×
Ir ao conteúdo
  • Cadastre-se

Problema com hootkit (?!)


Newbie_Freak

Posts recomendados

Bem,vou explicar o que esta me tirando o sono : a alguns dias tive um problema com o logon do windows.A tela inicial de boas vindas sumiu e deu lugar a uma tela preta apenas com a caixa de login! eu resolvi instalar um firewall mais competente(estava usando o firewall do proprio antivir) e instalei o comodo!Assim que ele começou a funcionar eu observei o tráfego absurdo do svchost.exe.

Sendo assim,resolvi seguir os procedimentos do forum,e obtive os seguintes logs:

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net

Rootkit quick scan 2009-08-19 14:58:44

Windows 5.1.2600 Service Pack 3

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----

Log do DDS :

DDS (Ver_09-07-30.01) - NTFSx86

Run by Administrador at 14:23:23,81 on qua 19/08/2009

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.453 [GMT -3:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrador\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =

uSearch Bar =

mStart Page = hxxp://home.sweetim.com

mSearchAssistant =

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [COMODO Internet Security] "c:\arquivos de programas\comodo\comodo internet security\cfp.exe" -h

mRun: [TrojanScanner] c:\arquivos de programas\trojan remover\Trjscan.exe /boot

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

LSP: w2pxdrv.dll

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\nn85ta6a.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-8-18 11608]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-8-19 132640]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-8-19 24096]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-8-18 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-18 55640]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\arquivos de programas\comodo\comodo internet security\cmdagent.exe [2009-8-19 692496]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\arquivos de programas\sisoftware\sisoftware sandra lite 2009.sp3c\RpcAgentSrv.exe [2009-7-27 98488]

S3 XDva068;XDva068;\??\c:\windows\system32\xdva068.sys --> c:\windows\system32\XDva068.sys [?]

S3 XDva214;XDva214;\??\c:\windows\system32\xdva214.sys --> c:\windows\system32\XDva214.sys [?]

S3 XDva220;XDva220;\??\c:\windows\system32\xdva220.sys --> c:\windows\system32\XDva220.sys [?]

S3 XDva221;XDva221;\??\c:\windows\system32\xdva221.sys --> c:\windows\system32\XDva221.sys [?]

S3 XDva223;XDva223;\??\c:\windows\system32\xdva223.sys --> c:\windows\system32\XDva223.sys [?]

S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]

S3 XDva225;XDva225;\??\c:\windows\system32\xdva225.sys --> c:\windows\system32\XDva225.sys [?]

S3 XDva226;XDva226;\??\c:\windows\system32\xdva226.sys --> c:\windows\system32\XDva226.sys [?]

S3 XDva235;XDva235;\??\c:\windows\system32\xdva235.sys --> c:\windows\system32\XDva235.sys [?]

S3 XDva246;XDva246;\??\c:\windows\system32\xdva246.sys --> c:\windows\system32\XDva246.sys [?]

S3 XDva255;XDva255;\??\c:\windows\system32\xdva255.sys --> c:\windows\system32\XDva255.sys [?]

S3 XDva256;XDva256;\??\c:\windows\system32\xdva256.sys --> c:\windows\system32\XDva256.sys [?]

S3 XDva258;XDva258;\??\c:\windows\system32\xdva258.sys --> c:\windows\system32\XDva258.sys [?]

S3 XDva269;XDva269;\??\c:\windows\system32\xdva269.sys --> c:\windows\system32\XDva269.sys [?]

S3 XDva273;XDva273;\??\c:\windows\system32\xdva273.sys --> c:\windows\system32\XDva273.sys [?]

S3 XDva277;XDva277;\??\c:\windows\system32\xdva277.sys --> c:\windows\system32\XDva277.sys [?]

S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]

=============== Created Last 30 ================

2009-08-19 14:06 162,304 a------- c:\windows\system32\ztvunrar36.dll

2009-08-19 14:06 153,088 a------- c:\windows\system32\UNRAR3.dll

2009-08-19 14:06 77,312 a------- c:\windows\system32\ztvunace26.dll

2009-08-19 14:06 75,264 a------- c:\windows\system32\unacev2.dll

2009-08-19 14:06 69,632 a------- c:\windows\system32\ztvcabinet.dll

2009-08-19 14:06 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Simply Super Software

2009-08-19 14:06 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Simply Super Software

2009-08-19 14:06 <DIR> --d----- c:\arquivos de programas\Trojan Remover

2009-08-19 09:47 <DIR> --d----- c:\documents and settings\administrador\.housecall6.6

2009-08-19 02:41 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Comodo

2009-08-19 02:41 168,208 a------- c:\windows\system32\guard32.dll

2009-08-19 02:41 132,640 a------- c:\windows\system32\drivers\cmdguard.sys

2009-08-19 02:41 24,096 a------- c:\windows\system32\drivers\cmdhlp.sys

2009-08-18 21:51 130 a------- c:\windows\cfplogvw.INI

2009-08-18 21:19 55,640 a------- c:\windows\system32\drivers\avgntflt.sys

2009-08-18 21:09 <DIR> --d----- c:\arquivos de programas\Avira

2009-08-18 20:30 <DIR> --d----- c:\arquivos de programas\COMODO

2009-08-11 03:40 3,071,388 a------- c:\windows\system32\GameMon.des

2009-08-11 03:24 <DIR> --d----- C:\Program Files

2009-08-11 03:18 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\ProxyCap

2009-08-11 03:05 <DIR> --d----- c:\arquivos de programas\Proxy Labs

2009-08-11 02:34 <DIR> --d----- c:\arquivos de programas\Your Freedom

2009-08-10 18:10 <DIR> --d----- c:\arquivos de programas\KeyToPlay

2009-08-05 17:21 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PC Drivers HeadQuarters

2009-08-05 17:20 <DIR> --d----- c:\arquivos de programas\PC Drivers HeadQuarters

2009-08-05 16:49 <DIR> --d----- c:\arquivos de programas\Lavalys

2009-07-27 13:41 <DIR> --d----- c:\arquivos de programas\SiSoftware

==================== Find3M ====================

2009-08-01 10:47 463,636 a------- c:\windows\system32\perfh016.dat

2009-08-01 10:47 76,188 a------- c:\windows\system32\perfc016.dat

2009-07-22 14:52 2,516 a--sh--- c:\docume~1\alluse~1\dadosd~1\KGyGaAvL.sys

2009-07-22 14:52 88 ---shr-- c:\docume~1\alluse~1\dadosd~1\B661C375F2.sys

============= FINISH: 14:23:39,20 ===============

Agradeço a sua colaboração! :)

Link para o comentário
Compartilhar em outros sites

  • 2 semanas depois...
  • Analista de Segurança

Caro Freak

Faça o download de OTListIt e salve no desktop.

  • Clique duas vezes no icone da ferrameta que está no seu desktop.
  • Clique emk Run Scan e deixe a ferramenta ser executada.
  • Quando a ferramenta finalizar o scan, gerará dois arquivos texto:
    • OTViewIt.Txt <- Será automaticamente aberto no Bloco de Notas
    • Extras.txt <- estará no desktop

    [*] Copie (Ctrl+C) e cole (Ctrl+V) todo o conteudo do arquivo OTViewIt.Txt e do Extras.txt em sua proxima resposta.

Abraços :D

Link para o comentário
Compartilhar em outros sites

OTL logfile created on: 06/09/2009 20:19:47 - Run 2

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\kamael\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1022,49 Mb Total Physical Memory | 606,62 Mb Available Physical Memory | 59,33% Memory free

2,00 Gb Paging File | 1,32 Gb Available in Paging File | 66,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 38,86 Gb Total Space | 18,54 Gb Free Space | 47,71% Space Free | Partition Type: NTFS

Drive D: | 200,00 Mb Total Space | 182,24 Mb Free Space | 91,12% Space Free | Partition Type: NTFS

Drive E: | 35,50 Gb Total Space | 3,75 Gb Free Space | 10,56% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: KAMAEL-PC

Current User Name: kamael

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

PRC - [2009/09/01 04:25:14 | 00,692,496 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2009/07/13 22:14:20 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE

PRC - [2009/07/13 22:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

PRC - [2009/09/05 02:37:48 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009/07/13 22:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe

PRC - [2009/09/06 18:23:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\kamael\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])

SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])

SRV - [2009/07/13 22:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc [On_Demand | Stopped])

SRV - [2009/07/13 22:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSV.dll -- (AxInstSV [On_Demand | Stopped])

SRV - [2009/07/13 22:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC [unknown | Stopped])

SRV - [2009/06/10 18:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2009/09/01 04:25:14 | 00,692,496 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])

SRV - [2009/07/13 22:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc [On_Demand | Stopped])

SRV - [2009/07/13 22:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp [Auto | Running])

SRV - [2009/07/13 22:14:19 | 00,557,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])

SRV - [2009/07/13 22:14:19 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

SRV - [2009/07/13 22:16:18 | 01,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (eventlog [Auto | Running])

SRV - [2009/07/13 22:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache [On_Demand | Stopped])

SRV - [2009/06/10 18:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2009/07/13 22:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider [On_Demand | Stopped])

SRV - [2009/06/10 18:14:02 | 00,878,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

SRV - [2009/06/10 18:14:05 | 00,128,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])

SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\peerdistsvc.dll -- (PeerDistSvc [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc [On_Demand | Stopped])

SRV - [2009/07/13 22:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power [Auto | Running])

SRV - [2009/07/13 22:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper [unknown | Running])

SRV - [2009/07/13 22:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc [On_Demand | Stopped])

SRV - [2009/07/13 22:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc [Auto | Running])

SRV - [2009/07/13 22:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify [On_Demand | Stopped])

SRV - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service [Auto | Running])

SRV - [2009/07/13 22:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes [Auto | Running])

SRV - [2009/07/13 22:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc [On_Demand | Stopped])

SRV - [2009/07/13 22:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])

SRV - [2009/07/13 22:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Stopped])

SRV - [2009/07/13 22:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/07/13 20:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci [On_Demand | Stopped])

DRV - [2009/07/13 20:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx [On_Demand | Stopped])

DRV - [2009/07/13 22:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320 [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide [On_Demand | Stopped])

DRV - [2009/07/13 20:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata [boot | Running])

DRV - [2009/07/13 20:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\appid.sys -- (AppID [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arc.sys -- (arc [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas [On_Demand | Stopped])

DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running])

DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])

DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])

DRV - [2009/07/13 19:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv [On_Demand | Stopped])

DRV - [2009/07/13 19:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])

DRV - [2009/07/13 19:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])

DRV - [2009/07/13 19:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])

DRV - [2009/07/13 21:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid [On_Demand | Stopped])

DRV - [2009/07/13 19:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm [On_Demand | Stopped])

DRV - [2009/07/13 19:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm [On_Demand | Stopped])

DRV - [2009/07/13 19:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

DRV - [2009/09/01 04:25:15 | 00,130,080 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdguard.sys -- (cmdGuard [system | Running])

DRV - [2009/09/01 04:25:15 | 00,028,704 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [system | Running])

DRV - [2009/07/13 22:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide [On_Demand | Stopped])

DRV - [2009/07/13 22:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\cng.sys -- (CNG [boot | Running])

DRV - [2009/07/13 20:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\CompositeBus.sys -- (CompositeBus [On_Demand | Running])

DRV - [2009/07/13 20:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\discache.sys -- (discache [system | Running])

DRV - [2009/07/13 19:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,453,712 | ---- | M] (Emulex) -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FsDepends.sys -- (FsDepends [On_Demand | Stopped])

DRV - [2009/07/13 19:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir [On_Demand | Stopped])

DRV - [2009/07/13 20:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy [boot | Running])

DRV - [2009/07/13 22:20:36 | 00,332,352 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp [On_Demand | Stopped])

DRV - [2009/09/01 04:25:15 | 00,068,640 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\inspect.sys -- (inspect [system | Running])

DRV - [2009/07/13 22:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg [boot | Running])

DRV - [2009/03/23 10:25:30 | 00,026,624 | ---- | M] (Kerio Technologies Inc.) -- C:\Windows\System32\DRIVERS\kvnet.sys -- (kvnet [On_Demand | Stopped])

DRV - [2009/09/01 04:23:57 | 00,080,466 | ---- | M] () -- C:\Windows\System32\drivers\kwflower.log -- (kwflower [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC [On_Demand | Stopped])

DRV - [2009/07/13 22:20:37 | 00,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2 [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR [On_Demand | Stopped])

DRV - [2009/07/13 20:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf [On_Demand | Stopped])

DRV - [2009/07/13 20:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig [On_Demand | Stopped])

DRV - [2009/07/13 20:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\ndiscap.sys -- (NdisCap [On_Demand | Stopped])

DRV - [2009/07/13 22:20:44 | 00,044,624 | ---- | M] (IBM Corporation) -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960 [On_Demand | Stopped])

DRV - [2009/09/02 06:34:41 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- E:\Lineage II TNT\System\npkcrypt.sys -- (npkcrypt [On_Demand | Stopped])

DRV - [2009/08/17 00:57:00 | 09,545,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])

DRV - [2009/07/13 22:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid [On_Demand | Stopped])

DRV - [2009/07/13 22:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor [On_Demand | Stopped])

DRV - [2009/07/13 22:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcw.sys -- (pcw [boot | Running])

DRV - [2009/07/13 22:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300 [On_Demand | Stopped])

DRV - [2009/07/13 22:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx [On_Demand | Stopped])

DRV - [2009/07/13 20:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\AgileVpn.sys -- (RasAgileVpn [On_Demand | Running])

DRV - [2009/07/13 21:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\rdpbus.sys -- (rdpbus [On_Demand | Running])

DRV - [2009/07/13 21:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdprefmp.sys -- (RDPREFMP [system | Running])

DRV - [2009/07/13 22:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost [boot | Running])

DRV - [2009/07/13 19:02:52 | 00,139,776 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\DRIVERS\Rt86win7.sys -- (RTL8167 [On_Demand | Running])

DRV - [2009/07/13 20:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap [On_Demand | Stopped])

DRV - [2009/07/13 20:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\scfilter.sys -- (scfilter [unknown | Stopped])

DRV - [2009/07/13 17:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

DRV - [2009/07/13 22:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2 [On_Demand | Stopped])

DRV - [2009/07/13 22:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4 [On_Demand | Stopped])

DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])

DRV - [2009/07/13 22:19:04 | 00,021,072 | ---- | M] (Promise Technology) -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt [boot | Running])

DRV - [2009/07/13 22:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc [On_Demand | Stopped])

DRV - [2009/07/13 20:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot [boot | Running])

DRV - [2009/07/13 22:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus [On_Demand | Stopped])

DRV - [2009/07/13 20:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID [On_Demand | Stopped])

DRV - [2009/07/13 22:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid [On_Demand | Stopped])

DRV - [2009/07/13 20:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus [On_Demand | Stopped])

DRV - [2009/07/13 20:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\wfplwf.sys -- (WfpLwf [system | Running])

DRV - [2009/07/13 22:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 07 B4 A5 B1 28 CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/27 21:46:02 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/05 02:38:11 | 00,000,000 | ---D | M]

[2009/08/27 21:46:10 | 00,000,000 | ---D | M] -- C:\Users\kamael\AppData\Roaming\mozilla\Extensions

[2009/08/27 21:46:10 | 00,000,000 | ---D | M] -- C:\Users\kamael\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/08/27 17:46:09 | 00,000,000 | ---D | M] -- C:\Users\kamael\AppData\Roaming\mozilla\Firefox\Profiles\0a2lowkh.default\extensions

[2009/09/05 02:38:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/08/27 21:46:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/09/05 02:38:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2009/07/30 20:45:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/07/30 20:45:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/09/05 02:37:49 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/07/30 20:45:43 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/07/30 19:51:30 | 00,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml

[2009/07/30 20:45:41 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/07/30 19:51:30 | 00,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml

[2009/07/30 19:51:30 | 00,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml

[2009/07/30 19:51:30 | 00,000,648 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

Hosts file not found

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE File not found

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll File not found

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL File not found

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.43.121.134 189.43.121.136

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll File not found

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll File not found

O18 - Protocol\Filter: - text/xml - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 18:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files]

[2009/09/06 08:46:28 | 02,439,174 | -H-- | C] () -- C:\Users\kamael\AppData\Local\IconCache.db

[2009/09/06 07:44:19 | 00,000,000 | ---D | C] -- C:\!KillBox

[2009/09/06 05:10:33 | 00,119,312 | ---- | C] () -- C:\Users\kamael\Documents\LinuxSecurity-colorida.pdf

[2009/09/05 16:51:29 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW

[2009/09/05 16:19:09 | 00,000,372 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job

[2009/09/05 16:19:02 | 00,001,183 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

[2009/09/05 16:18:56 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\IObit

[2009/09/05 16:18:55 | 00,000,000 | ---D | C] -- C:\Program Files\IObit

[2009/09/05 08:34:17 | 00,000,000 | ---D | C] -- C:\Users\kamael\Desktop\gmer

[2009/09/05 08:02:23 | 00,280,282 | ---- | C] () -- C:\Users\kamael\Desktop\gmer.zip

[2009/09/05 02:38:11 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2009/09/05 02:38:11 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/09/05 02:38:11 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/09/05 02:38:11 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/09/05 02:37:43 | 00,000,000 | ---D | C] -- C:\Program Files\Java

[2009/09/04 18:37:42 | 00,001,462 | ---- | C] () -- C:\Users\kamael\Desktop\SF4Launcher - Atalho.lnk

[2009/09/04 01:36:51 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf

[2009/09/04 01:33:08 | 00,000,000 | ---D | C] -- C:\Users\kamael\Documents\backup reg ccleaner

[2009/09/04 01:25:59 | 00,001,835 | ---- | C] () -- C:\Users\kamael\Desktop\CCleaner.lnk

[2009/09/04 01:25:58 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/09/02 14:16:14 | 06,216,098 | ---- | C] () -- C:\Users\kamael\Desktop\Beija flor 2002.mp3

[2009/09/02 13:42:48 | 07,387,951 | ---- | C] () -- C:\Users\kamael\Desktop\Beija flor 2006.mp3

[2009/09/01 20:25:55 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Adobe

[2009/09/01 20:24:55 | 00,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2009/09/01 20:24:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2009/09/01 20:24:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2009/09/01 20:24:40 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe

[2009/09/01 18:56:44 | 00,001,266 | ---- | C] () -- C:\Users\Public\Desktop\MV RegClean 5.9.lnk

[2009/09/01 18:56:42 | 00,000,000 | ---D | C] -- C:\Program Files\Marcos Velasco Security

[2009/09/01 12:59:12 | 00,000,000 | ---D | C] -- C:\Program Files\No-IP

[2009/09/01 12:06:53 | 00,000,000 | ---D | C] -- C:\ProgramData\PhishGuard

[2009/09/01 12:06:52 | 00,000,000 | ---D | C] -- C:\Program Files\PhishGuard

[2009/09/01 05:05:04 | 00,001,117 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2009/09/01 04:25:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2009/09/01 04:25:18 | 00,168,208 | ---- | C] () -- C:\Windows\System32\guard32.dll

[2009/09/01 04:25:18 | 00,130,080 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys

[2009/09/01 04:25:18 | 00,068,640 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2009/09/01 04:25:18 | 00,028,704 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2009/09/01 04:25:16 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO

[2009/08/31 21:27:15 | 00,000,000 | ---D | C] -- C:\Users\kamael\Documents\tuto

[2009/08/31 21:01:43 | 00,000,000 | ---D | C] -- C:\Windows\Minidump

[2009/08/30 00:46:23 | 05,111,641 | ---- | C] () -- C:\Users\kamael\Desktop\Michael Bolton - A Love So Beautiful.mp3

[2009/08/30 00:12:57 | 04,327,967 | ---- | C] () -- C:\Users\kamael\Desktop\Crying - Don McLean.mp3

[2009/08/29 22:08:56 | 00,002,070 | ---- | C] () -- C:\Users\kamael\Desktop\Windows Live Messenger .lnk

[2009/08/29 18:12:10 | 00,000,000 | ---D | C] -- C:\Users\kamael\Documents\CAPCOM

[2009/08/29 18:09:31 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\CAPCOM

[2009/08/29 18:07:32 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll

[2009/08/29 18:07:32 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll

[2009/08/29 18:07:32 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll

[2009/08/29 18:07:31 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll

[2009/08/29 18:06:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\xlive

[2009/08/29 18:06:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE

[2009/08/29 17:19:58 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll

[2009/08/29 14:18:54 | 00,000,000 | ---D | C] -- C:\Users\kamael\Desktop\STF IV

[2009/08/29 11:03:28 | 00,000,000 | ---D | C] -- C:\Program Files\Positivo

[2009/08/29 11:01:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield

[2009/08/29 02:28:30 | 00,000,000 | ---D | C] -- C:\Users\kamael\Desktop\Nova pasta

[2009/08/28 23:55:44 | 00,001,220 | ---- | C] () -- C:\Users\kamael\Desktop\Spybot - Search & Destroy.lnk

[2009/08/28 23:55:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2009/08/28 23:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009/08/28 23:17:18 | 00,000,000 | -H-- | C] () -- C:\Users\kamael\Documents\Default.rdp

[2009/08/28 22:43:31 | 03,956,736 | ---- | C] () -- C:\Windows\System32\game.exe

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\weapons

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\wav

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\StartImage

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\sky

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\rain

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\image

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\Field

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\Effect

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\cSelect

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\char

[2009/08/28 22:41:32 | 01,601,456 | ---- | C] () -- C:\Windows\System32\_update.inf

[2009/08/28 22:41:26 | 00,000,016 | ---- | C] () -- C:\Windows\System32\ptReg.rgx

[2009/08/28 18:23:48 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2009/08/28 17:48:08 | 00,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll

[2009/08/28 17:45:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2009/08/28 17:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2009/08/28 17:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2009/08/28 17:42:59 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2009/08/28 17:40:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

[2009/08/28 17:39:10 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Microsoft Help

[2009/08/28 17:38:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2009/08/28 17:38:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2009/08/28 17:36:38 | 00,000,000 | RH-D | C] -- C:\MSOCache

[2009/08/28 17:29:26 | 00,000,000 | ---D | C] -- C:\Users\kamael\Desktop\office

[2009/08/28 14:59:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2009/08/28 14:59:29 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2009/08/28 14:59:11 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2009/08/28 14:58:42 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2009/08/28 14:58:12 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2009/08/28 14:34:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/08/28 14:04:33 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Malwarebytes

[2009/08/28 14:04:30 | 00,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/28 14:04:28 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/08/28 14:04:26 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/08/28 14:04:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/08/28 14:04:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/08/28 13:31:44 | 03,596,016 | ---- | C] () -- C:\Users\kamael\Desktop\AHA THERES NEVER A FOREVER THING.mp3

[2009/08/28 04:17:58 | 05,587,069 | ---- | C] () -- C:\Users\kamael\Desktop\Cancún_ México_ Acuario de Xcaret_ Música _Paula Toller _ fly me to the moon.mp3

[2009/08/28 04:05:59 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\vdownloader

[2009/08/28 04:04:30 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Desktopicon

[2009/08/28 04:04:29 | 00,000,947 | ---- | C] () -- C:\Users\Public\Desktop\VDownloader.lnk

[2009/08/28 04:04:28 | 00,000,000 | ---D | C] -- C:\Program Files\VDOWNLOADER

[2009/08/28 00:46:01 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Diagnostics

[2009/08/27 23:56:42 | 00,654,272 | ---- | C] () -- C:\Windows\System32\prfh0416.dat

[2009/08/27 23:56:42 | 00,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat

[2009/08/27 23:56:42 | 00,124,724 | ---- | C] () -- C:\Windows\System32\prfc0416.dat

[2009/08/27 23:56:42 | 00,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat

[2009/08/27 23:55:49 | 00,000,000 | ---D | C] -- C:\Windows\pt-BR

[2009/08/27 23:55:35 | 00,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer

[2009/08/27 23:55:35 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR

[2009/08/27 23:51:54 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\volsnap.sys.mui

[2009/08/27 23:51:54 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\usbport.sys.mui

[2009/08/27 23:51:54 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\usbhub.sys.mui

[2009/08/27 23:51:54 | 00,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\pt-BR\pscr.sys.mui

[2009/08/27 23:51:54 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vhdmp.sys.mui

[2009/08/27 23:51:54 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\tpm.sys.mui

[2009/08/27 23:51:54 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\portcls.sys.mui

[2009/08/27 23:51:54 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\umbus.sys.mui

[2009/08/27 23:51:54 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\serscan.sys.mui

[2009/08/27 23:51:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\wd.sys.mui

[2009/08/27 23:51:53 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mpio.sys.mui

[2009/08/27 23:51:53 | 00,033,792 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\pt-BR\yk62x86.sys.mui

[2009/08/27 23:51:53 | 00,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1y6032.sys.mui

[2009/08/27 23:51:53 | 00,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1e6032.sys.mui

[2009/08/27 23:51:53 | 00,018,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\E1G60I32.sys.mui

[2009/08/27 23:51:53 | 00,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\pt-BR\k57nd60x.sys.mui

[2009/08/27 23:51:53 | 00,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\pt-BR\b57nd60x.sys.mui

[2009/08/27 23:51:53 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\serial.sys.mui

[2009/08/27 23:51:53 | 00,011,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1q6032.sys.mui

[2009/08/27 23:51:53 | 00,011,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1k6032.sys.mui

[2009/08/27 23:51:53 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\msdsm.sys.mui

[2009/08/27 23:51:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\sermouse.sys.mui

[2009/08/27 23:51:53 | 00,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e100b325.sys.mui

[2009/08/27 23:51:53 | 00,005,120 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\pt-BR\bcm4sbxp.sys.mui

[2009/08/27 23:51:53 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mouclass.sys.mui

[2009/08/27 23:51:53 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pcmcia.sys.mui

[2009/08/27 23:51:53 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\parport.sys.mui

[2009/08/27 23:51:53 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ataport.sys.mui

[2009/08/27 23:51:53 | 00,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\pt-BR\getn62.sys.mui

[2009/08/27 23:51:53 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\rndismpx.sys.mui

[2009/08/27 23:51:53 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\rndismp6.sys.mui

[2009/08/27 23:51:53 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\parvdm.sys.mui

[2009/08/27 23:51:53 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mouhid.sys.mui

[2009/08/27 23:51:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vwifibus.sys.mui

[2009/08/27 23:51:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\MTConfig.sys.mui

[2009/08/27 23:51:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\amdide.sys.mui

[2009/08/27 23:51:52 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bfe.dll.mui

[2009/08/27 23:51:52 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\afd.sys.mui

[2009/08/27 23:51:52 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\wdf01000.sys.mui

[2009/08/27 23:51:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ws2ifsl.sys.mui

[2009/08/27 23:51:51 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\tcpip.sys.mui

[2009/08/27 23:51:51 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\tunnel.sys.mui

[2009/08/27 23:51:51 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\modem.sys.mui

[2009/08/27 23:51:51 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\usbrpm.sys.mui

[2009/08/27 23:51:50 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\fvevol.sys.mui

[2009/08/27 23:51:50 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\scfilter.sys.mui

[2009/08/27 23:51:48 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pacer.sys.mui

[2009/08/27 23:51:48 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\rdbss.sys.mui

[2009/08/27 23:51:48 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\qwavedrv.sys.mui

[2009/08/27 23:51:47 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\partmgr.sys.mui

[2009/08/27 23:51:44 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ntfs.sys.mui

[2009/08/27 23:51:44 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ndis.sys.mui

[2009/08/27 23:51:44 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\nwifi.sys.mui

[2009/08/27 23:51:44 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ndisuio.sys.mui

[2009/08/27 23:51:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ndiscap.sys.mui

[2009/08/27 23:51:42 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\luafv.sys.mui

[2009/08/27 23:51:42 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mountmgr.sys.mui

[2009/08/27 23:51:41 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\http.sys.mui

[2009/08/27 23:51:39 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\fltmgr.sys.mui

[2009/08/27 23:51:38 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\volmgrx.sys.mui

[2009/08/27 23:51:35 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\i8042prt.sys.mui

[2009/08/27 23:51:35 | 00,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\pt-BR\BrSerIb.sys.mui

[2009/08/27 23:51:35 | 00,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\pt-BR\ltmdmnt.sys.mui

[2009/08/27 23:51:35 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pci.sys.mui

[2009/08/27 23:51:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\IPMIDrv.sys.mui

[2009/08/27 23:51:35 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\kbdclass.sys.mui

[2009/08/27 23:51:35 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vdrvroot.sys.mui

[2009/08/27 23:51:35 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\isapnp.sys.mui

[2009/08/27 23:51:35 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mssmbios.sys.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\VIAAGP.SYS.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ULIAGPKX.SYS.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\SISAGP.SYS.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pnpmem.sys.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\NV_AGP.SYS.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\kbdhid.sys.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\AMDAGP.SYS.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\AGP440.sys.mui

[2009/08/27 23:51:34 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\wacompen.sys.mui

[2009/08/27 23:51:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\viac7.sys.mui

[2009/08/27 23:51:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\processr.sys.mui

[2009/08/27 23:51:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\intelppm.sys.mui

[2009/08/27 23:51:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\amdppm.sys.mui

[2009/08/27 23:51:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\amdk8.sys.mui

[2009/08/27 23:51:31 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ohci1394.sys.mui

[2009/08/27 23:51:31 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\1394ohci.sys.mui

[2009/08/27 23:51:31 | 00,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\pt-BR\BrSerId.sys.mui

[2009/08/27 23:51:31 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\acpi.sys.mui

[2009/08/27 23:51:31 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\battc.sys.mui

[2009/08/27 23:51:31 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthport.sys.mui

[2009/08/27 23:51:31 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthpan.sys.mui

[2009/08/27 23:51:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\hdaudbus.sys.mui

[2009/08/27 23:51:31 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\HdAudio.sys.mui

[2009/08/27 23:51:31 | 00,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\pt-BR\atikmdag.sys.mui

[2009/08/27 23:51:31 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\hidbth.sys.mui

[2009/08/27 23:51:31 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\Dot4usb.sys.mui

[2009/08/27 23:51:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\UAGP35.SYS.mui

[2009/08/27 23:51:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\GAGP30KX.SYS.mui

[2009/08/27 23:51:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\BTHUSB.SYS.mui

[2009/08/27 23:51:31 | 00,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\pt-BR\BrParwdm.sys.mui

[2009/08/27 23:51:31 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\disk.sys.mui

[2009/08/27 23:51:31 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\cdrom.sys.mui

[2009/08/27 23:51:31 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthenum.sys.mui

[2009/08/27 22:46:27 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2009/08/27 22:46:12 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2009/08/27 22:45:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA

[2009/08/27 22:45:38 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies

[2009/08/27 22:45:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/08/27 22:44:43 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE

[2009/08/27 22:44:35 | 00,000,000 | ---D | C] -- C:\NVIDIA

[2009/08/27 22:18:37 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\ElevatedDiagnostics

[2009/08/27 21:44:44 | 00,000,000 | ---D | C] -- C:\Windows\Panther

[2009/08/27 21:42:06 | 00,111,360 | ---- | C] () -- C:\Users\kamael\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/08/27 20:15:13 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2009/08/27 20:15:12 | 00,383,562 | RHS- | C] () -- C:\bootmgr

[2009/08/27 20:15:11 | 00,000,000 | -HSD | C] -- C:\Boot

[2009/08/27 19:13:13 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Macromedia

[2009/08/27 19:13:12 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Adobe

[2009/08/27 19:10:21 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2009/08/27 18:34:37 | 00,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2009/08/27 18:34:31 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2009/08/27 18:34:31 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2009/08/27 18:34:31 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2009/08/27 18:34:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira

[2009/08/27 18:34:29 | 00,000,000 | ---D | C] -- C:\Program Files\Avira

[2009/08/27 17:46:09 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/08/27 17:46:07 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Mozilla

[2009/08/27 17:46:07 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Mozilla

[2009/08/27 17:46:05 | 00,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2009/08/27 17:46:02 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2009/08/27 17:40:05 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Kerio

[2009/08/27 17:38:38 | 00,000,000 | ---D | C] -- C:\Program Files\Kerio

[2009/08/27 17:36:11 | 00,000,000 | -HSD | C] -- C:\Windows\Installer

[2009/08/27 17:35:09 | 00,000,562 | ---- | C] () -- C:\Users\kamael\Desktop\PsTale - Shortcut.lnk

[2009/08/27 17:32:00 | 00,000,000 | ---D | C] -- C:\Users\kamael\Desktop\programas

[2009/08/27 17:20:28 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Identities

[2009/08/27 17:20:17 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\VirtualStore

[2009/08/27 17:20:14 | 00,000,000 | --SD | C] -- C:\Users\kamael\AppData\Roaming\Microsoft

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\Documents\My Videos

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\Documents\My Pictures

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\Documents\My Music

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\AppData\Local\Temporary Internet Files

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\AppData\Local\History

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\AppData\Local\Application Data

[2009/08/27 17:20:14 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Media Center Programs

[2009/08/27 17:20:14 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Temp

[2009/08/27 17:20:14 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Microsoft

[2009/08/27 17:20:03 | 00,000,000 | -HSD | C] -- C:\Recovery

[2009/08/27 16:48:47 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2009/08/27 16:46:25 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch

[2009/08/27 15:16:09 | 80,411,8528 | -HS- | C] () -- C:\hiberfil.sys

[2009/08/27 15:16:09 | 00,000,000 | -HSD | C] -- C:\System Volume Information

[2009/08/17 02:42:20 | 02,173,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe

[2009/08/17 02:42:20 | 00,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl

[2009/08/17 02:42:18 | 01,346,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvs.dll

[2009/08/17 02:41:54 | 03,176,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwss.dll

[2009/08/17 02:41:52 | 04,033,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvs.dll

[2009/08/17 02:41:52 | 01,292,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmobls.dll

[2009/08/17 02:41:52 | 00,195,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccss.dll

[2009/08/17 02:41:50 | 03,553,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgames.dll

[2009/08/17 02:41:48 | 13,904,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll

[2009/08/17 02:41:48 | 04,930,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdisps.dll

[2009/08/17 02:41:48 | 00,764,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll

[2009/08/17 02:41:48 | 00,249,312 | ---- | C] () -- C:\Windows\System32\NvApps.xml

[2009/08/17 02:41:48 | 00,215,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

[2009/08/17 02:41:48 | 00,143,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll

[2009/08/17 02:41:48 | 00,092,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll

[2009/08/17 02:41:48 | 00,066,834 | ---- | C] () -- C:\Windows\System32\NvwsApps.xml

[2009/08/17 00:57:00 | 10,858,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2009/08/17 00:57:00 | 09,545,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2009/08/17 00:57:00 | 07,569,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll

[2009/08/17 00:57:00 | 02,169,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2009/08/17 00:57:00 | 01,985,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2009/08/17 00:57:00 | 01,919,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll

[2009/08/17 00:57:00 | 01,706,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2009/08/17 00:57:00 | 01,044,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll

[2009/08/17 00:57:00 | 00,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe

[2009/08/17 00:57:00 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe

[2009/08/17 00:57:00 | 00,252,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll

[2009/08/17 00:57:00 | 00,155,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod162.dll

[2009/08/17 00:57:00 | 00,155,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll

[2009/08/17 00:57:00 | 00,010,744 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu

[2009/08/17 00:57:00 | 00,004,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd

[2009/08/14 13:36:18 | 00,070,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\PhysXLoader.dll

[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2009/07/13 23:04:23 | 00,000,478 | ---- | C] () -- C:\Windows\win.ini

[2009/07/13 23:04:23 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2009/07/13 20:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 20:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files]

[2009/09/06 20:18:27 | 00,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job

[2009/09/06 20:14:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/09/06 20:14:20 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/09/06 20:14:16 | 80,411,8528 | -HS- | M] () -- C:\hiberfil.sys

[2009/09/06 20:12:36 | 00,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2009/09/06 20:12:36 | 00,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2009/09/06 08:48:08 | 00,000,057 | ---- | M] () -- C:\Windows\System32\mapisvc.inf

[2009/09/06 08:46:28 | 02,439,174 | -H-- | M] () -- C:\Users\kamael\AppData\Local\IconCache.db

[2009/09/06 05:10:33 | 00,119,312 | ---- | M] () -- C:\Users\kamael\Documents\LinuxSecurity-colorida.pdf

[2009/09/05 16:51:37 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf

[2009/09/05 16:19:02 | 00,001,183 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

[2009/09/05 08:02:32 | 00,280,282 | ---- | M] () -- C:\Users\kamael\Desktop\gmer.zip

[2009/09/05 02:37:47 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/09/05 02:37:46 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2009/09/05 02:37:46 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/09/05 02:37:46 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/09/04 18:37:42 | 00,001,462 | ---- | M] () -- C:\Users\kamael\Desktop\SF4Launcher - Atalho.lnk

[2009/09/04 01:25:59 | 00,001,835 | ---- | M] () -- C:\Users\kamael\Desktop\CCleaner.lnk

[2009/09/02 14:16:30 | 06,216,098 | ---- | M] () -- C:\Users\kamael\Desktop\Beija flor 2002.mp3

[2009/09/02 13:43:15 | 07,387,951 | ---- | M] () -- C:\Users\kamael\Desktop\Beija flor 2006.mp3

[2009/09/01 20:24:55 | 00,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2009/09/01 18:56:44 | 00,001,266 | ---- | M] () -- C:\Users\Public\Desktop\MV RegClean 5.9.lnk

[2009/09/01 05:05:04 | 00,001,117 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2009/09/01 04:25:15 | 00,168,208 | ---- | M] () -- C:\Windows\System32\guard32.dll

[2009/09/01 04:25:15 | 00,130,080 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys

[2009/09/01 04:25:15 | 00,068,640 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2009/09/01 04:25:15 | 00,028,704 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2009/08/31 22:51:44 | 00,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2009/08/31 22:44:00 | 01,491,932 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/08/31 22:44:00 | 00,654,272 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2009/08/31 22:44:00 | 00,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/08/31 22:44:00 | 00,124,724 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2009/08/31 22:44:00 | 00,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/08/30 00:46:39 | 05,111,641 | ---- | M] () -- C:\Users\kamael\Desktop\Michael Bolton - A Love So Beautiful.mp3

[2009/08/30 00:13:10 | 04,327,967 | ---- | M] () -- C:\Users\kamael\Desktop\Crying - Don McLean.mp3

[2009/08/29 22:08:56 | 00,002,070 | ---- | M] () -- C:\Users\kamael\Desktop\Windows Live Messenger .lnk

[2009/08/29 21:18:28 | 00,111,360 | ---- | M] () -- C:\Users\kamael\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/08/29 15:00:16 | 00,419,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/08/29 14:51:59 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini

[2009/08/28 23:55:44 | 00,001,220 | ---- | M] () -- C:\Users\kamael\Desktop\Spybot - Search & Destroy.lnk

[2009/08/28 23:17:18 | 00,000,000 | -H-- | M] () -- C:\Users\kamael\Documents\Default.rdp

[2009/08/28 22:43:31 | 03,956,736 | ---- | M] () -- C:\Windows\System32\game.exe

[2009/08/28 22:42:53 | 01,601,456 | ---- | M] () -- C:\Windows\System32\_update.inf

[2009/08/28 22:41:26 | 00,000,016 | ---- | M] () -- C:\Windows\System32\ptReg.rgx

[2009/08/28 14:04:30 | 00,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/28 13:31:56 | 03,596,016 | ---- | M] () -- C:\Users\kamael\Desktop\AHA THERES NEVER A FOREVER THING.mp3

[2009/08/28 04:18:19 | 05,587,069 | ---- | M] () -- C:\Users\kamael\Desktop\Cancún_ México_ Acuario de Xcaret_ Música _Paula Toller _ fly me to the moon.mp3

[2009/08/28 04:04:29 | 00,000,947 | ---- | M] () -- C:\Users\Public\Desktop\VDownloader.lnk

[2009/08/27 23:55:15 | 00,323,154 | ---- | M] () -- C:\Windows\System32\prfi0416.dat

[2009/08/27 23:55:15 | 00,038,536 | ---- | M] () -- C:\Windows\System32\prfd0416.dat

[2009/08/27 21:46:03 | 00,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2009/08/27 21:44:33 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009/08/27 18:34:37 | 00,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2009/08/27 17:46:09 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

[2009/08/27 17:35:09 | 00,000,562 | ---- | M] () -- C:\Users\kamael\Desktop\PsTale - Shortcut.lnk

[2009/08/27 16:49:10 | 00,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf

[2009/08/17 02:42:20 | 02,173,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe

[2009/08/17 02:42:20 | 00,420,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl

[2009/08/17 02:42:18 | 01,346,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvs.dll

[2009/08/17 02:41:54 | 03,176,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwss.dll

[2009/08/17 02:41:52 | 04,033,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvs.dll

[2009/08/17 02:41:52 | 01,292,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmobls.dll

[2009/08/17 02:41:52 | 00,195,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmccss.dll

[2009/08/17 02:41:50 | 03,553,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgames.dll

[2009/08/17 02:41:48 | 13,904,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll

[2009/08/17 02:41:48 | 04,930,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdisps.dll

[2009/08/17 02:41:48 | 00,764,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll

[2009/08/17 02:41:48 | 00,249,312 | ---- | M] () -- C:\Windows\System32\NvApps.xml

[2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

[2009/08/17 02:41:48 | 00,143,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll

[2009/08/17 02:41:48 | 00,092,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll

[2009/08/17 02:41:48 | 00,066,834 | ---- | M] () -- C:\Windows\System32\NvwsApps.xml

[2009/08/17 00:57:00 | 10,858,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2009/08/17 00:57:00 | 09,545,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2009/08/17 00:57:00 | 07,569,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll

[2009/08/17 00:57:00 | 03,298,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll

[2009/08/17 00:57:00 | 02,169,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2009/08/17 00:57:00 | 01,985,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2009/08/17 00:57:00 | 01,919,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll

[2009/08/17 00:57:00 | 01,706,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2009/08/17 00:57:00 | 01,044,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll

[2009/08/17 00:57:00 | 00,795,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe

[2009/08/17 00:57:00 | 00,485,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe

[2009/08/17 00:57:00 | 00,252,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll

[2009/08/17 00:57:00 | 00,155,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod162.dll

[2009/08/17 00:57:00 | 00,155,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll

[2009/08/17 00:57:00 | 00,010,744 | ---- | M] () -- C:\Windows\System32\nvdisp.nvu

[2009/08/17 00:57:00 | 00,004,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd

[2009/08/14 13:36:18 | 00,070,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\PhysXLoader.dll

[2009/08/11 12:35:08 | 00,485,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE

< End of report >

Link para o comentário
Compartilhar em outros sites

OTL Extras logfile created on: 06/09/2009 20:19:47 - Run 2

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\kamael\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1022,49 Mb Total Physical Memory | 606,62 Mb Available Physical Memory | 59,33% Memory free

2,00 Gb Paging File | 1,32 Gb Available in Paging File | 66,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 38,86 Gb Total Space | 18,54 Gb Free Space | 47,71% Space Free | Partition Type: NTFS

Drive D: | 200,00 Mb Total Space | 182,24 Mb Free Space | 91,12% Space Free | Partition Type: NTFS

Drive E: | 35,50 Gb Total Space | 3,75 Gb Free Space | 10,56% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: KAMAEL-PC

Current User Name: kamael

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{498B4BF1-AD73-4AA8-99EB-18D400E42482}" = Novo Dicionário Aurélio

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{AC76BA86-7AD7-1046-7B44-A91000000001}" = Adobe Reader 9.1 - Português

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.1

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced SystemCare 3_is1" = Advanced SystemCare 3

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner (remove only)

"COMODO Internet Security" = COMODO Internet Security

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)

"MV RegClean 5.9_is1" = MV RegClean 5.9

"No-IP.com DUC" = No-IP.com DUC (remove only)

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 31/08/2009 22:17:11 | Computer Name = kamael-PC | Source = RasClient | ID = 20227

Description =

Error - 01/09/2009 04:26:35 | Computer Name = kamael-PC | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\program files\spybot

- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva

c:\program files\spybot - search & destroy\DelZip179.dll", na linha 8. O valor "*"

do atributo language no elemento assemblyIdentity é inválido.

Error - 02/09/2009 06:21:23 | Computer Name = kamael-PC | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\program files\spybot

- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva

c:\program files\spybot - search & destroy\DelZip179.dll", na linha 8. O valor "*"

do atributo language no elemento assemblyIdentity é inválido.

Error - 03/09/2009 07:05:31 | Computer Name = kamael-PC | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\program files\spybot

- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva

c:\program files\spybot - search & destroy\DelZip179.dll", na linha 8. O valor "*"

do atributo language no elemento assemblyIdentity é inválido.

Error - 04/09/2009 02:02:00 | Computer Name = kamael-PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: WinRAR.exe, versão: 3.50.0.0, carimbo

de hora: 0x00000000 Nome do módulo de falhas: WinRAR.exe, versão: 3.50.0.0, carimbo

de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x0008d790

Identificação

do processo com falha: 0x750 Hora de início do aplicativo com falha: 0x01ca2d25356a4e87

Caminho

do aplicativo com falha: C:\Program Files\WinRAR\WinRAR.exe FCaminho do módulo de

falhas: C:\Program Files\WinRAR\WinRAR.exe Identificação do Relatório: 75a7fe87-9918-11de-aafa-001d5f4fe8af

Error - 04/09/2009 02:02:25 | Computer Name = kamael-PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: WinRAR.exe, versão: 3.50.0.0, carimbo

de hora: 0x00000000 Nome do módulo de falhas: WinRAR.exe, versão: 3.50.0.0, carimbo

de hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento com falha: 0x0008d790

Identificação

do processo com falha: 0x750 Hora de início do aplicativo com falha: 0x01ca2d25356a4e87

Caminho

do aplicativo com falha: C:\Program Files\WinRAR\WinRAR.exe FCaminho do módulo de

falhas: C:\Program Files\WinRAR\WinRAR.exe Identificação do Relatório: 848d0d69-9918-11de-aafa-001d5f4fe8af

Error - 05/09/2009 09:04:22 | Computer Name = kamael-PC | Source = Application Hang | ID = 1002

Description = O programa cmd.execf versão 6.1.7600.16385 parou de interagir com

o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,

verifique o histórico de problemas no painel de controle da Central de Ações. ID

de Processo: 524 Hora de Início: 01ca2e2941ace533 Hora de Término: 3 Caminho do Aplicativo:

C:\Windows\system32\cmd.execf Id do Relatório: 98afeac6-9a1c-11de-8276-001d5f4fe8af

Error - 05/09/2009 15:20:08 | Computer Name = kamael-PC | Source = VSS | ID = 8194

Description =

Error - 05/09/2009 17:45:01 | Computer Name = kamael-PC | Source = Microsoft-Windows-CAPI2 | ID = 512

Description = Falha dos Serviços de Criptografia ao inicializar o objeto de backup

VSS "Gravador do Sistema". Details: Could not query the status of the EventSystem

service. System Error: A system shutdown is in progress. .

Error - 06/09/2009 18:28:21 | Computer Name = kamael-PC | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\program files\spybot

- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva

c:\program files\spybot - search & destroy\DelZip179.dll", na linha 8. O valor "*"

do atributo language no elemento assemblyIdentity é inválido.

[ System Events ]

Error - 06/09/2009 17:51:24 | Computer Name = kamael-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error - 06/09/2009 17:51:39 | Computer Name = kamael-PC | Source = WMPNetworkSvc | ID = 866300

Description =

Error - 06/09/2009 19:12:05 | Computer Name = kamael-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error - 06/09/2009 19:12:06 | Computer Name = kamael-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error - 06/09/2009 19:14:13 | Computer Name = kamael-PC | Source = volmgr | ID = 262190

Description = Falha na inicialização do despejo de memória!

Error - 06/09/2009 19:14:23 | Computer Name = kamael-PC | Source = EventLog | ID = 6008

Description = O desligamento anterior do sistema em 20:13:21 às ?06/?09/?2009 não

era esperado.

Error - 06/09/2009 19:14:16 | Computer Name = kamael-PC | Source = volmgr | ID = 262190

Description = Falha na inicialização do despejo de memória!

Error - 06/09/2009 19:14:33 | Computer Name = kamael-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error - 06/09/2009 19:14:58 | Computer Name = kamael-PC | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: cdrom

Error - 06/09/2009 19:17:01 | Computer Name = kamael-PC | Source = WMPNetworkSvc | ID = 866300

Description =

< End of report >

Link para o comentário
Compartilhar em outros sites

Caro Freak

Por favor refaça os logs: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

Abraços :D

OTL logfile created on: 06/09/2009 20:19:47 - Run 2

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\kamael\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1022,49 Mb Total Physical Memory | 606,62 Mb Available Physical Memory | 59,33% Memory free

2,00 Gb Paging File | 1,32 Gb Available in Paging File | 66,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 38,86 Gb Total Space | 18,54 Gb Free Space | 47,71% Space Free | Partition Type: NTFS

Drive D: | 200,00 Mb Total Space | 182,24 Mb Free Space | 91,12% Space Free | Partition Type: NTFS

Drive E: | 35,50 Gb Total Space | 3,75 Gb Free Space | 10,56% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: KAMAEL-PC

Current User Name: kamael

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

PRC - [2009/09/01 04:25:14 | 00,692,496 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2009/07/13 22:14:20 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE

PRC - [2009/07/13 22:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

PRC - [2009/09/05 02:37:48 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009/07/13 22:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe

PRC - [2009/09/06 18:23:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\kamael\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])

SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])

SRV - [2009/07/13 22:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc [On_Demand | Stopped])

SRV - [2009/07/13 22:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSV.dll -- (AxInstSV [On_Demand | Stopped])

SRV - [2009/07/13 22:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC [unknown | Stopped])

SRV - [2009/06/10 18:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2009/09/01 04:25:14 | 00,692,496 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])

SRV - [2009/07/13 22:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc [On_Demand | Stopped])

SRV - [2009/07/13 22:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp [Auto | Running])

SRV - [2009/07/13 22:14:19 | 00,557,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])

SRV - [2009/07/13 22:14:19 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

SRV - [2009/07/13 22:16:18 | 01,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (eventlog [Auto | Running])

SRV - [2009/07/13 22:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache [On_Demand | Stopped])

SRV - [2009/06/10 18:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2009/07/13 22:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider [On_Demand | Stopped])

SRV - [2009/06/10 18:14:02 | 00,878,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

SRV - [2009/06/10 18:14:05 | 00,128,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])

SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\peerdistsvc.dll -- (PeerDistSvc [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc [On_Demand | Stopped])

SRV - [2009/07/13 22:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power [Auto | Running])

SRV - [2009/07/13 22:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper [unknown | Running])

SRV - [2009/07/13 22:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc [On_Demand | Stopped])

SRV - [2009/07/13 22:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc [Auto | Running])

SRV - [2009/07/13 22:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify [On_Demand | Stopped])

SRV - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service [Auto | Running])

SRV - [2009/07/13 22:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes [Auto | Running])

SRV - [2009/07/13 22:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc [On_Demand | Stopped])

SRV - [2009/07/13 22:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])

SRV - [2009/07/13 22:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Stopped])

SRV - [2009/07/13 22:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/07/13 20:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci [On_Demand | Stopped])

DRV - [2009/07/13 20:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx [On_Demand | Stopped])

DRV - [2009/07/13 22:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320 [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide [On_Demand | Stopped])

DRV - [2009/07/13 20:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata [boot | Running])

DRV - [2009/07/13 20:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\appid.sys -- (AppID [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arc.sys -- (arc [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas [On_Demand | Stopped])

DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running])

DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])

DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])

DRV - [2009/07/13 19:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv [On_Demand | Stopped])

DRV - [2009/07/13 19:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])

DRV - [2009/07/13 19:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])

DRV - [2009/07/13 19:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])

DRV - [2009/07/13 21:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid [On_Demand | Stopped])

DRV - [2009/07/13 19:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm [On_Demand | Stopped])

DRV - [2009/07/13 19:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm [On_Demand | Stopped])

DRV - [2009/07/13 19:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

DRV - [2009/09/01 04:25:15 | 00,130,080 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdguard.sys -- (cmdGuard [system | Running])

DRV - [2009/09/01 04:25:15 | 00,028,704 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [system | Running])

DRV - [2009/07/13 22:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide [On_Demand | Stopped])

DRV - [2009/07/13 22:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\cng.sys -- (CNG [boot | Running])

DRV - [2009/07/13 20:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\CompositeBus.sys -- (CompositeBus [On_Demand | Running])

DRV - [2009/07/13 20:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\discache.sys -- (discache [system | Running])

DRV - [2009/07/13 19:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,453,712 | ---- | M] (Emulex) -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FsDepends.sys -- (FsDepends [On_Demand | Stopped])

DRV - [2009/07/13 19:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir [On_Demand | Stopped])

DRV - [2009/07/13 20:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy [boot | Running])

DRV - [2009/07/13 22:20:36 | 00,332,352 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp [On_Demand | Stopped])

DRV - [2009/09/01 04:25:15 | 00,068,640 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\inspect.sys -- (inspect [system | Running])

DRV - [2009/07/13 22:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg [boot | Running])

DRV - [2009/03/23 10:25:30 | 00,026,624 | ---- | M] (Kerio Technologies Inc.) -- C:\Windows\System32\DRIVERS\kvnet.sys -- (kvnet [On_Demand | Stopped])

DRV - [2009/09/01 04:23:57 | 00,080,466 | ---- | M] () -- C:\Windows\System32\drivers\kwflower.log -- (kwflower [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC [On_Demand | Stopped])

DRV - [2009/07/13 22:20:37 | 00,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2 [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR [On_Demand | Stopped])

DRV - [2009/07/13 20:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf [On_Demand | Stopped])

DRV - [2009/07/13 20:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig [On_Demand | Stopped])

DRV - [2009/07/13 20:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\ndiscap.sys -- (NdisCap [On_Demand | Stopped])

DRV - [2009/07/13 22:20:44 | 00,044,624 | ---- | M] (IBM Corporation) -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960 [On_Demand | Stopped])

DRV - [2009/09/02 06:34:41 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- E:\Lineage II TNT\System\npkcrypt.sys -- (npkcrypt [On_Demand | Stopped])

DRV - [2009/08/17 00:57:00 | 09,545,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])

DRV - [2009/07/13 22:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid [On_Demand | Stopped])

DRV - [2009/07/13 22:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor [On_Demand | Stopped])

DRV - [2009/07/13 22:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcw.sys -- (pcw [boot | Running])

DRV - [2009/07/13 22:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300 [On_Demand | Stopped])

DRV - [2009/07/13 22:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx [On_Demand | Stopped])

DRV - [2009/07/13 20:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\AgileVpn.sys -- (RasAgileVpn [On_Demand | Running])

DRV - [2009/07/13 21:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\rdpbus.sys -- (rdpbus [On_Demand | Running])

DRV - [2009/07/13 21:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdprefmp.sys -- (RDPREFMP [system | Running])

DRV - [2009/07/13 22:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost [boot | Running])

DRV - [2009/07/13 19:02:52 | 00,139,776 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\DRIVERS\Rt86win7.sys -- (RTL8167 [On_Demand | Running])

DRV - [2009/07/13 20:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap [On_Demand | Stopped])

DRV - [2009/07/13 20:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\scfilter.sys -- (scfilter [unknown | Stopped])

DRV - [2009/07/13 17:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

DRV - [2009/07/13 22:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2 [On_Demand | Stopped])

DRV - [2009/07/13 22:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4 [On_Demand | Stopped])

DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])

DRV - [2009/07/13 22:19:04 | 00,021,072 | ---- | M] (Promise Technology) -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt [boot | Running])

DRV - [2009/07/13 22:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc [On_Demand | Stopped])

DRV - [2009/07/13 20:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot [boot | Running])

DRV - [2009/07/13 22:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus [On_Demand | Stopped])

DRV - [2009/07/13 20:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID [On_Demand | Stopped])

DRV - [2009/07/13 22:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid [On_Demand | Stopped])

DRV - [2009/07/13 20:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus [On_Demand | Stopped])

DRV - [2009/07/13 20:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\wfplwf.sys -- (WfpLwf [system | Running])

DRV - [2009/07/13 22:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 07 B4 A5 B1 28 CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/27 21:46:02 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/05 02:38:11 | 00,000,000 | ---D | M]

[2009/08/27 21:46:10 | 00,000,000 | ---D | M] -- C:\Users\kamael\AppData\Roaming\mozilla\Extensions

[2009/08/27 21:46:10 | 00,000,000 | ---D | M] -- C:\Users\kamael\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/08/27 17:46:09 | 00,000,000 | ---D | M] -- C:\Users\kamael\AppData\Roaming\mozilla\Firefox\Profiles\0a2lowkh.default\extensions

[2009/09/05 02:38:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/08/27 21:46:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/09/05 02:38:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2009/07/30 20:45:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/07/30 20:45:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/09/05 02:37:49 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/07/30 20:45:43 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/07/30 19:51:30 | 00,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml

[2009/07/30 20:45:41 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/07/30 19:51:30 | 00,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml

[2009/07/30 19:51:30 | 00,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml

[2009/07/30 19:51:30 | 00,000,648 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

Hosts file not found

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE File not found

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll File not found

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL File not found

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.43.121.134 189.43.121.136

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll File not found

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll File not found

O18 - Protocol\Filter: - text/xml - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 18:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files]

[2009/09/06 08:46:28 | 02,439,174 | -H-- | C] () -- C:\Users\kamael\AppData\Local\IconCache.db

[2009/09/06 07:44:19 | 00,000,000 | ---D | C] -- C:\!KillBox

[2009/09/06 05:10:33 | 00,119,312 | ---- | C] () -- C:\Users\kamael\Documents\LinuxSecurity-colorida.pdf

[2009/09/05 16:51:29 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW

[2009/09/05 16:19:09 | 00,000,372 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job

[2009/09/05 16:19:02 | 00,001,183 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

[2009/09/05 16:18:56 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\IObit

[2009/09/05 16:18:55 | 00,000,000 | ---D | C] -- C:\Program Files\IObit

[2009/09/05 08:34:17 | 00,000,000 | ---D | C] -- C:\Users\kamael\Desktop\gmer

[2009/09/05 08:02:23 | 00,280,282 | ---- | C] () -- C:\Users\kamael\Desktop\gmer.zip

[2009/09/05 02:38:11 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2009/09/05 02:38:11 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/09/05 02:38:11 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/09/05 02:38:11 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/09/05 02:37:43 | 00,000,000 | ---D | C] -- C:\Program Files\Java

[2009/09/04 18:37:42 | 00,001,462 | ---- | C] () -- C:\Users\kamael\Desktop\SF4Launcher - Atalho.lnk

[2009/09/04 01:36:51 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf

[2009/09/04 01:33:08 | 00,000,000 | ---D | C] -- C:\Users\kamael\Documents\backup reg ccleaner

[2009/09/04 01:25:59 | 00,001,835 | ---- | C] () -- C:\Users\kamael\Desktop\CCleaner.lnk

[2009/09/04 01:25:58 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/09/02 14:16:14 | 06,216,098 | ---- | C] () -- C:\Users\kamael\Desktop\Beija flor 2002.mp3

[2009/09/02 13:42:48 | 07,387,951 | ---- | C] () -- C:\Users\kamael\Desktop\Beija flor 2006.mp3

[2009/09/01 20:25:55 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Adobe

[2009/09/01 20:24:55 | 00,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2009/09/01 20:24:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2009/09/01 20:24:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2009/09/01 20:24:40 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe

[2009/09/01 18:56:44 | 00,001,266 | ---- | C] () -- C:\Users\Public\Desktop\MV RegClean 5.9.lnk

[2009/09/01 18:56:42 | 00,000,000 | ---D | C] -- C:\Program Files\Marcos Velasco Security

[2009/09/01 12:59:12 | 00,000,000 | ---D | C] -- C:\Program Files\No-IP

[2009/09/01 12:06:53 | 00,000,000 | ---D | C] -- C:\ProgramData\PhishGuard

[2009/09/01 12:06:52 | 00,000,000 | ---D | C] -- C:\Program Files\PhishGuard

[2009/09/01 05:05:04 | 00,001,117 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2009/09/01 04:25:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2009/09/01 04:25:18 | 00,168,208 | ---- | C] () -- C:\Windows\System32\guard32.dll

[2009/09/01 04:25:18 | 00,130,080 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys

[2009/09/01 04:25:18 | 00,068,640 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2009/09/01 04:25:18 | 00,028,704 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2009/09/01 04:25:16 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO

[2009/08/31 21:27:15 | 00,000,000 | ---D | C] -- C:\Users\kamael\Documents\tuto

[2009/08/31 21:01:43 | 00,000,000 | ---D | C] -- C:\Windows\Minidump

[2009/08/30 00:46:23 | 05,111,641 | ---- | C] () -- C:\Users\kamael\Desktop\Michael Bolton - A Love So Beautiful.mp3

[2009/08/30 00:12:57 | 04,327,967 | ---- | C] () -- C:\Users\kamael\Desktop\Crying - Don McLean.mp3

[2009/08/29 22:08:56 | 00,002,070 | ---- | C] () -- C:\Users\kamael\Desktop\Windows Live Messenger .lnk

[2009/08/29 18:12:10 | 00,000,000 | ---D | C] -- C:\Users\kamael\Documents\CAPCOM

[2009/08/29 18:09:31 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\CAPCOM

[2009/08/29 18:07:32 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll

[2009/08/29 18:07:32 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll

[2009/08/29 18:07:32 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll

[2009/08/29 18:07:31 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll

[2009/08/29 18:06:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\xlive

[2009/08/29 18:06:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE

[2009/08/29 17:19:58 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll

[2009/08/29 14:18:54 | 00,000,000 | ---D | C] -- C:\Users\kamael\Desktop\STF IV

[2009/08/29 11:03:28 | 00,000,000 | ---D | C] -- C:\Program Files\Positivo

[2009/08/29 11:01:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield

[2009/08/29 02:28:30 | 00,000,000 | ---D | C] -- C:\Users\kamael\Desktop\Nova pasta

[2009/08/28 23:55:44 | 00,001,220 | ---- | C] () -- C:\Users\kamael\Desktop\Spybot - Search & Destroy.lnk

[2009/08/28 23:55:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2009/08/28 23:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009/08/28 23:17:18 | 00,000,000 | -H-- | C] () -- C:\Users\kamael\Documents\Default.rdp

[2009/08/28 22:43:31 | 03,956,736 | ---- | C] () -- C:\Windows\System32\game.exe

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\weapons

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\wav

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\StartImage

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\sky

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\rain

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\image

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\Field

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\Effect

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\cSelect

[2009/08/28 22:42:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\char

[2009/08/28 22:41:32 | 01,601,456 | ---- | C] () -- C:\Windows\System32\_update.inf

[2009/08/28 22:41:26 | 00,000,016 | ---- | C] () -- C:\Windows\System32\ptReg.rgx

[2009/08/28 18:23:48 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2009/08/28 17:48:08 | 00,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll

[2009/08/28 17:45:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2009/08/28 17:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2009/08/28 17:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2009/08/28 17:42:59 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2009/08/28 17:40:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

[2009/08/28 17:39:10 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Microsoft Help

[2009/08/28 17:38:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2009/08/28 17:38:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2009/08/28 17:36:38 | 00,000,000 | RH-D | C] -- C:\MSOCache

[2009/08/28 17:29:26 | 00,000,000 | ---D | C] -- C:\Users\kamael\Desktop\office

[2009/08/28 14:59:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2009/08/28 14:59:29 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2009/08/28 14:59:11 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2009/08/28 14:58:42 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2009/08/28 14:58:12 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2009/08/28 14:34:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/08/28 14:04:33 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Malwarebytes

[2009/08/28 14:04:30 | 00,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/28 14:04:28 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/08/28 14:04:26 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/08/28 14:04:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/08/28 14:04:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/08/28 13:31:44 | 03,596,016 | ---- | C] () -- C:\Users\kamael\Desktop\AHA THERES NEVER A FOREVER THING.mp3

[2009/08/28 04:17:58 | 05,587,069 | ---- | C] () -- C:\Users\kamael\Desktop\Cancún_ México_ Acuario de Xcaret_ Música _Paula Toller _ fly me to the moon.mp3

[2009/08/28 04:05:59 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\vdownloader

[2009/08/28 04:04:30 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Desktopicon

[2009/08/28 04:04:29 | 00,000,947 | ---- | C] () -- C:\Users\Public\Desktop\VDownloader.lnk

[2009/08/28 04:04:28 | 00,000,000 | ---D | C] -- C:\Program Files\VDOWNLOADER

[2009/08/28 00:46:01 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Diagnostics

[2009/08/27 23:56:42 | 00,654,272 | ---- | C] () -- C:\Windows\System32\prfh0416.dat

[2009/08/27 23:56:42 | 00,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat

[2009/08/27 23:56:42 | 00,124,724 | ---- | C] () -- C:\Windows\System32\prfc0416.dat

[2009/08/27 23:56:42 | 00,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat

[2009/08/27 23:55:49 | 00,000,000 | ---D | C] -- C:\Windows\pt-BR

[2009/08/27 23:55:35 | 00,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer

[2009/08/27 23:55:35 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR

[2009/08/27 23:51:54 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\volsnap.sys.mui

[2009/08/27 23:51:54 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\usbport.sys.mui

[2009/08/27 23:51:54 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\usbhub.sys.mui

[2009/08/27 23:51:54 | 00,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\pt-BR\pscr.sys.mui

[2009/08/27 23:51:54 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vhdmp.sys.mui

[2009/08/27 23:51:54 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\tpm.sys.mui

[2009/08/27 23:51:54 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\portcls.sys.mui

[2009/08/27 23:51:54 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\umbus.sys.mui

[2009/08/27 23:51:54 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\serscan.sys.mui

[2009/08/27 23:51:54 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\wd.sys.mui

[2009/08/27 23:51:53 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mpio.sys.mui

[2009/08/27 23:51:53 | 00,033,792 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\pt-BR\yk62x86.sys.mui

[2009/08/27 23:51:53 | 00,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1y6032.sys.mui

[2009/08/27 23:51:53 | 00,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1e6032.sys.mui

[2009/08/27 23:51:53 | 00,018,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\E1G60I32.sys.mui

[2009/08/27 23:51:53 | 00,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\pt-BR\k57nd60x.sys.mui

[2009/08/27 23:51:53 | 00,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\pt-BR\b57nd60x.sys.mui

[2009/08/27 23:51:53 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\serial.sys.mui

[2009/08/27 23:51:53 | 00,011,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1q6032.sys.mui

[2009/08/27 23:51:53 | 00,011,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1k6032.sys.mui

[2009/08/27 23:51:53 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\msdsm.sys.mui

[2009/08/27 23:51:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\sermouse.sys.mui

[2009/08/27 23:51:53 | 00,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e100b325.sys.mui

[2009/08/27 23:51:53 | 00,005,120 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\pt-BR\bcm4sbxp.sys.mui

[2009/08/27 23:51:53 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mouclass.sys.mui

[2009/08/27 23:51:53 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pcmcia.sys.mui

[2009/08/27 23:51:53 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\parport.sys.mui

[2009/08/27 23:51:53 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ataport.sys.mui

[2009/08/27 23:51:53 | 00,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\pt-BR\getn62.sys.mui

[2009/08/27 23:51:53 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\rndismpx.sys.mui

[2009/08/27 23:51:53 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\rndismp6.sys.mui

[2009/08/27 23:51:53 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\parvdm.sys.mui

[2009/08/27 23:51:53 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mouhid.sys.mui

[2009/08/27 23:51:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vwifibus.sys.mui

[2009/08/27 23:51:53 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\MTConfig.sys.mui

[2009/08/27 23:51:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\amdide.sys.mui

[2009/08/27 23:51:52 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bfe.dll.mui

[2009/08/27 23:51:52 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\afd.sys.mui

[2009/08/27 23:51:52 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\wdf01000.sys.mui

[2009/08/27 23:51:52 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ws2ifsl.sys.mui

[2009/08/27 23:51:51 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\tcpip.sys.mui

[2009/08/27 23:51:51 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\tunnel.sys.mui

[2009/08/27 23:51:51 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\modem.sys.mui

[2009/08/27 23:51:51 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\usbrpm.sys.mui

[2009/08/27 23:51:50 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\fvevol.sys.mui

[2009/08/27 23:51:50 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\scfilter.sys.mui

[2009/08/27 23:51:48 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pacer.sys.mui

[2009/08/27 23:51:48 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\rdbss.sys.mui

[2009/08/27 23:51:48 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\qwavedrv.sys.mui

[2009/08/27 23:51:47 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\partmgr.sys.mui

[2009/08/27 23:51:44 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ntfs.sys.mui

[2009/08/27 23:51:44 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ndis.sys.mui

[2009/08/27 23:51:44 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\nwifi.sys.mui

[2009/08/27 23:51:44 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ndisuio.sys.mui

[2009/08/27 23:51:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ndiscap.sys.mui

[2009/08/27 23:51:42 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\luafv.sys.mui

[2009/08/27 23:51:42 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mountmgr.sys.mui

[2009/08/27 23:51:41 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\http.sys.mui

[2009/08/27 23:51:39 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\fltmgr.sys.mui

[2009/08/27 23:51:38 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\volmgrx.sys.mui

[2009/08/27 23:51:35 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\i8042prt.sys.mui

[2009/08/27 23:51:35 | 00,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\pt-BR\BrSerIb.sys.mui

[2009/08/27 23:51:35 | 00,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\pt-BR\ltmdmnt.sys.mui

[2009/08/27 23:51:35 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pci.sys.mui

[2009/08/27 23:51:35 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\IPMIDrv.sys.mui

[2009/08/27 23:51:35 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\kbdclass.sys.mui

[2009/08/27 23:51:35 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vdrvroot.sys.mui

[2009/08/27 23:51:35 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\isapnp.sys.mui

[2009/08/27 23:51:35 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mssmbios.sys.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\VIAAGP.SYS.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ULIAGPKX.SYS.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\SISAGP.SYS.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pnpmem.sys.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\NV_AGP.SYS.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\kbdhid.sys.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\AMDAGP.SYS.mui

[2009/08/27 23:51:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\AGP440.sys.mui

[2009/08/27 23:51:34 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\wacompen.sys.mui

[2009/08/27 23:51:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\viac7.sys.mui

[2009/08/27 23:51:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\processr.sys.mui

[2009/08/27 23:51:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\intelppm.sys.mui

[2009/08/27 23:51:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\amdppm.sys.mui

[2009/08/27 23:51:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\amdk8.sys.mui

[2009/08/27 23:51:31 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ohci1394.sys.mui

[2009/08/27 23:51:31 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\1394ohci.sys.mui

[2009/08/27 23:51:31 | 00,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\pt-BR\BrSerId.sys.mui

[2009/08/27 23:51:31 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\acpi.sys.mui

[2009/08/27 23:51:31 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\battc.sys.mui

[2009/08/27 23:51:31 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthport.sys.mui

[2009/08/27 23:51:31 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthpan.sys.mui

[2009/08/27 23:51:31 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\hdaudbus.sys.mui

[2009/08/27 23:51:31 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\HdAudio.sys.mui

[2009/08/27 23:51:31 | 00,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\pt-BR\atikmdag.sys.mui

[2009/08/27 23:51:31 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\hidbth.sys.mui

[2009/08/27 23:51:31 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\Dot4usb.sys.mui

[2009/08/27 23:51:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\UAGP35.SYS.mui

[2009/08/27 23:51:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\GAGP30KX.SYS.mui

[2009/08/27 23:51:31 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\BTHUSB.SYS.mui

[2009/08/27 23:51:31 | 00,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\pt-BR\BrParwdm.sys.mui

[2009/08/27 23:51:31 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\disk.sys.mui

[2009/08/27 23:51:31 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\cdrom.sys.mui

[2009/08/27 23:51:31 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthenum.sys.mui

[2009/08/27 22:46:27 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2009/08/27 22:46:12 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2009/08/27 22:45:39 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA

[2009/08/27 22:45:38 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies

[2009/08/27 22:45:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/08/27 22:44:43 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE

[2009/08/27 22:44:35 | 00,000,000 | ---D | C] -- C:\NVIDIA

[2009/08/27 22:18:37 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\ElevatedDiagnostics

[2009/08/27 21:44:44 | 00,000,000 | ---D | C] -- C:\Windows\Panther

[2009/08/27 21:42:06 | 00,111,360 | ---- | C] () -- C:\Users\kamael\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/08/27 20:15:13 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2009/08/27 20:15:12 | 00,383,562 | RHS- | C] () -- C:\bootmgr

[2009/08/27 20:15:11 | 00,000,000 | -HSD | C] -- C:\Boot

[2009/08/27 19:13:13 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Macromedia

[2009/08/27 19:13:12 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Adobe

[2009/08/27 19:10:21 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2009/08/27 18:34:37 | 00,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2009/08/27 18:34:31 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2009/08/27 18:34:31 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2009/08/27 18:34:31 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2009/08/27 18:34:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira

[2009/08/27 18:34:29 | 00,000,000 | ---D | C] -- C:\Program Files\Avira

[2009/08/27 17:46:09 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/08/27 17:46:07 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Mozilla

[2009/08/27 17:46:07 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Mozilla

[2009/08/27 17:46:05 | 00,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2009/08/27 17:46:02 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2009/08/27 17:40:05 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Kerio

[2009/08/27 17:38:38 | 00,000,000 | ---D | C] -- C:\Program Files\Kerio

[2009/08/27 17:36:11 | 00,000,000 | -HSD | C] -- C:\Windows\Installer

[2009/08/27 17:35:09 | 00,000,562 | ---- | C] () -- C:\Users\kamael\Desktop\PsTale - Shortcut.lnk

[2009/08/27 17:32:00 | 00,000,000 | ---D | C] -- C:\Users\kamael\Desktop\programas

[2009/08/27 17:20:28 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Identities

[2009/08/27 17:20:17 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\VirtualStore

[2009/08/27 17:20:14 | 00,000,000 | --SD | C] -- C:\Users\kamael\AppData\Roaming\Microsoft

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\Documents\My Videos

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\Documents\My Pictures

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\Documents\My Music

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\AppData\Local\Temporary Internet Files

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\AppData\Local\History

[2009/08/27 17:20:14 | 00,000,000 | -HSD | C] -- C:\Users\kamael\AppData\Local\Application Data

[2009/08/27 17:20:14 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Roaming\Media Center Programs

[2009/08/27 17:20:14 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Temp

[2009/08/27 17:20:14 | 00,000,000 | ---D | C] -- C:\Users\kamael\AppData\Local\Microsoft

[2009/08/27 17:20:03 | 00,000,000 | -HSD | C] -- C:\Recovery

[2009/08/27 16:48:47 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2009/08/27 16:46:25 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch

[2009/08/27 15:16:09 | 80,411,8528 | -HS- | C] () -- C:\hiberfil.sys

[2009/08/27 15:16:09 | 00,000,000 | -HSD | C] -- C:\System Volume Information

[2009/08/17 02:42:20 | 02,173,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe

[2009/08/17 02:42:20 | 00,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl

[2009/08/17 02:42:18 | 01,346,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvs.dll

[2009/08/17 02:41:54 | 03,176,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwss.dll

[2009/08/17 02:41:52 | 04,033,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvs.dll

[2009/08/17 02:41:52 | 01,292,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmobls.dll

[2009/08/17 02:41:52 | 00,195,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmccss.dll

[2009/08/17 02:41:50 | 03,553,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgames.dll

[2009/08/17 02:41:48 | 13,904,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll

[2009/08/17 02:41:48 | 04,930,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdisps.dll

[2009/08/17 02:41:48 | 00,764,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll

[2009/08/17 02:41:48 | 00,249,312 | ---- | C] () -- C:\Windows\System32\NvApps.xml

[2009/08/17 02:41:48 | 00,215,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

[2009/08/17 02:41:48 | 00,143,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll

[2009/08/17 02:41:48 | 00,092,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll

[2009/08/17 02:41:48 | 00,066,834 | ---- | C] () -- C:\Windows\System32\NvwsApps.xml

[2009/08/17 00:57:00 | 10,858,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2009/08/17 00:57:00 | 09,545,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2009/08/17 00:57:00 | 07,569,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll

[2009/08/17 00:57:00 | 02,169,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2009/08/17 00:57:00 | 01,985,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2009/08/17 00:57:00 | 01,919,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll

[2009/08/17 00:57:00 | 01,706,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2009/08/17 00:57:00 | 01,044,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll

[2009/08/17 00:57:00 | 00,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe

[2009/08/17 00:57:00 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe

[2009/08/17 00:57:00 | 00,252,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll

[2009/08/17 00:57:00 | 00,155,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod162.dll

[2009/08/17 00:57:00 | 00,155,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll

[2009/08/17 00:57:00 | 00,010,744 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu

[2009/08/17 00:57:00 | 00,004,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd

[2009/08/14 13:36:18 | 00,070,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\PhysXLoader.dll

[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2009/07/13 23:04:23 | 00,000,478 | ---- | C] () -- C:\Windows\win.ini

[2009/07/13 23:04:23 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2009/07/13 20:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 20:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files]

[2009/09/06 20:18:27 | 00,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job

[2009/09/06 20:14:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/09/06 20:14:20 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/09/06 20:14:16 | 80,411,8528 | -HS- | M] () -- C:\hiberfil.sys

[2009/09/06 20:12:36 | 00,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2009/09/06 20:12:36 | 00,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2009/09/06 08:48:08 | 00,000,057 | ---- | M] () -- C:\Windows\System32\mapisvc.inf

[2009/09/06 08:46:28 | 02,439,174 | -H-- | M] () -- C:\Users\kamael\AppData\Local\IconCache.db

[2009/09/06 05:10:33 | 00,119,312 | ---- | M] () -- C:\Users\kamael\Documents\LinuxSecurity-colorida.pdf

[2009/09/05 16:51:37 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf

[2009/09/05 16:19:02 | 00,001,183 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

[2009/09/05 08:02:32 | 00,280,282 | ---- | M] () -- C:\Users\kamael\Desktop\gmer.zip

[2009/09/05 02:37:47 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/09/05 02:37:46 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2009/09/05 02:37:46 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/09/05 02:37:46 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/09/04 18:37:42 | 00,001,462 | ---- | M] () -- C:\Users\kamael\Desktop\SF4Launcher - Atalho.lnk

[2009/09/04 01:25:59 | 00,001,835 | ---- | M] () -- C:\Users\kamael\Desktop\CCleaner.lnk

[2009/09/02 14:16:30 | 06,216,098 | ---- | M] () -- C:\Users\kamael\Desktop\Beija flor 2002.mp3

[2009/09/02 13:43:15 | 07,387,951 | ---- | M] () -- C:\Users\kamael\Desktop\Beija flor 2006.mp3

[2009/09/01 20:24:55 | 00,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2009/09/01 18:56:44 | 00,001,266 | ---- | M] () -- C:\Users\Public\Desktop\MV RegClean 5.9.lnk

[2009/09/01 05:05:04 | 00,001,117 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2009/09/01 04:25:15 | 00,168,208 | ---- | M] () -- C:\Windows\System32\guard32.dll

[2009/09/01 04:25:15 | 00,130,080 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys

[2009/09/01 04:25:15 | 00,068,640 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2009/09/01 04:25:15 | 00,028,704 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2009/08/31 22:51:44 | 00,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2009/08/31 22:44:00 | 01,491,932 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/08/31 22:44:00 | 00,654,272 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2009/08/31 22:44:00 | 00,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/08/31 22:44:00 | 00,124,724 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2009/08/31 22:44:00 | 00,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/08/30 00:46:39 | 05,111,641 | ---- | M] () -- C:\Users\kamael\Desktop\Michael Bolton - A Love So Beautiful.mp3

[2009/08/30 00:13:10 | 04,327,967 | ---- | M] () -- C:\Users\kamael\Desktop\Crying - Don McLean.mp3

[2009/08/29 22:08:56 | 00,002,070 | ---- | M] () -- C:\Users\kamael\Desktop\Windows Live Messenger .lnk

[2009/08/29 21:18:28 | 00,111,360 | ---- | M] () -- C:\Users\kamael\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/08/29 15:00:16 | 00,419,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/08/29 14:51:59 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini

[2009/08/28 23:55:44 | 00,001,220 | ---- | M] () -- C:\Users\kamael\Desktop\Spybot - Search & Destroy.lnk

[2009/08/28 23:17:18 | 00,000,000 | -H-- | M] () -- C:\Users\kamael\Documents\Default.rdp

[2009/08/28 22:43:31 | 03,956,736 | ---- | M] () -- C:\Windows\System32\game.exe

[2009/08/28 22:42:53 | 01,601,456 | ---- | M] () -- C:\Windows\System32\_update.inf

[2009/08/28 22:41:26 | 00,000,016 | ---- | M] () -- C:\Windows\System32\ptReg.rgx

[2009/08/28 14:04:30 | 00,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/08/28 13:31:56 | 03,596,016 | ---- | M] () -- C:\Users\kamael\Desktop\AHA THERES NEVER A FOREVER THING.mp3

[2009/08/28 04:18:19 | 05,587,069 | ---- | M] () -- C:\Users\kamael\Desktop\Cancún_ México_ Acuario de Xcaret_ Música _Paula Toller _ fly me to the moon.mp3

[2009/08/28 04:04:29 | 00,000,947 | ---- | M] () -- C:\Users\Public\Desktop\VDownloader.lnk

[2009/08/27 23:55:15 | 00,323,154 | ---- | M] () -- C:\Windows\System32\prfi0416.dat

[2009/08/27 23:55:15 | 00,038,536 | ---- | M] () -- C:\Windows\System32\prfd0416.dat

[2009/08/27 21:46:03 | 00,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2009/08/27 21:44:33 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009/08/27 18:34:37 | 00,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2009/08/27 17:46:09 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

[2009/08/27 17:35:09 | 00,000,562 | ---- | M] () -- C:\Users\kamael\Desktop\PsTale - Shortcut.lnk

[2009/08/27 16:49:10 | 00,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf

[2009/08/17 02:42:20 | 02,173,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe

[2009/08/17 02:42:20 | 00,420,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl

[2009/08/17 02:42:18 | 01,346,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvs.dll

[2009/08/17 02:41:54 | 03,176,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwss.dll

[2009/08/17 02:41:52 | 04,033,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvitvs.dll

[2009/08/17 02:41:52 | 01,292,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmobls.dll

[2009/08/17 02:41:52 | 00,195,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmccss.dll

[2009/08/17 02:41:50 | 03,553,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgames.dll

[2009/08/17 02:41:48 | 13,904,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll

[2009/08/17 02:41:48 | 04,930,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdisps.dll

[2009/08/17 02:41:48 | 00,764,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll

[2009/08/17 02:41:48 | 00,249,312 | ---- | M] () -- C:\Windows\System32\NvApps.xml

[2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

[2009/08/17 02:41:48 | 00,143,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll

[2009/08/17 02:41:48 | 00,092,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll

[2009/08/17 02:41:48 | 00,066,834 | ---- | M] () -- C:\Windows\System32\NvwsApps.xml

[2009/08/17 00:57:00 | 10,858,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2009/08/17 00:57:00 | 09,545,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2009/08/17 00:57:00 | 07,569,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll

[2009/08/17 00:57:00 | 03,298,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll

[2009/08/17 00:57:00 | 02,169,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2009/08/17 00:57:00 | 01,985,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2009/08/17 00:57:00 | 01,919,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll

[2009/08/17 00:57:00 | 01,706,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2009/08/17 00:57:00 | 01,044,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll

[2009/08/17 00:57:00 | 00,795,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe

[2009/08/17 00:57:00 | 00,485,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe

[2009/08/17 00:57:00 | 00,252,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll

[2009/08/17 00:57:00 | 00,155,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod162.dll

[2009/08/17 00:57:00 | 00,155,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll

[2009/08/17 00:57:00 | 00,010,744 | ---- | M] () -- C:\Windows\System32\nvdisp.nvu

[2009/08/17 00:57:00 | 00,004,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd

[2009/08/14 13:36:18 | 00,070,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\PhysXLoader.dll

[2009/08/11 12:35:08 | 00,485,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE

< End of report >

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro Freak

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D
Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro Freak

# Etapa nº 1 #

Faça download do Norman Malware Cleaner e salve o arquivo na pasta Desktop da conta Administrador:

C:\Documents and Settings\Administrador\Desktop <- a PASTA

# Etapa nº 2 #

Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)

Observação: Caso não consiga entrar em Modo Seguro execute a ferramenta abaixo:

Faça o download SafeBootKeyRepair

  • Execute a ferramenta.
  • Será rápido...
  • Agora entre em Modo Seguro.

# Etapa nº 3 #
  • Em Modo Seguro, clique duas vezes em Norman_Malware_Cleaner.exe
  • Na janela que abrir clique em Accept
  • No programa veja se em Scan areas está escrito o drive aonde seu Sistema Operacional está instalado, normalmente C:\*.*
  • Clque no botão Options... e certifique que esteja selecionado (por default):
    • Enable process scaning
  • Unpack Archives
  • Do not system restore scan after cleaning file

[*]Clique agora no botão Start Scan e aguarde...[*]Em Scan results poderá ir acompanhando os resultados a medida que o scan é executado.[*]Ao término do scan clique Quit[*]Quando questionado se quer reiniciar o computador (Do you want restart now?) clique em Sim[*]Depois repare que no desktop existe um arquivo em texto (.txt) cujo nome é NFix_a_m_d (onde a = ano, m = mês e d = dia).[*]Clique no arquivo, selecione todo conteúdo (ctrl + A), copie (ctrl + C) e cole (crtl + V) em sua próxima resposta.

Abraços :D

Link para o comentário
Compartilhar em outros sites

Boa tarde!

Abaixo o resultado do Norman_malware:

Norman Malware Cleaner

Version 1.5.0.5

Copyright © 1990 - 2009, Norman ASA. Built 2009/09/07 22:14:41

Norman Scanner Engine Version: 6.01.09

Nvcbin.def Version: 6.01.00, Date: 2009/09/07 22:14:41, Variants: 3726380

Scan started: 08/09/2009 15:50:18

Running pre-scan cleanup routine:

Operating System: Microsoft Windows 7 6.1.7600(Safe mode)

Logged on user: kamael-PC\kamael

Scanning running processes and process memory...

Number of processes/threads found: 714

Number of processes/threads scanned: 714

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 10s

Running post-scan cleanup routine:

Norman Malware Cleaner

Version 1.5.0.5

Copyright © 1990 - 2009, Norman ASA. Built 2009/09/07 22:14:41

Norman Scanner Engine Version: 6.01.09

Nvcbin.def Version: 6.01.00, Date: 2009/09/07 22:14:41, Variants: 3726380

Scan started: 08/09/2009 13:47:23

Running pre-scan cleanup routine:

Operating System: Microsoft Windows 7 6.1.7600(Safe mode)

Logged on user: kamael-PC\kamael

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scanning running processes and process memory...

Number of processes/threads found: 1316

Number of processes/threads scanned: 1316

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 16s

Scanning file system...

Scanning: C:\*.*

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6b8df0cd-9a65-11de-9371-001d5f4fe8af}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{a95cf027-9bd8-11de-ab19-004d7b9abdaf}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl (Error opening file: Access denied)

Scanning: D:\*.*

Scanning: E:\*.*

E:\programas\AdbeRdr90_pt_BR.exe (Infected with W32/Smalltroj.LVUH)

Deleted file

Running post-scan cleanup routine:

Number of files found: 133756

Number of archives unpacked: 0

Number of files scanned: 133719

Number of files not scanned: 37

Number of files skipped due to exclude list: 0

Number of infected files found: 1

Number of infected files repaired/deleted: 1

Number of infections removed: 1

Total scanning time: 28m 31s

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro Freak

Faça download do Kaspersky Removal Tool. Salve em seu desktop (área de trabalho).

  • Instale o programa normalmente, seguindo todas as instruções.
  • Uma pasta chamada Virus Removal Tool será criada no desktop.
  • Na tela principal do programa clique na opção Meu computador, Startup objects, Disk boot sectors e depois clique no botão Scan.
  • Seja paciente, o scan pode demorar
  • Se ele encontrar alguma infecção abrirá uma janela de alerta clique em skip.
  • Após completar tudo, clique no botão Reports... e clique em Save to file.
  • Dê um nome para o arquivo e salve numa pasta de sua preferência.
  • Feche o resultado clicando no X da janela.
  • Logo em seguida feche o programa também clicando no X da janela. Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em No. Poste o conteúdo desse arquivo em sua próxima resposta e aguarde.

Abraços :D

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro Freak

Você tinha que dar o nome do arquivo com seu nick! Bom não foi encontrado nada no scan, vamos fazer um novo logo:

Baixe novamente o OTL2

  • Clique duas vezes no ícone;
  • Em File Scan marque a caixe Lop e Purity;
  • Não altere nenhuma outra configuração;
  • Clique em Scan para executar;
  • Não interrompa o scan;
  • Quando completar, dois arquivos serão criados, OTL.txt e Extras.txt;
  • Poste os dois logs em sua próxima resposta.

Abraços :D

Link para o comentário
Compartilhar em outros sites

Bom dia!

Caro moicano,aqui estão os logs do OTL

OTL logfile created on: 19/09/2009 04:19:21 - Run 1

OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Gatts\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1022,49 Mb Total Physical Memory | 496,43 Mb Available Physical Memory | 48,55% Memory free

2,00 Gb Paging File | 0,82 Gb Available in Paging File | 40,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 38,77 Gb Total Space | 13,68 Gb Free Space | 35,30% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 35,50 Gb Total Space | 2,90 Gb Free Space | 8,18% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: AION-PC

Current User Name: Aion

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

PRC - [2009/09/17 22:27:47 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2008/02/18 17:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

PRC - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\IoctlSvc.exe

PRC - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2009/05/11 08:12:58 | 00,010,240 | ---- | M] (Tenable Network Security, Inc) -- C:\Program Files\Tenable\Nessus\nessus-service.exe

PRC - [2009/05/11 08:15:16 | 00,506,880 | ---- | M] (Tenable Network Security, Inc) -- C:\Program Files\Tenable\Nessus\nessusd.exe

PRC - [2009/07/13 22:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/13 22:14:20 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE

PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009/09/11 17:29:49 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2008/02/28 18:07:58 | 01,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

PRC - [2008/02/28 18:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

PRC - [2009/07/13 22:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe

PRC - [2009/07/13 22:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/30 20:45:42 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/09/19 04:15:11 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\Gatts\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])

SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])

SRV - [2009/07/13 22:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc [On_Demand | Stopped])

SRV - [2009/07/13 22:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSV.dll -- (AxInstSV [On_Demand | Stopped])

SRV - [2009/07/13 22:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC [unknown | Stopped])

SRV - [2009/06/10 18:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2009/09/17 22:27:47 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])

SRV - [2009/07/13 22:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc [On_Demand | Stopped])

SRV - [2009/07/13 22:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp [Auto | Running])

SRV - [2009/07/13 22:14:19 | 00,557,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])

SRV - [2009/07/13 22:14:19 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

SRV - [2009/07/13 22:16:18 | 01,086,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (eventlog [Auto | Running])

SRV - [2009/07/13 22:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache [On_Demand | Stopped])

SRV - [2009/06/10 18:14:51 | 00,042,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2009/07/13 22:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider [On_Demand | Stopped])

SRV - [2009/06/10 18:14:02 | 00,878,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

SRV - [2008/02/18 17:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])

SRV - [2009/06/10 18:14:05 | 00,128,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2008/02/28 18:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])

SRV - [2009/08/17 02:41:48 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])

SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\peerdistsvc.dll -- (PeerDistSvc [On_Demand | Stopped])

SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])

SRV - [2009/07/13 22:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg [On_Demand | Stopped])

SRV - [2009/07/13 22:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc [On_Demand | Stopped])

SRV - [2009/07/13 22:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power [Auto | Running])

SRV - [2009/07/13 22:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper [unknown | Running])

SRV - [2009/07/13 22:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc [On_Demand | Stopped])

SRV - [2009/07/13 22:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc [Auto | Running])

SRV - [2009/07/13 22:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify [On_Demand | Running])

SRV - [2009/08/17 01:32:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service [Auto | Running])

SRV - [2009/05/11 08:12:58 | 00,010,240 | ---- | M] (Tenable Network Security, Inc) -- C:\Program Files\Tenable\Nessus\nessus-service.exe -- (Tenable Nessus [Auto | Running])

SRV - [2009/07/13 22:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes [Auto | Running])

SRV - [2009/07/13 22:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc [On_Demand | Stopped])

SRV - [2009/07/13 22:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [On_Demand | Stopped])

SRV - [2009/07/13 22:14:47 | 01,121,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

SRV - [2009/07/13 22:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/07/13 20:52:00 | 00,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci [On_Demand | Stopped])

DRV - [2009/07/13 20:16:36 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,422,976 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx [On_Demand | Stopped])

DRV - [2009/07/13 22:26:17 | 00,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320 [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,070,720 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,014,400 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide [On_Demand | Stopped])

DRV - [2009/07/13 20:11:04 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,079,952 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,023,616 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata [boot | Running])

DRV - [2009/07/13 20:36:52 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\appid.sys -- (AppID [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arc.sys -- (arc [On_Demand | Stopped])

DRV - [2009/07/13 22:26:15 | 00,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas [On_Demand | Stopped])

DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running])

DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])

DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])

DRV - [2009/07/13 19:02:48 | 00,430,080 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv [On_Demand | Stopped])

DRV - [2009/07/13 19:02:49 | 00,229,888 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])

DRV - [2009/07/13 19:53:28 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])

DRV - [2009/07/13 19:53:28 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])

DRV - [2009/07/13 21:57:25 | 00,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid [On_Demand | Stopped])

DRV - [2009/07/13 19:53:32 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm [On_Demand | Stopped])

DRV - [2009/07/13 19:53:33 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm [On_Demand | Stopped])

DRV - [2009/07/13 19:53:33 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

DRV - [2009/09/17 22:31:50 | 00,128,888 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdguard.sys -- (cmdGuard [system | Running])

DRV - [2009/09/17 22:31:51 | 00,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [system | Running])

DRV - [2009/07/13 22:26:21 | 00,015,952 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide [On_Demand | Stopped])

DRV - [2009/07/13 22:17:54 | 00,369,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\cng.sys -- (CNG [boot | Running])

DRV - [2009/07/13 20:45:26 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\CompositeBus.sys -- (CompositeBus [On_Demand | Running])

DRV - [2009/07/13 20:24:05 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\discache.sys -- (discache [system | Running])

DRV - [2009/07/13 19:02:48 | 03,100,160 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,453,712 | ---- | M] (Emulex) -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,046,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FsDepends.sys -- (FsDepends [On_Demand | Stopped])

DRV - [2009/07/13 19:54:14 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir [On_Demand | Stopped])

DRV - [2009/07/13 20:19:21 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt [On_Demand | Stopped])

DRV - [2009/07/13 22:20:28 | 00,067,152 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy [boot | Running])

DRV - [2009/07/13 22:20:36 | 00,332,352 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp [On_Demand | Stopped])

DRV - [2009/09/17 22:36:24 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\inspect.sys -- (inspect [system | Running])

DRV - [2008/07/08 14:54:02 | 00,148,496 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\DRIVERS\03811286.sys -- (is-G8C8Kdrv [system | Running])

DRV - [2009/07/13 22:20:36 | 00,133,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg [boot | Running])

DRV - [2009/07/13 22:20:36 | 00,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC [On_Demand | Stopped])

DRV - [2009/07/13 22:20:37 | 00,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2 [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas [On_Demand | Stopped])

DRV - [2009/07/13 22:20:36 | 00,235,584 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR [On_Demand | Stopped])

DRV - [2009/07/13 20:51:08 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf [On_Demand | Stopped])

DRV - [2009/07/13 20:46:55 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig [On_Demand | Stopped])

DRV - [2009/07/13 20:52:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\ndiscap.sys -- (NdisCap [On_Demand | Stopped])

DRV - [2009/07/13 22:20:44 | 00,044,624 | ---- | M] (IBM Corporation) -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960 [On_Demand | Stopped])

DRV - [2009/08/17 00:57:00 | 09,545,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])

DRV - [2009/07/13 22:20:44 | 00,117,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid [On_Demand | Stopped])

DRV - [2009/07/13 22:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor [On_Demand | Stopped])

DRV - [2009/07/13 22:19:04 | 00,043,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcw.sys -- (pcw [boot | Running])

DRV - [2009/07/13 22:19:04 | 01,383,488 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300 [On_Demand | Stopped])

DRV - [2009/07/13 22:19:04 | 00,106,064 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx [On_Demand | Stopped])

DRV - [2009/07/13 20:55:00 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\AgileVpn.sys -- (RasAgileVpn [On_Demand | Running])

DRV - [2009/07/13 21:02:41 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\rdpbus.sys -- (rdpbus [On_Demand | Running])

DRV - [2009/07/13 21:01:41 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdprefmp.sys -- (RDPREFMP [system | Running])

DRV - [2009/07/13 22:19:04 | 00,173,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost [boot | Running])

DRV - [2009/07/13 19:02:52 | 00,139,776 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\DRIVERS\Rt86win7.sys -- (RTL8167 [On_Demand | Running])

DRV - [2009/07/13 20:28:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap [On_Demand | Stopped])

DRV - [2009/07/13 20:33:50 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\scfilter.sys -- (scfilter [unknown | Stopped])

DRV - [2009/07/13 17:50:20 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])

DRV - [2009/07/13 22:19:04 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2 [On_Demand | Stopped])

DRV - [2009/07/13 22:19:04 | 00,077,888 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4 [On_Demand | Stopped])

DRV - [2009/09/18 11:13:26 | 00,722,416 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])

DRV - [2009/07/13 22:19:04 | 00,021,072 | ---- | M] (Promise Technology) -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,040,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt [boot | Running])

DRV - [2009/07/13 22:19:10 | 00,028,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc [On_Demand | Stopped])

DRV - [2009/07/13 20:51:35 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,032,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot [boot | Running])

DRV - [2009/07/13 22:19:10 | 00,159,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide [On_Demand | Stopped])

DRV - [2009/07/13 22:19:10 | 00,175,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus [On_Demand | Stopped])

DRV - [2009/07/13 20:28:45 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID [On_Demand | Stopped])

DRV - [2009/07/13 22:19:11 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid [On_Demand | Stopped])

DRV - [2009/07/13 20:52:02 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus [On_Demand | Stopped])

DRV - [2009/07/13 20:53:51 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\wfplwf.sys -- (WfpLwf [system | Running])

DRV - [2009/07/13 22:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/17 09:23:03 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/18 10:50:12 | 00,000,000 | ---D | M]

[2009/09/11 17:23:19 | 00,000,000 | ---D | M] -- C:\Users\Aion\AppData\Roaming\mozilla\Extensions

[2009/09/11 17:23:19 | 00,000,000 | ---D | M] -- C:\Users\Aion\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/09/11 17:23:19 | 00,000,000 | ---D | M] -- C:\Users\Aion\AppData\Roaming\mozilla\Firefox\Profiles\t7yuge7r.default\extensions

[2009/09/17 09:33:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/09/14 22:25:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/09/11 17:29:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2009/07/30 20:45:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/07/30 20:45:43 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/09/11 17:29:50 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/07/30 20:45:43 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2008/09/10 16:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2008/09/10 16:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2009/07/30 19:51:30 | 00,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml

[2009/07/30 20:45:41 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/07/30 19:51:30 | 00,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml

[2009/07/30 19:51:30 | 00,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml

[2009/07/30 19:51:30 | 00,000,648 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\Hosts

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - Startup: C:\Users\Aion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-G8C8K.lnk = C:\Users\Aion\Desktop\Virus Removal Tool\is-G8C8K\startup.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE File not found

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll File not found

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.43.121.134 189.43.121.136

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll File not found

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll File not found

O18 - Protocol\Filter: - text/xml - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL File not found

O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 18:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/18 15:05:23 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009/09/18 11:27:11 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro

[2009/09/18 11:27:11 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro

[2009/09/18 11:13:26 | 00,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2009/09/18 11:12:50 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Roaming\DAEMON Tools Pro

[2009/09/18 10:51:46 | 00,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll

[2009/09/18 10:49:59 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2009/09/18 10:49:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2009/09/18 10:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2009/09/18 10:48:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2009/09/18 10:47:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

[2009/09/18 10:46:18 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Local\Microsoft Help

[2009/09/18 10:46:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2009/09/18 10:46:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2009/09/18 10:45:16 | 00,000,000 | RH-D | C] -- C:\MSOCache

[2009/09/17 22:16:06 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Roaming\Wireshark

[2009/09/17 19:26:46 | 72,851,8656 | ---- | C] () -- C:\Users\Aion\Desktop\[PC-DVD] Trine.iso

[2009/09/17 19:26:30 | 20,567,922 | ---- | C] () -- C:\Users\Aion\Desktop\video.flv

[2009/09/17 09:22:59 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2009/09/17 09:22:59 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2009/09/17 09:22:59 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/09/17 09:22:59 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2009/09/17 09:22:59 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2009/09/17 09:22:58 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009/09/17 09:22:57 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm

[2009/09/17 09:22:57 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll

[2009/09/17 09:22:57 | 00,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm

[2009/09/17 09:22:57 | 00,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml

[2009/09/17 09:22:56 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2009/09/17 09:22:56 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009/09/17 09:22:56 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll

[2009/09/17 09:22:56 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/09/17 09:22:56 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll

[2009/09/17 09:22:54 | 00,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/09/17 09:22:54 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll

[2009/09/17 09:22:54 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2009/09/17 09:22:53 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll

[2009/09/17 09:22:53 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll

[2009/09/17 09:22:52 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Roaming\Real

[2009/09/17 09:22:52 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Local\Real

[2009/09/17 09:22:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Real

[2009/09/17 09:22:52 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2009/09/17 07:18:17 | 00,001,220 | ---- | C] () -- C:\Users\Aion\Desktop\Spybot - Search & Destroy.lnk

[2009/09/17 07:18:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2009/09/17 07:18:10 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009/09/17 03:25:45 | 03,341,741 | -H-- | C] () -- C:\Users\Aion\AppData\Local\IconCache.db

[2009/09/17 03:24:53 | 00,000,947 | ---- | C] () -- C:\Users\Public\Desktop\VDownloader.lnk

[2009/09/17 03:24:49 | 00,000,000 | ---D | C] -- C:\Program Files\VDOWNLOADER

[2009/09/17 01:32:32 | 00,001,834 | ---- | C] () -- C:\Users\Aion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-G8C8K.lnk

[2009/09/17 01:32:32 | 00,000,000 | ---D | C] -- C:\ProgramData\is-G8C8K

[2009/09/17 01:32:22 | 08,562,720 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat

[2009/09/17 01:32:22 | 00,080,240 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx

[2009/09/17 01:32:19 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\03811286.sys

[2009/09/17 01:32:19 | 00,000,000 | ---D | C] -- C:\Users\Aion\Desktop\Virus Removal Tool

[2009/09/16 22:44:14 | 02,335,270 | ---- | C] () -- C:\Windows\System32\d6bDE7F.mht

[2009/09/15 01:40:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2009/09/15 01:40:15 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2009/09/14 23:35:30 | 00,000,000 | ---D | C] -- C:\$WINDOWS.~BT

[2009/09/14 22:06:24 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Local\ElevatedDiagnostics

[2009/09/14 19:20:34 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2009/09/14 18:15:35 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2009/09/14 18:15:16 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2009/09/14 17:54:16 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2009/09/14 17:54:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/09/14 15:51:56 | 00,000,000 | ---D | C] -- C:\Users\Aion\Documents\CAPCOM

[2009/09/14 00:17:19 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Local\Adobe

[2009/09/13 11:53:27 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Local\Apps

[2009/09/13 05:52:08 | 00,000,000 | ---D | C] -- C:\Users\Aion\Documents\EVEREST Reports

[2009/09/13 05:43:54 | 00,001,096 | ---- | C] () -- C:\Users\Aion\Desktop\EVEREST Ultimate Edition.lnk

[2009/09/13 05:43:47 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys

[2009/09/13 04:48:46 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Local\CAPCOM

[2009/09/13 02:42:39 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2009/09/13 02:35:54 | 00,000,000 | ---D | C] -- C:\Users\Aion\Desktop\d3dx9_41

[2009/09/13 02:33:53 | 01,931,314 | ---- | C] () -- C:\Users\Aion\Desktop\d3dx9_41.zip

[2009/09/13 02:32:19 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll

[2009/09/13 02:32:19 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll

[2009/09/13 02:32:19 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll

[2009/09/13 02:32:18 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll

[2009/09/13 02:31:44 | 00,000,000 | ---D | C] -- C:\Windows\System32\xlive

[2009/09/13 02:31:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE

[2009/09/13 02:28:05 | 00,000,000 | ---D | C] -- C:\Users\Aion\Desktop\STREETFIGHTERIV

[2009/09/13 02:17:52 | 00,000,000 | ---D | C] -- C:\Users\Aion\Desktop\CAPCOM

[2009/09/13 01:13:18 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Roaming\Malwarebytes

[2009/09/13 01:13:17 | 00,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/13 01:13:15 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/09/13 01:13:13 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/09/13 01:13:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/09/13 01:13:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/09/13 01:12:00 | 00,001,062 | ---- | C] () -- C:\Users\Aion\Documents\cc_20090913_011150.reg

[2009/09/13 01:10:16 | 00,001,835 | ---- | C] () -- C:\Users\Aion\Desktop\CCleaner.lnk

[2009/09/13 01:10:16 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/09/13 01:00:23 | 00,001,266 | ---- | C] () -- C:\Users\Public\Desktop\MV RegClean 5.9.lnk

[2009/09/13 01:00:22 | 00,000,000 | ---D | C] -- C:\Program Files\Marcos Velasco Security

[2009/09/13 00:49:57 | 00,000,000 | ---D | C] -- C:\Users\Aion\Desktop\mvregclean

[2009/09/13 00:48:19 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2009/09/13 00:27:07 | 00,000,000 | ---D | C] -- C:\Windows\Modio

[2009/09/12 23:51:45 | 00,001,024 | ---- | C] () -- C:\.rnd

[2009/09/12 18:06:30 | 00,000,000 | ---D | C] -- C:\Program Files\Tenable

[2009/09/12 10:20:26 | 00,654,272 | ---- | C] () -- C:\Windows\System32\prfh0416.dat

[2009/09/12 10:20:26 | 00,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat

[2009/09/12 10:20:26 | 00,124,724 | ---- | C] () -- C:\Windows\System32\prfc0416.dat

[2009/09/12 10:20:26 | 00,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat

[2009/09/12 10:19:10 | 00,000,000 | ---D | C] -- C:\Windows\pt-BR

[2009/09/12 10:18:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer

[2009/09/12 10:18:50 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR

[2009/09/12 10:13:27 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\volsnap.sys.mui

[2009/09/12 10:13:27 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\usbport.sys.mui

[2009/09/12 10:13:27 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\usbhub.sys.mui

[2009/09/12 10:13:27 | 00,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\pt-BR\pscr.sys.mui

[2009/09/12 10:13:27 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vhdmp.sys.mui

[2009/09/12 10:13:27 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\tpm.sys.mui

[2009/09/12 10:13:27 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\portcls.sys.mui

[2009/09/12 10:13:27 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\umbus.sys.mui

[2009/09/12 10:13:27 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\serscan.sys.mui

[2009/09/12 10:13:27 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\wd.sys.mui

[2009/09/12 10:13:23 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mpio.sys.mui

[2009/09/12 10:13:23 | 00,033,792 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\pt-BR\yk62x86.sys.mui

[2009/09/12 10:13:23 | 00,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1y6032.sys.mui

[2009/09/12 10:13:23 | 00,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1e6032.sys.mui

[2009/09/12 10:13:23 | 00,018,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\E1G60I32.sys.mui

[2009/09/12 10:13:23 | 00,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\pt-BR\k57nd60x.sys.mui

[2009/09/12 10:13:23 | 00,012,800 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\pt-BR\b57nd60x.sys.mui

[2009/09/12 10:13:23 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\serial.sys.mui

[2009/09/12 10:13:23 | 00,011,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1q6032.sys.mui

[2009/09/12 10:13:23 | 00,011,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e1k6032.sys.mui

[2009/09/12 10:13:23 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\msdsm.sys.mui

[2009/09/12 10:13:23 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\sermouse.sys.mui

[2009/09/12 10:13:23 | 00,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\pt-BR\e100b325.sys.mui

[2009/09/12 10:13:23 | 00,005,120 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\pt-BR\bcm4sbxp.sys.mui

[2009/09/12 10:13:23 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mouclass.sys.mui

[2009/09/12 10:13:23 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pcmcia.sys.mui

[2009/09/12 10:13:23 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\parport.sys.mui

[2009/09/12 10:13:23 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ataport.sys.mui

[2009/09/12 10:13:23 | 00,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\pt-BR\getn62.sys.mui

[2009/09/12 10:13:23 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\rndismpx.sys.mui

[2009/09/12 10:13:23 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\rndismp6.sys.mui

[2009/09/12 10:13:23 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\parvdm.sys.mui

[2009/09/12 10:13:23 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mouhid.sys.mui

[2009/09/12 10:13:23 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vwifibus.sys.mui

[2009/09/12 10:13:23 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\MTConfig.sys.mui

[2009/09/12 10:13:23 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\amdide.sys.mui

[2009/09/12 10:13:22 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\afd.sys.mui

[2009/09/12 10:13:21 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\tcpip.sys.mui

[2009/09/12 10:13:21 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bfe.dll.mui

[2009/09/12 10:13:21 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\tunnel.sys.mui

[2009/09/12 10:13:21 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\modem.sys.mui

[2009/09/12 10:13:21 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\wdf01000.sys.mui

[2009/09/12 10:13:21 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\usbrpm.sys.mui

[2009/09/12 10:13:21 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ws2ifsl.sys.mui

[2009/09/12 10:13:19 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\fvevol.sys.mui

[2009/09/12 10:13:19 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\scfilter.sys.mui

[2009/09/12 10:13:18 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pacer.sys.mui

[2009/09/12 10:13:18 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\rdbss.sys.mui

[2009/09/12 10:13:18 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\qwavedrv.sys.mui

[2009/09/12 10:13:17 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\partmgr.sys.mui

[2009/09/12 10:13:16 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ntfs.sys.mui

[2009/09/12 10:13:16 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ndis.sys.mui

[2009/09/12 10:13:16 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\nwifi.sys.mui

[2009/09/12 10:13:16 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ndisuio.sys.mui

[2009/09/12 10:13:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ndiscap.sys.mui

[2009/09/12 10:13:11 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mountmgr.sys.mui

[2009/09/12 10:13:09 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\luafv.sys.mui

[2009/09/12 10:13:08 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\http.sys.mui

[2009/09/12 10:13:05 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\fltmgr.sys.mui

[2009/09/12 10:13:04 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\volmgrx.sys.mui

[2009/09/12 10:13:02 | 00,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\pt-BR\BrSerIb.sys.mui

[2009/09/12 10:13:02 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pnpmem.sys.mui

[2009/09/12 10:13:01 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\viac7.sys.mui

[2009/09/12 10:13:01 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\processr.sys.mui

[2009/09/12 10:13:01 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\intelppm.sys.mui

[2009/09/12 10:13:01 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\amdppm.sys.mui

[2009/09/12 10:13:01 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\amdk8.sys.mui

[2009/09/12 10:13:01 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\i8042prt.sys.mui

[2009/09/12 10:13:01 | 00,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\pt-BR\ltmdmnt.sys.mui

[2009/09/12 10:13:01 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\pci.sys.mui

[2009/09/12 10:13:01 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthport.sys.mui

[2009/09/12 10:13:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\IPMIDrv.sys.mui

[2009/09/12 10:13:01 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\kbdclass.sys.mui

[2009/09/12 10:13:01 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthpan.sys.mui

[2009/09/12 10:13:01 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\wacompen.sys.mui

[2009/09/12 10:13:01 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vdrvroot.sys.mui

[2009/09/12 10:13:01 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\isapnp.sys.mui

[2009/09/12 10:13:01 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\hdaudbus.sys.mui

[2009/09/12 10:13:01 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\HdAudio.sys.mui

[2009/09/12 10:13:01 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\mssmbios.sys.mui

[2009/09/12 10:13:01 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\hidbth.sys.mui

[2009/09/12 10:13:01 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\Dot4usb.sys.mui

[2009/09/12 10:13:01 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\VIAAGP.SYS.mui

[2009/09/12 10:13:01 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ULIAGPKX.SYS.mui

[2009/09/12 10:13:01 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\SISAGP.SYS.mui

[2009/09/12 10:13:01 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\NV_AGP.SYS.mui

[2009/09/12 10:13:01 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\kbdhid.sys.mui

[2009/09/12 10:13:01 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\BTHUSB.SYS.mui

[2009/09/12 10:13:01 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\AMDAGP.SYS.mui

[2009/09/12 10:13:01 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\AGP440.sys.mui

[2009/09/12 10:13:01 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\disk.sys.mui

[2009/09/12 10:13:01 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\cdrom.sys.mui

[2009/09/12 10:13:01 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthenum.sys.mui

[2009/09/12 10:13:00 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\ohci1394.sys.mui

[2009/09/12 10:13:00 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\1394ohci.sys.mui

[2009/09/12 10:13:00 | 00,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\pt-BR\BrSerId.sys.mui

[2009/09/12 10:13:00 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\acpi.sys.mui

[2009/09/12 10:13:00 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\battc.sys.mui

[2009/09/12 10:13:00 | 00,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\pt-BR\atikmdag.sys.mui

[2009/09/12 10:13:00 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\UAGP35.SYS.mui

[2009/09/12 10:13:00 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\GAGP30KX.SYS.mui

[2009/09/12 10:13:00 | 00,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\pt-BR\BrParwdm.sys.mui

[2009/09/12 07:15:09 | 24,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe

[2009/09/12 02:17:05 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2009/09/11 23:32:36 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Local\Ahead

[2009/09/11 23:32:06 | 00,002,723 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk

[2009/09/11 23:32:06 | 00,002,623 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk

[2009/09/11 23:30:44 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Roaming\Nero

[2009/09/11 23:28:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Nero

[2009/09/11 23:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\Nero

[2009/09/11 23:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero

[2009/09/11 23:27:12 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll

[2009/09/11 23:27:12 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll

[2009/09/11 20:27:38 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Roaming\Macromedia

[2009/09/11 20:27:38 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Roaming\Adobe

[2009/09/11 18:08:28 | 00,001,117 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2009/09/11 17:39:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2009/09/11 17:39:10 | 00,179,792 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll

[2009/09/11 17:39:10 | 00,128,888 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys

[2009/09/11 17:39:10 | 00,074,328 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2009/09/11 17:39:10 | 00,029,520 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2009/09/11 17:39:08 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO

[2009/09/11 17:34:10 | 00,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2009/09/11 17:34:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2009/09/11 17:34:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2009/09/11 17:34:00 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe

[2009/09/11 17:32:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2009/09/11 17:29:57 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2009/09/11 17:29:57 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/09/11 17:29:57 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/09/11 17:29:57 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/09/11 17:29:46 | 00,000,000 | ---D | C] -- C:\Program Files\Java

[2009/09/11 17:25:39 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2009/09/11 17:25:26 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2009/09/11 17:24:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA

[2009/09/11 17:24:51 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies

[2009/09/11 17:24:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/09/11 17:24:06 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE

[2009/09/11 17:23:52 | 00,000,000 | ---D | C] -- C:\NVIDIA

[2009/09/11 17:23:14 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Roaming\Mozilla

[2009/09/11 17:23:14 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Local\Mozilla

[2009/09/11 17:23:08 | 00,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2009/09/11 17:23:04 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2009/09/11 16:56:22 | 00,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2009/09/11 16:56:17 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2009/09/11 16:56:17 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2009/09/11 16:56:17 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2009/09/11 16:56:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira

[2009/09/11 16:56:16 | 00,000,000 | ---D | C] -- C:\Program Files\Avira

[2009/09/11 16:55:10 | 00,000,000 | -HSD | C] -- C:\Windows\Installer

[2009/09/11 15:28:15 | 00,000,000 | ---D | C] -- C:\Windows\Panther

[2009/09/11 15:28:03 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2009/09/11 15:28:02 | 00,383,562 | RHS- | C] () -- C:\bootmgr

[2009/09/11 15:28:02 | 00,000,000 | -HSD | C] -- C:\Boot

[2009/09/11 11:47:16 | 00,108,824 | ---- | C] () -- C:\Users\Aion\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/09/11 10:41:07 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Roaming\Identities

[2009/09/11 10:40:58 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Local\VirtualStore

[2009/09/11 10:40:56 | 00,000,000 | --SD | C] -- C:\Users\Aion\AppData\Roaming\Microsoft

[2009/09/11 10:40:56 | 00,000,000 | -HSD | C] -- C:\Users\Aion\Documents\My Videos

[2009/09/11 10:40:56 | 00,000,000 | -HSD | C] -- C:\Users\Aion\Documents\My Pictures

[2009/09/11 10:40:56 | 00,000,000 | -HSD | C] -- C:\Users\Aion\Documents\My Music

[2009/09/11 10:40:56 | 00,000,000 | -HSD | C] -- C:\Users\Aion\AppData\Local\Temporary Internet Files

[2009/09/11 10:40:56 | 00,000,000 | -HSD | C] -- C:\Users\Aion\AppData\Local\History

[2009/09/11 10:40:56 | 00,000,000 | -HSD | C] -- C:\Users\Aion\AppData\Local\Application Data

[2009/09/11 10:40:56 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Roaming\Media Center Programs

[2009/09/11 10:40:56 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Local\Temp

[2009/09/11 10:40:56 | 00,000,000 | ---D | C] -- C:\Users\Aion\AppData\Local\Microsoft

[2009/09/11 10:40:46 | 00,000,000 | -HSD | C] -- C:\Recovery

[2009/09/11 10:32:13 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2009/09/11 10:29:52 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch

[2009/09/11 10:29:01 | 80,411,8528 | -HS- | C] () -- C:\hiberfil.sys

[2009/09/11 10:29:01 | 00,000,000 | -HSD | C] -- C:\System Volume Information

[2009/08/07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2009/07/13 23:04:23 | 00,000,478 | ---- | C] () -- C:\Windows\win.ini

[2009/07/13 23:04:23 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2009/07/13 20:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 20:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2004/05/03 09:21:44 | 00,196,608 | ---- | C] () -- C:\Windows\System32\slextspk.dll

[2004/05/03 09:19:26 | 00,049,152 | ---- | C] () -- C:\Windows\System32\coinst.dll

[2004/05/03 09:18:50 | 00,163,840 | ---- | C] () -- C:\Windows\System32\SLGen.dll

[2004/05/03 09:10:58 | 00,013,920 | ---- | C] ( ) -- C:\Windows\System32\drivers\RecAgent.sys

[2004/05/03 09:10:50 | 00,632,960 | ---- | C] ( ) -- C:\Windows\System32\drivers\slntamr.sys

[2004/05/03 09:06:08 | 00,095,768 | ---- | C] ( ) -- C:\Windows\System32\drivers\slnthal.sys

[2004/05/03 09:03:04 | 00,230,664 | ---- | C] ( ) -- C:\Windows\System32\drivers\mtlmnt5.sys

[2004/05/03 08:59:14 | 01,302,680 | ---- | C] ( ) -- C:\Windows\System32\drivers\mtlstrm.sys

[2004/05/03 08:55:38 | 00,180,640 | ---- | C] ( ) -- C:\Windows\System32\drivers\ntmtlfax.sys

[2004/05/03 08:44:54 | 00,013,288 | ---- | C] ( ) -- C:\Windows\System32\drivers\slwdmsup.sys

========== Files - Modified Within 30 Days ==========

[2009/09/19 04:21:03 | 00,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2009/09/19 04:21:03 | 00,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2009/09/18 21:18:54 | 00,001,024 | ---- | M] () -- C:\.rnd

[2009/09/18 21:18:51 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/09/18 21:18:47 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/09/18 21:18:44 | 80,411,8528 | -HS- | M] () -- C:\hiberfil.sys

[2009/09/18 20:48:03 | 03,341,741 | -H-- | M] () -- C:\Users\Aion\AppData\Local\IconCache.db

[2009/09/18 20:36:15 | 08,562,720 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat

[2009/09/18 20:26:05 | 00,108,824 | ---- | M] () -- C:\Users\Aion\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/09/18 15:32:18 | 00,410,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/09/18 15:31:24 | 00,080,240 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx

[2009/09/18 15:05:05 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini

[2009/09/18 11:13:26 | 00,722,416 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys

[2009/09/17 22:36:24 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys

[2009/09/17 22:31:57 | 00,179,792 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll

[2009/09/17 22:31:51 | 00,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys

[2009/09/17 22:31:50 | 00,128,888 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys

[2009/09/17 17:15:38 | 01,491,932 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/09/17 17:15:38 | 00,654,272 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2009/09/17 17:15:38 | 00,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/09/17 17:15:38 | 00,124,724 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2009/09/17 17:15:38 | 00,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/09/17 07:18:17 | 00,001,220 | ---- | M] () -- C:\Users\Aion\Desktop\Spybot - Search & Destroy.lnk

[2009/09/17 03:24:53 | 00,000,947 | ---- | M] () -- C:\Users\Public\Desktop\VDownloader.lnk

[2009/09/17 01:32:32 | 00,001,834 | ---- | M] () -- C:\Users\Aion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-G8C8K.lnk

[2009/09/16 22:44:14 | 02,335,270 | ---- | M] () -- C:\Windows\System32\d6bDE7F.mht

[2009/09/13 05:43:54 | 00,001,096 | ---- | M] () -- C:\Users\Aion\Desktop\EVEREST Ultimate Edition.lnk

[2009/09/13 01:13:17 | 00,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/13 01:12:06 | 00,001,062 | ---- | M] () -- C:\Users\Aion\Documents\cc_20090913_011150.reg

[2009/09/13 01:10:16 | 00,001,835 | ---- | M] () -- C:\Users\Aion\Desktop\CCleaner.lnk

[2009/09/13 01:00:23 | 00,001,266 | ---- | M] () -- C:\Users\Public\Desktop\MV RegClean 5.9.lnk

[2009/09/12 10:18:25 | 00,323,154 | ---- | M] () -- C:\Windows\System32\prfi0416.dat

[2009/09/12 10:18:25 | 00,038,536 | ---- | M] () -- C:\Windows\System32\prfd0416.dat

[2009/09/12 02:17:05 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2009/09/11 23:32:06 | 00,002,723 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk

[2009/09/11 23:32:06 | 00,002,623 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk

[2009/09/11 18:08:28 | 00,001,117 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk

[2009/09/11 17:34:10 | 00,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2009/09/11 17:29:49 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/09/11 17:29:49 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/09/11 17:29:49 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/09/11 17:29:48 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll

[2009/09/11 17:23:08 | 00,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2009/09/11 16:56:22 | 00,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2009/09/11 15:28:03 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009/09/11 10:32:22 | 00,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf

[2009/09/08 09:37:46 | 72,851,8656 | ---- | M] () -- C:\Users\Aion\Desktop\[PC-DVD] Trine.iso

[2009/09/07 13:32:18 | 20,567,922 | ---- | M] () -- C:\Users\Aion\Desktop\video.flv

[2009/08/29 16:56:15 | 01,931,314 | ---- | M] () -- C:\Users\Aion\Desktop\d3dx9_41.zip

[2009/08/28 14:38:22 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe

========== LOP Check ==========

[2009/09/18 11:12:50 | 00,000,000 | ---D | M] -- C:\Users\Aion\AppData\Roaming

[2009/09/18 11:12:50 | 00,000,000 | ---D | M] -- C:\Users\Aion\AppData\Roaming\DAEMON Tools Pro

[2009/07/14 04:48:45 | 00,000,000 | ---D | M] -- C:\Users\Aion\AppData\Roaming\Media Center Programs

[2009/09/17 22:16:06 | 00,000,000 | ---D | M] -- C:\Users\Aion\AppData\Roaming\Wireshark

[2009/09/18 21:18:51 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT

[2009/07/14 01:53:46 | 00,010,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link para o comentário
Compartilhar em outros sites

OTL Extras logfile created on: 19/09/2009 04:19:21 - Run 1

OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Gatts\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1022,49 Mb Total Physical Memory | 496,43 Mb Available Physical Memory | 48,55% Memory free

2,00 Gb Paging File | 0,82 Gb Available in Paging File | 40,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 38,77 Gb Total Space | 13,68 Gb Free Space | 35,30% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 35,50 Gb Total Space | 2,90 Gb Free Space | 8,18% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: AION-PC

Current User Name: Aion

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" File not found

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C5F1B30-B10B-4579-86DD-D00F662E1046}" = Nero 8

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{89585A69-B825-472F-A6EC-6BD0A96EDAC8}" = Nessus

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{AC76BA86-7AD7-1046-7B44-A91000000001}" = Adobe Reader 9.1 - Português

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.1

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"7-Zip" = 7-Zip 4.62

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner (remove only)

"COMODO Internet Security" = COMODO Internet Security

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.5

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)

"MV RegClean 5.9_is1" = MV RegClean 5.9

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 16/09/2009 15:58:33 | Computer Name = Aion-PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: avnotify.exe, versão: 9.0.10.0, carimbo

de hora: 0x4a5dff54 Nome do módulo de falhas: mfc90u.dll, versão: 9.0.30729.1, carimbo

de hora: 0x488f1605 Código de exceção: 0xc0000005 Deslocamento com falha: 0x000d8b3e

Identificação

do processo com falha: 0x93c Hora de início do aplicativo com falha: 0x01ca3708111d5a3c

Caminho

do aplicativo com falha: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe FCaminho

do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll

Identificação

do Relatório: 4fd09b33-a2fb-11de-bb97-00d4ab5f3d8a

Error - 16/09/2009 23:41:28 | Computer Name = Aion-PC | Source = Microsoft-Windows-CAPI2 | ID = 512

Description = Falha dos Serviços de Criptografia ao inicializar o objeto de backup

VSS "Gravador do Sistema". Details: Could not query the status of the EventSystem

service. System Error: A system shutdown is in progress. .

Error - 17/09/2009 04:57:47 | Computer Name = Aion-PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: avirarkd.exe, versão: 1.1.0.1, carimbo

de hora: 0x49edba0d Nome do módulo de falhas: MSVCR90.dll, versão: 9.0.30729.4926,

carimbo de hora: 0x4a1743c1 Código de exceção: 0x40000015 Deslocamento com falha:

0x0005bb47 Identificação do processo com falha: 0x6e8 Hora de início do aplicativo

com falha: 0x01ca3774e87fc607 Caminho do aplicativo com falha: C:\Users\Gatts\Downloads\antivir_rootkit\avirarkd.exe

FCaminho

do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll

Identificação

do Relatório: 2af2f5ca-a368-11de-af4e-00d4ab5f3d8a

Error - 17/09/2009 04:58:29 | Computer Name = Aion-PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: avirarkd.exe, versão: 1.1.0.1, carimbo

de hora: 0x49edba0d Nome do módulo de falhas: MSVCR90.dll, versão: 9.0.30729.4926,

carimbo de hora: 0x4a1743c1 Código de exceção: 0x40000015 Deslocamento com falha:

0x0005bb47 Identificação do processo com falha: 0x6ac Hora de início do aplicativo

com falha: 0x01ca377502c77fb2 Caminho do aplicativo com falha: C:\Users\Gatts\Downloads\antivir_rootkit\avirarkd.exe

FCaminho

do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll

Identificação

do Relatório: 440f2c0b-a368-11de-af4e-00d4ab5f3d8a

Error - 17/09/2009 10:00:55 | Computer Name = Aion-PC | Source = EventSystem | ID = 4621

Description =

Error - 17/09/2009 15:58:27 | Computer Name = Aion-PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: avnotify.exe, versão: 9.0.10.0, carimbo

de hora: 0x4a5dff54 Nome do módulo de falhas: mfc90u.dll, versão: 9.0.30729.1, carimbo

de hora: 0x488f1605 Código de exceção: 0xc0000005 Deslocamento com falha: 0x000d8b3e

Identificação

do processo com falha: 0xdcc Hora de início do aplicativo com falha: 0x01ca37d138206d79

Caminho

do aplicativo com falha: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe FCaminho

do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll

Identificação

do Relatório: 769bf378-a3c4-11de-b14b-00d4ab5f3d8a

Error - 17/09/2009 21:15:51 | Computer Name = Aion-PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: dumpcap.exe, versão: 1.2.1.29141, carimbo

de hora: 0x4a63a891 Nome do módulo de falhas: libglib-2.0-0.dll, versão: 2.20.3.0,

carimbo de hora: 0x4a23951f Código de exceção: 0x40000015 Deslocamento com falha:

0x00048416 Identificação do processo com falha: 0x478 Hora de início do aplicativo

com falha: 0x01ca37fd8cb6667e Caminho do aplicativo com falha: C:\Program Files\Wireshark\dumpcap.exe

FCaminho

do módulo de falhas: C:\Program Files\Wireshark\libglib-2.0-0.dll Identificação

do Relatório: cd94b8ee-a3f0-11de-b267-00d4ab5f3d8a

Error - 18/09/2009 09:36:19 | Computer Name = Aion-PC | Source = VSS | ID = 8194

Description =

Error - 18/09/2009 09:52:23 | Computer Name = Aion-PC | Source = Windows Search Service | ID = 3007

Description =

Error - 18/09/2009 15:57:32 | Computer Name = Aion-PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: avnotify.exe, versão: 9.0.10.0, carimbo

de hora: 0x4a5dff54 Nome do módulo de falhas: mfc90u.dll, versão: 9.0.30729.1, carimbo

de hora: 0x488f1605 Código de exceção: 0xc0000005 Deslocamento com falha: 0x000d8b3e

Identificação

do processo com falha: 0xb2c Hora de início do aplicativo com falha: 0x01ca389a412777b6

Caminho

do aplicativo com falha: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe FCaminho

do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll

Identificação

do Relatório: 800c0b52-a48d-11de-90ee-00d4ab5f3d8a

[ System Events ]

Error - 18/09/2009 19:06:10 | Computer Name = Aion-PC | Source = cdrom | ID = 262151

Description = O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Error - 18/09/2009 19:06:11 | Computer Name = Aion-PC | Source = cdrom | ID = 262151

Description = O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Error - 18/09/2009 19:06:12 | Computer Name = Aion-PC | Source = cdrom | ID = 262151

Description = O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Error - 18/09/2009 19:06:13 | Computer Name = Aion-PC | Source = cdrom | ID = 262151

Description = O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Error - 18/09/2009 19:06:14 | Computer Name = Aion-PC | Source = cdrom | ID = 262151

Description = O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Error - 18/09/2009 19:06:15 | Computer Name = Aion-PC | Source = cdrom | ID = 262151

Description = O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Error - 18/09/2009 19:06:16 | Computer Name = Aion-PC | Source = cdrom | ID = 262151

Description = O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Error - 18/09/2009 19:21:03 | Computer Name = Aion-PC | Source = cdrom | ID = 262151

Description = O dispositivo, \Device\CdRom0, possui um bloco defeituoso.

Error - 18/09/2009 19:38:03 | Computer Name = Aion-PC | Source = EventLog | ID = 6008

Description = O desligamento anterior do sistema em 20:37:10 às ?18/?09/?2009 não

era esperado.

Error - 18/09/2009 20:18:49 | Computer Name = Aion-PC | Source = EventLog | ID = 6008

Description = O desligamento anterior do sistema em 21:17:54 às ?18/?09/?2009 não

era esperado.

< End of report >

Abraços!

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

Caro Freak

Amigo seu problema não está relacinoado com malwares :)

<<@>> Instale o CCleaner

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador.

Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...