok
19:18:47.0751 5768 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
19:18:47.0751 5768 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
19:18:47.0755 5768 sptd ( LockedFile.Multi.Generic ) - warning
19:18:47.0755 5768 sptd - detected LockedFile.Multi.Generic (1)
19:18:47.0890 5768 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:18:47.0892 5768 srv - ok
19:18:48.0022 5768 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:18:48.0027 5768 srv2 - ok
19:18:48.0149 5768 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:18:48.0150 5768 srvnet - ok
19:18:48.0359 5768 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:18:48.0359 5768 stexstor - ok
19:18:48.0464 5768 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
19:18:48.0465 5768 storflt - ok
19:18:48.0605 5768 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
19:18:48.0605 5768 storvsc - ok
19:18:48.0723 5768 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:18:48.0723 5768 swenum - ok
19:18:48.0866 5768 Synth3dVsc - ok
19:18:49.0027 5768 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:18:49.0042 5768 Tcpip - ok
19:18:49.0184 5768 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:18:49.0191 5768 TCPIP6 - ok
19:18:49.0347 5768 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:18:49.0348 5768 tcpipreg - ok
19:18:49.0499 5768 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:18:49.0500 5768 TDPIPE - ok
19:18:49.0797 5768 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:18:49.0798 5768 TDTCP - ok
19:18:49.0920 5768 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:18:49.0921 5768 tdx - ok
19:18:50.0077 5768 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:18:50.0078 5768 TermDD - ok
19:18:50.0155 5768 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\Windows\system32\drivers\TfFsMon.sys
19:18:50.0157 5768 TfFsMon - ok
19:18:50.0306 5768 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\Windows\system32\drivers\TfNetMon.sys
19:18:50.0307 5768 TfNetMon - ok
19:18:50.0437 5768 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\Windows\system32\drivers\TfSysMon.sys
19:18:50.0442 5768 TFSysMon - ok
19:18:50.0613 5768 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:18:50.0613 5768 tssecsrv - ok
19:18:50.0754 5768 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:18:50.0754 5768 TsUsbFlt - ok
19:18:50.0898 5768 tsusbhub - ok
19:18:50.0988 5768 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
19:18:50.0989 5768 TuneUpUtilitiesDrv - ok
19:18:51.0124 5768 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:18:51.0125 5768 tunnel - ok
19:18:51.0257 5768 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:18:51.0258 5768 uagp35 - ok
19:18:51.0394 5768 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:18:51.0396 5768 udfs - ok
19:18:51.0558 5768 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:18:51.0559 5768 uliagpkx - ok
19:18:51.0684 5768 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:18:51.0685 5768 umbus - ok
19:18:51.0874 5768 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:18:51.0875 5768 UmPass - ok
19:18:52.0021 5768 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:18:52.0022 5768 usbaudio - ok
19:18:52.0144 5768 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:18:52.0144 5768 usbccgp - ok
19:18:52.0295 5768 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:18:52.0296 5768 usbcir - ok
19:18:52.0438 5768 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:18:52.0438 5768 usbehci - ok
19:18:52.0515 5768 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:18:52.0517 5768 usbhub - ok
19:18:52.0704 5768 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
19:18:52.0705 5768 usbohci - ok
19:18:52.0877 5768 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:18:52.0879 5768 usbprint - ok
19:18:52.0988 5768 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:18:52.0989 5768 USBSTOR - ok
19:18:53.0110 5768 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:18:53.0111 5768 usbuhci - ok
19:18:53.0293 5768 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:18:53.0293 5768 vdrvroot - ok
19:18:53.0410 5768 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:18:53.0411 5768 vga - ok
19:18:53.0501 5768 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:18:53.0501 5768 VgaSave - ok
19:18:53.0704 5768 VGPU - ok
19:18:53.0773 5768 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:18:53.0775 5768 vhdmp - ok
19:18:53.0907 5768 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:18:53.0913 5768 viaagp - ok
19:18:54.0041 5768 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:18:54.0042 5768 ViaC7 - ok
19:18:54.0171 5768 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:18:54.0172 5768 viaide - ok
19:18:54.0278 5768 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
19:18:54.0280 5768 vmbus - ok
19:18:54.0407 5768 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
19:18:54.0408 5768 VMBusHID - ok
19:18:54.0556 5768 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:18:54.0557 5768 volmgr - ok
19:18:54.0695 5768 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:18:54.0698 5768 volmgrx - ok
19:18:55.0083 5768 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:18:55.0084 5768 volsnap - ok
19:18:55.0211 5768 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:18:55.0213 5768 vsmraid - ok
19:18:55.0339 5768 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:18:55.0341 5768 vwifibus - ok
19:18:55.0474 5768 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:18:55.0477 5768 WacomPen - ok
19:18:55.0638 5768 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:55.0641 5768 WANARP - ok
19:18:55.0668 5768 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:55.0669 5768 Wanarpv6 - ok
19:18:55.0866 5768 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:18:55.0867 5768 Wd - ok
19:18:56.0091 5768 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:18:56.0094 5768 Wdf01000 - ok
19:18:56.0319 5768 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:18:56.0320 5768 WfpLwf - ok
19:18:56.0475 5768 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:18:56.0475 5768 WIMMount - ok
19:18:56.0673 5768 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:18:56.0674 5768 WinUsb - ok
19:18:56.0832 5768 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:18:56.0832 5768 WmiAcpi - ok
19:18:57.0043 5768 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:18:57.0044 5768 ws2ifsl - ok
19:18:57.0212 5768 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:18:57.0214 5768 WudfPf - ok
19:18:57.0332 5768 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:18:57.0333 5768 WUDFRd - ok
19:18:57.0452 5768 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:18:57.0582 5768 \Device\Harddisk0\DR0 - ok
19:18:57.0588 5768 Boot (0x1200) (30012ce95a35228f97b029dd519c8634) \Device\Harddisk0\DR0\Partition0
19:18:57.0589 5768 \Device\Harddisk0\DR0\Partition0 - ok
19:18:57.0596 5768 Boot (0x1200) (c0c5865a49fc41f5bc7d2cdb091712cc) \Device\Harddisk0\DR0\Partition1
19:18:57.0598 5768 \Device\Harddisk0\DR0\Partition1 - ok
19:18:57.0602 5768 ============================================================
19:18:57.0602 5768 Scan finished
19:18:57.0602 5768 ============================================================
19:18:57.0618 4112 Detected object count: 1
19:18:57.0618 4112 Actual detected object count: 1
19:19:16.0252 4112 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:19:16.0252 4112 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
 
Pessoal da uma ajuda ae.

OTL logfile created on: 20/02/2012 11:35:13 - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = D:\ANTIVIR
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,98 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,68% Memory free
7,95 Gb Paging File | 5,52 Gb Available in Paging File | 69,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 95,96 Gb Free Space | 49,13% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 427,34 Gb Free Space | 45,88% Space Free | Partition Type: NTFS
Drive E: | 177,20 Gb Total Space | 27,47 Gb Free Space | 15,50% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 56,02 Gb Free Space | 28,68% Space Free | Partition Type: NTFS
Drive G: | 102,43 Gb Total Space | 86,23 Gb Free Space | 84,18% Space Free | Partition Type: NTFS
Drive I: | 7,64 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ADRIANO-PC | User Name: Adriano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 11:33:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- D:\ANTIVIR\OTL.exe
PRC - [2012/02/20 08:09:03 | 000,282,864 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/02/18 15:44:28 | 000,473,768 | R--- | M] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) -- E:\iRacing\iRacingService.exe
PRC - [2012/02/18 01:25:54 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/19 09:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/11 21:29:00 | 028,201,096 | ---- | M] (Electronic Arts) -- E:\Origin\Origin.exe
PRC - [2012/01/11 21:27:47 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/29 19:14:04 | 000,929,792 | ---- | M] (Ray Adams) -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe
PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/09/03 18:36:20 | 000,302,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/08/17 13:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/08 17:44:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/08/08 17:44:54 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/03/17 06:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/03/17 06:15:04 | 000,842,048 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2010/07/04 17:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/18 01:25:53 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/17 21:26:55 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/02 16:01:24 | 016,827,392 | R--- | M] () -- E:\Origin\QtWebKit4.dll
MOD - [2011/12/02 15:59:12 | 000,312,320 | R--- | M] () -- E:\Origin\imageformats\qtiff4.dll
MOD - [2011/12/02 15:59:12 | 000,264,192 | R--- | M] () -- E:\Origin\imageformats\qmng4.dll
MOD - [2011/12/02 15:59:12 | 000,211,456 | R--- | M] () -- E:\Origin\imageformats\qjpeg4.dll
MOD - [2011/12/02 15:59:12 | 000,032,256 | R--- | M] () -- E:\Origin\imageformats\qico4.dll
MOD - [2011/12/02 15:59:12 | 000,028,672 | R--- | M] () -- E:\Origin\imageformats\qgif4.dll
MOD - [2011/12/02 15:59:10 | 000,172,544 | R--- | M] () -- E:\Origin\codecs\qjpcodecs4.dll
MOD - [2011/12/02 15:59:10 | 000,158,208 | R--- | M] () -- E:\Origin\codecs\qtwcodecs4.dll
MOD - [2011/12/02 15:59:10 | 000,143,872 | R--- | M] () -- E:\Origin\codecs\qcncodecs4.dll
MOD - [2011/12/02 15:59:10 | 000,079,872 | R--- | M] () -- E:\Origin\codecs\qkrcodecs4.dll
MOD - [2011/12/02 15:58:06 | 000,327,680 | R--- | M] () -- E:\Origin\phonon4.dll
MOD - [2011/12/02 15:58:04 | 000,413,184 | R--- | M] () -- E:\Origin\QtXml4.dll
MOD - [2011/12/02 15:58:02 | 001,152,512 | R--- | M] () -- E:\Origin\QtNetwork4.dll
MOD - [2011/12/02 15:58:00 | 009,440,256 | R--- | M] () -- E:\Origin\QtGui4.dll
MOD - [2011/12/02 15:57:58 | 002,694,144 | R--- | M] () -- E:\Origin\QtCore4.dll
MOD - [2011/10/29 19:12:56 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\raphook.dll
MOD - [2010/07/04 19:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 17:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2008/04/11 14:33:18 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mg_intelcpu.dll
MOD - [2008/04/09 14:08:46 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mg_amdcore.dll
MOD - [2007/09/14 13:35:34 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mg_cpuload.dll
MOD - [2007/03/07 10:26:34 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\support.dll
MOD - [2007/03/07 10:25:26 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\kbdhook.dll
MOD - [2007/01/03 18:09:46 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mg_xvlt.dll
MOD - [2006/12/26 15:53:28 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mg_hdddtemp.dll
MOD - [2006/12/25 07:02:24 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\mongraphsexample.dll
MOD - [2005/11/29 15:38:20 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\hddtemp.dll
MOD - [2005/11/29 15:34:38 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\plugins\pciset.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/21 01:11:26 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/11/09 17:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service)
SRV:64bit: - [2011/06/06 14:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009/07/13 23:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/20 08:09:03 | 000,282,864 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/02/18 15:44:28 | 000,473,768 | R--- | M] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) [Auto | Running] -- E:\iRacing\iRacingService.exe -- (iRacingService)
SRV - [2012/01/19 09:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/11 21:27:47 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/08/17 13:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/08 17:44:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/08/08 17:44:54 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/21 01:48:08 | 010,818,048 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/01/21 00:11:36 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/07 09:28:22 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/01/07 09:25:56 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/12/05 17:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/11/30 15:09:32 | 000,358,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011/11/28 14:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/09/13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/03/17 12:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011/03/17 12:10:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/03/17 12:10:34 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/03/11 04:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 04:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 01:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 01:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 01:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 01:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 01:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 01:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 01:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 01:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/12/21 16:32:06 | 000,045,896 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2009/07/13 23:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm






IE - HKU\S-1-5-21-2918259655-4278785678-1382862028-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
IE - HKU\S-1-5-21-2918259655-4278785678-1382862028-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-2918259655-4278785678-1382862028-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 F1 8B 7C D4 ED CC 01 [binary data]
IE - HKU\S-1-5-21-2918259655-4278785678-1382862028-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adriano\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adriano\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 01:25:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/04 18:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adriano\AppData\Roaming\mozilla\Extensions
[2012/02/20 10:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adriano\AppData\Roaming\mozilla\Firefox\Profiles\y7rwb9d5.default\extensions
[2012/02/04 18:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ADRIANO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y7RWB9D5.DEFAULT\EXTENSIONS\BATCHDOWNLOAD@PANSHISOFT.CN.XPI
[2012/02/18 01:25:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 12:20:59 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2012/01/29 12:20:59 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2012/01/29 11:55:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/01/29 12:20:59 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/01/29 12:20:59 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Adriano\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adriano\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Adriano\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adriano\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Adriano\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Users\Adriano\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.51_0\
CHR - Extension: YouTube = C:\Users\Adriano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Pesquisa do Google = C:\Users\Adriano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: HootSuite = C:\Users\Adriano\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\
CHR - Extension: Google Maps = C:\Users\Adriano\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.3_0\
CHR - Extension: No BBB = C:\Users\Adriano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pffipagakjgfndljjpkbdpoimojmgjca\1.4_0\
CHR - Extension: Gmail = C:\Users\Adriano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/25 04:04:03 | 000,000,888 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2918259655-4278785678-1382862028-1000..\Run: [AtiTrayTools] C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKU\S-1-5-21-2918259655-4278785678-1382862028-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2918259655-4278785678-1382862028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2918259655-4278785678-1382862028-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2918259655-4278785678-1382862028-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-2918259655-4278785678-1382862028-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-2918259655-4278785678-1382862028-1000\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8893C5DF-A177-4C88-80BA-B222E14263ED}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEBD56BF-2A35-451A-8554-D0B3A937832E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/28 14:42:54 | 000,467,168 | R--- | M] (Electronic Arts) - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/02/28 14:58:30 | 000,000,000 | ---D | M] - I:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2011/02/28 14:58:24 | 003,582,976 | R--- | M] () - I:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2011/02/28 14:58:24 | 000,000,152 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3f3a5b9a-2f39-11e1-a6b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3f3a5b9a-2f39-11e1-a6b4-806e6f6e6963}\Shell\AutoRun\command - "" = H:\CMSTORM.EXE
O33 - MountPoints2\{9ab43c40-3922-11e1-8b17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9ab43c40-3922-11e1-8b17-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2011/02/28 14:42:54 | 000,467,168 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/20 09:47:41 | 000,000,000 | ---D | C] -- C:\Users\Adriano\Desktop\RANIERI
[2012/02/20 09:34:57 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\TeraCopy
[2012/02/20 09:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2012/02/20 09:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2012/02/19 17:10:34 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlackFire's Mod 2
[2012/02/18 20:40:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2012/02/18 20:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012/02/18 11:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/02/18 11:37:15 | 000,000,000 | ---D | C] -- C:\Windows\kdb
[2012/02/18 11:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/02/18 11:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/02/18 11:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/02/18 11:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/02/18 11:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/02/18 11:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/02/18 11:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/02/18 11:34:24 | 000,000,000 | ---D | C] -- C:\AMD
[2012/02/18 10:28:20 | 000,000,000 | ---D | C] -- C:\Users\Adriano\Documents\BioWare
[2012/02/18 10:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/02/18 10:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/02/18 10:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2012/02/18 10:18:04 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2012/02/18 10:18:04 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2012/02/18 10:18:03 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/02/18 10:18:03 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/02/18 10:18:03 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/02/18 10:18:03 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/02/18 10:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/02/18 10:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2012/02/18 09:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer
[2012/02/18 09:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tribo Gamer
[2012/02/17 21:28:15 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{2D99D869-C01F-4659-8E2D-8376715557F9}
[2012/02/17 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{A567D836-EBCE-4C82-A609-B4E810362DB6}
[2012/02/16 19:24:00 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{E8BE5A4C-9F36-4003-AA72-5C13D4E97FA9}
[2012/02/16 19:23:24 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{3E14D3E9-D0A0-4FFF-A2A6-DD79CCC150EC}
[2012/02/16 19:16:07 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/16 19:16:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/16 19:16:06 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/16 19:16:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/16 19:16:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/16 19:16:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/16 19:16:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 19:16:05 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/16 19:16:05 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/16 19:16:05 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/16 19:16:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/16 19:13:32 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/16 19:13:22 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/16 19:13:21 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/16 19:13:21 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/16 07:04:55 | 000,000,000 | ---D | C] -- C:\Users\Adriano\Documents\Remedy
[2012/02/16 06:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
[2012/02/14 21:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/02/14 19:42:14 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{F68B48C1-B192-47D4-A39A-C1DD09C8A0C2}
[2012/02/14 19:41:42 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{01496ADC-7C28-4855-9A09-0E680C7AF088}
[2012/02/12 23:55:57 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\Malwarebytes
[2012/02/12 23:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/12 13:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA IV - Ultimate Vehicle Pack
[2012/02/12 13:46:36 | 000,000,000 | ---D | C] -- C:\Windows\GTA IV - Ultimate Vehicle Pack
[2012/02/11 12:25:39 | 000,000,000 | ---D | C] -- C:\Users\Adriano\Documents\Storm
[2012/02/11 12:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cooler Master
[2012/02/11 12:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cooler Master
[2012/02/11 12:02:33 | 000,000,000 | ---D | C] -- C:\Users\Adriano\Documents\Hard Reset
[2012/02/11 09:07:25 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{1DB653B2-EA3B-4FAA-AB31-166711FDF761}
[2012/02/11 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{4B659842-2800-479E-8A7F-434ECE108F02}
[2012/02/10 20:59:23 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{E30FC702-284A-488E-8D40-66BF37A7D0A9}
[2012/02/10 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{4883B91C-6663-4310-8864-0078934281C0}
[2012/02/10 18:56:48 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\WGB_Panther_BF3
[2012/02/09 21:55:47 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\TeamViewer
[2012/02/09 21:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/02/09 19:39:04 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/09 19:05:09 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\Opera
[2012/02/09 19:05:09 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\Opera
[2012/02/09 19:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012/02/09 18:33:36 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{7F13B7D9-EAB0-42E9-BE4E-FD9B0B66088F}
[2012/02/09 18:32:58 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{36654B70-E435-427D-BC81-A0A99D520284}
[2012/02/08 18:43:25 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{1920D8F9-CE83-4A34-A851-AAE9C88174F4}
[2012/02/08 18:42:51 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{7406E64A-9AE3-4514-A73A-3A2883C6C375}
[2012/02/07 22:26:22 | 000,055,856 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2012/02/07 22:26:22 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2012/02/07 22:26:22 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2012/02/07 22:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012/02/07 22:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/02/07 18:57:22 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{6343AD39-06F2-4170-BFA3-B80148006252}
[2012/02/07 18:56:45 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{D0AFC2FE-0A6F-4662-B5F1-03B8221CF00F}
[2012/02/06 22:09:53 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{33C6CB4B-1B40-44D2-8CFD-D20D77ACE763}
[2012/02/06 22:09:14 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{E56A4780-4804-42BD-9DE8-A6941750DCBE}
[2012/02/06 07:05:36 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\Nik Software
[2012/02/06 07:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2012/02/05 20:14:44 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\SKIDROW
[2012/02/05 19:45:29 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{6B7DE2F8-A3B9-46C7-97CE-003E2FFF210A}
[2012/02/05 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{945AAE80-F383-4F23-A6BD-8EF050D1F317}
[2012/02/05 13:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/02/05 06:55:07 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{048181EE-05BE-4EEC-BB7F-552F90C6C947}
[2012/02/05 06:54:34 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{8BC1CB18-1404-4028-A60E-209EC2808BF3}
[2012/02/04 18:53:56 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{C0B06968-A1EA-49BA-93E4-36077FA002A5}
[2012/02/04 18:53:17 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{E9EF515D-5E7C-4B03-85F1-21ADF23F5CE2}
[2012/02/04 18:29:45 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\Mozilla
[2012/02/04 18:29:45 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\Mozilla
[2012/02/04 18:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/02/04 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\LoRd_MuldeR
[2012/02/04 14:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LameXP v4.03
[2012/02/04 14:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MuldeR
[2012/02/03 20:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2012/02/03 19:35:54 | 000,000,000 | ---D | C] -- C:\Users\Adriano\Documents\ConvertXToDVD
[2012/02/03 19:26:01 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\Pncrt.dll
[2012/02/03 19:26:01 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv43260.dll
[2012/02/03 19:26:01 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv33260.dll
[2012/02/03 19:26:01 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\sipr3260.dll
[2012/02/03 19:26:00 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc1dmod.dll
[2012/02/03 19:26:00 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drv23260.dll
[2012/02/03 19:26:00 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\cook3260.dll
[2012/02/03 19:21:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Adriano\AppData\Roaming\pcouffin.sys
[2012/02/03 19:21:48 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\Vso
[2012/02/03 19:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2012/02/03 19:21:48 | 000,000,000 | ---D | C] -- C:\Users\Adriano\Documents\PcSetup
[2012/02/03 19:21:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vso
[2012/02/03 18:49:46 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{FE0032CB-A25E-46FE-A541-73345457D397}
[2012/02/03 18:49:13 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{282E8210-889D-4563-8537-08A6915C8D8E}
[2012/02/02 23:32:36 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{0364CFAE-A335-46ED-875B-89D59C6BFA78}
[2012/02/02 23:31:59 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{3F9808C4-8382-4FCC-BE9A-B5CBF59D5006}
[2012/01/29 14:52:09 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\BF3CC
[2012/01/29 14:52:03 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\i3D
[2012/01/29 09:42:42 | 000,000,000 | ---D | C] -- C:\Users\Adriano\Documents\Intel(R) Integrator Toolkit
[2012/01/29 09:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/01/29 09:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/01/29 09:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
[2012/01/29 09:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalWire
[2012/01/28 14:36:26 | 000,000,000 | R--D | C] -- C:\Users\Adriano\Documents\Notes
[2012/01/25 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{94F9FEA7-F626-4DF8-ADDF-F8BECD07F57F}
[2012/01/25 19:50:29 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{9A5A8F82-D83F-4B37-BDEF-093234D88617}
[2012/01/25 19:23:59 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Roaming\doctor
[2012/01/22 11:32:39 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{F22B965D-5FEB-4FFF-83E9-582177EF113B}
[2012/01/22 11:32:02 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{4A744CDF-0DEF-48CB-B27B-315FF2318F21}
[2012/01/21 20:19:03 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/21 20:19:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/21 19:27:01 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\ElevatedDiagnostics
[2012/01/21 14:16:48 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{84110A90-9D26-4C3A-BC91-295E6856BC15}
[2012/01/21 14:16:09 | 000,000,000 | ---D | C] -- C:\Users\Adriano\AppData\Local\{550399AF-9A39-43A4-959C-6BD5F5C1E3E8}
[2011/12/26 21:59:49 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/20 11:37:41 | 000,025,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 11:37:41 | 000,025,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/20 10:47:01 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2918259655-4278785678-1382862028-1000UA.job
[2012/02/20 09:37:16 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/02/20 09:34:51 | 000,000,812 | ---- | M] () -- C:\Users\Adriano\Desktop\TeraCopy.lnk
[2012/02/20 08:09:03 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/02/20 08:09:03 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/19 22:14:53 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/02/19 19:47:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2918259655-4278785678-1382862028-1000Core.job
[2012/02/19 17:13:29 | 000,000,746 | ---- | M] () -- C:\Users\Adriano\Desktop\Crysis 2 MaLDoHDv3.lnk
[2012/02/19 17:09:03 | 000,000,858 | ---- | M] () -- C:\Users\Adriano\Desktop\MaLDoHD Config Utility.lnk
[2012/02/19 09:37:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/19 09:37:11 | 3203,457,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/19 02:22:32 | 000,000,136 | ---- | M] () -- C:\Users\Adriano\Desktop\Crysis® 2 - Atalho.lnk
[2012/02/18 15:36:05 | 000,001,057 | ---- | M] () -- C:\Users\Adriano\AppData\Roaming\vso_ts_preview.xml
[2012/02/18 14:45:56 | 000,000,132 | ---- | M] () -- C:\Users\Adriano\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/02/18 11:39:36 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/02/18 10:18:03 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/02/18 10:18:03 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/02/18 10:18:03 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/02/18 10:18:03 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/02/18 10:17:01 | 000,001,460 | ---- | M] () -- C:\Users\Public\Desktop\DiRT 3.lnk
[2012/02/17 21:26:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/17 19:48:10 | 000,002,413 | ---- | M] () -- C:\Users\Adriano\Desktop\Google Chrome.lnk
[2012/02/16 20:06:25 | 004,980,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/16 19:21:27 | 001,527,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/16 19:21:27 | 000,663,606 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/02/16 19:21:27 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/16 19:21:27 | 000,127,896 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/02/16 19:21:27 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/16 06:58:09 | 000,000,606 | ---- | M] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/02/14 20:10:07 | 000,722,151 | ---- | M] () -- C:\Users\Adriano\Desktop\mjf.jpg
[2012/02/12 22:43:24 | 000,000,885 | ---- | M] () -- C:\Users\Adriano\Desktop\desktop - Atalho.lnk
[2012/02/12 22:31:22 | 000,056,310 | ---- | M] () -- C:\Windows\FontData.fdb
[2012/02/10 22:06:54 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2012/02/09 19:05:07 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/02/07 23:25:04 | 000,749,568 | ---- | M] () -- C:\Users\Adriano\Documents\Sketch Pad 1.sketchpad
[2012/02/07 23:24:40 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/05 13:53:28 | 000,000,543 | ---- | M] () -- C:\Users\Public\Desktop\Rage.lnk
[2012/02/05 09:28:13 | 000,000,221 | ---- | M] () -- C:\Users\Adriano\Desktop\Grand Theft Auto IV.url
[2012/02/04 18:29:42 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/04 07:48:07 | 000,596,543 | ---- | M] () -- C:\Windows\SysNative\features_gray.cff
[2012/02/04 07:48:07 | 000,121,980 | ---- | M] () -- C:\Windows\SysNative\features_polyakov.cff
[2012/02/04 07:48:07 | 000,113,931 | ---- | M] () -- C:\Windows\SysNative\xr_elements.xre
[2012/02/03 19:26:02 | 000,001,232 | ---- | M] () -- C:\Users\Adriano\Desktop\ConvertXtoDVD 4.lnk
[2012/02/03 19:21:48 | 000,099,384 | ---- | M] () -- C:\Users\Adriano\AppData\Roaming\inst.exe
[2012/02/03 19:21:48 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Adriano\AppData\Roaming\pcouffin.sys
[2012/02/03 19:21:48 | 000,007,859 | ---- | M] () -- C:\Users\Adriano\AppData\Roaming\pcouffin.cat
[2012/02/03 19:21:48 | 000,002,125 | ---- | M] () -- C:\Users\Adriano\Desktop\Blu-ray to DVD.lnk
[2012/02/03 19:21:48 | 000,001,167 | ---- | M] () -- C:\Users\Adriano\AppData\Roaming\pcouffin.inf
[2012/02/02 22:08:23 | 000,719,360 | ---- | M] () -- C:\Users\Adriano\Desktop\WGB_Panther_BF3.exe
[2012/01/30 19:32:25 | 005,425,022 | ---- | M] () -- C:\Users\Adriano\Desktop\Untitled-2.psd
[2012/01/29 14:52:03 | 000,000,286 | ---- | M] () -- C:\Users\Adriano\Desktop\BF3CC.appref-ms
[2012/01/29 14:43:35 | 000,001,041 | ---- | M] () -- C:\Users\Adriano\Desktop\PRoCon - Atalho.lnk
[2012/01/29 09:30:09 | 000,001,235 | ---- | M] () -- C:\Users\Adriano\Desktop\AIDA64 Extreme Edition.lnk
[2012/01/22 10:04:21 | 000,001,249 | ---- | M] () -- C:\Users\Public\Desktop\BF3 Settings Editor.lnk
[2012/01/22 09:46:00 | 000,001,263 | ---- | M] () -- C:\Users\Public\Desktop\Battlelog Standalone.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 09:34:51 | 000,000,812 | ---- | C] () -- C:\Users\Adriano\Desktop\TeraCopy.lnk
[2012/02/19 17:13:29 | 000,000,746 | ---- | C] () -- C:\Users\Adriano\Desktop\Crysis 2 MaLDoHDv3.lnk
[2012/02/19 17:09:03 | 000,000,858 | ---- | C] () -- C:\Users\Adriano\Desktop\MaLDoHD Config Utility.lnk
[2012/02/19 02:22:32 | 000,000,136 | ---- | C] () -- C:\Users\Adriano\Desktop\Crysis® 2 - Atalho.lnk
[2012/02/18 11:39:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/18 11:36:41 | 000,001,244 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerXpress.lnk
[2012/02/18 10:17:01 | 000,001,460 | ---- | C] () -- C:\Users\Public\Desktop\DiRT 3.lnk
[2012/02/16 06:58:09 | 000,000,606 | ---- | C] () -- C:\Users\Public\Desktop\Alan Wake.lnk
[2012/02/14 20:10:04 | 000,722,151 | ---- | C] () -- C:\Users\Adriano\Desktop\mjf.jpg
[2012/02/12 22:43:24 | 000,000,885 | ---- | C] () -- C:\Users\Adriano\Desktop\desktop - Atalho.lnk
[2012/02/12 22:31:21 | 000,056,310 | ---- | C] () -- C:\Windows\FontData.fdb
[2012/02/11 20:31:37 | 000,000,132 | ---- | C] () -- C:\Users\Adriano\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/02/10 22:06:54 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2012/02/10 22:06:54 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2012/02/10 18:54:07 | 000,719,360 | ---- | C] () -- C:\Users\Adriano\Desktop\WGB_Panther_BF3.exe
[2012/02/09 21:55:29 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/02/09 19:39:05 | 000,002,413 | ---- | C] () -- C:\Users\Adriano\Desktop\Google Chrome.lnk
[2012/02/09 19:05:07 | 000,001,845 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/02/09 19:05:07 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/02/07 23:24:42 | 000,749,568 | ---- | C] () -- C:\Users\Adriano\Documents\Sketch Pad 1.sketchpad
[2012/02/07 23:24:39 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/07 22:27:47 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/02/07 22:26:28 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2012/02/07 22:17:10 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter Sketch Pad.lnk
[2012/02/05 13:53:28 | 000,000,543 | ---- | C] () -- C:\Users\Public\Desktop\Rage.lnk
[2012/02/05 09:28:13 | 000,000,221 | ---- | C] () -- C:\Users\Adriano\Desktop\Grand Theft Auto IV.url
[2012/02/04 18:29:42 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/04 18:29:42 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/03 19:26:31 | 000,001,057 | ---- | C] () -- C:\Users\Adriano\AppData\Roaming\vso_ts_preview.xml
[2012/02/03 19:26:02 | 000,001,232 | ---- | C] () -- C:\Users\Adriano\Desktop\ConvertXtoDVD 4.lnk
[2012/02/03 19:21:48 | 000,099,384 | ---- | C] () -- C:\Users\Adriano\AppData\Roaming\inst.exe
[2012/02/03 19:21:48 | 000,007,859 | ---- | C] () -- C:\Users\Adriano\AppData\Roaming\pcouffin.cat
[2012/02/03 19:21:48 | 000,002,125 | ---- | C] () -- C:\Users\Adriano\Desktop\Blu-ray to DVD.lnk
[2012/02/03 19:21:48 | 000,001,167 | ---- | C] () -- C:\Users\Adriano\AppData\Roaming\pcouffin.inf
[2012/01/30 19:06:33 | 005,425,022 | ---- | C] () -- C:\Users\Adriano\Desktop\Untitled-2.psd
[2012/01/29 14:52:03 | 000,000,286 | ---- | C] () -- C:\Users\Adriano\Desktop\BF3CC.appref-ms
[2012/01/29 14:43:35 | 000,001,041 | ---- | C] () -- C:\Users\Adriano\Desktop\PRoCon - Atalho.lnk
[2012/01/29 09:30:09 | 000,001,235 | ---- | C] () -- C:\Users\Adriano\Desktop\AIDA64 Extreme Edition.lnk
[2012/01/22 10:28:18 | 000,002,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gráficos Comutáveis.lnk
[2012/01/22 10:25:33 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\amdverag.dll
[2012/01/22 10:25:28 | 000,026,936 | ---- | C] () -- C:\Windows\SysNative\ativvsnl.dat
[2012/01/22 10:25:28 | 000,000,025 | ---- | C] () -- C:\Windows\SysNative\ativvsny.dat
[2012/01/22 09:46:00 | 000,001,263 | ---- | C] () -- C:\Users\Public\Desktop\Battlelog Standalone.lnk
[2012/01/21 00:36:52 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/01/21 00:36:52 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/20 22:04:54 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2012/01/20 22:04:44 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/11 21:27:46 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/01/11 19:59:58 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/01/11 19:59:58 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/01/03 00:13:55 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/12/26 21:59:49 | 003,164,160 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011/12/26 21:59:49 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/26 21:59:48 | 000,632,832 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/26 21:59:48 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/26 21:59:48 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/25 22:16:16 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/25 22:15:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/13 21:44:10 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 21:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2012/01/01 01:32:47 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\AnvSoft
[2012/01/29 14:53:32 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\BF3CC
[2012/02/11 16:10:41 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\Bioshock
[2012/01/15 10:58:13 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\Bioshock2
[2012/01/01 02:15:10 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\DAEMON Tools Lite
[2012/01/07 09:29:18 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\DAEMON Tools Pro
[2012/01/25 19:23:59 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\doctor
[2012/01/15 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\Foxit Software
[2011/12/30 20:19:46 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\Mirillis
[2012/02/06 07:05:36 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\Nik Software
[2012/02/09 19:05:09 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\Opera
[2011/12/25 21:56:25 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\Origin
[2012/01/03 00:13:55 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\PACE Anti-Piracy
[2012/01/03 19:21:46 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\PDAppFlex
[2012/01/10 07:06:55 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/11 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\SystemRequirementsLab
[2012/02/09 22:13:31 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\TeamViewer
[2012/02/20 09:35:36 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\TeraCopy
[2012/01/03 00:17:20 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\Trine2
[2012/01/24 20:28:34 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\TS3Client
[2012/02/20 07:30:24 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\uTorrent
[2012/02/18 15:36:06 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\Vso
[2012/02/12 20:46:49 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\WGB_Panther_BF3
[2012/01/01 01:12:06 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\WinAVI
[2012/01/13 22:04:24 | 000,000,000 | ---D | M] -- C:\Users\Adriano\AppData\Roaming\XBMC
[2012/02/20 09:37:16 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/02/18 11:33:13 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
@Alternate Data Stream - 1080 bytes -> C:\ProgramData\Microsoft:hkGFNlMpAt9kGPx2SNpmzDYhdXUp
@Alternate Data Stream - 1037 bytes -> C:\ProgramData\Microsoft:0MDrGX8z5NkPwhxR6fJOykYI
@Alternate Data Stream - 1008 bytes -> C:\ProgramData\Microsoft:qkrG8QrxuVDRALCVbsiZlGQ

< End of report >
 
estou com um virus que CRIOU atalhos das pastas my music, my images, etc e tambem criou varios arquivos desktop.ini pelo computador inteiro, um cada pasta, ele tambem negou acesso as pastas: arquivos comuns dos arquivos de programas e nao aceita abrir o acesso pelo attrib e nem pelo gerenciador de permissoes... meu notebook e HP e ja usei fdisk para deletar e criar particoes formatei com fat 32 e depois para intalar o win7 formatei com ntfs, enfim, mesmo formatando o virus aparce logo ao fim da instalacao, acredito que o virus foi pra bios ou MBR ou o fdisk nao esta apagando os arquivos das trilhas, o que devo fazer, alguem sugere algo.....desde ja agradeco a ajuda

ComboFix 12-02-21.01 - Anderson 21/02/2012 14:47:52.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.3003.2411 [GMT -3:00]
Executando de: c:\limpar\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-01-21 to 2012-02-21 ))))))))))))))))))))))))))))
.
.
2012-02-21 17:50 . 2012-02-21 17:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-21 15:55 . 2012-02-21 17:46 -------- d-----w- C:\limpar
2012-02-21 15:16 . 2012-02-21 15:16 -------- d-----w- c:\program files\ESET
2012-02-21 15:14 . 2012-02-21 15:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-21 15:14 . 2012-02-21 15:14 -------- d-----w- c:\windows\system32\Macromed
2012-02-21 15:11 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2012-02-21 15:11 . 2012-02-21 15:11 -------- d-----w- c:\program files\Panda Security
2012-02-21 14:45 . 2012-02-20 04:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{757869E9-9305-4748-95BF-522F314EEEB9}\mpengine.dll
2012-02-21 14:45 . 2012-01-29 08:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 14:26 . 2012-02-21 14:26 -------- d-----w- C:\Ativador Windows 7 Todas as Versões x86 e x64.exe
2012-02-21 14:22 . 2012-02-21 17:16 -------- d-----w- c:\windows\system32\wbem\Performance
2012-02-21 14:12 . 2012-02-21 14:23 -------- d-----w- c:\windows\Panther
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
.
------- Scan Suplementar -------
.
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-02-21 14:53:14 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-02-21 17:53
.
Pré-execução: 98.563.244.032 bytes disponíveis
Pós execução: 98.428.252.160 bytes disponíveis
.
- - End Of File - - DEBA07A2C890E0BB084A068FA2A15879





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:29:37, on 21/02/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\limpar\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
--
End of file - 935 bytes




solicito ajuda ?(
 
Olá Mr.Wolf beleza ?

Gostaria de saber da sua opinião, qual o melhor Anti Vírus atualmente. E, se este "Microsoft Security Essentials" vale realmente a pena como descrito neste artigo.

Obrigado.
 
Fala gente, blz?

Meu Avira não para de achar esse "Objeto não identificado" e eu não sei o que fazer. Já pesquisei no Nosso pai Google mas não achei nada a respeito. Não sei se tem algo haver mais depois que o Avira encontrou ele meu MSN ta caindo toda hora, de 3 em 3 min.

Alguém faz ideia do que seja?

OgAAAKqrRNAyKLraGpam_ZZPU4vvPvifB1IlSJoJ1cJRmN86ar2KibtoHhkBvlkbtH-nT3YDLg8BzJAOkrPSNNIhiaYAm1T1UJKb8B2btflONYyTuQTh6qgx9B81.jpg
 
Laptosh disse:
Fala gente, blz?

Meu Avira não para de achar esse "Objeto não identificado" e eu não sei o que fazer. Já pesquisei no Nosso pai Google mas não achei nada a respeito. Não sei se tem algo haver mais depois que o Avira encontrou ele meu MSN ta caindo toda hora, de 3 em 3 min.

Alguém faz ideia do que seja?

http://images.orkut.com/orkut/photo...SNNIhiaYAm1T1UJKb8B2btflONYyTuQTh6qgx9B81.jpg
Clique para expandir...
Fala Laptosh nao sou o Mestre Wolf e tb nao faço a minima ideia do q seja esse negocio do avira mais passa o malware-bytes ai e ve se resolve

LINK >> Malwarebytes Anti-Malware download - Baixaki

Falow??

Abração ae :yellowface:
 
Oi Mr. Wolf como saber se tem algum problema no meu pc?

OTL.txt
OTL logfile created on: 01/03/2012 20:34:07 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Wagner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,68% Memory free
8,00 Gb Paging File | 5,95 Gb Available in Paging File | 74,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70,38 Gb Total Space | 36,27 Gb Free Space | 51,54% Space Free | Partition Type: NTFS
Drive D: | 10,29 Gb Total Space | 4,30 Gb Free Space | 41,73% Space Free | Partition Type: NTFS
Drive E: | 850,73 Gb Total Space | 464,39 Gb Free Space | 54,59% Space Free | Partition Type: NTFS
Drive F: | 465,63 Gb Total Space | 300,55 Gb Free Space | 64,55% Space Free | Partition Type: NTFS

Computer Name: PCWAGNER | User Name: Wagner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/01 20:31:16 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Wagner\Desktop\OTL.exe
PRC - [2012/01/26 21:45:53 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011/11/19 13:54:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/11/19 07:19:44 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/20 13:43:56 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011/09/22 11:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/11/20 09:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/09/29 19:30:32 | 002,139,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/03 13:27:38 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 11:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/11 11:15:10 | 000,189,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\PnkBstrB.ex0 -- (PnkBstrB)
SRV - [2012/02/11 11:15:09 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/19 13:54:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/11/19 07:19:44 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/11/13 14:11:39 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/19 14:57:00 | 004,122,968 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/09/29 19:30:32 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/09 11:21:39 | 000,187,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/10/09 23:05:34 | 000,272,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/10/09 13:31:34 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/10/09 13:25:59 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/08/16 20:26:55 | 000,058,584 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2011/08/09 13:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 08:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 08:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/08/01 14:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-759445425-3811226801-1979774396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
IE - HKU\S-1-5-21-759445425-3811226801-1979774396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-759445425-3811226801-1979774396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 D7 34 C6 32 F3 CC 01 [binary data]
IE - HKU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-759445425-3811226801-1979774396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8873}:1.0.11.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/12/24 11:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 18:54:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/21 20:24:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6.20\components [2012/02/06 19:04:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6.20\plugins [2012/02/06 19:04:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/12/24 11:31:13 | 000,000,000 | ---D | M]

[2011/08/17 20:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wagner\AppData\Roaming\Mozilla\Extensions
[2012/02/28 21:05:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\hp33qn08.default\extensions
[2012/02/08 08:42:36 | 000,000,000 | ---D | M] (Guardiao Itau 30 horas) -- C:\Users\Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\hp33qn08.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}
[2012/02/25 23:19:41 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Users\Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\hp33qn08.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}
[2012/02/06 19:01:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\hp33qn08.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/02/06 19:01:45 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\hp33qn08.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/11/10 17:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/16 20:26:33 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
() (No name found) -- C:\USERS\WAGNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HP33QN08.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/02/17 18:54:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/05 00:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/05 00:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/08/17 20:57:01 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-759445425-3811226801-1979774396-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-759445425-3811226801-1979774396-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-759445425-3811226801-1979774396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-759445425-3811226801-1979774396-1000\..Trusted Domains: santandernet.com.br ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17E5BB1E-8D6C-4876-B68F-686409BED7F4}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ba58cc15-03b9-11e1-9654-001a4d78cebd}\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 20:31:13 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Wagner\Desktop\OTL.exe
[2012/03/01 09:44:43 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{8E1C5A82-A27D-429A-9FE6-E84A05218668}
[2012/03/01 09:44:31 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{69B7E8E4-335E-4672-B5A6-F88FE014CC18}
[2012/02/29 11:42:30 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{5DECB765-D71F-40E2-88FA-1F7AD8D93ECA}
[2012/02/29 11:42:17 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{35D90DC0-F49A-46C8-808A-32A680D1C0FA}
[2012/02/28 23:18:07 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{A8180CD0-D938-4F4E-A0BB-AB23FAAF20E6}
[2012/02/28 23:17:55 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{C81052A2-6634-411B-A0F7-4328A6D1125E}
[2012/02/28 11:17:28 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{5615B4FC-2BEC-4031-AAEF-4ABD3633F11B}
[2012/02/28 11:17:16 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{74320785-707F-41F4-BD90-DB1035C5E084}
[2012/02/27 10:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1
[2012/02/27 10:00:14 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{7AD4A324-A745-439E-BDFF-6CC88A56A50D}
[2012/02/27 10:00:03 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{7F218885-D2BB-4F5B-A577-ABDD834AC593}
[2012/02/26 12:47:42 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\Apps
[2012/02/26 12:46:31 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{A04A0CE1-BAAC-4600-AC90-C81C1752057E}
[2012/02/26 12:46:20 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{BF176A8E-36A3-4B01-B816-6F1AA039133B}
[2012/02/25 10:54:58 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{908BED71-6606-4EBF-8B7D-F6870625C3A5}
[2012/02/25 10:54:47 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{797B0B2A-E5B0-4713-B513-CA1DF66EDA19}
[2012/02/24 18:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kroll Ontrack
[2012/02/24 18:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kroll Ontrack
[2012/02/24 16:39:12 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{07055923-D5BC-40AB-93E4-F7B55AB41069}
[2012/02/24 16:38:59 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{07CE8AA8-20D6-48A0-88C6-881044E166AB}
[2012/02/23 18:17:14 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{9FB62897-1A08-4248-A922-4DE963B22EFE}
[2012/02/23 18:16:56 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{B91B40E5-54B2-459F-91C1-F44844F99DEE}
[2012/02/22 14:43:35 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{D77DE082-263E-431B-B9D1-61BAD53AFD5E}
[2012/02/22 14:43:23 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{8376B700-562E-4074-87ED-DDAB85690969}
[2012/02/21 10:39:03 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{129DC477-BFBA-48DB-BD73-92288660E199}
[2012/02/21 10:38:49 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{3188F7CB-14D3-4004-B13D-0A3A69ADE86F}
[2012/02/20 15:38:44 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{C1538CF9-2367-4847-854D-F878425AA1A3}
[2012/02/20 15:38:33 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{E8A52A9F-E88C-43AA-909E-90A6181F33D8}
[2012/02/19 19:34:35 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{7FC7B94A-1B28-4019-8336-E1ACE3022324}
[2012/02/19 19:34:23 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{317ED2CD-3825-40A4-AD90-76A8325A9FC2}
[2012/02/18 17:43:42 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Roaming\Rovio
[2012/02/18 17:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2012/02/18 17:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio
[2012/02/18 17:35:20 | 041,044,728 | ---- | C] (Rovio) -- C:\Users\Wagner\Desktop\AngryBirdsInstaller_2.0.2-1.exe
[2012/02/18 10:09:52 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{FABB289D-6DCA-44AF-B78A-FD30257223B0}
[2012/02/18 10:09:41 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{37900D7F-7C85-47D3-9166-DEBB24086181}
[2012/02/17 21:39:30 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{E85EF6F2-B707-43BA-8640-F87D1642BAC6}
[2012/02/17 21:39:18 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{7FC1E52D-D9EC-45B5-943E-469D555393E5}
[2012/02/17 09:38:50 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{74BFCACB-0EDE-45D0-AABD-73E6D46D7241}
[2012/02/17 09:38:35 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{58394132-AA00-413F-9FAB-0CEC880739C2}
[2012/02/16 18:06:39 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{329ED38E-0985-456C-BB95-B3C4FD3C8BD6}
[2012/02/16 18:06:26 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{7F9C1F86-F477-44CC-B930-AA97136252F9}
[2012/02/15 10:00:05 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{4546A376-F7A9-4B0B-A8DB-60E7F9E0B503}
[2012/02/15 09:59:54 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{4C704CCF-BC6B-40E2-80B8-4E3B4718FEE8}
[2012/02/15 09:59:43 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{C20C9038-16A8-4400-AE77-C09E43F0FA5B}
[2012/02/14 21:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/02/14 21:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/02/14 21:45:19 | 010,406,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/02/14 21:45:19 | 005,067,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/02/14 21:45:19 | 003,074,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012/02/14 21:45:19 | 000,837,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2012/02/14 21:45:19 | 000,222,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/02/14 21:45:19 | 000,137,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/02/14 21:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/02/14 21:40:40 | 024,797,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/02/14 21:40:40 | 024,745,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/02/14 21:40:40 | 018,873,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/02/14 21:40:40 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/02/14 21:40:40 | 015,695,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/02/14 21:40:40 | 013,206,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/02/14 21:40:40 | 008,792,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/02/14 21:40:40 | 007,589,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/02/14 21:40:40 | 007,043,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/02/14 21:40:40 | 005,584,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/02/14 21:40:40 | 002,808,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/02/14 21:40:40 | 002,543,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/02/14 21:40:40 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/02/14 21:40:40 | 002,401,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/02/14 21:40:40 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/02/14 21:40:40 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/02/14 21:40:40 | 001,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/02/14 21:40:40 | 001,454,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/02/14 21:40:40 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/02/14 21:40:40 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/02/14 21:39:43 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/02/14 21:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2012/02/14 21:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2012/02/14 21:23:52 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\ESET
[2012/02/14 21:19:29 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/14 21:19:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/14 21:19:28 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/14 21:19:28 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/14 21:19:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/14 21:19:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/14 21:19:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/14 21:19:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/14 21:19:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/14 21:19:27 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/14 21:19:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/14 21:14:15 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 21:13:59 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/14 21:13:58 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 21:13:57 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/14 09:00:43 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{99ED4CB7-0A6A-41E4-BB41-8C3E0A539498}
[2012/02/14 09:00:32 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{AB98062D-5492-4E2D-8517-52A1D510C3F9}
[2012/02/14 09:00:22 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{89E05EC4-E0EF-4305-A9C1-A66846630E9F}
[2012/02/14 09:00:11 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{79E9B4FA-B53B-4D8D-B2D8-5494D389D7E1}
[2012/02/13 20:59:45 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{2ECD206B-E528-42DF-B3C7-AD49D6E5F490}
[2012/02/13 20:59:34 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{CD36FEE6-3130-466A-8266-010A71A2FA67}
[2012/02/13 08:59:07 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{7C6DD6A9-7BE0-429A-9A73-D46FF6DAFF23}
[2012/02/13 08:58:52 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{AE7B8E7A-3A3A-4643-B711-24FCAE78AA43}
[2012/02/10 20:10:23 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{E9C266DF-AEB5-4CB6-A1C4-F63D22ED7711}
[2012/02/10 20:10:09 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{2949894B-22DF-4DF2-9791-6868A3695E34}
[2012/02/10 08:09:40 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{7ED47E79-26B0-430C-B494-DF759C47BB1F}
[2012/02/10 08:09:25 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{18062825-DB6D-49FF-89B4-78AF0E31289E}
[2012/02/09 10:53:48 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{63AFDE0F-3D58-4D9D-886C-F44AA1C1E931}
[2012/02/09 10:53:36 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{C787664D-C29D-4CF5-9E48-F56B86E1D00D}
[2012/02/08 15:38:03 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{B89626F2-FF46-40A2-91C3-63EC1E6CBE4D}
[2012/02/08 15:37:52 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{D16259CB-F13E-44D8-A4EC-47BF5136E73A}
[2012/02/08 15:28:33 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{04C9EA38-8BDF-4885-B5E6-7B4D83D5D507}
[2012/02/08 15:28:22 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{E3B38652-FE31-4406-B236-759511E869C4}
[2012/02/07 18:40:33 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{08F3F7C0-99FC-4F8A-AC9A-D173B59819FB}
[2012/02/07 18:40:22 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{1272161F-21F3-466A-A004-5B155C5DD45D}
[2012/02/06 19:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\GbPlugin
[2012/02/06 17:59:28 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{AAD2FD9E-14BF-40E1-86DA-4AFC5BEA70A6}
[2012/02/06 17:59:17 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{E31A4602-E79B-437B-92C6-E56E55561BD2}
[2012/02/05 12:16:16 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\THQ
[2012/02/04 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{454E85DE-50EF-412E-A8F0-2B3B5B75705A}
[2012/02/04 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{EF2F5EBC-82DE-40EE-A7F7-0EAD5BD108FD}
[2012/02/04 19:02:38 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{649B5F4C-B2F2-416E-8283-CBDBC7052018}
[2012/02/04 19:02:26 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{00712D99-1A41-44C5-876A-3100AB6BDB2F}
[2012/02/03 09:27:47 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{D6730908-3F2F-475A-AAD6-4170223ED891}
[2012/02/03 09:27:35 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{28442644-7E6A-45FC-B2D4-DB39BE8E63BC}
[2012/02/02 19:27:48 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{61E1E663-DED0-4629-B8DD-FD56DB1F8044}
[2012/02/02 19:27:37 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{8D1D4812-8893-4662-9F47-63A639B282E0}
[2012/02/01 17:42:15 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{632BC5FF-CE7A-4297-81C9-EF7631CFD4D6}
[2012/02/01 17:42:03 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\{BCD941E2-C6F8-4EC1-A60C-5CC497B408FC}
[2012/01/31 21:55:55 | 000,000,000 | ---D | C] -- C:\Users\Wagner\Documents\Witcher 2
[2012/01/31 21:55:55 | 000,000,000 | ---D | C] -- C:\Users\Wagner\AppData\Local\The Witcher 2
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/01 20:31:16 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Wagner\Desktop\OTL.exe
[2012/03/01 18:35:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 18:35:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 18:32:45 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/01 18:32:45 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/01 18:32:45 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/01 18:26:58 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012/03/01 18:26:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/01 18:26:31 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 10:04:13 | 000,001,157 | ---- | M] () -- C:\Users\Wagner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2012/02/27 10:04:13 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012/02/27 09:58:57 | 001,010,903 | ---- | M] () -- C:\Users\Wagner\Desktop\EDITAL_CONCURSO_001_2012.pdf
[2012/02/24 18:56:02 | 000,002,341 | ---- | M] () -- C:\Users\Public\Desktop\Ontrack EasyRecovery Professional.lnk
[2012/02/24 18:56:01 | 000,001,137 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2012/02/18 17:43:33 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2012/02/18 17:43:03 | 041,044,728 | ---- | M] (Rovio) -- C:\Users\Wagner\Desktop\AngryBirdsInstaller_2.0.2-1.exe
[2012/02/14 21:34:24 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2012/02/14 21:29:02 | 000,271,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/14 21:25:12 | 000,772,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/14 20:55:10 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2012/02/11 11:15:17 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/11 11:15:10 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/02/11 11:15:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/03 10:51:20 | 000,000,201 | ---- | M] () -- C:\Users\Wagner\Desktop\Warhammer 40,000 Space Marine.url
[2012/02/03 10:51:20 | 000,000,201 | ---- | M] () -- C:\Users\Wagner\Desktop\Warhammer 40,000 Dawn of War II.url
[2012/02/03 10:51:20 | 000,000,201 | ---- | M] () -- C:\Users\Wagner\Desktop\Warhammer 40,000 Dawn of War II Retribution.url
[2012/02/03 10:51:20 | 000,000,201 | ---- | M] () -- C:\Users\Wagner\Desktop\Warhammer 40,000 Dawn of War II Chaos Rising.url
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/27 10:04:13 | 000,001,157 | ---- | C] () -- C:\Users\Wagner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2012/02/27 10:04:13 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012/02/27 09:58:56 | 001,010,903 | ---- | C] () -- C:\Users\Wagner\Desktop\EDITAL_CONCURSO_001_2012.pdf
[2012/02/24 18:56:02 | 000,002,341 | ---- | C] () -- C:\Users\Public\Desktop\Ontrack EasyRecovery Professional.lnk
[2012/02/24 18:56:01 | 000,000,535 | ---- | C] () -- C:\Windows\SysWow64\MAPISVC.BAK
[2012/02/18 17:43:33 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds.lnk
[2012/02/14 21:40:40 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/02/14 21:34:24 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2012/02/03 10:51:20 | 000,000,201 | ---- | C] () -- C:\Users\Wagner\Desktop\Warhammer 40,000 Space Marine.url
[2012/02/03 10:51:20 | 000,000,201 | ---- | C] () -- C:\Users\Wagner\Desktop\Warhammer 40,000 Dawn of War II.url
[2012/02/03 10:51:20 | 000,000,201 | ---- | C] () -- C:\Users\Wagner\Desktop\Warhammer 40,000 Dawn of War II Retribution.url
[2012/02/03 10:51:20 | 000,000,201 | ---- | C] () -- C:\Users\Wagner\Desktop\Warhammer 40,000 Dawn of War II Chaos Rising.url
[2012/01/31 21:55:26 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/28 20:59:38 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/28 20:59:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/20 22:16:14 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/11/19 07:19:56 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/11/18 16:39:12 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2011/11/18 03:59:00 | 000,001,078 | ---- | C] () -- C:\Windows\unins000.dat
[2011/11/08 17:31:52 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/17 17:47:37 | 000,405,882 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011/08/15 14:16:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/24 15:51:18 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

========== LOP Check ==========

[2011/12/22 19:57:04 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Bioshock
[2011/12/11 12:31:32 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Bioshock2
[2012/01/14 20:16:28 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Canneverbe Limited
[2012/03/01 11:41:52 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\foobar2000
[2011/09/14 19:25:11 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Foxit Software
[2011/11/24 17:43:39 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Gatling Gears
[2011/10/27 06:35:21 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\GetRightToGo
[2011/08/15 15:15:02 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Notepad++
[2011/08/15 14:16:14 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Opera
[2012/02/18 17:43:42 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Rovio
[2011/10/01 13:09:14 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\SystemRequirementsLab
[2011/10/09 13:19:14 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Uniblue
[2012/02/28 18:35:40 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\uTorrent
[2011/09/09 00:33:09 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\Windows Live Writer
[2011/10/24 22:43:44 | 000,000,000 | ---D | M] -- C:\Users\Wagner\AppData\Roaming\ZombieDriver
[2012/03/01 18:26:58 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012/01/29 20:54:13 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
< End of report >
 
Última edição:
Oi Mr. Wolf como saber se tem algum problema no meu pc?

Extras.txt
OTL Extras logfile created on: 01/03/2012 20:34:07 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Wagner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,68% Memory free
8,00 Gb Paging File | 5,95 Gb Available in Paging File | 74,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70,38 Gb Total Space | 36,27 Gb Free Space | 51,54% Space Free | Partition Type: NTFS
Drive D: | 10,29 Gb Total Space | 4,30 Gb Free Space | 41,73% Space Free | Partition Type: NTFS
Drive E: | 850,73 Gb Total Space | 464,39 Gb Free Space | 54,59% Space Free | Partition Type: NTFS
Drive F: | 465,63 Gb Total Space | 300,55 Gb Free Space | 64,55% Space Free | Partition Type: NTFS

Computer Name: PCWAGNER | User Name: Wagner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-759445425-3811226801-1979774396-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" /add "%1" ()
Directory [foobar2000.play] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" /add "%1" ()
Directory [foobar2000.play] -- "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071ED957-651F-4DEB-85FA-A6E6146D7815}" = ESET NOD32 Antivirus
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.3.3666 x64
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"ffdshow64_is1" = ffdshow x64 v1.1.3966 [2011-08-09]
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"Xvid_is1" = Xvid MPEG-4 Video Codec

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E34C00-0446-4176-81C8-A5DAFE53CA36}" = Acronis Disk Director 11 Home
"{07A6B206-3F11-4D92-92A1-90E116ADD660}" = Angry Birds
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{266725C1-716F-43AC-BBFB-4201131ED656}" = EasySetPackage
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{4147E606-867F-4BDA-8F64-B5505ACD9FD6}" = Bastion
"{43430808-081A-4C0D-B7CC-601000018301}" = LOST PLANET 2
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{5454085C-129F-416C-9C0B-8B1000058302}" = BioShock 2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737369DC-08E8-4787-A78C-F86943247BDF}" = LOST PLANET 2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ADB6843E-0713-4871-973A-86AD56FE62C9}_is1" = Bastion version 1.0
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB219559-1F78-4343-9A6E-C2E987AD47A3}" = Bionic Commando Rearmed
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"foobar2000" = foobar2000 v1.1.11
"Foxit Reader_is1" = Foxit Reader 5.1
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"Mozilla Firefox (3.6.26)" = Mozilla Firefox (3.6.26)
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MV RegClean 5.9_is1" = MV RegClean 5.9
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"PunkBusterSvc" = PunkBuster Services
"Steam App 102600" = Orcs Must Die!
"Steam App 102810" = Gatling Gears
"Steam App 111400" = Bunch Of Heroes
"Steam App 113400" = APB Reloaded
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 19680" = Alice: Madness Returns
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 20920" = The Witcher 2
"Steam App 22610" = Alien Breed: Impact
"Steam App 22650" = Alien Breed 2: Assault
"Steam App 22670" = Alien Breed 3: Descent
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 35700" = Trine
"Steam App 47870" = Need for Speed: Hot Pursuit
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 57400" = Batman: Arkham City™
"Steam App 6120" = Shank
"Steam App 65800" = Dungeon Defenders
"Steam App 7670" = BioShock
"Steam App 91100" = SkyDrift
"Steam App 99300" = Renegade Ops
"Trapped Dead" = Trapped Dead
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"YTdetect" = Yahoo! Detect
"Zombie Driver" = Zombie Driver 1.2.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-759445425-3811226801-1979774396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/02/2012 10:05:45 | Computer Name = PCWagner | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/02/2012 23:30:11 | Computer Name = PCWagner | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/02/2012 23:30:14 | Computer Name = PCWagner | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/02/2012 23:30:16 | Computer Name = PCWagner | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly
Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/02/2012 23:30:16 | Computer Name = PCWagner | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/03/2012 17:28:45 | Computer Name = PCWagner | Source = Application Error | ID = 1000
Description = Faulting application name: isuspm.exe, version: 3.0.100.1131, time
stamp: 0x40816c48 Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time
stamp: 0x4e58702a Exception code: 0xc0000005 Fault offset: 0x00003e8d Faulting process
id: 0xa88 Faulting application start time: 0x01ccf7f23efc4cde Faulting application
path: c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
Faulting
module path: C:\Windows\syswow64\OLEAUT32.dll Report Id: 85e950ef-63e5-11e1-afea-001a4d78cebd

Error - 01/03/2012 19:15:25 | Computer Name = PCWagner | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/03/2012 19:15:28 | Computer Name = PCWagner | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/03/2012 19:15:30 | Computer Name = PCWagner | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly
Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/03/2012 19:15:30 | Computer Name = PCWagner | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 14/02/2012 16:51:32 | Computer Name = PCWagner | Source = Service Control Manager | ID = 7034
Description = The PnkBstrB service terminated unexpectedly. It has done this 1
time(s).

Error - 14/02/2012 16:51:33 | Computer Name = PCWagner | Source = Service Control Manager | ID = 7034
Description = The Acronis OS Selector activator service terminated unexpectedly.
It has done this 1 time(s).

Error - 14/02/2012 16:51:35 | Computer Name = PCWagner | Source = Service Control Manager | ID = 7031
Description = The Windows Modules Installer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 14/02/2012 20:04:16 | Computer Name = PCWagner | Source = DCOM | ID = 10010
Description =

Error - 14/02/2012 20:25:53 | Computer Name = PCWagner | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Silverlight (KB2668562).

Error - 14/02/2012 20:36:14 | Computer Name = PCWagner | Source = Service Control Manager | ID = 7034
Description = The MSCamSvc service terminated unexpectedly. It has done this 1
time(s).

Error - 14/02/2012 20:36:16 | Computer Name = PCWagner | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 14/02/2012 20:36:17 | Computer Name = PCWagner | Source = Service Control Manager | ID = 7034
Description = The PnkBstrB service terminated unexpectedly. It has done this 1
time(s).

Error - 14/02/2012 20:36:18 | Computer Name = PCWagner | Source = Service Control Manager | ID = 7034
Description = The Acronis OS Selector activator service terminated unexpectedly.
It has done this 1 time(s).

Error - 14/02/2012 20:36:20 | Computer Name = PCWagner | Source = Service Control Manager | ID = 7031
Description = The Windows Modules Installer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.


< End of report >

HijackThis.log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:15:36, on 01/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Users\Wagner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-759445425-3811226801-1979774396-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-759445425-3811226801-1979774396-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{17E5BB1E-8D6C-4876-B68F-686409BED7F4}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{17E5BB1E-8D6C-4876-B68F-686409BED7F4}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{17E5BB1E-8D6C-4876-B68F-686409BED7F4}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMPNetworkSvc - Unknown owner - (no file)

--
End of file - 7298 bytes
 
Pessoal,

Perdão pela demora. A correria do mês de fevereiro foi tamanha que não tive tempo de acessar o fórum. Quem estiver necessitando de ajuda ainda peço que poste novamente.

Olá wmh, seus logs estão limpos amigo. Sem indícios de infecção. Algum problema que queira relatar?

Abraços
 
Mr.Wolf disse:
Pessoal,

Perdão pela demora. A correria do mês de fevereiro foi tamanha que não tive tempo de acessar o fórum. Quem estiver necessitando de ajuda ainda peço que poste novamente.

Olá wmh, seus logs estão limpos amigo. Sem indícios de infecção. Algum problema que queira relatar?

Abraços
Clique para expandir...



Caro,

Havia postado há umas semanas atrás q meu pc está infectado com o Rootkit TDSS.v2. Segue a repostagem com os logs:

Segue o log do OTL:

OTL logfile created on: 16/02/2012 18:53:24 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Anderson Backup\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 57,95% Memory free
6,00 Gb Paging File | 4,23 Gb Available in Paging File | 70,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 54,52 Gb Total Space | 11,84 Gb Free Space | 21,71% Space Free | Partition Type: NTFS
Drive D: | 199,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 20,00 Gb Total Space | 4,45 Gb Free Space | 22,26% Space Free | Partition Type: NTFS

Computer Name: AND-PC | User Name: Anderson Backup | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/15 19:21:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
PRC - [2012/02/12 01:30:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/29 20:29:10 | 000,341,920 | ---- | M] () -- C:\Program Files\TIM Communicator\orolixcommunicator.exe
PRC - [2012/01/27 22:49:39 | 000,026,528 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) -- C:\Program Files\TIM Communicator\module\devicemon.exe
PRC - [2012/01/16 16:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/01/11 16:18:14 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/01/11 16:18:14 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/01/11 14:56:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/01/11 14:56:08 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe
PRC - [2011/11/12 14:56:14 | 001,479,168 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Explorer++.exe
PRC - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 06:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 06:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/15 15:17:06 | 000,603,456 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\OneClick.exe
PRC - [2011/08/15 15:16:42 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\Integrator.exe
PRC - [2011/08/15 15:11:40 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/08/15 15:09:06 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/08/15 15:05:48 | 000,426,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TUDefragBackend32.exe
PRC - [2011/06/24 02:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/06 18:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/12/23 19:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/08/10 15:59:50 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/08/10 15:59:48 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2008/06/25 03:08:20 | 001,855,488 | ---- | M] (C-Media Electronic Inc. (C-Media Electronics, Inc.)) -- C:\Windows\mixer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/12 01:30:03 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/29 20:29:10 | 000,341,920 | ---- | M] () -- C:\Program Files\TIM Communicator\orolixcommunicator.exe
MOD - [2012/01/29 20:24:34 | 000,032,160 | ---- | M] () -- C:\Program Files\TIM Communicator\module\modqoscommunicator.dll
MOD - [2012/01/27 21:32:02 | 000,968,704 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce 9qzd59.default\extensions\support@lastpass.com\pla tform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012/01/11 16:18:42 | 000,861,112 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\SpamMonitor\SMPlugin.dll
MOD - [2012/01/11 16:18:16 | 000,376,248 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\PCTUI\PCTUI.dll
MOD - [2012/01/09 16:56:56 | 000,079,872 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce 9qzd59.default\extensions\{8c311d0a-7d76-4f96-a7b6-0a2758dee5a4}\components\RadioWMPCoreGecko10.dll
MOD - [2011/11/12 14:56:14 | 001,479,168 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Explorer++.exe
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/08/15 15:14:16 | 000,544,064 | ---- | M] () -- C:\Program Files\TuneUp Utilities 2011\TUSqlDB32.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/06/29 19:15:40 | 000,337,312 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\sqldrivers\qsqlite4.dl l
MOD - [2010/06/29 19:15:40 | 000,222,624 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\phonon_backend\phonon_ ds94.dll
MOD - [2010/06/29 19:15:40 | 000,189,856 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qjpeg4.dl l
MOD - [2010/06/29 19:15:40 | 000,075,168 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qico4.dll
MOD - [2010/06/29 19:15:40 | 000,075,168 | ---- | M] () -- C:\Program Files\TIM Communicator\module\plugins\imageformats\qgif4.dll
MOD - [2010/06/29 11:15:56 | 007,796,128 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtWebKit4.dll
MOD - [2010/06/29 11:15:56 | 006,350,240 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtGui4.dll
MOD - [2010/06/29 11:15:56 | 001,770,912 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtCore4.dll
MOD - [2010/06/29 11:15:56 | 001,451,424 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtNetwork4.dll
MOD - [2010/06/29 11:15:56 | 000,263,584 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtXml4.dll
MOD - [2010/06/29 11:15:56 | 000,206,240 | ---- | M] () -- C:\Program Files\TIM Communicator\module\phonon4.dll
MOD - [2010/06/29 11:15:56 | 000,152,992 | ---- | M] () -- C:\Program Files\TIM Communicator\module\QtSql4.dll
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/11 22:26:26 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/27 22:49:39 | 000,026,528 | ---- | M] (Orolix Desenvolvimento de Software LTDA.) [Auto | Running] -- C:\Program Files\TIM Communicator\module\devicemon.exe -- (OrolixDeviceMonitor)
SRV - [2012/01/16 16:28:30 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/01/11 16:18:14 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/01/11 14:56:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/01/11 14:56:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2011/10/15 06:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/15 15:09:06 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/15 15:03:24 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/06 18:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/01/24 14:49:34 | 000,310,640 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2011/01/08 13:44:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/23 19:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/08/10 15:59:50 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/08/10 15:59:48 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/02/13 20:01:42 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\0ca6E9B.sys -- (0ca6E9B)
DRV - [2012/02/13 19:47:57 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\6c3223.sys -- (6c3223)
DRV - [2012/02/13 19:37:05 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\6c67A4E.sys -- (6c67A4E)
DRV - [2012/02/13 19:28:17 | 000,054,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\19bB13E.sys -- (19bB13E)
DRV - [2012/01/11 16:19:24 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/01/11 16:19:12 | 000,125,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/01/11 16:14:30 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/01/11 14:56:12 | 000,574,424 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/01/11 14:56:12 | 000,054,328 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/01/11 14:56:12 | 000,035,264 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/30 09:19:48 | 000,058,400 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctNdisLW.sys -- (pctNdisLW)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/11/14 15:12:24 | 000,162,584 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/11/09 16:33:30 | 000,091,136 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2011/10/15 06:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/05/31 15:03:04 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/01/08 16:57:36 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/30 11:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/07/14 13:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/06/02 10:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ONDAusbvoice.sys -- (ONDAusbvoice)
DRV - [2010/06/02 10:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbser6k.sys -- (ONDAusbser6k)
DRV - [2010/06/02 10:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbnmea.sys -- (ONDAusbnmea)
DRV - [2010/06/02 10:50:36 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ondausbmdm6k.sys -- (ONDAusbmdm6k)
DRV - [2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/13 20:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2008/06/25 03:08:20 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2007/11/08 11:30:08 | 000,454,656 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.sys -- (PAC7302)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = A maioria dos profissionais diretório websites, mais próximos os serviços vivos
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 CE EF 32 65 4E CC 01 [binary data]
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-497863422-237361048-368514812-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "socialbrowser Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3083266&SearchSource=3&q={s earchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: iobit@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.1
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.74.0
FF - prefs.js..extensions.enabledItems: glasser@sixxgate.com:3.5.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2
FF - prefs.js..extensions.enabledItems: {d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}:3.5.0.12
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3083266&SearchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2012/02/01 22:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/02/11 17:00:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 01:30:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/01 22:40:27 | 000,000,000 | ---D | M]

[2011/07/28 21:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Extensions
[2012/02/10 06:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce 9qzd59.default\extensions
[2012/01/30 22:19:36 | 000,000,000 | ---D | M] (socialbrowser Community Toolbar) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce 9qzd59.default\extensions\{8c311d0a-7d76-4f96-a7b6-0a2758dee5a4}
[2012/01/29 23:29:21 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce 9qzd59.default\extensions\foxmarks@kei.com
[2012/01/29 23:29:23 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce 9qzd59.default\extensions\support@lastpass.com
[2012/02/10 06:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anderson Backup\AppData\Roaming\mozilla\Firefox\Profiles\ce 9qzd59.default\extensions\trash
[2011/08/02 07:15:01 | 000,002,394 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce 9qzd59.default\searchplugins\askcom.xml
[2011/09/01 02:35:48 | 000,000,929 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce 9qzd59.default\searchplugins\conduit.xml
[2012/01/31 19:34:42 | 000,001,390 | ---- | M] () -- C:\Users\Anderson Backup\AppData\Roaming\Mozilla\Firefox\Profiles\ce 9qzd59.default\searchplugins\yahoo-zugo.xml
[2012/02/01 22:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE 9QZD59.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE 9QZD59.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\ANDERSON BACKUP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE 9QZD59.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/12 01:30:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/05/04 05:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/10/12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/02/01 22:17:18 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml
[2012/02/01 22:17:18 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml
[2012/02/01 22:17:18 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/01 22:17:18 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml
[2012/02/01 22:17:18 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2012/02/02 21:05:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-497863422-237361048-368514812-1007\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
O4 - HKLM..\Run: [C-Media Speaker Configuration] C:\Program Files\C-Media\WIN_ME\Setup.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKU\S-1-5-21-497863422-237361048-368514812-1007..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-497863422-237361048-368514812-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-497863422-237361048-368514812-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Enviar para o OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab...i_4.4.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{2DF936A8-3AA1-425E-BE05-C82D535A9FEE}: NameServer = 200.220.227.56 200.142.130.202
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 06:37:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 06:37:51 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 06:37:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 06:37:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 06:37:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 06:37:47 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 19:23:46 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anderson Backup\Desktop\tdsskiller.exe
[2012/02/15 19:21:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
[2012/02/15 06:53:14 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/15 06:47:34 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/13 22:26:01 | 003,932,160 | ---- | C] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall(1).exe
[2012/02/13 21:29:18 | 002,901,264 | ---- | C] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall.exe
[2012/02/13 19:53:19 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/02/13 19:27:41 | 001,774,432 | ---- | C] (McAfee, Inc.) -- C:\Users\Anderson Backup\Desktop\Rootkit_Detective.exe
[2012/02/12 13:00:12 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86
[2012/02/12 03:40:28 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\best
[2012/02/12 03:00:44 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\captchatrader
[2012/02/12 02:38:29 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/02/12 02:37:22 | 000,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Users\Anderson Backup\Desktop\KillBox.exe
[2012/02/12 02:26:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Anderson Backup\Desktop\HijackThis.exe
[2012/02/12 01:49:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/12 01:49:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/12 01:40:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/12 01:40:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/12 01:40:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/12 01:39:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/12 01:29:21 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282301016
[2012/02/11 17:44:57 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\PC Tools
[2012/02/11 17:44:54 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\Spam Monitor
[2012/02/11 17:00:50 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/02/11 17:00:49 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/02/11 17:00:48 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/02/11 17:00:48 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/02/11 16:59:50 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/02/11 16:59:50 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/02/11 16:59:36 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/02/11 16:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/02/11 16:59:34 | 000,574,424 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2012/02/11 16:59:34 | 000,054,328 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2012/02/11 16:59:34 | 000,035,264 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2012/02/11 16:59:24 | 000,091,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2012/02/11 16:59:24 | 000,058,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdisLW.sys
[2012/02/11 16:59:23 | 000,125,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2012/02/11 16:59:23 | 000,032,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2012/02/11 16:59:20 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/02/11 16:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/02/11 13:53:23 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/02/11 13:53:22 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/02/11 13:53:21 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/02/11 13:53:21 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/02/11 13:53:19 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/02/11 13:40:12 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Roaming\TestApp
[2012/02/11 07:39:38 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282219266
[2012/02/11 07:30:35 | 004,354,969 | R--- | C] (Swearware) -- C:\Users\Anderson Backup\Desktop\60329_combofix_1112282.exe
[2012/02/11 07:19:40 | 000,000,000 | ---D | C] -- C:\60329_combofix_1112282
[2012/02/08 19:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/02/08 19:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2012/02/06 20:34:38 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\AppData\Local\Ubisoft Game Launcher
[2012/02/06 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed Revelations
[2012/02/06 19:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\AC Revelations
[2012/02/04 11:24:27 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Documents\Assassin's Creed Revelations
[2012/02/01 22:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/02/01 22:40:09 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012/02/01 22:39:54 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012/02/01 22:39:54 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012/02/01 22:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/01/31 19:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/01/31 19:34:26 | 000,839,680 | ---- | C] (www) -- C:\Windows\System32\lameACM.acm
[2012/01/31 19:34:17 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2012/01/30 00:59:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/01/30 00:59:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/01/30 00:18:30 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/30 00:18:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/30 00:16:21 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/01/30 00:16:21 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/01/30 00:15:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/01/30 00:02:06 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/01/29 23:58:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/29 23:57:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/01/29 23:53:59 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/01/29 23:53:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/01/29 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Anderson Backup\Desktop\License(6).avastlic
[2012/01/29 14:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/01/29 14:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Driver Installer
[2012/01/28 15:32:44 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/01/28 15:32:44 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/01/28 15:32:44 | 010,327,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/01/28 15:32:44 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/01/28 15:32:43 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/01/28 15:32:43 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/01/28 15:32:43 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/01/28 15:32:43 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/01/27 20:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIM Communicator
[2012/01/27 20:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\OrolixCommunicator
[2012/01/27 20:05:11 | 000,114,688 | ---- | C] (ONDA Corporation) -- C:\Windows\System32\drivers\ONDAusbnet.sys
[2012/01/27 20:05:11 | 000,105,088 | ---- | C] (Onda Communication) -- C:\Windows\System32\drivers\ONDAusbvoice.sys
[2012/01/27 20:05:11 | 000,105,088 | ---- | C] (Onda Communication) -- C:\Windows\System32\drivers\Ondausbser6k.sys
[2012/01/27 20:05:11 | 000,105,088 | ---- | C] (Onda Communication) -- C:\Windows\System32\drivers\Ondausbnmea.sys
[2012/01/27 20:05:11 | 000,105,088 | ---- | C] (Onda Communication) -- C:\Windows\System32\drivers\Ondausbmdm6k.sys
[2012/01/27 20:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\TIM Communicator
[2011/08/01 23:06:39 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files\Common Files\ApnToolbarInstaller.exe
[2011/08/01 23:06:39 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\ApnStub.exe
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/16 07:19:15 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 07:19:15 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 07:11:56 | 001,856,693 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/02/16 07:09:34 | 000,413,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/16 07:08:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/16 06:40:13 | 000,675,200 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/02/16 06:40:13 | 000,626,678 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/16 06:40:13 | 000,133,936 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/02/16 06:40:13 | 000,111,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/15 19:26:31 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anderson Backup\Desktop\tdsskiller.exe
[2012/02/15 19:21:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anderson Backup\Desktop\OTL.exe
[2012/02/13 22:33:10 | 003,932,160 | ---- | M] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall(1).exe
[2012/02/13 22:20:08 | 002,901,264 | ---- | M] (PC Tools ) -- C:\Users\Anderson Backup\Desktop\tfinstall.exe
[2012/02/13 20:03:07 | 295,042,925 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/13 20:01:42 | 000,054,624 | ---- | M] () -- C:\Windows\System32\0ca6E9B.sys
[2012/02/13 20:01:39 | 002,335,270 | ---- | M] () -- C:\Windows\System32\9f96547.mht
[2012/02/13 19:47:57 | 000,054,624 | ---- | M] () -- C:\Windows\System32\6c3223.sys
[2012/02/13 19:47:49 | 002,335,270 | ---- | M] () -- C:\Windows\System32\88eE06F.mht
[2012/02/13 19:37:05 | 000,054,624 | ---- | M] () -- C:\Windows\System32\6c67A4E.sys
[2012/02/13 19:36:52 | 002,335,270 | ---- | M] () -- C:\Windows\System32\0404826.mht
[2012/02/13 19:28:17 | 000,054,624 | ---- | M] () -- C:\Windows\System32\19bB13E.sys
[2012/02/13 19:28:14 | 002,335,270 | ---- | M] () -- C:\Windows\System32\a77A5D8.mht
[2012/02/13 19:27:59 | 002,335,270 | ---- | M] () -- C:\Windows\System32\e096ABC.mht
[2012/02/13 19:22:07 | 000,744,853 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\PAVARK.exe
[2012/02/12 18:47:04 | 000,097,953 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\and.jpg
[2012/02/12 03:14:18 | 000,000,038 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\captchatrader.properties
[2012/02/12 03:08:24 | 000,592,189 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86.zip
[2012/02/12 02:59:58 | 000,382,525 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\captchatrader4jdownloader_win.zip
[2012/02/12 02:36:29 | 000,090,350 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Killbox 2.0.0.881.rar
[2012/02/12 02:27:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Anderson Backup\Desktop\HijackThis.exe
[2012/02/11 17:34:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SM.lock
[2012/02/11 16:59:42 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/02/11 13:40:13 | 000,001,544 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\sdsetup.exe.lnk
[2012/02/11 07:37:41 | 004,354,969 | R--- | M] (Swearware) -- C:\Users\Anderson Backup\Desktop\60329_combofix_1112282.exe
[2012/02/09 18:36:25 | 000,001,634 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\Dungeon Siege III.exe - Atalho.lnk
[2012/02/09 06:43:36 | 000,002,664 | ---- | M] () -- C:\Users\Anderson Backup\Documents\ax_files.xml
[2012/02/08 19:42:26 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/06 20:33:55 | 000,001,124 | ---- | M] () -- C:\Users\Anderson Backup\Desktop\UbisoftGameLauncher.exe - Atalho.lnk
[2012/02/06 19:41:03 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Ñêà÷àòü Åùå Èãðû.lnk
[2012/02/06 19:41:03 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Assassin's Creed Revelations.lnk
[2012/02/02 21:05:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/02 06:36:05 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/02 06:36:04 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/01 22:40:24 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/02/01 22:40:09 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012/02/01 22:39:54 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012/02/01 22:39:54 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012/02/01 22:39:53 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/01/31 23:21:31 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2012/01/29 23:35:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/29 21:35:20 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/27 20:05:20 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\TIM Communicator.lnk
[2012/01/27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/25 16:00:00 | 000,079,360 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[7 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/13 20:01:42 | 000,054,624 | ---- | C] () -- C:\Windows\System32\0ca6E9B.sys
[2012/02/13 20:01:39 | 002,335,270 | ---- | C] () -- C:\Windows\System32\9f96547.mht
[2012/02/13 19:49:47 | 295,042,925 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/13 19:47:57 | 000,054,624 | ---- | C] () -- C:\Windows\System32\6c3223.sys
[2012/02/13 19:47:49 | 002,335,270 | ---- | C] () -- C:\Windows\System32\88eE06F.mht
[2012/02/13 19:37:05 | 000,054,624 | ---- | C] () -- C:\Windows\System32\6c67A4E.sys
[2012/02/13 19:36:52 | 002,335,270 | ---- | C] () -- C:\Windows\System32\0404826.mht
[2012/02/13 19:28:17 | 000,054,624 | ---- | C] () -- C:\Windows\System32\19bB13E.sys
[2012/02/13 19:28:14 | 002,335,270 | ---- | C] () -- C:\Windows\System32\a77A5D8.mht
[2012/02/13 19:27:59 | 002,335,270 | ---- | C] () -- C:\Windows\System32\e096ABC.mht
[2012/02/13 19:19:54 | 000,744,853 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\PAVARK.exe
[2012/02/12 18:47:01 | 000,097,953 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\and.jpg
[2012/02/12 13:01:13 | 001,479,168 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Explorer++.exe
[2012/02/12 03:14:17 | 000,000,038 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\captchatrader.properties
[2012/02/12 03:07:15 | 000,592,189 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\explorer++_1.3.4_x86.zip
[2012/02/12 02:59:31 | 000,382,525 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\captchatrader4jdownloader_win.zip
[2012/02/12 02:37:22 | 000,001,710 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Mina de Download.url
[2012/02/12 02:35:30 | 000,090,350 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Killbox 2.0.0.881.rar
[2012/02/12 01:40:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/12 01:40:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/12 01:40:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/12 01:40:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/12 01:40:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/11 17:34:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SM.lock
[2012/02/11 17:00:49 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/02/11 17:00:49 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/02/11 17:00:49 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/02/11 17:00:49 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/02/11 17:00:49 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/02/11 16:59:42 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/02/11 13:40:13 | 000,001,544 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\sdsetup.exe.lnk
[2012/02/09 18:36:25 | 000,001,634 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\Dungeon Siege III.exe - Atalho.lnk
[2012/02/08 19:42:26 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/06 20:33:55 | 000,001,124 | ---- | C] () -- C:\Users\Anderson Backup\Desktop\UbisoftGameLauncher.exe - Atalho.lnk
[2012/02/06 19:41:03 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Ñêà÷àòü Åùå Èãðû.lnk
[2012/02/06 19:41:03 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Assassin's Creed Revelations.lnk
[2012/02/01 22:40:24 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/31 19:34:26 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/01/31 19:34:26 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/01/31 19:34:26 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2012/01/31 19:34:15 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/27 20:05:20 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\TIM Communicator.lnk
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/27 20:12:00 | 000,637,215 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/07/31 12:50:06 | 000,007,887 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Roaming\pcouffin.cat
[2011/07/31 12:50:06 | 000,001,144 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Roaming\pcouffin.inf
[2011/07/28 23:59:51 | 000,062,464 | ---- | C] () -- C:\Users\Anderson Backup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/28 22:45:44 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/04/09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/09 17:09:20 | 000,000,022 | ---- | C] () -- C:\Windows\cmm.dat
[2011/04/09 17:09:11 | 000,000,186 | ---- | C] () -- C:\Windows\System32\CleanMem.ini
[2011/04/05 09:54:49 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2011/04/05 09:54:49 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2011/02/27 19:52:39 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2011/02/06 01:53:19 | 000,101,072 | ---- | C] () -- C:\Windows\UTP.exe
[2011/01/22 17:36:42 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/01/20 21:17:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/20 21:16:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/01/08 17:24:00 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/08 15:46:49 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/01/08 15:46:47 | 000,004,333 | ---- | C] () -- C:\Windows\mixerdef.ini
[2011/01/08 15:46:27 | 000,039,279 | ---- | C] () -- C:\Windows\cmijack.dat
[2011/01/08 15:46:27 | 000,028,165 | ---- | C] () -- C:\Windows\cmijack.ini
[2011/01/08 15:46:27 | 000,023,041 | ---- | C] () -- C:\Windows\cmaudio.dat
[2011/01/08 15:46:27 | 000,018,240 | ---- | C] () -- C:\Windows\cmaudio.ini
[2011/01/08 15:46:26 | 000,000,462 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2011/01/08 15:10:37 | 000,006,136 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/01/08 12:58:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/27 00:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/07/14 06:31:12 | 000,675,200 | ---- | C] () -- C:\Windows\System32\prfh0416.dat
[2009/07/14 06:31:12 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat
[2009/07/14 06:31:12 | 000,133,936 | ---- | C] () -- C:\Windows\System32\prfc0416.dat
[2009/07/14 06:31:12 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat
[2009/07/14 02:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:33:53 | 000,413,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 00:05:48 | 000,626,678 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 00:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 00:05:48 | 000,111,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 00:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 00:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 00:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 21:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/06/21 04:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

========== LOP Check ==========

[2011/12/08 21:07:49 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Activision
[2012/02/10 22:31:55 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Azureus
[2011/08/17 22:16:22 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\bizarre creations
[2011/08/10 21:27:36 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\FreeArc
[2011/08/04 20:36:11 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\ICAClient
[2012/02/10 22:13:19 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\IObit
[2011/09/18 21:06:51 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Need for Speed World
[2011/09/27 20:12:25 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\QuickScan
[2012/02/11 17:44:54 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Spam Monitor
[2012/02/11 13:40:12 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\TestApp
[2011/10/10 23:54:08 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\TuneUp Software
[2012/02/01 23:14:53 | 000,000,000 | ---D | M] -- C:\Users\Anderson Backup\AppData\Roaming\Vso
[2012/02/10 20:20:46 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/10/11 20:33:39 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\wlboa
[2011/10/11 20:28:28 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\wlboa

========== Alternate Data Streams ==========

@Alternate Data Stream - 272 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 20 bytes -> C:\Users\Anderson Backup\Desktop\PAVARK.exe:License
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP: DE406C3E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP: 430C6D84

< End of report >



< End of report >


------------
 
log do TDSS

19:17:57.0541 3652 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
19:17:59.0547 3652 ================================================== ==========
19:17:59.0547 3652 Current date / time: 2012/02/16 19:17:59.0547
19:17:59.0548 3652 SystemInfo:
19:17:59.0548 3652
19:17:59.0548 3652 OS Version: 6.1.7601 ServicePack: 1.0
19:17:59.0548 3652 Product type: Workstation
19:17:59.0548 3652 ComputerName: AND-PC
19:17:59.0548 3652 UserName: Anderson Backup
19:17:59.0548 3652 Windows directory: C:\Windows
19:17:59.0548 3652 System windows directory: C:\Windows
19:17:59.0548 3652 Processor architecture: Intel x86
19:17:59.0548 3652 Number of processors: 1
19:17:59.0548 3652 Page size: 0x1000
19:17:59.0548 3652 Boot type: Normal boot
19:17:59.0548 3652 ================================================== ==========
19:18:00.0593 3652 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:18:00.0603 3652 \Device\Harddisk0\DR0:
19:18:00.0603 3652 MBR used
19:18:00.0603 3652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2800A34
19:18:00.0620 3652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800AB2, BlocksNum 0x6D09B4E
19:18:00.0651 3652 Initialize success
19:18:00.0651 3652 ================================================== ==========
19:18:06.0492 5768 ================================================== ==========
19:18:06.0492 5768 Scan started
19:18:06.0492 5768 Mode: Manual; TDLFS;
19:18:06.0492 5768 ================================================== ==========
19:18:07.0382 5768 0ca6E9B (43b0076b3ab8996b84d2cc8f990b582f) C:\Windows\system32\0ca6E9B.sys
19:18:07.0418 5768 0ca6E9B - ok
19:18:07.0504 5768 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:18:07.0505 5768 1394ohci - ok
19:18:07.0606 5768 19bB13E (43b0076b3ab8996b84d2cc8f990b582f) C:\Windows\system32\19bB13E.sys
19:18:07.0609 5768 19bB13E - ok
19:18:07.0798 5768 6c3223 (43b0076b3ab8996b84d2cc8f990b582f) C:\Windows\system32\6c3223.sys
19:18:07.0800 5768 6c3223 - ok
19:18:07.0913 5768 6c67A4E (43b0076b3ab8996b84d2cc8f990b582f) C:\Windows\system32\6c67A4E.sys
19:18:07.0915 5768 6c67A4E - ok
19:18:08.0013 5768 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:18:08.0015 5768 ACPI - ok
19:18:08.0133 5768 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:18:08.0134 5768 AcpiPmi - ok
19:18:08.0244 5768 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:18:08.0247 5768 adp94xx - ok
19:18:08.0377 5768 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:18:08.0379 5768 adpahci - ok
19:18:08.0515 5768 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:18:08.0517 5768 adpu320 - ok
19:18:08.0654 5768 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:18:08.0657 5768 AFD - ok
19:18:08.0856 5768 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:18:08.0857 5768 agp440 - ok
19:18:08.0953 5768 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:18:08.0954 5768 aic78xx - ok
19:18:09.0076 5768 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:18:09.0077 5768 aliide - ok
19:18:09.0190 5768 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:18:09.0191 5768 amdagp - ok
19:18:09.0374 5768 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:18:09.0374 5768 amdide - ok
19:18:09.0507 5768 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:18:09.0508 5768 AmdK8 - ok
19:18:09.0661 5768 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
19:18:09.0662 5768 AmdLLD - ok
19:18:09.0780 5768 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:18:09.0781 5768 AmdPPM - ok
19:18:09.0912 5768 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:18:09.0913 5768 amdsata - ok
19:18:10.0052 5768 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:18:10.0053 5768 amdsbs - ok
19:18:10.0169 5768 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:18:10.0170 5768 amdxata - ok
19:18:10.0246 5768 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:18:10.0247 5768 AppID - ok
19:18:10.0418 5768 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:18:10.0419 5768 arc - ok
19:18:10.0661 5768 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:18:10.0662 5768 arcsas - ok
19:18:10.0855 5768 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:18:10.0855 5768 AsyncMac - ok
19:18:10.0975 5768 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:18:10.0975 5768 atapi - ok
19:18:11.0155 5768 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:18:11.0158 5768 b06bdrv - ok
19:18:11.0295 5768 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:18:11.0297 5768 b57nd60x - ok
19:18:11.0493 5768 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:18:11.0494 5768 Beep - ok
19:18:11.0626 5768 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:18:11.0627 5768 blbdrive - ok
19:18:11.0744 5768 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:18:11.0745 5768 bowser - ok
19:18:11.0864 5768 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:18:11.0864 5768 BrFiltLo - ok
19:18:11.0992 5768 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:18:11.0993 5768 BrFiltUp - ok
19:18:12.0133 5768 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
19:18:12.0134 5768 BridgeMP - ok
19:18:12.0301 5768 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:18:12.0304 5768 Brserid - ok
19:18:12.0418 5768 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:18:12.0419 5768 BrSerWdm - ok
19:18:12.0551 5768 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:18:12.0552 5768 BrUsbMdm - ok
19:18:12.0676 5768 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:18:12.0677 5768 BrUsbSer - ok
19:18:12.0804 5768 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
19:18:12.0805 5768 BthEnum - ok
19:18:12.0926 5768 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:18:12.0927 5768 BTHMODEM - ok
19:18:13.0062 5768 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:18:13.0064 5768 BthPan - ok
19:18:13.0173 5768 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
19:18:13.0177 5768 BTHPORT - ok
19:18:13.0305 5768 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
19:18:13.0306 5768 BTHUSB - ok
19:18:13.0432 5768 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:18:13.0434 5768 cdfs - ok
19:18:13.0567 5768 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
19:18:13.0568 5768 cdrom - ok
19:18:13.0695 5768 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:18:13.0696 5768 circlass - ok
19:18:13.0824 5768 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:18:13.0828 5768 CLFS - ok
19:18:13.0961 5768 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:18:13.0961 5768 CmBatt - ok
19:18:14.0086 5768 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:18:14.0087 5768 cmdide - ok
19:18:14.0165 5768 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\Windows\system32\drivers\cmaudio.sys
19:18:14.0169 5768 cmpci - ok
19:18:14.0293 5768 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:18:14.0298 5768 CNG - ok
19:18:14.0364 5768 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:18:14.0365 5768 Compbatt - ok
19:18:14.0543 5768 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:18:14.0544 5768 CompositeBus - ok
19:18:14.0705 5768 cpuz134 - ok
19:18:14.0769 5768 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:18:14.0769 5768 crcdisk - ok
19:18:14.0907 5768 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
19:18:14.0909 5768 CSC - ok
19:18:15.0034 5768 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
19:18:15.0037 5768 ctxusbm - ok
19:18:15.0375 5768 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:18:15.0376 5768 DfsC - ok
19:18:15.0506 5768 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:18:15.0506 5768 discache - ok
19:18:15.0631 5768 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:18:15.0632 5768 Disk - ok
19:18:15.0732 5768 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
19:18:15.0733 5768 driverhardwarev2 - ok
19:18:16.0034 5768 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:18:16.0035 5768 drmkaud - ok
19:18:16.0179 5768 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:18:16.0187 5768 DXGKrnl - ok
19:18:16.0405 5768 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:18:16.0437 5768 ebdrv - ok
19:18:16.0586 5768 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:18:16.0589 5768 elxstor - ok
19:18:16.0703 5768 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:18:16.0704 5768 ErrDev - ok
19:18:16.0863 5768 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:18:16.0866 5768 exfat - ok
19:18:17.0028 5768 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:18:17.0029 5768 fastfat - ok
19:18:17.0156 5768 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:18:17.0157 5768 fdc - ok
19:18:17.0312 5768 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:18:17.0313 5768 FileInfo - ok
19:18:17.0441 5768 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:18:17.0441 5768 Filetrace - ok
19:18:17.0544 5768 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:18:17.0545 5768 flpydisk - ok
19:18:17.0675 5768 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:18:17.0677 5768 FltMgr - ok
19:18:17.0814 5768 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:18:17.0815 5768 FsDepends - ok
19:18:17.0927 5768 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:18:17.0927 5768 Fs_Rec - ok
19:18:18.0040 5768 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:18:18.0042 5768 fvevol - ok
19:18:18.0236 5768 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:18:18.0237 5768 gagp30kx - ok
19:18:18.0594 5768 gdrv - ok
19:18:18.0687 5768 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:18:18.0688 5768 hcw85cir - ok
19:18:18.0793 5768 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:18:18.0795 5768 HdAudAddService - ok
19:18:18.0930 5768 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:18:18.0931 5768 HDAudBus - ok
19:18:19.0050 5768 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:18:19.0051 5768 HidBatt - ok
19:18:19.0684 5768 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:18:19.0688 5768 HidBth - ok
19:18:20.0427 5768 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:18:20.0428 5768 HidIr - ok
19:18:20.0553 5768 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
19:18:20.0554 5768 HidUsb - ok
19:18:20.0695 5768 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:18:20.0695 5768 HpSAMD - ok
19:18:20.0831 5768 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:18:20.0834 5768 HTTP - ok
19:18:20.0954 5768 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:18:20.0954 5768 hwpolicy - ok
19:18:21.0079 5768 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:18:21.0080 5768 i8042prt - ok
19:18:21.0205 5768 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:18:21.0207 5768 iaStorV - ok
19:18:21.0344 5768 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:18:21.0344 5768 iirsp - ok
19:18:21.0466 5768 IntcAzAudAddService - ok
19:18:21.0542 5768 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:18:21.0542 5768 intelide - ok
19:18:21.0671 5768 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:18:21.0672 5768 intelppm - ok
19:18:21.0809 5768 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:18:21.0810 5768 IpFilterDriver - ok
19:18:21.0937 5768 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:18:21.0942 5768 IPMIDRV - ok
19:18:22.0105 5768 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:18:22.0106 5768 IPNAT - ok
19:18:22.0257 5768 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:18:22.0258 5768 IRENUM - ok
19:18:22.0425 5768 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:18:22.0436 5768 isapnp - ok
19:18:22.0657 5768 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:18:22.0668 5768 iScsiPrt - ok
19:18:22.0810 5768 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:18:22.0810 5768 kbdclass - ok
19:18:23.0018 5768 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:18:23.0058 5768 kbdhid - ok
19:18:24.0010 5768 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
19:18:24.0019 5768 KMWDFILTERx86 - ok
19:18:24.0212 5768 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:18:24.0213 5768 KSecDD - ok
19:18:24.0314 5768 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:18:24.0317 5768 KSecPkg - ok
19:18:24.0487 5768 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:18:24.0488 5768 lltdio - ok
19:18:24.0619 5768 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:18:24.0619 5768 LSI_FC - ok
19:18:24.0756 5768 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:18:24.0756 5768 LSI_SAS - ok
19:18:24.0992 5768 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:18:24.0992 5768 LSI_SAS2 - ok
19:18:25.0140 5768 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:18:25.0141 5768 LSI_SCSI - ok
19:18:25.0422 5768 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:18:25.0424 5768 luafv - ok
19:18:25.0953 5768 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:18:25.0954 5768 megasas - ok
19:18:26.0229 5768 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:18:26.0230 5768 MegaSR - ok
19:18:26.0755 5768 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:18:26.0755 5768 Modem - ok
19:18:26.0898 5768 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:18:26.0899 5768 monitor - ok
19:18:27.0015 5768 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:18:27.0016 5768 mouclass - ok
19:18:27.0077 5768 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:18:27.0078 5768 mouhid - ok
19:18:27.0197 5768 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:18:27.0198 5768 mountmgr - ok
19:18:27.0324 5768 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
19:18:27.0328 5768 MpFilter - ok
19:18:27.0751 5768 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:18:27.0755 5768 mpio - ok
19:18:27.0861 5768 MpKsl112e3f14 - ok
19:18:27.0960 5768 MpKsl1e7b1acd - ok
19:18:28.0051 5768 MpKsl21100e5e - ok
19:18:28.0084 5768 MpKsl2ab3674e - ok
19:18:28.0134 5768 MpKsl336aff6a - ok
19:18:28.0197 5768 MpKsl414dc95e - ok
19:18:28.0251 5768 MpKsl43084ae7 - ok
19:18:28.0309 5768 MpKsl5f506651 - ok
19:18:28.0351 5768 MpKsl617b1074 - ok
19:18:28.0384 5768 MpKsl746aace1 - ok
19:18:28.0425 5768 MpKsl954575db - ok
19:18:28.0459 5768 MpKsl98549e39 - ok
19:18:28.0500 5768 MpKsl9dc75644 - ok
19:18:28.0560 5768 MpKslae988eeb - ok
19:18:28.0631 5768 MpKslb152a0fe - ok
19:18:28.0681 5768 MpKslc5169394 - ok
19:18:28.0731 5768 MpKslcb2f27f9 - ok
19:18:28.0767 5768 MpKslcc071ffd - ok
19:18:28.0859 5768 MpKsle9cf861c - ok
19:18:28.0892 5768 MpKslef3d111f - ok
19:18:28.0934 5768 MpKslf177cf41 - ok
19:18:28.0967 5768 MpKslf5d76c26 - ok
19:18:29.0009 5768 MpKslff93c9c4 - ok
19:18:29.0073 5768 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:18:29.0075 5768 MpNWMon - ok
19:18:29.0228 5768 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:18:29.0229 5768 mpsdrv - ok
19:18:29.0362 5768 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:18:29.0363 5768 MRxDAV - ok
19:18:29.0491 5768 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:18:29.0497 5768 mrxsmb - ok
19:18:29.0645 5768 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:18:29.0648 5768 mrxsmb10 - ok
19:18:29.0792 5768 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:18:29.0794 5768 mrxsmb20 - ok
19:18:29.0927 5768 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:18:29.0927 5768 msahci - ok
19:18:30.0099 5768 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:18:30.0100 5768 msdsm - ok
19:18:30.0461 5768 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:18:30.0464 5768 Msfs - ok
19:18:30.0600 5768 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:18:30.0600 5768 mshidkmdf - ok
19:18:30.0719 5768 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:18:30.0720 5768 msisadrv - ok
19:18:30.0848 5768 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:18:30.0849 5768 MSKSSRV - ok
19:18:31.0008 5768 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:18:31.0009 5768 MSPCLOCK - ok
19:18:31.0138 5768 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:18:31.0139 5768 MSPQM - ok
19:18:31.0267 5768 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:18:31.0268 5768 MsRPC - ok
19:18:31.0781 5768 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:18:31.0781 5768 mssmbios - ok
19:18:31.0899 5768 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:18:31.0899 5768 MSTEE - ok
19:18:32.0076 5768 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:18:32.0077 5768 MTConfig - ok
19:18:32.0219 5768 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:18:32.0220 5768 Mup - ok
19:18:32.0359 5768 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:18:32.0361 5768 NativeWifiP - ok
19:18:32.0648 5768 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:18:32.0652 5768 NDIS - ok
19:18:32.0771 5768 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:18:32.0772 5768 NdisCap - ok
19:18:32.0880 5768 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:18:32.0880 5768 NdisTapi - ok
19:18:33.0042 5768 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:18:33.0042 5768 Ndisuio - ok
19:18:33.0362 5768 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:18:33.0365 5768 NdisWan - ok
19:18:33.0798 5768 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:18:33.0798 5768 NDProxy - ok
19:18:33.0919 5768 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:18:33.0920 5768 NetBIOS - ok
19:18:34.0022 5768 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:18:34.0023 5768 NetBT - ok
19:18:34.0280 5768 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:18:34.0281 5768 nfrd960 - ok
19:18:34.0459 5768 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:18:34.0461 5768 NisDrv - ok
19:18:34.0605 5768 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:18:34.0605 5768 Npfs - ok
19:18:34.0755 5768 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:18:34.0755 5768 nsiproxy - ok
19:18:34.0904 5768 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:18:34.0912 5768 Ntfs - ok
19:18:35.0089 5768 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:18:35.0090 5768 Null - ok
19:18:35.0277 5768 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
19:18:35.0279 5768 NVENETFD - ok
19:18:35.0835 5768 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:18:35.0971 5768 nvlddmkm - ok
19:18:36.0167 5768 NVNET (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
19:18:36.0171 5768 NVNET - ok
19:18:36.0303 5768 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:18:36.0304 5768 nvraid - ok
19:18:36.0459 5768 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:18:36.0461 5768 nvstor - ok
19:18:36.0594 5768 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
19:18:36.0599 5768 nvstor32 - ok
19:18:36.0817 5768 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:18:36.0819 5768 nv_agp - ok
19:18:36.0993 5768 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:18:36.0994 5768 ohci1394 - ok
19:18:37.0117 5768 ONDAusbmdm6k (6899bdba16765bf728983917a80f7926) C:\Windows\system32\DRIVERS\ONDAusbmdm6k.sys
19:18:37.0118 5768 ONDAusbmdm6k - ok
19:18:37.0258 5768 ONDAusbnmea (6899bdba16765bf728983917a80f7926) C:\Windows\system32\DRIVERS\ONDAusbnmea.sys
19:18:37.0260 5768 ONDAusbnmea - ok
19:18:37.0384 5768 ONDAusbser6k (6899bdba16765bf728983917a80f7926) C:\Windows\system32\DRIVERS\ONDAusbser6k.sys
19:18:37.0386 5768 ONDAusbser6k - ok
19:18:37.0531 5768 ONDAusbvoice (6899bdba16765bf728983917a80f7926) C:\Windows\system32\DRIVERS\ONDAusbvoice.sys
19:18:37.0533 5768 ONDAusbvoice - ok
19:18:37.0765 5768 PAC7302 (0406a7c99a2a0b41d530db4dc6093e17) C:\Windows\system32\DRIVERS\PAC7302.SYS
19:18:37.0771 5768 PAC7302 - ok
19:18:37.0913 5768 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:18:37.0914 5768 Parport - ok
19:18:38.0041 5768 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:18:38.0042 5768 partmgr - ok
19:18:38.0198 5768 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:18:38.0199 5768 Parvdm - ok
19:18:38.0336 5768 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:18:38.0338 5768 pci - ok
19:18:38.0461 5768 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:18:38.0462 5768 pciide - ok
19:18:38.0572 5768 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:18:38.0573 5768 pcmcia - ok
19:18:38.0725 5768 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
19:18:38.0726 5768 pcouffin - ok
19:18:38.0854 5768 PCTAppEvent (4bb87c2afb75f8ab3c24f2af59e3b172) C:\Windows\system32\drivers\PCTAppEvent.sys
19:18:38.0856 5768 PCTAppEvent - ok
19:18:39.0001 5768 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
19:18:39.0002 5768 PCTBD - ok
19:18:39.0149 5768 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
19:18:39.0152 5768 PCTCore - ok
19:18:39.0303 5768 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
19:18:39.0307 5768 pctDS - ok
19:18:39.0817 5768 pctEFA (653d8079cc000ec454789740a07b84a8) C:\Windows\system32\drivers\pctEFA.sys
19:18:39.0827 5768 pctEFA - ok
19:18:39.0963 5768 PCTFW-PacketFilter (da67f33614e36aef1b8fdcc80699aae0) C:\Windows\system32\drivers\pctNdis-PacketFilter.sys
19:18:39.0965 5768 PCTFW-PacketFilter - ok
19:18:40.0182 5768 pctgntdi (00bfb1452ed8bb69fd135eb6a682303e) C:\Windows\System32\drivers\pctgntdi.sys
19:18:40.0424 5768 pctgntdi - ok
19:18:40.0768 5768 pctNdisLW (1623220615f0afabf9027c6f8d4da58a) C:\Windows\system32\DRIVERS\pctNdisLW.sys
19:18:40.0769 5768 pctNdisLW - ok
19:18:40.0905 5768 pctplfw (efe5a32ee53cfe0de11ddc7755526c8b) C:\Windows\System32\drivers\pctplfw.sys
19:18:40.0907 5768 pctplfw - ok
19:18:41.0155 5768 pctplsg (9e68be6aadbc3d688bac161f28af0ce0) C:\Windows\System32\drivers\pctplsg.sys
19:18:41.0156 5768 pctplsg - ok
19:18:41.0270 5768 PCTSD (ec49993baa9a86adf1cb6fa1cd895882) C:\Windows\system32\Drivers\PCTSD.sys
19:18:41.0272 5768 PCTSD - ok
19:18:41.0385 5768 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:18:41.0386 5768 pcw - ok
19:18:41.0527 5768 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:18:41.0530 5768 PEAUTH - ok
19:18:41.0836 5768 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:18:41.0837 5768 PptpMiniport - ok
19:18:41.0951 5768 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:18:41.0952 5768 Processor - ok
19:18:42.0131 5768 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:18:42.0132 5768 Psched - ok
19:18:42.0356 5768 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:18:42.0363 5768 ql2300 - ok
19:18:42.0514 5768 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:18:42.0515 5768 ql40xx - ok
19:18:42.0658 5768 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:18:42.0659 5768 QWAVEdrv - ok
19:18:42.0784 5768 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:18:42.0785 5768 RasAcd - ok
19:18:42.0907 5768 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:18:42.0907 5768 RasAgileVpn - ok
19:18:43.0029 5768 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:18:43.0030 5768 Rasl2tp - ok
19:18:43.0170 5768 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:18:43.0171 5768 RasPppoe - ok
19:18:43.0225 5768 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:18:43.0226 5768 RasSstp - ok
19:18:43.0376 5768 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:18:43.0378 5768 rdbss - ok
19:18:43.0494 5768 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:18:43.0494 5768 rdpbus - ok
19:18:43.0613 5768 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:18:43.0613 5768 RDPCDD - ok
19:18:43.0768 5768 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
19:18:43.0769 5768 RDPDR - ok
19:18:43.0906 5768 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:18:43.0907 5768 RDPENCDD - ok
19:18:44.0039 5768 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:18:44.0040 5768 RDPREFMP - ok
19:18:44.0191 5768 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
19:18:44.0192 5768 RdpVideoMiniport - ok
19:18:44.0334 5768 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:18:44.0338 5768 RDPWD - ok
19:18:44.0436 5768 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:18:44.0438 5768 rdyboost - ok
19:18:44.0576 5768 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:18:44.0577 5768 RFCOMM - ok
19:18:44.0838 5768 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:18:44.0839 5768 rspndr - ok
19:18:44.0967 5768 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
19:18:44.0968 5768 s3cap - ok
19:18:45.0167 5768 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:18:45.0168 5768 sbp2port - ok
19:18:45.0334 5768 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:18:45.0335 5768 scfilter - ok
19:18:45.0776 5768 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:18:45.0777 5768 secdrv - ok
19:18:45.0914 5768 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:18:45.0915 5768 Serenum - ok
19:18:46.0042 5768 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:18:46.0043 5768 Serial - ok
19:18:46.0194 5768 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:18:46.0195 5768 sermouse - ok
19:18:46.0389 5768 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:18:46.0390 5768 sffdisk - ok
19:18:46.0531 5768 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:18:46.0532 5768 sffp_mmc - ok
19:18:46.0665 5768 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:18:46.0666 5768 sffp_sd - ok
19:18:46.0784 5768 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:18:46.0784 5768 sfloppy - ok
19:18:46.0951 5768 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:18:46.0952 5768 sisagp - ok
19:18:47.0091 5768 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:18:47.0092 5768 SiSRaid2 - ok
19:18:47.0244 5768 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:18:47.0245 5768 SiSRaid4 - ok
19:18:47.0387 5768 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:18:47.0388 5768 Smb - ok
19:18:47.0549 5768 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:18:47.0550 5768 spldr - ok
19:18:47.0751 5768 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
19:18:47.0751 5768 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
19:18:47.0755 5768 sptd ( LockedFile.Multi.Generic ) - warning
19:18:47.0755 5768 sptd - detected LockedFile.Multi.Generic (1)
19:18:47.0890 5768 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:18:47.0892 5768 srv - ok
19:18:48.0022 5768 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:18:48.0027 5768 srv2 - ok
19:18:48.0149 5768 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:18:48.0150 5768 srvnet - ok
19:18:48.0359 5768 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:18:48.0359 5768 stexstor - ok
19:18:48.0464 5768 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
19:18:48.0465 5768 storflt - ok
19:18:48.0605 5768 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
19:18:48.0605 5768 storvsc - ok
19:18:48.0723 5768 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:18:48.0723 5768 swenum - ok
19:18:48.0866 5768 Synth3dVsc - ok
19:18:49.0027 5768 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:18:49.0042 5768 Tcpip - ok
19:18:49.0184 5768 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:18:49.0191 5768 TCPIP6 - ok
19:18:49.0347 5768 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:18:49.0348 5768 tcpipreg - ok
19:18:49.0499 5768 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:18:49.0500 5768 TDPIPE - ok
19:18:49.0797 5768 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:18:49.0798 5768 TDTCP - ok
19:18:49.0920 5768 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:18:49.0921 5768 tdx - ok
19:18:50.0077 5768 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:18:50.0078 5768 TermDD - ok
19:18:50.0155 5768 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\Windows\system32\drivers\TfFsMon.sys
19:18:50.0157 5768 TfFsMon - ok
19:18:50.0306 5768 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\Windows\system32\drivers\TfNetMon.sys
19:18:50.0307 5768 TfNetMon - ok
19:18:50.0437 5768 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\Windows\system32\drivers\TfSysMon.sys
19:18:50.0442 5768 TFSysMon - ok
19:18:50.0613 5768 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:18:50.0613 5768 tssecsrv - ok
19:18:50.0754 5768 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:18:50.0754 5768 TsUsbFlt - ok
19:18:50.0898 5768 tsusbhub - ok
19:18:50.0988 5768 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
19:18:50.0989 5768 TuneUpUtilitiesDrv - ok
19:18:51.0124 5768 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:18:51.0125 5768 tunnel - ok
19:18:51.0257 5768 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:18:51.0258 5768 uagp35 - ok
19:18:51.0394 5768 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:18:51.0396 5768 udfs - ok
19:18:51.0558 5768 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:18:51.0559 5768 uliagpkx - ok
19:18:51.0684 5768 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:18:51.0685 5768 umbus - ok
19:18:51.0874 5768 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:18:51.0875 5768 UmPass - ok
19:18:52.0021 5768 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:18:52.0022 5768 usbaudio - ok
19:18:52.0144 5768 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:18:52.0144 5768 usbccgp - ok
19:18:52.0295 5768 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:18:52.0296 5768 usbcir - ok
19:18:52.0438 5768 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:18:52.0438 5768 usbehci - ok
19:18:52.0515 5768 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:18:52.0517 5768 usbhub - ok
19:18:52.0704 5768 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
19:18:52.0705 5768 usbohci - ok
19:18:52.0877 5768 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:18:52.0879 5768 usbprint - ok
19:18:52.0988 5768 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:18:52.0989 5768 USBSTOR - ok
19:18:53.0110 5768 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:18:53.0111 5768 usbuhci - ok
19:18:53.0293 5768 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:18:53.0293 5768 vdrvroot - ok
19:18:53.0410 5768 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:18:53.0411 5768 vga - ok
19:18:53.0501 5768 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:18:53.0501 5768 VgaSave - ok
19:18:53.0704 5768 VGPU - ok
19:18:53.0773 5768 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:18:53.0775 5768 vhdmp - ok
19:18:53.0907 5768 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:18:53.0913 5768 viaagp - ok
19:18:54.0041 5768 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:18:54.0042 5768 ViaC7 - ok
19:18:54.0171 5768 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:18:54.0172 5768 viaide - ok
19:18:54.0278 5768 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
19:18:54.0280 5768 vmbus - ok
19:18:54.0407 5768 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
19:18:54.0408 5768 VMBusHID - ok
19:18:54.0556 5768 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:18:54.0557 5768 volmgr - ok
19:18:54.0695 5768 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:18:54.0698 5768 volmgrx - ok
19:18:55.0083 5768 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:18:55.0084 5768 volsnap - ok
19:18:55.0211 5768 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:18:55.0213 5768 vsmraid - ok
19:18:55.0339 5768 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:18:55.0341 5768 vwifibus - ok
19:18:55.0474 5768 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:18:55.0477 5768 WacomPen - ok
19:18:55.0638 5768 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:55.0641 5768 WANARP - ok
19:18:55.0668 5768 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:55.0669 5768 Wanarpv6 - ok
19:18:55.0866 5768 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:18:55.0867 5768 Wd - ok
19:18:56.0091 5768 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:18:56.0094 5768 Wdf01000 - ok
19:18:56.0319 5768 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:18:56.0320 5768 WfpLwf - ok
19:18:56.0475 5768 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:18:56.0475 5768 WIMMount - ok
19:18:56.0673 5768 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:18:56.0674 5768 WinUsb - ok
19:18:56.0832 5768 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:18:56.0832 5768 WmiAcpi - ok
19:18:57.0043 5768 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:18:57.0044 5768 ws2ifsl - ok
19:18:57.0212 5768 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:18:57.0214 5768 WudfPf - ok
19:18:57.0332 5768 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:18:57.0333 5768 WUDFRd - ok
19:18:57.0452 5768 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:18:57.0582 5768 \Device\Harddisk0\DR0 - ok
19:18:57.0588 5768 Boot (0x1200) (30012ce95a35228f97b029dd519c8634) \Device\Harddisk0\DR0\Partition0
19:18:57.0589 5768 \Device\Harddisk0\DR0\Partition0 - ok
19:18:57.0596 5768 Boot (0x1200) (c0c5865a49fc41f5bc7d2cdb091712cc) \Device\Harddisk0\DR0\Partition1
19:18:57.0598 5768 \Device\Harddisk0\DR0\Partition1 - ok
19:18:57.0602 5768 ================================================== ==========
19:18:57.0602 5768 Scan finished
19:18:57.0602 5768 ================================================== ==========
19:18:57.0618 4112 Detected object count: 1
19:18:57.0618 4112 Actual detected object count: 1
19:19:16.0252 4112 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:19:16.0252 4112 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
 
Valeu Mr. Wolf! :joia:

Esses dias eu recebi um e-mail e cliquei nele e, quando ia abrir o link que veio na imagem, o anti-virus bloqueou porque indicava tentativa de phishing. Então fiquei meio cabreiro com a possibilidade de algo ter se instalado na surdina porque não sei de verdade como funcionam esses esquemas de phishing.

Aí, pra ficar mais tranquilo (ou desesperar de vez), vim lhe pedir socorro.:feelbad:
Mr.Wolf disse:
Pessoal,

Perdão pela demora. A correria do mês de fevereiro foi tamanha que não tive tempo de acessar o fórum. Quem estiver necessitando de ajuda ainda peço que poste novamente.

Olá wmh, seus logs estão limpos amigo. Sem indícios de infecção. Algum problema que queira relatar?

Abraços
Clique para expandir...

@andlsa: Colega, edita tuas mensagens e usa a tag de spoiler /spoiler (entre colchetes) pra ficar mais fácil de ler a página.
 
Última edição:
No que estas logs ajudam na remoção de virus,
Desde já vlwzxx.....
 
Hm acho que vou passar uma log aki também.....
 
Droga, acho que peguei o maldito do BugBear ! >.<

Como principal sintoma, n~~ao da p/ usar acentos.. :trollfail:
Algu´´em sabe alguma maneira facil e eficiente p/ remover essa desgraça ? kkk

Estou rodando o F-Prot aqui, qualquer coisa depois eu posto um log.. :)

Abraços.
 
Galera que tem dúvidas ...
Esses logs mostram chaves onde os Malwares costumam alterar valores ou adicionar valores e também mostram os processos ativos no sistema.

Em alguns casos, logs do OTL ou DDS são mais precisos, mostrando alguma chave que não se encontra no Hijack This.


Atualmente consigo ler logs do Hijack This, lentamente mais consigo. Espero um dia conseguir ler logs do OTL ou DDS, para poder ajudar pessoas com esses problemas.

Valeu.
 
Última edição:
andlsa, peço que faça o que o amigo wmh sugeriu -- colocar os logs entre spoilers. Os logs do OTL são demasiadamente grandes. Voltando ao assunto, os logs que você postou são os da primeira vez que você postou aqui no tópico. Muita coisa pode ter mudado no sistema. Por favor, poste um log atualizado do OTL aqui.
A princípio, não vi nenhuma entrada relacionada ao TDSS nos logs. Porém, como trata-se de um rootkit, ele pode estar invisível. Ao invés de criar um log normal do OTL, siga as instruções do spoiler abaixo.

Abra o OTL e marque as opções abaixo:

Verificar All Users
Ignorar Arquivos Microsoft
Usar WhiteList para Nomes de Companhias
Verificar Lop
Verificar Purity

Clique em Verificar e serão criados os relatórios OTL.txt e Extras.txt no desktop. Poste apenas o OTL.Txt.
 
Mr.Wolf, blz cara?

Gostaria de saber se existe algum virus que desinstala anti-virus? É pq o note da minha namorada tava com o Mse instalado e ela pegou um virus não sei onde aí. Simplesmente hoje iniciei o note dela pra remover o virus e o Mse poof...sumiu! oO

Sem serviços no services.msc, a pasta em program files sumiu, sumiu da inicialização e o icone também escafedeu-se.

Como pode?

[]'s
 
guilhermeX disse:
Mr.Wolf, blz cara?

Gostaria de saber se existe algum virus que desinstala anti-virus?
Clique para expandir...
Opa guilhermeX, tudo bem.

Existem inúmeras pragas que provocam tal atividade. Desde um retrovirus até um rogue.

Se necessitar de ajuda poste um log do OTL.

Abraços
 
Então eu nem to conseguindo rodar esse Otl aqui. Só o Hijackthis, mas não entendo nada que diz nesses logs hahaha.

[]'s
 
guilhermeX disse:
Então eu nem to conseguindo rodar esse Otl aqui. Só o Hijackthis, mas não entendo nada que diz nesses logs hahaha.

[]'s
Clique para expandir...
Pode ser. Se o caso estiver realmente relacionado a retrovirus e/ou rogues, eles são exibidos facilmente nos logs do Hijack.
 
Aí vai...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:43:25, on 03/03/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tais\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell | MSN
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Mystart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Brasil - Hotmail, Messenger, Entretenimento, Notícias, Esportes e Vídeo
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DoroServer] C:\Program Files\DoroPDFWriter\DoroServer.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKCU\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON T25] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIG EB.EXE /FU "C:\Users\ADMINI~1\AppData\Local\Temp\E_S6D39. tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-1106\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'RDTJ')
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-1106\..\Run: [Adobe Reader Synchronizer] "C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe" (User 'RDTJ')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: Banco Santander Brasil | Banco do juntos
O15 - Trusted Zone: Banco Santander Brasil | Banco do juntos
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EDS.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EDS.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = EDS.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hoster Service (autoupdate) - C:\Windows\system32\01asajks.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7414 bytes
 
Você deve fazer login ou se registrar para responder aqui.

Users who are viewing this thread

Total: 2 (membros: 0, visitantes: 2)
Voltar
Topo