Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Always Disconnecting (DNS Issues)


  • This topic is locked This topic is locked
17 replies to this topic

#1 Picollo30

Picollo30

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 24 November 2012 - 04:40 PM

Hi guys i'm having problems with constant cuts in my internet connection, it's giving me dns problems and i've tried my isp and also google and open dns and the problem persists, i want to rule out any malware problem that may exist.

Also Chrome and IE (32 bit) are always crashing as soon as i open them.

Hope you guys can help me out.

I'm on a box with Windows 7 x64 Ultimate Edition, 16 GB RAM, main browser is FF, Windows 7 Firewall and Avast Internet Security 7.0.1474 (although i cant install the firewall module, gives an error. tried many antivirus and firewall uninstallers and nothing works).

I was promptly helped by InadequateInfirmity in this thread: http://www.bleepingcomputer.com/forums/topic476166.html/page__gopid__2904311#entry2904311, but he thinks i need more advanced tools for the infections on my machine, so here i am.

Here's my DDS log


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_35
Run by Paulo Monteiro at 21:33:35 on 2012-11-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.2070.18.16365.12750 [GMT 0:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Programas (x64)\USB Safely Remove\USBSRService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe
C:\Programas (x64)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Programas (x64)\Cacheman\CachemanServ.exe
C:\Programas (x64)\cFosSpeed\spd.exe
C:\Programas (x64)\CPUCooL\CooLSrv.exe
C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Programas (x64)\DU Meter\DUMeterSvc.exe
C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Microsoft SDKs\Kinect\v1.0 Beta2\Service\KinectManagementService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\system32\locator.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PRF5CF~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Programas (x64)\cFosSpeed\cfosspeed.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Programas (x64)\Startup Faster\sfAgent.exe
C:\Programas (x64)\CleanMem\Mini_Monitor.exe
C:\Programas (x64)\TClock\x64\Clock.exe
C:\Programas (x64)\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\PRF5CF~1\DUMETE~1\DUMeter.exe
C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
C:\Programas (x64)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\explorer.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Programas (x64)\uTorrent\uTorrent.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Programas (x64)\Mozilla Firefox\firefox.exe
C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\Programas (x64)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SuperAdBlockerBHO Class: {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
BHO: SuperAdBlockerBHO SearchAdBlocker Class: {00000000-6C30-11D8-9363-000AE6309656} - C:\Program Files (x86)\SuperAdBlocker.com\Sponsored Ad Blocker\SCHBHO.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programas (x64)\Internet Download Manager\IDMIECC.dll
BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Programas (x64)\Shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programas (x64)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Programa Auxiliar de Início de Sessão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Programas (x64)\WinZip Courier\wzwmcie.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashFXP - Link helper plugin for Internet Explorer: {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programas (x64)\FlashFXP 4\IEFlash.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Super Ad Blocker Toolbar: {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
TB: Super Ad Blocker Toolbar: {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
TB: &Linkman: {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\Programas (x64)\Linkman\LinkmanCom.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programas (x64)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
mRun: [StartupFaster] "C:\Programas (x64)\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
StartupFolder: C:\Users\PAULOM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\StartupFaster\Mozilla Firefox Prestart.lnk - C:\Programas (x64)\Mozilla Firefox\firefox.exe
StartupFolder: C:\Users\Paulo Monteiro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartupFaster\StartupFaster.ini
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartupFaster\StartupFaster.ini
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoSMBalloonTip = dword:0
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: CopyFileBufferedSynchronousIo = dword:1
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Programas (x64)\SpeedBit Video Accelerator\SBLSP.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0BAE2E84-C926-4210-B596-30B2C439760A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{287CDFC4-6CBB-4648-BAAF-0774CC9AA33A} : NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{36DB0DC4-59D0-4B12-BCA2-81AD270D55D8} : NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{6634494F-3076-4158-A2E6-C4C9A5775A09} : NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{8A3F2BFF-9A19-4DA9-BAC3-F646EA4C31B9} : NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{929A3452-69E5-41CF-AB94-0302F349634C} : DHCPNameServer = 212.18.160.133 212.18.160.134
TCP: Interfaces\{9BBEE7C7-75AB-4C79-8AB4-E6D890903144} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{A7904D77-0B18-4657-A1C5-D1968CA01E9B} : DHCPNameServer = 212.18.160.133 212.18.160.134
TCP: Interfaces\{C4522236-271C-4C98-B220-5D71A192DC98} : DHCPNameServer = 212.18.160.133 212.18.160.134
TCP: Interfaces\{D56EF9F8-5E6C-4FA6-84F7-7BB21045C205} : DHCPNameServer = 212.18.160.133 212.18.160.134
TCP: Interfaces\{F1D993F3-A9E8-440F-86AE-DED94CF76F7C} : NameServer = 212.118.241.1,4.2.2.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SABWinLogon - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
AppInit_DLLs= CLKERN.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programas (x64)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Programas (x64)\Shareaza\RazaWebHook64.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [cFosSpeed] C:\Programas (x64)\cFosSpeed\cFosSpeed.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: IconPackager Repair - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\
FF - prefs.js: browser.search.defaulturl -
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Programas (x64)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Programas (x64)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Programas (x64)\Veetle\Player\npvlc.dll
FF - plugin: C:\Programas (x64)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Programas (x64)\VideoLAN\VLC\npvlc.dll
FF - plugin: C:\ProgramData\FXWebPlayer\npfxplanet.dll
FF - plugin: C:\Users\Paulo Monteiro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Paulo Monteiro\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - ExtSQL: 2012-11-04 13:50; translator@zoli.bod; C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\translator@zoli.bod.xpi
FF - ExtSQL: 2012-11-06 20:59; {9AA46F4F-4DC7-4c06-97AF-6665170634FE}; C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
FF - ExtSQL: 2012-11-11 17:49; firefox@ghostery.com; C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-11-11 19:54; clipconverter@clipconverter.cc; C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\clipconverter@clipconverter.cc.xpi
FF - ExtSQL: 2012-11-11 19:54; info@youtube-mp3.org; C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\info@youtube-mp3.org.xpi
FF - ExtSQL: 2012-11-11 19:59; 54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org; C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi
FF - ExtSQL: 2012-11-19 04:59; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2011-12-19 10:33; {3112ca9c-de6d-4884-a869-9855de68056c}; C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-8-27 14592]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2011-8-30 133728]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2012-7-21 426616]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2012-7-21 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2012-7-21 1096176]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2011-12-21 211040]
R0 vidsflt58;Acronis Disk Storage Filter (58);C:\Windows\System32\drivers\vsflt58.sys [2011-8-30 142944]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-2-26 23208]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-2-26 41728]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2012-2-26 14720]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-11-19 21136]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-11-19 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-11-19 370288]
R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2011-8-27 16384]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Programas (x64)\HWiNFO64\HWiNFO64A.SYS [2012-2-27 30592]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2012-7-21 341168]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2012-7-21 251528]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-2 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-8-27 586880]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-11-19 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-11-19 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-19 44808]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Programas (x64)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-7-21 575416]
R2 CachemanService;Cacheman Service;C:\Programas (x64)\Cacheman\CachemanServ.exe [2012-1-4 236896]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-8-31 21992]
R2 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-28 79360]
R2 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-28 79360]
R2 DUMeterSvc;DU Meter Service;C:\Programas (x64)\DU Meter\DUMeterSvc.exe [2012-7-7 1110480]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2012-10-22 81920]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-15 527728]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-15 389488]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-2-28 149640]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2010-9-15 34304]
R2 KinectManagement;Kinect Management;C:\Program Files\Microsoft SDKs\Kinect\v1.0 Beta2\Service\KinectManagementService.exe [2011-9-24 131584]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-3-10 113456]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-8-28 32544]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Programas (x64)\USB Safely Remove\USBSRService.exe [2012-2-27 1107288]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PRF5CF~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PRF5CF~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-1-18 11839488]
R2 XTUService;Intel® Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2010-12-8 122856]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2010-12-8 369640]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
R3 ctgame;Game Port;C:\Windows\System32\drivers\ctgame.sys [2011-9-2 26264]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;C:\Programas (x64)\DU Meter\DUMetr64.sys [2012-7-7 20856]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2012-10-22 2723840]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
R3 MaplomL;MaplomL;C:\Windows\System32\drivers\maploml.sys [2012-3-4 59512]
R3 MsgPlusDriver;Messenger Plus! Virtual Camera;C:\Windows\System32\drivers\MsgPlusDriver.sys [2012-7-29 102160]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2012-7-21 85192]
R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;C:\Windows\System32\drivers\PPJoyBus64.sys [2010-2-20 20024]
R3 PPortJoystick;Parallel Port Joystick Device Driver;C:\Windows\System32\drivers\PPortJoy64.sys [2010-2-20 39992]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-28 539240]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-15 40712]
R3 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);C:\Windows\System32\drivers\tcpz-x64d.sys [2009-2-5 15208]
S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2011-7-5 352816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Passwdrenew;Passwdrenew;System32\rnpasswd.exe --> System32\rnpasswd.exe [?]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S2 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-27 1255736]
S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-2-26 63880]
S3 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-2-26 3025112]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-12-21 367200]
S3 afcdpsrv;Serviço de Acronis Nonstop Backup;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-21 3450832]
S3 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2011-9-5 263480]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408]
S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2012-11-1 2438696]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-3-7 44624]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EBOOSTRSVC;eBoostr Service;C:\Programas (x64)\eBoostr\EBstrSvc.exe [2010-4-15 811136]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-8-28 130976]
S3 GJService;Game Jackal Server;C:\Programas (x64)\SlySoft\Game Jackal v4\Server.exe [2012-3-4 3547648]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\Windows\System32\drivers\hitmanpro36.sys [2011-12-26 25160]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-1-15 25928]
S3 MBAMScheduler;MBAMScheduler;C:\Programas (x64)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-30 399432]
S3 MBAMService;MBAMService;C:\Programas (x64)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-30 676936]
S3 namehelp;namehelp;C:\Programas (x64)\Aqualab\namehelp\nssm.exe [2012-10-8 156672]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S3 NisSrv;Inspeção de Rede da Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2012-1-9 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2012-7-21 92896]
S3 perfexpose;perfexpose;C:\Programas (x64)\CodeFromThe70s.org\Perfgraph\perfexpose.exe [2008-11-8 199336]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-30 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2011-8-27 31800]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-8-28 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-8-28 29472]
S3 SBSDWSCService;SBSD Security Center Service;C:\Programas (x64)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-3 1153368]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Programas (x64)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-7-21 402336]
S3 sdCoreService;PC Tools Security Service;C:\Programas (x64)\PC Tools\PC Tools Security\pctsSvc.exe [2012-7-21 1118648]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-2-24 1294904]
S3 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-2-24 656440]
S3 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5890144]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-7-15 88960]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-19 30720]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-8-28 48416]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-10-30 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-30 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-30 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 vpcuxd;Serviço Stub de Virtualização de USB;C:\Windows\System32\drivers\vpcuxd.sys [2011-8-29 16384]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: GetDiz.TextFile=C:\Programas (x64)\GetDiz\GetDiz.exe "%1"
FileExt: .ini: GetDiz.IniFile=C:\Programas (x64)\GetDiz\GetDiz.exe "%1"
.
=============== Created Last 30 ================
.
2012-11-24 18:15:00 -------- d-----w- C:\UTorrent
2012-11-23 17:12:14 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-23 15:33:29 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{506F5271-DC16-4192-9A7F-01168727021A}\mpengine.dll
2012-11-23 14:34:40 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5891454C-FA13-4E4E-B90A-3D15DB96BA83}\mpengine.dll
2012-11-22 17:53:37 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Local\ElevatedDiagnostics
2012-11-22 14:20:12 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-21 14:46:33 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Local\Programs
2012-11-19 04:58:31 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-11-19 04:58:29 21136 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-11-19 04:58:27 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-11-19 04:58:26 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-11-19 04:58:01 41224 ----a-w- C:\Windows\avastSS.scr
2012-11-19 04:57:50 -------- d-----w- C:\ProgramData\AVAST Software
2012-11-19 04:57:50 -------- d-----w- C:\Program Files\AVAST Software
2012-11-19 00:34:44 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF0F3149-9CA2-4A0C-8E41-19274F573EDE}\gapaengine.dll
2012-11-19 00:33:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-11-19 00:17:50 22318 ----a-w- C:\FixitRegBackup.reg
2012-11-18 22:42:34 398 ----a-w- C:\Users\Paulo Monteiro\paulo18-11-2012.reg
2012-11-18 00:27:21 -------- d-----w- C:\SMCLpav
2012-11-17 20:13:30 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-11-17 19:20:59 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Local\Norman Malware Cleaner
2012-11-17 02:32:56 -------- d-----w- C:\WINSSLog
2012-11-17 02:17:46 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Local\Avg2013
2012-11-16 03:52:19 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Local\WindowsUpdate
2012-11-15 01:42:06 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 01:42:06 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 01:42:04 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 01:42:04 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 01:42:02 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 01:42:02 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 01:42:02 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 01:38:20 40712 ----a-w- C:\Windows\System32\drivers\taphss6.sys
2012-11-15 01:33:20 42248 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2012-11-08 13:50:07 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-11-08 13:49:59 517960 ----a-w- C:\Windows\System32\XAudio2_5.dll
2012-11-08 13:49:58 238936 ----a-w- C:\Windows\SysWow64\xactengine3_5.dll
2012-11-08 13:49:58 176968 ----a-w- C:\Windows\System32\xactengine3_5.dll
2012-11-08 13:49:57 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll
2012-11-08 13:49:57 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-11-08 13:49:56 5554512 ----a-w- C:\Windows\System32\d3dcsx_42.dll
2012-11-08 13:49:56 5501792 ----a-w- C:\Windows\SysWow64\d3dcsx_42.dll
2012-11-08 13:49:56 285024 ----a-w- C:\Windows\System32\d3dx11_42.dll
2012-11-08 13:49:54 73544 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
2012-11-08 13:47:59 83736 ----a-w- C:\Windows\System32\xinput1_2.dll
2012-11-08 13:37:30 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Roaming\Origin
2012-11-08 13:37:29 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Local\Origin
2012-11-08 13:37:29 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-11-08 13:36:52 -------- d-----w- C:\ProgramData\Origin
2012-11-08 13:36:51 -------- d-----w- C:\ProgramData\Electronic Arts
2012-11-08 12:28:01 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-08 12:07:46 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Roaming\QuickScan
2012-11-07 16:54:19 -------- d-----w- C:\ProgramData\StartupSoundChanger
2012-11-07 13:54:37 -------- d-----w- C:\Program Files\TAP-Windows
2012-11-07 00:21:14 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Local\{34D17511-1B39-4A28-8755-FAFC914E82D5}
2012-11-05 16:39:03 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Local\{A42E5EC2-9D44-46A7-964C-8298D7959DF3}
2012-11-01 12:45:33 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Roaming\S.A.D
2012-11-01 12:20:55 -------- d-----w- C:\Program Files\CyberGhost VPN
2012-10-30 23:41:38 -------- d-----w- C:\ProgramData\Autorun Eater
2012-10-30 23:33:36 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Roaming\KillProcess
2012-10-30 09:17:49 -------- d-----w- C:\920ad8abf500d667000fd1
2012-10-30 00:53:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-28 19:55:31 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Local\{99A60530-0BDA-44CB-A6FA-2841E6D5D0DB}
2012-10-26 15:03:18 -------- d-----w- C:\Users\Paulo Monteiro\AppData\Local\{BF9DA473-69D7-4C19-A568-DABDDD3F922C}
.
==================== Find3M ====================
.
2012-10-18 18:14:46 3151872 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:29:44 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:29:44 318976 ----a-w- C:\Windows\System32\dhcpcore.dll
2012-10-09 18:29:44 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:29:32 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:29:32 257024 ----a-w- C:\Windows\SysWow64\dhcpcore.dll
2012-10-09 17:29:32 195072 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:44:29 1902472 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:26 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-10-03 17:44:18 288648 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-10-03 17:32:48 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:32:48 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:32:44 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:32:44 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:32:43 222208 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:31:09 570368 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:29:27 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-10-03 16:29:25 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:29:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:29:24 160768 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 19:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-12 16:40:22 28672 ----a-w- C:\Windows\SysWow64\NSREG.DLL
2012-08-31 17:57:17 1687408 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 22:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 22:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:02:58 5562736 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:06:08 3972464 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:06:07 3917168 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-08 07:18:26 4611856 ----a-w- C:\Program Files (x86)\cfosspeed-v800.exe
2011-06-09 16:39:58 224256 ----a-w- C:\Program Files (x86)\wget.exe
.
============= FINISH: 21:34:57.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 26 November 2012 - 10:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#3 Picollo30

Picollo30
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 26 November 2012 - 01:00 PM

hi nasdaq first of all thanks for replying and helping me out

here's the logs you asked for:

Combofix Log


ComboFix 12-11-26.02 - Paulo Monteiro 26-11-2012 17:14:15.7.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.2070.18.16365.13854 [GMT 0:00]
Executando de: c:\users\Paulo Monteiro\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Paulo Monteiro\Desktop\Setup.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\NSREG.DLL
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\msvcr71.dll
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-10-26 to 2012-11-26 ))))))))))))))))))))))))))))
.
.
2012-11-26 17:26 . 2012-11-26 17:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-26 17:26 . 2012-11-26 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-26 17:26 . 2012-11-26 17:26 -------- d-----w- c:\users\Convidado\AppData\Local\temp
2012-11-26 17:26 . 2012-11-26 17:26 -------- d-----w- c:\users\Administrador\AppData\Local\temp
2012-11-26 14:27 . 2012-11-08 09:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3A4BF35-6022-4779-BF2E-439D46A75A8B}\mpengine.dll
2012-11-25 14:27 . 2012-11-08 09:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-23 17:12 . 2012-11-23 17:12 -------- d-----w- c:\program files (x86)\ESET
2012-11-23 15:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{506F5271-DC16-4192-9A7F-01168727021A}\mpengine.dll
2012-11-21 14:46 . 2012-11-21 14:46 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Programs
2012-11-19 04:58 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-19 04:58 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-19 04:58 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-19 04:58 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-19 04:58 . 2012-10-30 22:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-11-19 04:58 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-19 04:58 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-19 04:58 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-19 04:58 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-19 04:58 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-11-19 04:57 . 2012-11-19 04:57 -------- d-----w- c:\programdata\AVAST Software
2012-11-19 04:57 . 2012-11-19 04:57 -------- d-----w- c:\program files\AVAST Software
2012-11-19 00:57 . 2012-11-19 00:57 -------- d-----w- c:\users\Administrador\AppData\Local\VS Revo Group
2012-11-19 00:34 . 2012-11-19 00:34 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF0F3149-9CA2-4A0C-8E41-19274F573EDE}\gapaengine.dll
2012-11-19 00:33 . 2012-11-19 00:33 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-19 00:17 . 2012-11-19 00:17 22318 ----a-w- C:\FixitRegBackup.reg
2012-11-18 22:42 . 2012-11-18 22:42 398 ----a-w- c:\users\Paulo Monteiro\paulo18-11-2012.reg
2012-11-18 00:27 . 2012-11-18 00:29 -------- d-----w- C:\SMCLpav
2012-11-17 20:13 . 2012-11-17 20:13 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-11-17 19:20 . 2012-11-17 19:20 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Norman Malware Cleaner
2012-11-17 02:32 . 2012-11-17 02:33 -------- d-----w- C:\WINSSLog
2012-11-17 02:17 . 2012-11-17 02:17 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Avg2013
2012-11-16 03:52 . 2012-11-16 03:52 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\WindowsUpdate
2012-11-15 01:51 . 2012-10-08 11:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-15 01:50 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-15 01:50 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-15 01:42 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 01:42 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 01:42 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 01:42 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 01:42 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 01:42 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 01:42 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 01:38 . 2012-11-15 01:38 40712 ----a-w- c:\windows\system32\drivers\taphss6.sys
2012-11-15 01:33 . 2012-11-15 01:33 42248 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2012-11-08 13:50 . 2012-11-08 13:50 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-11-08 13:49 . 2009-09-04 17:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-11-08 13:49 . 2009-09-04 17:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2012-11-08 13:49 . 2009-09-04 17:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-11-08 13:49 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\SysWow64\d3dcsx_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 5554512 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-11-08 13:49 . 2009-09-04 17:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-11-08 13:47 . 2006-07-28 09:31 83736 ----a-w- c:\windows\system32\xinput1_2.dll
2012-11-08 13:37 . 2012-11-08 13:39 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\Origin
2012-11-08 13:37 . 2012-11-08 13:40 -------- d-----w- c:\program files (x86)\Origin Games
2012-11-08 13:37 . 2012-11-08 13:37 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Origin
2012-11-08 13:36 . 2012-11-08 13:50 -------- d-----w- c:\programdata\Origin
2012-11-08 13:36 . 2012-11-08 13:50 -------- d-----w- c:\programdata\Electronic Arts
2012-11-08 12:28 . 2012-11-08 12:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-08 12:07 . 2012-11-08 12:07 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\QuickScan
2012-11-07 16:54 . 2012-11-07 16:54 -------- d-----w- c:\programdata\StartupSoundChanger
2012-11-07 13:54 . 2012-11-07 13:55 -------- d-----w- c:\program files\TAP-Windows
2012-11-01 12:45 . 2012-11-01 12:45 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\S.A.D
2012-11-01 12:20 . 2012-11-01 12:36 -------- d-----w- c:\program files\CyberGhost VPN
2012-10-30 23:41 . 2012-10-30 23:41 -------- d-----w- c:\programdata\Autorun Eater
2012-10-30 23:33 . 2012-10-30 23:33 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\KillProcess
2012-10-30 09:17 . 2012-10-30 09:18 -------- d-----w- C:\920ad8abf500d667000fd1
2012-10-30 00:53 . 2012-10-30 00:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 01:43 . 2011-08-29 13:22 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-09-29 19:54 . 2012-01-15 04:57 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 12:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-02 01:13 . 2012-09-02 01:13 191472 ----a-w- c:\windows\system32\javaws.exe
2012-09-02 01:13 . 2012-03-10 15:11 172528 ----a-w- c:\windows\system32\javaw.exe
2012-09-02 01:13 . 2012-03-10 15:11 172528 ----a-w- c:\windows\system32\java.exe
2012-08-31 17:57 . 2012-10-10 12:45 1687408 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 22:03 . 2012-08-30 22:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 22:03 . 2012-08-30 22:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:02 . 2012-10-10 12:45 5562736 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:06 . 2012-10-10 12:45 3972464 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:06 . 2012-10-10 12:45 3917168 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-08 07:18 . 2012-05-08 07:18 4611856 ----a-w- c:\program files (x86)\cfosspeed-v800.exe
2011-06-09 16:39 . 2011-06-09 16:39 224256 ----a-w- c:\program files (x86)\wget.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartupFaster"="c:\programas (x64)\Startup Faster\startuploader.exe" [2012-01-05 1819920]
.
c:\users\Paulo Monteiro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartupFaster
Mozilla Firefox Prestart.lnk - c:\programas (x64)\Mozilla Firefox\firefox.exe [2012-3-4 917984]
StartupFaster.ini [2012-11-19 372]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StartupFaster
StartupFaster.ini [2012-7-6 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
2007-08-01 09:28 176128 ----a-w- c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *autocheck autocheck æautocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R0 uhlparps;uhlparps;c:\windows\system32\drivers\pzqprgio.sys [x]
R0 vymc;vymc;c:\windows\system32\drivers\sgdinm.sys [x]
R1 ntiomin;ntiomin; [x]
R1 SABDIFSV;SABDIFSV; [x]
R1 SABKUTIL;SABKUTIL; [x]
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-07-05 352816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Passwdrenew;Passwdrenew;c:\windows\system32\rnpasswd.exe [2011-11-19 95232]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\prf5cf~1\SPEEDB~1\VideoAcceleratorService.exe [2012-04-05 265928]
R2 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-27 1255736]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-12-21 367200]
R3 afcdpsrv;Serviço de Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-21 3450832]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]
R3 BlackBox;BlackBox SR2; [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 cpuz134;cpuz134; [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [x]
R3 EBOOSTRSVC;eBoostr Service;c:\programas (x64)\eBoostr\EBstrSvc.exe [2010-04-20 811136]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 GJService;Game Jackal Server;c:\programas (x64)\SlySoft\Game Jackal v4\Server.exe [2011-09-06 3547648]
R3 gwiopm;gwiopm; [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2011-12-26 25160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 namehelp;namehelp;c:\programas (x64)\Aqualab\namehelp\nssm.exe [2012-10-08 156672]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 perfexpose;perfexpose;c:\programas (x64)\CodeFromThe70s.org\Perfgraph\perfexpose.exe [2008-11-08 199336]
R3 PROCEXP151;PROCEXP151; [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-02-24 1294904]
R3 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-02-24 656440]
R3 slicedisk.sys;slicedisk.sys; [x]
R3 SliceDisk5;SliceDisk5; [x]
R3 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5890144]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-07-15 88960]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 Tcpz-x64;Tcpz-x64; [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;Serviço Stub de Virtualização de USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-10-30 140672]
R4 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2service.exe [2012-02-26 3025112]
R4 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2011-08-18 263480]
R4 Browser Defender Update Service;Browser Defender Update Service;c:\programas (x64)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
R4 MBAMScheduler;MBAMScheduler;c:\programas (x64)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R4 MBAMService;MBAMService;c:\programas (x64)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-05-11 92896]
R4 SBSDWSCService;SBSD Security Center Service;c:\programas (x64)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 sdAuxService;PC Tools Auxiliary Service;c:\programas (x64)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-20 14592]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2011-12-21 133728]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2011-12-21 211040]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [2011-08-30 142944]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-11-02 41728]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-08-27 16384]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\programas (x64)\HWiNFO64\HWiNFO64A.SYS [2012-02-07 30592]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]
S2 CachemanService;Cacheman Service;c:\programas (x64)\Cacheman\CachemanServ.exe [2012-01-04 236896]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-28 79360]
S2 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-28 79360]
S2 DUMeterSvc;DU Meter Service;c:\programas (x64)\DU Meter\DUMeterSvc.exe [2012-02-16 1110480]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2008-06-13 81920]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-15 527728]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-15 389488]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]
S2 KinectManagement;Kinect Management;c:\program files\Microsoft SDKs\Kinect\v1.0 Beta2\Service\KinectManagementService.exe [2011-09-24 131584]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-10-27 113456]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\programas (x64)\USB Safely Remove\USBSRService.exe [2012-01-31 1107288]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-01-18 11839488]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-08 122856]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-08 369640]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2007-06-25 26264]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\programas (x64)\DU Meter\DUMETR64.SYS [2012-02-16 20856]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2008-06-13 2723840]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 MaplomL;MaplomL; [x]
S3 MsgPlusDriver;Messenger Plus! Virtual Camera;c:\windows\system32\DRIVERS\MsgPlusDriver.sys [2012-07-23 102160]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-09-01 82816]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-05-08 85192]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2010-02-20 20024]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2010-02-20 39992]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-15 40712]
S3 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\DRIVERS\tcpz-x64d.sys [2009-02-05 15208]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]
S4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-05-11 341168]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*Deregistered* - PCTSDInjDriver64
*Deregistered* - PROCEXP152
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-11-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-08-27 23:18]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 23:46]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 23:46]
.
2012-07-06 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\programas (x64)\Spybot - Search & Destroy\SDUpdate.exe [2011-09-03 14:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\programas (x64)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="c:\programas (x64)\cFosSpeed\cFosSpeed.exe" [2012-05-07 1536384]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.pt/
mLocal Page = c:\windows\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\programas (x64)\SpeedBit Video Accelerator\SBLSP.dll
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: warez-bb.org\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{287CDFC4-6CBB-4648-BAAF-0774CC9AA33A}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{36DB0DC4-59D0-4B12-BCA2-81AD270D55D8}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{6634494F-3076-4158-A2E6-C4C9A5775A09}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{8A3F2BFF-9A19-4DA9-BAC3-F646EA4C31B9}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{F1D993F3-A9E8-440F-86AE-DED94CF76F7C}: NameServer = 212.118.241.1,4.2.2.5
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\
FF - prefs.js: browser.search.defaulturl -
FF - ExtSQL: 2012-11-04 13:50; translator@zoli.bod; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\translator@zoli.bod.xpi
FF - ExtSQL: 2012-11-06 20:59; {9AA46F4F-4DC7-4c06-97AF-6665170634FE}; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
FF - ExtSQL: 2012-11-11 17:49; firefox@ghostery.com; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-11-11 19:54; clipconverter@clipconverter.cc; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\clipconverter@clipconverter.cc.xpi
FF - ExtSQL: 2012-11-11 19:54; info@youtube-mp3.org; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\info@youtube-mp3.org.xpi
FF - ExtSQL: 2012-11-11 19:59; 54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi
FF - ExtSQL: 2012-11-19 04:59; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-20 03:07; afurladvisor@anchorfree.com; c:\programas (x64)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: !HIDDEN! 2011-12-19 10:33; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
.
------- Associação de arquivos/ficheiros -------
.
.txt=GetDiz.TextFile
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\services\DUMeterSvc]
"ImagePath"="c:\programas (x64)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-893015392-1004550200-2770202825-1000_Classes\Wow6432Node\CLSID\{69a4dbfd-dc99-4bb8-8ec5-867e3e3bdb1c}]
@Denied: (Full) (Everyone)
.
[HKEY_USERS\S-1-5-21-893015392-1004550200-2770202825-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a6,b6,6e,89,9b,54,fa,6c,9b,b8,1d,b8,5a,98,77,52,e5,31,ad,f8,27,
41,35,1d,9d,76,4a,8e,32,f8,3f,09,38,72,30,b9,ec,ad,d1,d1,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\7828AFD463AE964399EF5F86EF8C6135\SourceList\Media]
@DACL=(02 0000)
"104"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\A28754D59901E713BACCFF365D2B3168\SourceList\Media]
@DACL=(02 0000)
"107"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\386D3EFEC30985B4BAF86CC8963F7385\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\65334667A11670A4B8CE978E556419F6\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\65334667A11670A4B8CE978E556419F6\SourceList\Net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\95153239E07D78F43AA9D02818FD10FF\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\95153239E07D78F43AA9D02818FD10FF\SourceList\Net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2012-11-26 17:31:40
ComboFix-quarantined-files.txt 2012-11-26 17:31
.
Pré-execução: 4.118.183.936 bytes livres
Pós execução: 3.992.371.200 bytes livres
.
- - End Of File - - 1D15DF0B1E206354E503B53925C38CF2

Screen317's Security Check Log

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spyware Process Detector v3.22.4
SpywareBlaster 4.6
Spybot - Search & Destroy
Secunia PSI (3.0.0.0004)
HostsMan 3.2.73
B.I.S.S. Hosts Manager
Trojan Remover 6.8.3
Sophos Anti-Rootkit 1.5.23
Malwarebytes Anti-Malware versão 1.65.1.1000
Duplicate Cleaner 2.1b
RegVac Registry Cleaner 5.02 (Registered Version)
TweakNow RegCleaner 2011
Auslogics Registry Cleaner
Java™ 6 Update 35
Java™ SE Development Kit 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.265 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (for.)
Mozilla Thunderbird 10.0.2 Thunderbird out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````

AdwCleaner Log

# AdwCleaner v2.009 - Logfile created 11/26/2012 at 17:45:32
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Paulo Monteiro - PC-HOME
# Boot Mode : Normal
# Running from : C:\Users\Paulo Monteiro\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (pt-PT)

Profile name : default [Profil par défaut]
File : C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\prefs.js

Found : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/29222/The Cavern L[...]
Found : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/29222/The Cavern L[...]
Found : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/29222/The Cavern L[...]
Found : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]

Profile name : default
File : C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\ah13xz4j.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8872 octets] - [23/11/2012 19:51:54]
AdwCleaner[R2].txt - [1532 octets] - [26/11/2012 17:45:32]
AdwCleaner[S2].txt - [9118 octets] - [24/11/2012 14:12:35]

########## EOF - C:\AdwCleaner[R2].txt - [1652 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 27 November 2012 - 09:30 AM

Did you install this service/driver?
R2 Passwdrenew;Passwdrenew;c:\windows\system32\rnpasswd.exe
It could include some Adware functionnality
http://r.virscan.org/2ff5e18f823bd5aade385bd8b97d86a2
Please let me know if you want to remove it.
<<<>>>

Open notepad and copy/paste the text in the quote box below into it:

File::
c:\windows\system32\DRIVERS\tcpz-x64d.sys
c:\programas (x64)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

Driver::
uhlparps
vymc
ntiomin
SABDIFSV
SABKUTIL
BlackBox
cpuz134
gwiopm
PROCEXP151
slicedisk.sys
SliceDisk5
Tcpz-x64
aswKbd
aswSnx
aswSP
aswFsBlk
MaplomL
TCPZ

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

====

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 35
Java™ SE Development Kit 6 Update 35


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please let me know what problem persists.

#5 Picollo30

Picollo30
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 27 November 2012 - 12:11 PM

nasdaq i did what u asked but now my keyboard wont write, its giving error 19, corrupted registry or icomplete registry.using keyboard on screen with the help of the mouse. guess combofix deleted the keyboard drivers

heres combofix log:


ComboFix 12-11-27.01 - Paulo Monteiro 27-11-2012 15:18:13.8.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.2070.18.16365.13677 [GMT 0:00]
Executando de: c:\users\Paulo Monteiro\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Paulo Monteiro\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
FILE ::
"c:\programas (x64)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com"
"c:\windows\system32\DRIVERS\tcpz-x64d.sys"
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DRIVERS\tcpz-x64d.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASWFSBLK
-------\Legacy_ASWSNX
-------\Legacy_ASWSP
-------\Legacy_CPUZ134
-------\Legacy_PROCEXP151
-------\Legacy_SLICEDISK5
-------\Service_aswFsBlk
-------\Service_aswKbd
-------\Service_aswSnx
-------\Service_aswSP
-------\Service_BlackBox
-------\Service_cpuz134
-------\Service_gwiopm
-------\Service_MaplomL
-------\Service_ntiomin
-------\Service_PROCEXP151
-------\Service_SABDIFSV
-------\Service_SABKUTIL
-------\Service_slicedisk.sys
-------\Service_SliceDisk5
-------\Service_TCPZ
-------\Service_Tcpz-x64
-------\Service_uhlparps
-------\Service_vymc
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-10-27 to 2012-11-27 ))))))))))))))))))))))))))))
.
.
2012-11-27 15:29 . 2012-11-27 15:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-27 15:29 . 2012-11-27 15:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-27 15:29 . 2012-11-27 15:29 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2012-11-27 15:29 . 2012-11-27 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-27 15:29 . 2012-11-27 15:29 -------- d-----w- c:\users\Convidado\AppData\Local\temp
2012-11-27 15:29 . 2012-11-27 15:29 -------- d-----w- c:\users\Administrador\AppData\Local\temp
2012-11-26 14:27 . 2012-11-08 09:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3A4BF35-6022-4779-BF2E-439D46A75A8B}\mpengine.dll
2012-11-25 14:27 . 2012-11-08 09:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-23 17:12 . 2012-11-23 17:12 -------- d-----w- c:\program files (x86)\ESET
2012-11-21 14:46 . 2012-11-21 14:46 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Programs
2012-11-19 04:58 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-19 04:58 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-19 04:58 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-19 04:58 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-19 04:58 . 2012-10-30 22:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-11-19 04:58 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-19 04:58 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-19 04:58 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-19 04:58 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-19 04:58 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-11-19 04:57 . 2012-11-19 04:57 -------- d-----w- c:\programdata\AVAST Software
2012-11-19 04:57 . 2012-11-19 04:57 -------- d-----w- c:\program files\AVAST Software
2012-11-19 00:57 . 2012-11-19 00:57 -------- d-----w- c:\users\Administrador\AppData\Local\VS Revo Group
2012-11-19 00:34 . 2012-11-19 00:34 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF0F3149-9CA2-4A0C-8E41-19274F573EDE}\gapaengine.dll
2012-11-19 00:33 . 2012-11-19 00:33 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-19 00:17 . 2012-11-19 00:17 22318 ----a-w- C:\FixitRegBackup.reg
2012-11-18 22:42 . 2012-11-18 22:42 398 ----a-w- c:\users\Paulo Monteiro\paulo18-11-2012.reg
2012-11-18 00:27 . 2012-11-18 00:29 -------- d-----w- C:\SMCLpav
2012-11-17 20:13 . 2012-11-17 20:13 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-11-17 19:20 . 2012-11-17 19:20 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Norman Malware Cleaner
2012-11-17 02:32 . 2012-11-17 02:33 -------- d-----w- C:\WINSSLog
2012-11-17 02:17 . 2012-11-17 02:17 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Avg2013
2012-11-16 03:52 . 2012-11-16 03:52 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\WindowsUpdate
2012-11-15 01:51 . 2012-10-08 11:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-15 01:50 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-15 01:50 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-15 01:42 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 01:42 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 01:42 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 01:42 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 01:42 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 01:42 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 01:42 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 01:38 . 2012-11-15 01:38 40712 ----a-w- c:\windows\system32\drivers\taphss6.sys
2012-11-15 01:33 . 2012-11-15 01:33 42248 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2012-11-08 13:50 . 2012-11-08 13:50 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-11-08 13:49 . 2009-09-04 17:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-11-08 13:49 . 2009-09-04 17:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2012-11-08 13:49 . 2009-09-04 17:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-11-08 13:49 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\SysWow64\d3dcsx_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 5554512 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-11-08 13:49 . 2009-09-04 17:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-11-08 13:47 . 2006-07-28 09:31 83736 ----a-w- c:\windows\system32\xinput1_2.dll
2012-11-08 13:37 . 2012-11-08 13:39 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\Origin
2012-11-08 13:37 . 2012-11-08 13:40 -------- d-----w- c:\program files (x86)\Origin Games
2012-11-08 13:37 . 2012-11-08 13:37 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Origin
2012-11-08 13:36 . 2012-11-08 13:50 -------- d-----w- c:\programdata\Origin
2012-11-08 13:36 . 2012-11-08 13:50 -------- d-----w- c:\programdata\Electronic Arts
2012-11-08 12:28 . 2012-11-08 12:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-08 12:07 . 2012-11-08 12:07 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\QuickScan
2012-11-07 16:54 . 2012-11-07 16:54 -------- d-----w- c:\programdata\StartupSoundChanger
2012-11-07 13:54 . 2012-11-07 13:55 -------- d-----w- c:\program files\TAP-Windows
2012-11-01 12:45 . 2012-11-01 12:45 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\S.A.D
2012-11-01 12:20 . 2012-11-01 12:36 -------- d-----w- c:\program files\CyberGhost VPN
2012-10-30 23:41 . 2012-10-30 23:41 -------- d-----w- c:\programdata\Autorun Eater
2012-10-30 23:33 . 2012-10-30 23:33 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\KillProcess
2012-10-30 09:17 . 2012-10-30 09:18 -------- d-----w- C:\920ad8abf500d667000fd1
2012-10-30 00:53 . 2012-10-30 00:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 01:43 . 2011-08-29 13:22 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-08 17:24 . 2012-11-23 15:33 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{506F5271-DC16-4192-9A7F-01168727021A}\mpengine.dll
2012-09-29 19:54 . 2012-01-15 04:57 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 12:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-02 01:13 . 2012-09-02 01:13 191472 ----a-w- c:\windows\system32\javaws.exe
2012-09-02 01:13 . 2012-03-10 15:11 172528 ----a-w- c:\windows\system32\javaw.exe
2012-09-02 01:13 . 2012-03-10 15:11 172528 ----a-w- c:\windows\system32\java.exe
2012-08-31 17:57 . 2012-10-10 12:45 1687408 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 22:03 . 2012-08-30 22:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 22:03 . 2012-08-30 22:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:02 . 2012-10-10 12:45 5562736 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:06 . 2012-10-10 12:45 3972464 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:06 . 2012-10-10 12:45 3917168 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-08 07:18 . 2012-05-08 07:18 4611856 ----a-w- c:\program files (x86)\cfosspeed-v800.exe
2011-06-09 16:39 . 2011-06-09 16:39 224256 ----a-w- c:\program files (x86)\wget.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartupFaster"="c:\programas (x64)\Startup Faster\startuploader.exe" [2012-01-05 1819920]
.
c:\users\Paulo Monteiro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartupFaster
Mozilla Firefox Prestart.lnk - c:\programas (x64)\Mozilla Firefox\firefox.exe [2012-3-4 917984]
StartupFaster.ini [2012-11-19 372]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StartupFaster
StartupFaster.ini [2012-7-6 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
2007-08-01 09:28 176128 ----a-w- c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *autocheck autocheck æautocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-07-05 352816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Passwdrenew;Passwdrenew;c:\windows\system32\rnpasswd.exe [2011-11-19 95232]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R2 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-27 1255736]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-12-21 367200]
R3 afcdpsrv;Serviço de Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-21 3450832]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [x]
R3 EBOOSTRSVC;eBoostr Service;c:\programas (x64)\eBoostr\EBstrSvc.exe [2010-04-20 811136]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 GJService;Game Jackal Server;c:\programas (x64)\SlySoft\Game Jackal v4\Server.exe [2011-09-06 3547648]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2011-12-26 25160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 namehelp;namehelp;c:\programas (x64)\Aqualab\namehelp\nssm.exe [2012-10-08 156672]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-05-08 85192]
R3 perfexpose;perfexpose;c:\programas (x64)\CodeFromThe70s.org\Perfgraph\perfexpose.exe [2008-11-08 199336]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-02-24 1294904]
R3 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-02-24 656440]
R3 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5890144]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-07-15 88960]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;Serviço Stub de Virtualização de USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-10-30 140672]
R4 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2service.exe [2012-02-26 3025112]
R4 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2011-08-18 263480]
R4 Browser Defender Update Service;Browser Defender Update Service;c:\programas (x64)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
R4 MBAMScheduler;MBAMScheduler;c:\programas (x64)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R4 MBAMService;MBAMService;c:\programas (x64)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-05-11 341168]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-05-11 92896]
R4 SBSDWSCService;SBSD Security Center Service;c:\programas (x64)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 sdAuxService;PC Tools Auxiliary Service;c:\programas (x64)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-20 14592]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2011-12-21 133728]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2011-12-21 211040]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [2011-08-30 142944]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-11-02 41728]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-08-27 16384]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\programas (x64)\HWiNFO64\HWiNFO64A.SYS [2012-02-07 30592]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]
S2 CachemanService;Cacheman Service;c:\programas (x64)\Cacheman\CachemanServ.exe [2012-01-04 236896]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-28 79360]
S2 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-28 79360]
S2 DUMeterSvc;DU Meter Service;c:\programas (x64)\DU Meter\DUMeterSvc.exe [2012-02-16 1110480]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2008-06-13 81920]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-15 527728]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-15 389488]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]
S2 KinectManagement;Kinect Management;c:\program files\Microsoft SDKs\Kinect\v1.0 Beta2\Service\KinectManagementService.exe [2011-09-24 131584]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-10-27 113456]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\programas (x64)\USB Safely Remove\USBSRService.exe [2012-01-31 1107288]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\prf5cf~1\SPEEDB~1\VideoAcceleratorService.exe [2012-04-05 265928]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-01-18 11839488]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-08 122856]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-08 369640]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2007-06-25 26264]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\programas (x64)\DU Meter\DUMETR64.SYS [2012-02-16 20856]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2008-06-13 2723840]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 MsgPlusDriver;Messenger Plus! Virtual Camera;c:\windows\system32\DRIVERS\MsgPlusDriver.sys [2012-07-23 102160]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-09-01 82816]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2010-02-20 20024]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2010-02-20 39992]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-15 40712]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-11-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-08-27 23:18]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 23:46]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 23:46]
.
2012-07-06 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\programas (x64)\Spybot - Search & Destroy\SDUpdate.exe [2011-09-03 14:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\programas (x64)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="c:\programas (x64)\cFosSpeed\cFosSpeed.exe" [2012-05-07 1536384]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.pt/
mLocal Page = c:\windows\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\programas (x64)\SpeedBit Video Accelerator\SBLSP.dll
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: warez-bb.org\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{287CDFC4-6CBB-4648-BAAF-0774CC9AA33A}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{36DB0DC4-59D0-4B12-BCA2-81AD270D55D8}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{6634494F-3076-4158-A2E6-C4C9A5775A09}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{8A3F2BFF-9A19-4DA9-BAC3-F646EA4C31B9}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{F1D993F3-A9E8-440F-86AE-DED94CF76F7C}: NameServer = 212.118.241.1,4.2.2.5
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\
FF - prefs.js: browser.search.defaulturl -
FF - ExtSQL: 2012-11-04 13:50; translator@zoli.bod; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\translator@zoli.bod.xpi
FF - ExtSQL: 2012-11-06 20:59; {9AA46F4F-4DC7-4c06-97AF-6665170634FE}; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
FF - ExtSQL: 2012-11-11 17:49; firefox@ghostery.com; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-11-11 19:54; clipconverter@clipconverter.cc; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\clipconverter@clipconverter.cc.xpi
FF - ExtSQL: 2012-11-11 19:54; info@youtube-mp3.org; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\info@youtube-mp3.org.xpi
FF - ExtSQL: 2012-11-11 19:59; 54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi
FF - ExtSQL: 2012-11-19 04:59; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-20 03:07; afurladvisor@anchorfree.com; c:\programas (x64)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: !HIDDEN! 2011-12-19 10:33; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\services\DUMeterSvc]
"ImagePath"="c:\programas (x64)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-893015392-1004550200-2770202825-1000_Classes\Wow6432Node\CLSID\{69a4dbfd-dc99-4bb8-8ec5-867e3e3bdb1c}]
@Denied: (Full) (Everyone)
.
[HKEY_USERS\S-1-5-21-893015392-1004550200-2770202825-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a6,b6,6e,89,9b,54,fa,6c,9b,b8,1d,b8,5a,98,77,52,e5,31,ad,f8,27,
41,35,1d,9d,76,4a,8e,32,f8,3f,09,38,72,30,b9,ec,ad,d1,d1,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\7828AFD463AE964399EF5F86EF8C6135\SourceList\Media]
@DACL=(02 0000)
"104"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\A28754D59901E713BACCFF365D2B3168\SourceList\Media]
@DACL=(02 0000)
"107"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\386D3EFEC30985B4BAF86CC8963F7385\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\65334667A11670A4B8CE978E556419F6\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\65334667A11670A4B8CE978E556419F6\SourceList\Net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\95153239E07D78F43AA9D02818FD10FF\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\95153239E07D78F43AA9D02818FD10FF\SourceList\Net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\programas (x64)\CPUCooL\CooLSrv.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\AVAST Software\Avast\avastUI.exe
c:\programas (x64)\Startup Faster\sfAgent.exe
c:\programas (x64)\CleanMem\Mini_Monitor.exe
c:\programas (x64)\SpeedBit Video Accelerator\VideoAccelerator.exe
c:\prf5cf~1\DUMETE~1\DUMeter.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-11-27 16:26:01 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-11-27 16:26
ComboFix2.txt 2012-11-26 17:31
.
Pré-execução: 2.819.952.640 bytes livres
Pós execução: 2.440.220.672 bytes livres
.
- - End Of File - - E873BE774C30B54EC16946EEB2BACC59

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 27 November 2012 - 02:16 PM

ComboFix created a new System Restore Point.

Restore it using the Control panel > Recovery applet.

Restore the last point created by ComboFix.

Run ComboFix normally and submit the log.

Let me know any issues.

#7 Picollo30

Picollo30
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 27 November 2012 - 09:15 PM

Hi nasdaq did what you said but combofix didnt create a system restore point because i had it deactivated to save hdd space. fortunately as the keyboard and dvd-roms werent working due to a corrupted registry i went to the bios and changed the bios time/date to 30 minutes before combofix messed up the system and got the keyboard working.

then i did the following: i went to c:/windows/erdnt/hiv-backup and ran erdnt.exe and i have the registry combofix saved, without errors of any kind :)

i do have a question for you though, you want me to run the combofix with the csscript.txt or just combofix now?


Run ComboFix normally and submit the log.

Let me know any issues.



Did you install this service/driver?
R2 Passwdrenew;Passwdrenew;c:\windows\system32\rnpasswd.exe
It could include some Adware functionnality
http://r.virscan.org/2ff5e18f823bd5aade385bd8b97d86a2
Please let me know if you want to remove it.
<<<>>>


i dont think i did mate, if you help me to remove it i appreciate.i dont even know what it is.

thanks in advance

Edited by Picollo30, 27 November 2012 - 09:18 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 28 November 2012 - 09:24 AM

Please run ComboFix normally for now.

I want to see what is left to remove.

p.s.
Yes ComboFix does change the format of the time and date.
If this happens again just go to the Control panel > Time and date and change it back to your locale.

#9 Picollo30

Picollo30
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 28 November 2012 - 05:28 PM

Hi Nasdaq here's my combofix log

ComboFix 12-11-28.02 - Paulo Monteiro 28-11-2012 21:51:17.8.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.351.2070.18.16365.13914 [GMT 0:00]
Executando de: c:\users\Paulo Monteiro\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-10-28 to 2012-11-28 ))))))))))))))))))))))))))))
.
.
2012-11-28 22:10 . 2012-11-28 22:10 -------- d--h--w- c:\windows\AxInstSV
2012-11-28 22:06 . 2012-11-28 22:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-28 22:06 . 2012-11-28 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 22:06 . 2012-11-28 22:06 -------- d-----w- c:\users\Convidado\AppData\Local\temp
2012-11-28 22:06 . 2012-11-28 22:06 -------- d-----w- c:\users\Administrador\AppData\Local\temp
2012-11-28 20:19 . 2012-11-28 20:19 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-11-28 19:44 . 2012-11-28 19:44 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\ElevatedDiagnostics
2012-11-28 19:39 . 2012-11-28 19:38 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-28 19:39 . 2012-11-28 19:38 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-28 19:39 . 2012-11-28 19:38 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-28 19:39 . 2012-11-28 19:38 188904 ----a-w- c:\windows\system32\java.exe
2012-11-28 19:35 . 2012-11-28 19:38 -------- d-----w- c:\program files\Java
2012-11-28 19:32 . 2012-11-28 19:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-28 19:30 . 2012-11-28 19:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-28 19:24 . 2012-11-28 19:29 -------- d-----w- c:\program files (x86)\Java
2012-11-28 19:08 . 2012-11-28 19:50 -------- d-----w- c:\windows\SysWow64\Adobe
2012-11-28 19:07 . 2012-11-28 19:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-11-28 19:04 . 2012-11-28 20:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 19:04 . 2012-11-28 20:04 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-28 01:38 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F713503-A799-426A-BE9D-C2635A68D450}\mpengine.dll
2012-11-26 14:27 . 2012-11-08 09:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3A4BF35-6022-4779-BF2E-439D46A75A8B}\mpengine.dll
2012-11-26 01:24 . 2012-11-26 01:24 -------- d-----w- C:\Device
2012-11-25 14:27 . 2012-11-08 09:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-23 17:12 . 2012-11-23 17:12 -------- d-----w- c:\program files (x86)\ESET
2012-11-21 14:46 . 2012-11-21 14:46 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Programs
2012-11-19 04:58 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-19 04:58 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-19 04:58 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-19 04:58 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-19 04:58 . 2012-10-30 22:51 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-11-19 04:58 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-19 04:58 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-19 04:58 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-19 04:58 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-19 04:58 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-11-19 04:57 . 2012-11-19 04:57 -------- d-----w- c:\programdata\AVAST Software
2012-11-19 04:57 . 2012-11-19 04:57 -------- d-----w- c:\program files\AVAST Software
2012-11-19 00:57 . 2012-11-19 00:57 -------- d-----w- c:\users\Administrador\AppData\Local\VS Revo Group
2012-11-19 00:34 . 2012-11-19 00:34 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF0F3149-9CA2-4A0C-8E41-19274F573EDE}\gapaengine.dll
2012-11-19 00:33 . 2012-11-19 00:33 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-19 00:17 . 2012-11-19 00:17 22318 ----a-w- C:\FixitRegBackup.reg
2012-11-18 22:42 . 2012-11-18 22:42 398 ----a-w- c:\users\Paulo Monteiro\paulo18-11-2012.reg
2012-11-18 00:27 . 2012-11-18 00:29 -------- d-----w- C:\SMCLpav
2012-11-17 20:13 . 2012-11-17 20:13 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-11-17 19:20 . 2012-11-17 19:20 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Norman Malware Cleaner
2012-11-17 02:32 . 2012-11-17 02:33 -------- d-----w- C:\WINSSLog
2012-11-17 02:17 . 2012-11-17 02:17 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Avg2013
2012-11-16 03:52 . 2012-11-16 03:52 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\WindowsUpdate
2012-11-15 01:51 . 2012-10-08 11:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-15 01:50 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-15 01:50 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-15 01:42 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 01:42 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 01:42 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 01:42 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 01:42 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 01:42 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 01:42 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 01:38 . 2012-11-15 01:38 40712 ----a-w- c:\windows\system32\drivers\taphss6.sys
2012-11-15 01:33 . 2012-11-15 01:33 42248 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2012-11-08 13:50 . 2012-11-08 13:50 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-11-08 13:49 . 2009-09-04 17:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-11-08 13:49 . 2009-09-04 17:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2012-11-08 13:49 . 2009-09-04 17:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-11-08 13:49 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\SysWow64\d3dcsx_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 5554512 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-11-08 13:49 . 2009-09-04 17:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-11-08 13:49 . 2009-09-04 17:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-11-08 13:47 . 2006-07-28 09:31 83736 ----a-w- c:\windows\system32\xinput1_2.dll
2012-11-08 13:37 . 2012-11-08 13:39 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\Origin
2012-11-08 13:37 . 2012-11-08 13:40 -------- d-----w- c:\program files (x86)\Origin Games
2012-11-08 13:37 . 2012-11-08 13:37 -------- d-----w- c:\users\Paulo Monteiro\AppData\Local\Origin
2012-11-08 13:36 . 2012-11-08 13:50 -------- d-----w- c:\programdata\Origin
2012-11-08 13:36 . 2012-11-08 13:50 -------- d-----w- c:\programdata\Electronic Arts
2012-11-08 12:28 . 2012-11-08 12:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-08 12:07 . 2012-11-08 12:07 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\QuickScan
2012-11-07 16:54 . 2012-11-07 16:54 -------- d-----w- c:\programdata\StartupSoundChanger
2012-11-07 13:54 . 2012-11-07 13:55 -------- d-----w- c:\program files\TAP-Windows
2012-11-01 12:45 . 2012-11-01 12:45 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\S.A.D
2012-11-01 12:20 . 2012-11-01 12:36 -------- d-----w- c:\program files\CyberGhost VPN
2012-10-30 23:41 . 2012-10-30 23:41 -------- d-----w- c:\programdata\Autorun Eater
2012-10-30 23:33 . 2012-10-30 23:33 -------- d-----w- c:\users\Paulo Monteiro\AppData\Roaming\KillProcess
2012-10-30 09:17 . 2012-10-30 09:18 -------- d-----w- C:\920ad8abf500d667000fd1
2012-10-30 00:53 . 2012-10-30 00:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 01:43 . 2011-08-29 13:22 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-26 12:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-26 12:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-26 12:02 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-29 19:54 . 2012-01-15 04:57 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 12:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 12:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 17:57 . 2012-10-10 12:45 1687408 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-05-08 07:18 . 2012-05-08 07:18 4611856 ----a-w- c:\program files (x86)\cfosspeed-v800.exe
2011-06-09 16:39 . 2011-06-09 16:39 224256 ----a-w- c:\program files (x86)\wget.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartupFaster"="c:\programas (x64)\Startup Faster\startuploader.exe" [2012-01-05 1819920]
.
c:\users\Paulo Monteiro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StartupFaster
Mozilla Firefox Prestart.lnk - c:\programas (x64)\Mozilla Firefox\firefox.exe [2012-3-4 917984]
StartupFaster.ini [2012-11-28 372]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StartupFaster
StartupFaster.ini [2012-7-6 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
2007-08-01 09:28 176128 ----a-w- c:\program files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *autocheck autocheck æautocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R0 uhlparps;uhlparps;c:\windows\system32\drivers\pzqprgio.sys [x]
R0 vymc;vymc;c:\windows\system32\drivers\sgdinm.sys [x]
R1 ntiomin;ntiomin; [x]
R1 SABDIFSV;SABDIFSV; [x]
R1 SABKUTIL;SABKUTIL; [x]
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-07-05 352816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Passwdrenew;Passwdrenew;c:\windows\system32\rnpasswd.exe [2011-11-19 95232]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R2 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-27 1255736]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-12-21 367200]
R3 afcdpsrv;Serviço de Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-21 3450832]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]
R3 BlackBox;BlackBox SR2; [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 cpuz134;cpuz134; [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\Dyncal.sys [x]
R3 EBOOSTRSVC;eBoostr Service;c:\programas (x64)\eBoostr\EBstrSvc.exe [2010-04-20 811136]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 GJService;Game Jackal Server;c:\programas (x64)\SlySoft\Game Jackal v4\Server.exe [2011-09-06 3547648]
R3 gwiopm;gwiopm; [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2011-12-26 25160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 namehelp;namehelp;c:\programas (x64)\Aqualab\namehelp\nssm.exe [2012-10-08 156672]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-05-08 85192]
R3 perfexpose;perfexpose;c:\programas (x64)\CodeFromThe70s.org\Perfgraph\perfexpose.exe [2008-11-08 199336]
R3 PROCEXP151;PROCEXP151; [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-02-24 1294904]
R3 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-02-24 656440]
R3 slicedisk.sys;slicedisk.sys; [x]
R3 SliceDisk5;SliceDisk5; [x]
R3 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5890144]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-07-15 88960]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 Tcpz-x64;Tcpz-x64; [x]
R3 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\DRIVERS\tcpz-x64d.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vpcuxd;Serviço Stub de Virtualização de USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-10-30 140672]
R4 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2service.exe [2012-02-26 3025112]
R4 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2011-08-18 263480]
R4 Browser Defender Update Service;Browser Defender Update Service;c:\programas (x64)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
R4 MBAMScheduler;MBAMScheduler;c:\programas (x64)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R4 MBAMService;MBAMService;c:\programas (x64)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-05-11 341168]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-05-11 92896]
R4 SBSDWSCService;SBSD Security Center Service;c:\programas (x64)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 sdAuxService;PC Tools Auxiliary Service;c:\programas (x64)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-10-20 14592]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2011-12-21 133728]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2011-12-21 211040]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [2011-08-30 142944]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-11-02 41728]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-08-27 16384]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\programas (x64)\HWiNFO64\HWiNFO64A.SYS [2012-02-07 30592]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-05-11 251528]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]
S2 CachemanService;Cacheman Service;c:\programas (x64)\Cacheman\CachemanServ.exe [2012-01-04 236896]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-08-28 79360]
S2 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-28 79360]
S2 DUMeterSvc;DU Meter Service;c:\programas (x64)\DU Meter\DUMeterSvc.exe [2012-02-16 1110480]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2008-06-13 81920]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-15 527728]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-15 389488]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]
S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-09-15 34304]
S2 KinectManagement;Kinect Management;c:\program files\Microsoft SDKs\Kinect\v1.0 Beta2\Service\KinectManagementService.exe [2011-09-24 131584]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-10-27 113456]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\programas (x64)\USB Safely Remove\USBSRService.exe [2012-01-31 1107288]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\prf5cf~1\SPEEDB~1\VideoAcceleratorService.exe [2012-04-05 265928]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-01-18 11839488]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 XTUService;Intel® Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-08 122856]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-08 369640]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2007-06-25 26264]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\programas (x64)\DU Meter\DUMETR64.SYS [2012-02-16 20856]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2008-06-13 2723840]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 MaplomL;MaplomL; [x]
S3 MsgPlusDriver;Messenger Plus! Virtual Camera;c:\windows\system32\DRIVERS\MsgPlusDriver.sys [2012-07-23 102160]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-09-01 82816]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2010-02-20 20024]
S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2010-02-20 39992]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-15 40712]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - CFOSSPEED
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-11-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-08-27 23:18]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 23:46]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 23:46]
.
2012-07-06 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\programas (x64)\Spybot - Search & Destroy\SDUpdate.exe [2011-09-03 14:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Paulo Monteiro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\programas (x64)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="c:\programas (x64)\cFosSpeed\cFosSpeed.exe" [2012-05-07 1536384]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.pt/
mLocal Page = c:\windows\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\programas (x64)\SpeedBit Video Accelerator\SBLSP.dll
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: warez-bb.org\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{287CDFC4-6CBB-4648-BAAF-0774CC9AA33A}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{36DB0DC4-59D0-4B12-BCA2-81AD270D55D8}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{6634494F-3076-4158-A2E6-C4C9A5775A09}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{8A3F2BFF-9A19-4DA9-BAC3-F646EA4C31B9}: NameServer = 212.118.241.1,4.2.2.5
TCP: Interfaces\{F1D993F3-A9E8-440F-86AE-DED94CF76F7C}: NameServer = 212.118.241.1,4.2.2.5
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\
FF - prefs.js: browser.search.defaulturl -
FF - ExtSQL: 2012-11-04 13:50; translator@zoli.bod; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\translator@zoli.bod.xpi
FF - ExtSQL: 2012-11-06 20:59; {9AA46F4F-4DC7-4c06-97AF-6665170634FE}; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi
FF - ExtSQL: 2012-11-11 17:49; firefox@ghostery.com; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-11-11 19:54; clipconverter@clipconverter.cc; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\clipconverter@clipconverter.cc.xpi
FF - ExtSQL: 2012-11-11 19:54; info@youtube-mp3.org; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\info@youtube-mp3.org.xpi
FF - ExtSQL: 2012-11-11 19:59; 54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org; c:\users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org.xpi
FF - ExtSQL: 2012-11-19 04:59; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-11-20 03:07; afurladvisor@anchorfree.com; c:\programas (x64)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: !HIDDEN! 2011-12-19 10:33; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
.
------- Associação de arquivos/ficheiros -------
.
.txt=GetDiz.TextFile
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\services\DUMeterSvc]
"ImagePath"="c:\programas (x64)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-893015392-1004550200-2770202825-1000_Classes\Wow6432Node\CLSID\{69a4dbfd-dc99-4bb8-8ec5-867e3e3bdb1c}]
@Denied: (Full) (Everyone)
.
[HKEY_USERS\S-1-5-21-893015392-1004550200-2770202825-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a6,b6,6e,89,9b,54,fa,6c,9b,b8,1d,b8,5a,98,77,52,e5,31,ad,f8,27,
41,35,1d,9d,76,4a,8e,32,f8,3f,09,38,72,30,b9,ec,ad,d1,d1,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\7828AFD463AE964399EF5F86EF8C6135\SourceList\Media]
@DACL=(02 0000)
"104"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Patches\A28754D59901E713BACCFF365D2B3168\SourceList\Media]
@DACL=(02 0000)
"107"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\386D3EFEC30985B4BAF86CC8963F7385\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\65334667A11670A4B8CE978E556419F6\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\65334667A11670A4B8CE978E556419F6\SourceList\Net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\95153239E07D78F43AA9D02818FD10FF\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\95153239E07D78F43AA9D02818FD10FF\SourceList\Net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\programas (x64)\CPUCooL\CooLSrv.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files\AVAST Software\Avast\avastUI.exe
c:\programas (x64)\Startup Faster\sfAgent.exe
c:\programas (x64)\CleanMem\Mini_Monitor.exe
c:\programas (x64)\SpeedBit Video Accelerator\VideoAccelerator.exe
c:\prf5cf~1\DUMETE~1\DUMeter.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-11-28 22:25:06 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-11-28 22:25
ComboFix2.txt 2012-11-27 16:26
ComboFix3.txt 2012-11-26 17:31
.
Pré-execução: 731.197.440 bytes livres
Pós execução: 1.835.311.104 bytes livres
.
- - End Of File - - 3EFA6EA4C4C0812A736610452F963EF2

and here's Adwcleaner log

# AdwCleaner v2.009 - Logfile created 11/28/2012 at 22:49:01
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Paulo Monteiro - PC-HOME
# Boot Mode : Normal
# Running from : C:\Users\Paulo Monteiro\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (pt-PT)

Profile name : default [Profil par défaut]
File : C:\Users\Paulo Monteiro\AppData\Roaming\Mozilla\Firefox\Profiles\q6y681v9.default\prefs.js

Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/29222/The Cavern L[...]
Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/29222/The Cavern L[...]
Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/scripts/show/29222/The Cavern L[...]
Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]

Profile name : default
File : C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\ah13xz4j.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.91

File : C:\Users\Paulo Monteiro\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8872 octets] - [23/11/2012 19:51:54]
AdwCleaner[R2].txt - [1721 octets] - [26/11/2012 17:45:32]
AdwCleaner[S2].txt - [9118 octets] - [24/11/2012 14:12:35]
AdwCleaner[S3].txt - [1660 octets] - [28/11/2012 22:49:01]

########## EOF - C:\AdwCleaner[S3].txt - [1720 octets] ##########


IE 9 still hangs when i start, even with all the add-ons disabled through sysinternals autoruns.

here's a list of the IE add-ons i have installed

http://img339.imageshack.us/img339/9799/ieaddons.jpg

Edited by Picollo30, 28 November 2012 - 06:58 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 29 November 2012 - 10:46 AM

This is new to me.
S3 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\DRIVERS\tcpz-x64d.sys

Could it be something like this that you have instelled?
http://www.sevenforums.com/network-sharing/6045-windows-7-tcpip-sys-auto-patcher-remove-tcp-ip-connection-limit.html
===

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.

Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

Other than IE start up problem do you have any other issues with this computer.

#11 Picollo30

Picollo30
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 29 November 2012 - 02:47 PM

Hi nasdaq you can find TCP-Z here


http://deepxw.blogspot.pt/


Remove / increase the limit of half-open (incomplete outbound) TCP connections, Release the power of your network, download faster, and more tasks can be run at the same time.


it was a program i installed. other than IE 9 freezing / crashing i have only a problem with the firewall module in avast not installing, but i can easily install a better internet security software. which one you recommend mate?

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paulo Monteiro [Admin rights]
Mode : Scan -- Date : 11/29/2012 19:49:27

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Documents and Settings\Administrador\NTUSER.DAT
-> D:\Documents and Settings\Administrador.TITANIUM\NTUSER.DAT
-> D:\Documents and Settings\Convidado\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\LocalService\NTUSER.DAT
-> D:\Documents and Settings\NetworkService\NTUSER.DAT
-> D:\Documents and Settings\Paulo Monteiro\NTUSER.DAT
-> D:\Documents and Settings\UpdatusUser\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-009BA0 ATA Device +++++
--- User ---
[MBR] 22e477660dc6a9fb3e97b67d150e27ea
[BSP] 21e8b0d05a86b97b4e1c2b6e4d14baec : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476828 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 976752000 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3500418AS ATA Device +++++
--- User ---
[MBR] a1473186bc1e1a9b153ab32e77885af1
[BSP] 3dc0730387fdbc45e5c701ad5081d62c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3160021A ATA Device +++++
--- User ---
[MBR] 00b8f9355884a0ccab10a671accab358
[BSP] 4537f5715967abba8f9b75551a6d876f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 135619 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 277747785 | Size: 16998 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[30]_S_11292012_02d1949.txt >>
RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ; RKreport[15].txt ;
RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ; RKreport[20].txt ;
RKreport[21].txt ; RKreport[22]_S_11282012_02d2311.txt ; RKreport[23]_DN_11282012_02d2312.txt ; RKreport[24]_PR_11282012_02d2313.txt ; RKreport[25]_SC_11282012_02d2322.txt ;
RKreport[26]_S_11282012_02d2324.txt ; RKreport[27]_DN_11282012_02d2324.txt ; RKreport[28]_PR_11282012_02d2324.txt ; RKreport[29]_S_11282012_02d2326.txt ; RKreport[30]_S_11292012_02d1949.txt

Edited by Picollo30, 29 November 2012 - 02:51 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 30 November 2012 - 09:25 AM

This is new to me.
S3 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\DRIVERS\tcpz-x64d.sys

http://deepxw.blogspot.pt/
Remove / increase the limit of half-open (incomplete outbound) TCP connections, Release the power of your network, download faster, and more tasks can be run at the same time.


The reason I asked is that this type of service is also installed by this virus.

http://www.threatexpert.com/report.aspx?md5=63d64e12ed120bdde1ad5ffebfebc3a2

Quoted from the article

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPZ]
Type = 0x00000001
Start = 0x00000002
ErrorControl = 0x00000000
ImagePath = "%System%\drivers\tcpz-x86d.sys"
DisplayName = "TCP Half Open Limited Patcher ( TCP-Z)"

The file name you have is for the 64 bit system.

It may just be that this malware is using this service to it's mean.
===

Please remove this Extension from FireFox.
FF - ExtSQL: 2012-11-20 03:07; afurladvisor@anchorfree.com; c:\programas (x64)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

And delete the file in bold.
c:\programas (x64)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

Source: http://www.systemlookup.com/search.php?type=clsid&client=malwaresearch-chrome&search=afurladvisor%40anchorfree.com
===

other than IE 9 freezing / crashing i have only a problem with the firewall module in avast not installing

Lets check further.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

+++++++

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Edited by nasdaq, 30 November 2012 - 09:26 AM.


#13 Picollo30

Picollo30
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 30 November 2012 - 12:44 PM

hi nasdaq here's the TDSS Killer log. I already deleted the firefox extension you told me about. Avast anti rootkit log will follow


17:42:54.0646 2304 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:42:54.0983 2304 ============================================================
17:42:54.0983 2304 Current date / time: 2012/11/30 17:42:54.0983
17:42:54.0983 2304 SystemInfo:
17:42:54.0983 2304
17:42:54.0983 2304 OS Version: 6.1.7601 ServicePack: 1.0
17:42:54.0983 2304 Product type: Workstation
17:42:54.0983 2304 ComputerName: PC-HOME
17:42:54.0983 2304 UserName: Paulo Monteiro
17:42:54.0983 2304 Windows directory: C:\Windows
17:42:54.0983 2304 System windows directory: C:\Windows
17:42:54.0983 2304 Running under WOW64
17:42:54.0983 2304 Processor architecture: Intel x64
17:42:54.0983 2304 Number of processors: 4
17:42:54.0983 2304 Page size: 0x1000
17:42:54.0983 2304 Boot type: Normal boot
17:42:54.0983 2304 ============================================================
17:42:56.0883 2304 Drive \Device\Harddisk2\DR2 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:42:56.0894 2304 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:42:56.0904 2304 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:42:56.0923 2304 ============================================================
17:42:56.0923 2304 \Device\Harddisk2\DR2:
17:42:56.0924 2304 MBR partitions:
17:42:56.0924 2304 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x108E180A
17:42:56.0947 2304 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x108E1888, BlocksNum 0x2133378
17:42:56.0947 2304 \Device\Harddisk0\DR0:
17:42:56.0947 2304 MBR partitions:
17:42:56.0947 2304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:42:56.0948 2304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A34E000
17:42:56.0948 2304 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3A380D80, BlocksNum 0x3A384C41
17:42:56.0948 2304 \Device\Harddisk1\DR1:
17:42:56.0948 2304 MBR partitions:
17:42:56.0948 2304 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
17:42:56.0948 2304 ============================================================
17:42:57.0054 2304 C: <-> \Device\Harddisk0\DR0\Partition2
17:42:57.0057 2304 D: <-> \Device\Harddisk1\DR1\Partition1
17:42:57.0108 2304 E: <-> \Device\Harddisk2\DR2\Partition1
17:42:57.0324 2304 G: <-> \Device\Harddisk2\DR2\Partition2
17:42:57.0797 2304 H: <-> \Device\Harddisk0\DR0\Partition3
17:42:57.0797 2304 ============================================================
17:42:57.0797 2304 Initialize success
17:42:57.0797 2304 ============================================================
17:43:02.0153 7752 ============================================================
17:43:02.0153 7752 Scan started
17:43:02.0153 7752 Mode: Manual;
17:43:02.0153 7752 ============================================================
17:43:06.0676 7752 ================ Scan system memory ========================
17:43:06.0676 7752 System memory - ok
17:43:06.0676 7752 ================ Scan services =============================
17:43:06.0848 7752 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:43:06.0850 7752 !SASCORE - ok
17:43:07.0059 7752 [ 034F0402742AE377907AF7C698060E15 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:43:07.0067 7752 1394ohci - ok
17:43:07.0205 7752 [ 922AB7CC2C12C38DC2C4074AF893D5FB ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
17:43:07.0205 7752 a2acc - ok
17:43:07.0737 7752 [ 5A65A77F7A4A091E896C21DB4EF18E1F ] a2AntiMalware C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2service.exe
17:43:07.0764 7752 a2AntiMalware - ok
17:43:07.0782 7752 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2ddax64.sys
17:43:07.0782 7752 A2DDA - ok
17:43:07.0802 7752 [ 905CDA5A8D86F733DF8000909B4916ED ] a2injectiondriver C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
17:43:07.0802 7752 a2injectiondriver - ok
17:43:07.0817 7752 [ E41D79682A209F72F4F578CFD4A53952 ] a2util C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
17:43:07.0818 7752 a2util - ok
17:43:07.0883 7752 [ 5133A75EE744C6DF4288FF775575ABCC ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:43:07.0894 7752 ACPI - ok
17:43:07.0912 7752 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:43:07.0917 7752 AcpiPmi - ok
17:43:08.0182 7752 [ 42FA8F6A7FA9D2AEB65C0BD971BE48BD ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
17:43:08.0196 7752 AcrSch2Svc - ok
17:43:08.0271 7752 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:43:08.0272 7752 AdobeARMservice - ok
17:43:08.0352 7752 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:43:08.0358 7752 adp94xx - ok
17:43:08.0402 7752 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:43:08.0408 7752 adpahci - ok
17:43:08.0442 7752 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:43:08.0451 7752 adpu320 - ok
17:43:08.0484 7752 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:43:08.0492 7752 AeLookupSvc - ok
17:43:08.0563 7752 [ B794DD8ACC5CC76177156463DAB4BEBB ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
17:43:08.0574 7752 afcdp - ok
17:43:09.0055 7752 [ ED8B4CF3357DE01F8060D206254648C9 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
17:43:09.0102 7752 afcdpsrv - ok
17:43:09.0198 7752 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:43:09.0200 7752 AFD - ok
17:43:09.0221 7752 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:43:09.0231 7752 agp440 - ok
17:43:09.0274 7752 [ A41B855EDC1F141851E27F984827942C ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys
17:43:09.0283 7752 AiCharger - ok
17:43:09.0303 7752 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:43:09.0315 7752 ALG - ok
17:43:09.0327 7752 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:43:09.0336 7752 aliide - ok
17:43:09.0355 7752 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:43:09.0364 7752 amdide - ok
17:43:09.0405 7752 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:43:09.0420 7752 AmdK8 - ok
17:43:09.0444 7752 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:43:09.0452 7752 AmdPPM - ok
17:43:09.0475 7752 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:43:09.0487 7752 amdsata - ok
17:43:09.0527 7752 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:43:09.0543 7752 amdsbs - ok
17:43:09.0570 7752 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:43:09.0584 7752 amdxata - ok
17:43:09.0675 7752 [ F68C575714F833C8EEC82ABCAA4E64B5 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
17:43:09.0688 7752 AnyDVD - ok
17:43:09.0713 7752 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:43:09.0718 7752 AppID - ok
17:43:09.0747 7752 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:43:09.0748 7752 AppIDSvc - ok
17:43:09.0768 7752 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:43:09.0779 7752 Appinfo - ok
17:43:09.0834 7752 [ 7A6A43EFE857532B1B92F510179AE7BB ] AppMgmt C:\Windows\System32\appmgmts.dll
17:43:09.0851 7752 AppMgmt - ok
17:43:09.0874 7752 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:43:09.0886 7752 arc - ok
17:43:09.0898 7752 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:43:09.0912 7752 arcsas - ok
17:43:10.0165 7752 [ FB03A917C1294D3E6D671F24722E1BA3 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
17:43:10.0169 7752 asComSvc - ok
17:43:10.0731 7752 [ 4B720CC508B4FB999A7BF0E6D84F73E1 ] ASDR C:\Windows\SysWOW64\ASDR.exe
17:43:10.0748 7752 ASDR - ok
17:43:10.0941 7752 [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
17:43:10.0956 7752 asHmComSvc - ok
17:43:11.0059 7752 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
17:43:11.0074 7752 AsIO - ok
17:43:11.0096 7752 [ E1E75921E9EB025009696D4837F531FB ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
17:43:11.0097 7752 asmthub3 - ok
17:43:11.0112 7752 [ B0CF9AB16006B61634D4F955345CA5D2 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
17:43:11.0116 7752 asmtxhci - ok
17:43:11.0160 7752 [ D7085CDD4B40B52E35C4A8325F206DDE ] ASO3DiskOptimizer C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
17:43:11.0163 7752 ASO3DiskOptimizer - ok
17:43:11.0236 7752 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:43:11.0237 7752 aspnet_state - ok
17:43:11.0353 7752 [ 1237FA2B567BB85DB46C62FE38E27EA2 ] Asset Management Daemon C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
17:43:11.0354 7752 Asset Management Daemon - ok
17:43:11.0408 7752 [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
17:43:11.0414 7752 AsSysCtrlService - ok
17:43:11.0421 7752 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
17:43:11.0422 7752 AsUpIO - ok
17:43:11.0447 7752 [ A4398A8914C32F18EC2AB562CBA3CAAF ] asusgsb C:\Windows\system32\drivers\asusgsb.sys
17:43:11.0471 7752 asusgsb - ok
17:43:11.0644 7752 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:43:11.0645 7752 aswFsBlk - ok
17:43:11.0684 7752 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
17:43:11.0684 7752 aswKbd - ok
17:43:11.0721 7752 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:43:11.0722 7752 aswMonFlt - ok
17:43:11.0741 7752 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
17:43:11.0742 7752 aswRdr - ok
17:43:11.0924 7752 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:43:11.0928 7752 aswSnx - ok
17:43:12.0012 7752 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:43:12.0013 7752 aswSP - ok
17:43:12.0074 7752 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:43:12.0074 7752 aswTdi - ok
17:43:12.0115 7752 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:43:12.0228 7752 AsyncMac - ok
17:43:12.0286 7752 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:43:12.0287 7752 atapi - ok
17:43:12.0323 7752 [ FB4187C282CB467E5E606913A1FA79A3 ] atkdisplf C:\Windows\system32\drivers\ATKDispLowFilter.sys
17:43:12.0330 7752 atkdisplf - ok
17:43:12.0362 7752 [ 86D873FD396FA6708A99A1BDF104D120 ] ATKFUSService C:\Windows\system32\ATKFUSService.exe
17:43:12.0370 7752 ATKFUSService - ok
17:43:12.0501 7752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:43:12.0517 7752 AudioEndpointBuilder - ok
17:43:12.0550 7752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:43:12.0553 7752 AudioSrv - ok
17:43:12.0812 7752 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:43:12.0813 7752 avast! Antivirus - ok
17:43:12.0831 7752 [ 3EF6DE560CD2441FC0A149C83C5A5C65 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:43:12.0838 7752 AxInstSV - ok
17:43:12.0893 7752 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:43:12.0902 7752 b06bdrv - ok
17:43:12.0919 7752 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:43:12.0933 7752 b57nd60a - ok
17:43:12.0965 7752 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:43:12.0974 7752 BDESVC - ok
17:43:12.0996 7752 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:43:13.0008 7752 Beep - ok
17:43:13.0116 7752 [ E45C272A55560A182A1CB3277333580D ] BFE C:\Windows\System32\bfe.dll
17:43:13.0125 7752 BFE - ok
17:43:13.0205 7752 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:43:13.0210 7752 BITS - ok
17:43:13.0212 7752 BlackBox - ok
17:43:13.0221 7752 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:43:13.0227 7752 blbdrive - ok
17:43:13.0245 7752 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:43:13.0254 7752 bowser - ok
17:43:13.0270 7752 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:43:13.0282 7752 BrFiltLo - ok
17:43:13.0302 7752 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:43:13.0312 7752 BrFiltUp - ok
17:43:13.0333 7752 [ 2DAF3AA72B540FE9FEDFDCF1DECD82F1 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:43:13.0338 7752 BridgeMP - ok
17:43:13.0377 7752 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:43:13.0378 7752 Browser - ok
17:43:13.0424 7752 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:43:13.0429 7752 Brserid - ok
17:43:13.0443 7752 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:43:13.0455 7752 BrSerWdm - ok
17:43:13.0476 7752 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:43:13.0484 7752 BrUsbMdm - ok
17:43:13.0498 7752 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:43:13.0507 7752 BrUsbSer - ok
17:43:13.0544 7752 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
17:43:13.0551 7752 BthEnum - ok
17:43:13.0564 7752 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:43:13.0575 7752 BTHMODEM - ok
17:43:13.0610 7752 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:43:13.0611 7752 BthPan - ok
17:43:13.0707 7752 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
17:43:13.0715 7752 BTHPORT - ok
17:43:13.0739 7752 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:43:13.0754 7752 bthserv - ok
17:43:13.0808 7752 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
17:43:13.0820 7752 BTHUSB - ok
17:43:14.0057 7752 [ D86CCDB5759BDC61A49E96DF425573ED ] CachemanService C:\Programas (x64)\Cacheman\CachemanServ.exe
17:43:14.0058 7752 CachemanService - ok
17:43:14.0076 7752 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:43:14.0084 7752 cdfs - ok
17:43:14.0107 7752 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:43:14.0115 7752 cdrom - ok
17:43:14.0150 7752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:43:14.0151 7752 CertPropSvc - ok
17:43:14.0395 7752 [ 2DAFA8B9401D47B4FBBF479C9A7D86D1 ] cFosSpeed C:\Windows\system32\DRIVERS\cfosspeed6.sys
17:43:14.0412 7752 cFosSpeed - ok
17:43:14.0559 7752 [ A3456D292323B098A222C54D854518D8 ] cFosSpeedS C:\Programas (x64)\cFosSpeed\spd.exe
17:43:14.0572 7752 cFosSpeedS - ok
17:43:15.0055 7752 [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
17:43:15.0085 7752 CGVPNCliSrvc - ok
17:43:15.0107 7752 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:43:15.0127 7752 circlass - ok
17:43:15.0183 7752 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:43:15.0192 7752 CLFS - ok
17:43:15.0365 7752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:43:15.0373 7752 clr_optimization_v2.0.50727_32 - ok
17:43:15.0434 7752 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:43:15.0443 7752 clr_optimization_v2.0.50727_64 - ok
17:43:15.0563 7752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:43:15.0573 7752 clr_optimization_v4.0.30319_32 - ok
17:43:15.0705 7752 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:43:15.0718 7752 clr_optimization_v4.0.30319_64 - ok
17:43:15.0736 7752 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
17:43:15.0747 7752 CmBatt - ok
17:43:15.0765 7752 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:43:15.0771 7752 cmdide - ok
17:43:16.0064 7752 [ D50B14C87DDD0068BFF6F103A7A0FFEE ] CNG C:\Windows\system32\Drivers\cng.sys
17:43:16.0084 7752 CNG - ok
17:43:16.0141 7752 [ F38ACFF40E9EDC2B3476EDD724CEA4A0 ] COMMONFX C:\Windows\system32\drivers\COMMONFX.SYS
17:43:16.0151 7752 COMMONFX - ok
17:43:16.0153 7752 COMMONFX.DLL - ok
17:43:16.0164 7752 [ F38ACFF40E9EDC2B3476EDD724CEA4A0 ] COMMONFX.SYS C:\Windows\System32\drivers\COMMONFX.SYS
17:43:16.0165 7752 COMMONFX.SYS - ok
17:43:16.0189 7752 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:43:16.0203 7752 Compbatt - ok
17:43:16.0221 7752 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:43:16.0233 7752 CompositeBus - ok
17:43:16.0235 7752 COMSysApp - ok
17:43:16.0417 7752 [ F4FD82F5D6617A45CC3C4B9D4E7DF2C0 ] CPUCooLServer C:\Programas (x64)\CPUCooL\CooLSrv.exe
17:43:16.0433 7752 CPUCooLServer - ok
17:43:16.0574 7752 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
17:43:16.0574 7752 cpudrv64 - ok
17:43:16.0576 7752 cpuz134 - ok
17:43:16.0615 7752 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
17:43:16.0615 7752 cpuz135 - ok
17:43:16.0636 7752 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:43:16.0642 7752 crcdisk - ok
17:43:16.0712 7752 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
17:43:16.0713 7752 Creative ALchemy AL6 Licensing Service - ok
17:43:16.0729 7752 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:43:16.0729 7752 Creative Audio Engine Licensing Service - ok
17:43:16.0773 7752 [ 7E7D2DACF65D750D466F36BD3D09AE20 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:43:16.0786 7752 CryptSvc - ok
17:43:16.0845 7752 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:43:16.0853 7752 CSC - ok
17:43:16.0925 7752 [ 296F9CAC723A88591C57F950DBC1CF3B ] CscService C:\Windows\System32\cscsvc.dll
17:43:16.0928 7752 CscService - ok
17:43:16.0942 7752 [ 01BBD5CB85423B12E445209D243A49A9 ] CT20XUT.DLL C:\Windows\system32\CT20XUT.DLL
17:43:16.0945 7752 CT20XUT.DLL - ok
17:43:16.0969 7752 [ 095C566746217CD1482EDE40A70D87D2 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
17:43:16.0975 7752 ctac32k - ok
17:43:17.0004 7752 [ 157E2196FCCD002A2EDF3B06DF7B0C9A ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
17:43:17.0012 7752 ctaud2k - ok
17:43:17.0033 7752 [ 17979EE857E930CBFDF24A12E89D77A1 ] CTAUDFX C:\Windows\system32\drivers\CTAUDFX.SYS
17:43:17.0039 7752 CTAUDFX - ok
17:43:17.0042 7752 CTAUDFX.DLL - ok
17:43:17.0055 7752 [ 17979EE857E930CBFDF24A12E89D77A1 ] CTAUDFX.SYS C:\Windows\System32\drivers\CTAUDFX.SYS
17:43:17.0058 7752 CTAUDFX.SYS - ok
17:43:17.0088 7752 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:43:17.0089 7752 CTAudSvcService - ok
17:43:17.0100 7752 [ 06300545BEDF49B6A51FDFE1861F9CAF ] CTEAPSFX.DLL C:\Windows\system32\CTEAPSFX.DLL
17:43:17.0103 7752 CTEAPSFX.DLL - ok
17:43:17.0119 7752 [ 2D902F8EC247F0ED0D458CDCAF786544 ] CTEDSPFX.DLL C:\Windows\system32\CTEDSPFX.DLL
17:43:17.0122 7752 CTEDSPFX.DLL - ok
17:43:17.0156 7752 [ 0D3F99CDA2BEA14E4911A698441F1A29 ] CTEDSPIO.DLL C:\Windows\system32\CTEDSPIO.DLL
17:43:17.0159 7752 CTEDSPIO.DLL - ok
17:43:17.0188 7752 [ 9D26AA450AC1CAADDE25F1621BA89842 ] CTEDSPSY.DLL C:\Windows\system32\CTEDSPSY.DLL
17:43:17.0192 7752 CTEDSPSY.DLL - ok
17:43:17.0224 7752 [ FE3EAE37536C02D087E5C5D339663779 ] CTERFXFX C:\Windows\system32\drivers\CTERFXFX.SYS
17:43:17.0230 7752 CTERFXFX - ok
17:43:17.0232 7752 CTERFXFX.DLL - ok
17:43:17.0295 7752 [ FE3EAE37536C02D087E5C5D339663779 ] CTERFXFX.SYS C:\Windows\System32\drivers\CTERFXFX.SYS
17:43:17.0296 7752 CTERFXFX.SYS - ok
17:43:17.0496 7752 [ FA6DCA331835997D2F7C83B9AAABC4BB ] CTEXFIFX.DLL C:\Windows\system32\CTEXFIFX.DLL
17:43:17.0544 7752 CTEXFIFX.DLL - ok
17:43:17.0596 7752 [ 9951089900A003CDE62EC7B6EE66A316 ] ctgame C:\Windows\system32\DRIVERS\ctgame.sys
17:43:17.0629 7752 ctgame - ok
17:43:17.0647 7752 [ 9E6A0A3CA3825BB568D42F5F3CB09453 ] CTHWIUT.DLL C:\Windows\system32\CTHWIUT.DLL
17:43:17.0659 7752 CTHWIUT.DLL - ok
17:43:17.0672 7752 [ 4E4FDAB4A7CF5AF56E3FA1FE35E8AD3C ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
17:43:17.0673 7752 ctprxy2k - ok
17:43:17.0772 7752 [ 4A7DE2E30B2B9253933A157401EC76D5 ] CTSBLFX C:\Windows\system32\drivers\CTSBLFX.SYS
17:43:17.0799 7752 CTSBLFX - ok
17:43:17.0801 7752 CTSBLFX.DLL - ok
17:43:17.0831 7752 [ 4A7DE2E30B2B9253933A157401EC76D5 ] CTSBLFX.SYS C:\Windows\System32\drivers\CTSBLFX.SYS
17:43:17.0834 7752 CTSBLFX.SYS - ok
17:43:17.0994 7752 [ 065ADE032A044D518AB1407D3586B7D5 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
17:43:18.0001 7752 ctsfm2k - ok
17:43:18.0041 7752 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
17:43:18.0046 7752 dc3d - ok
17:43:18.0211 7752 [ 225EFEE8960E554F3AB9A4A91790C039 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:43:18.0215 7752 DcomLaunch - ok
17:43:18.0290 7752 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:43:18.0301 7752 defragsvc - ok
17:43:18.0319 7752 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:43:18.0327 7752 DfsC - ok
17:43:18.0394 7752 [ 3F221A7E3123773EE8F1DB200CDDB39E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:43:18.0409 7752 Dhcp - ok
17:43:18.0430 7752 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:43:18.0430 7752 discache - ok
17:43:18.0444 7752 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:43:18.0452 7752 Disk - ok
17:43:18.0834 7752 [ C3EB9C4143E56B52C2CE4580E42BE459 ] Diskeeper C:\Programas (x64)\Diskeeper Corporation\Diskeeper\DkService.exe
17:43:18.0859 7752 Diskeeper - ok
17:43:18.0872 7752 [ 20C394C80113D77406DF8F1ADC720B01 ] DKRtWrt C:\Windows\system32\DRIVERS\DKRtWrt.sys
17:43:18.0877 7752 DKRtWrt - ok
17:43:18.0891 7752 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
17:43:18.0898 7752 dmvsc - ok
17:43:18.0955 7752 [ A06098E823EE2E63D42691C0D7BCDE46 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:43:18.0963 7752 Dnscache - ok
17:43:18.0999 7752 [ DD5038774EDF647E0D9F4220B1ADE6FC ] dot3svc C:\Windows\System32\dot3svc.dll
17:43:19.0012 7752 dot3svc - ok
17:43:19.0043 7752 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:43:19.0053 7752 DPS - ok
17:43:19.0086 7752 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:43:19.0086 7752 drmkaud - ok
17:43:19.0366 7752 [ 2A444AE3C62FA19B20C0214C6E034FDD ] DTSRVC C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
17:43:19.0367 7752 DTSRVC - ok
17:43:19.0464 7752 [ 81048DC54E2A00BC4FD77DBFFEE94053 ] DUMeterDrv C:\Programas (x64)\DU Meter\DUMETR64.SYS
17:43:19.0464 7752 DUMeterDrv - ok
17:43:19.0466 7752 DUMeterSvc - ok
17:43:19.0545 7752 [ A4F408AD1065C7AD2ED332C68025B435 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:43:19.0559 7752 DXGKrnl - ok
17:43:19.0562 7752 DynCal - ok
17:43:19.0584 7752 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:43:19.0594 7752 EapHost - ok
17:43:19.0996 7752 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:43:20.0036 7752 ebdrv - ok
17:43:20.0208 7752 [ BDC2F3E174229D5F15F007202C939E20 ] EBOOSTRSVC C:\Programas (x64)\eBoostr\EBstrSvc.exe
17:43:20.0229 7752 EBOOSTRSVC - ok
17:43:20.0278 7752 [ 77119F1F9B492B260030C34F9BE327FA ] EFS C:\Windows\System32\lsass.exe
17:43:20.0279 7752 EFS - ok
17:43:20.0484 7752 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:43:20.0487 7752 ehRecvr - ok
17:43:20.0520 7752 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:43:20.0521 7752 ehSched - ok
17:43:20.0544 7752 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
17:43:20.0544 7752 EIO64 - ok
17:43:20.0606 7752 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
17:43:20.0606 7752 ElbyCDIO - ok
17:43:20.0696 7752 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:43:20.0698 7752 elxstor - ok
17:43:20.0741 7752 [ F380FF5D6D80CECC6DBBC15569757613 ] emupia C:\Windows\system32\drivers\emupia2k.sys
17:43:20.0742 7752 emupia - ok
17:43:20.0764 7752 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:43:20.0765 7752 ErrDev - ok
17:43:20.0851 7752 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:43:20.0853 7752 EventSystem - ok
17:43:20.0911 7752 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:43:20.0913 7752 exfat - ok
17:43:20.0944 7752 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:43:20.0959 7752 fastfat - ok
17:43:21.0003 7752 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:43:21.0015 7752 Fax - ok
17:43:21.0029 7752 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:43:21.0031 7752 fdc - ok
17:43:21.0052 7752 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:43:21.0063 7752 fdPHost - ok
17:43:21.0075 7752 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:43:21.0080 7752 FDResPub - ok
17:43:21.0100 7752 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:43:21.0101 7752 FileInfo - ok
17:43:21.0132 7752 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:43:21.0132 7752 Filetrace - ok
17:43:21.0203 7752 [ B84D31AC5AE8372CE60204920E8F98E2 ] FirebirdGuardianDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
17:43:21.0203 7752 FirebirdGuardianDefaultInstance - ok
17:43:21.0565 7752 [ E83398B97959086265B7FEE2BFAF1343 ] FirebirdServerDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
17:43:21.0575 7752 FirebirdServerDefaultInstance - ok
17:43:21.0586 7752 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:43:21.0587 7752 flpydisk - ok
17:43:21.0655 7752 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:43:21.0657 7752 FltMgr - ok
17:43:21.0696 7752 [ E94E042BC24BB301767A8125D529B705 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
17:43:21.0697 7752 fltsrv - ok
17:43:21.0833 7752 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:43:21.0846 7752 FontCache - ok
17:43:22.0172 7752 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:43:22.0183 7752 FontCache3.0.0.0 - ok
17:43:22.0272 7752 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:43:22.0282 7752 FsDepends - ok
17:43:22.0345 7752 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:43:22.0472 7752 fssfltr - ok
17:43:23.0098 7752 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:43:23.0132 7752 fsssvc - ok
17:43:23.0208 7752 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:43:23.0208 7752 Fs_Rec - ok
17:43:23.0296 7752 [ A33BCF3FAB19DB7D0B501036722F311B ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
17:43:23.0297 7752 Futuremark SystemInfo Service - ok
17:43:23.0343 7752 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:43:23.0344 7752 fvevol - ok
17:43:23.0410 7752 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:43:23.0417 7752 gagp30kx - ok
17:43:23.0836 7752 [ 31B9B4005253B64F0684BA55D3FF1D81 ] GJService C:\Programas (x64)\SlySoft\Game Jackal v4\Server.exe
17:43:23.0855 7752 GJService - ok
17:43:23.0951 7752 [ 0D4D07D7F7D231518D7576CA81CC12D8 ] gpsvc C:\Windows\System32\gpsvc.dll
17:43:23.0954 7752 gpsvc - ok
17:43:24.0055 7752 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:43:24.0056 7752 gupdate - ok
17:43:24.0066 7752 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:43:24.0066 7752 gupdatem - ok
17:43:24.0120 7752 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:43:24.0121 7752 gusvc - ok
17:43:24.0123 7752 gwiopm - ok
17:43:24.0325 7752 [ 82B68F585110AE8500A6D23623AE1F74 ] ha10kx2k C:\Windows\system32\drivers\ha10kx2k.sys
17:43:24.0338 7752 ha10kx2k - ok
17:43:24.0373 7752 [ 83F647F9ACE9192556F758E528024F68 ] hap16v2k C:\Windows\system32\drivers\hap16v2k.sys
17:43:24.0381 7752 hap16v2k - ok
17:43:24.0430 7752 [ E815D29361DE89D24C8DBE3E5A7006C9 ] hap17v2k C:\Windows\system32\drivers\hap17v2k.sys
17:43:24.0444 7752 hap17v2k - ok
17:43:24.0479 7752 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\Windows\system32\drivers\hcmon.sys
17:43:24.0479 7752 hcmon - ok
17:43:24.0513 7752 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:43:24.0520 7752 hcw85cir - ok
17:43:24.0616 7752 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:43:24.0620 7752 HdAudAddService - ok
17:43:24.0636 7752 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:43:24.0637 7752 HDAudBus - ok
17:43:24.0660 7752 [ 6C9C52F6E9C05C59A603134B27AAE33A ] HDDSvc C:\Program Files (x86)\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
17:43:24.0665 7752 HDDSvc - ok
17:43:24.0671 7752 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:43:24.0672 7752 HidBatt - ok
17:43:24.0687 7752 [ FDF5EAD19FD8B2D0C50A9CCDD7836F9E ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:43:24.0687 7752 HidBth - ok
17:43:24.0695 7752 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:43:24.0695 7752 HidIr - ok
17:43:24.0708 7752 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:43:24.0709 7752 hidserv - ok
17:43:24.0722 7752 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:43:24.0723 7752 HidUsb - ok
17:43:24.0749 7752 [ C6FF685E2EA55C3AC5C90B9E7D6930C0 ] hitmanpro35 C:\Windows\system32\drivers\hitmanpro36.sys
17:43:24.0749 7752 hitmanpro35 - ok
17:43:24.0771 7752 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:43:24.0776 7752 hkmsvc - ok
17:43:24.0801 7752 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:43:24.0804 7752 HomeGroupListener - ok
17:43:24.0819 7752 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:43:24.0821 7752 HomeGroupProvider - ok
17:43:24.0837 7752 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:43:24.0838 7752 HpSAMD - ok
17:43:25.0105 7752 [ 1664905CC1F7F176F8A592720D9629B9 ] hshld C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
17:43:25.0122 7752 hshld - ok
17:43:25.0288 7752 [ F01ED33CD4242EDC81E5DE532571F47F ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
17:43:25.0290 7752 HssSrv - ok
17:43:25.0354 7752 [ 8B20915B82ACFE7108C3BFA45C0383AE ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
17:43:25.0355 7752 HssTrayService - ok
17:43:25.0495 7752 [ 35E91DF99B8CEAA477E0AB86052475D6 ] HssWd C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
17:43:25.0496 7752 HssWd - ok
17:43:25.0600 7752 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:43:25.0603 7752 HTTP - ok
17:43:25.0679 7752 [ 868AF15E84EF5B4B1564A965770E1C76 ] HWiNFO32 C:\Programas (x64)\HWiNFO64\HWiNFO64A.SYS
17:43:25.0680 7752 HWiNFO32 - ok
17:43:25.0696 7752 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:43:25.0696 7752 hwpolicy - ok
17:43:25.0714 7752 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:43:25.0715 7752 i8042prt - ok
17:43:25.0788 7752 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:43:25.0790 7752 iaStorV - ok
17:43:25.0834 7752 [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT C:\Windows\system32\DRIVERS\ICCWDT.sys
17:43:25.0835 7752 ICCWDT - ok
17:43:25.0898 7752 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:43:25.0899 7752 IDriverT - ok
17:43:26.0057 7752 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:43:26.0061 7752 idsvc - ok
17:43:26.0085 7752 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:43:26.0085 7752 iirsp - ok
17:43:26.0169 7752 [ 9DCF805EFC6F4AE9E20356830D436469 ] IKEEXT C:\Windows\System32\ikeext.dll
17:43:26.0173 7752 IKEEXT - ok
17:43:26.0722 7752 [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:43:26.0759 7752 IntcAzAudAddService - ok
17:43:26.0796 7752 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:43:26.0809 7752 intelide - ok
17:43:26.0832 7752 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:43:26.0842 7752 intelppm - ok
17:43:27.0000 7752 [ 9160D7B5CFA88697179C039BC852A945 ] IOCBIOS C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys
17:43:27.0000 7752 IOCBIOS - ok
17:43:27.0023 7752 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:43:27.0031 7752 IPBusEnum - ok
17:43:27.0053 7752 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:43:27.0065 7752 IpFilterDriver - ok
17:43:27.0205 7752 [ 4261F21A202746AC207CA9AA863D9FD4 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:43:27.0218 7752 iphlpsvc - ok
17:43:27.0245 7752 [ E277572E61604D174CFBCFCCEAFA9591 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:43:27.0261 7752 IPMIDRV - ok
17:43:27.0284 7752 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:43:27.0293 7752 IPNAT - ok
17:43:27.0385 7752 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:43:27.0400 7752 IRENUM - ok
17:43:27.0425 7752 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:43:27.0439 7752 isapnp - ok
17:43:27.0510 7752 [ 73C4B7300B1D3C518BF3286D7102A3A5 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:43:27.0525 7752 iScsiPrt - ok
17:43:27.0597 7752 [ 9C6F3F69163133FB8E56AC4A6E163452 ] ISODrive C:\Programas (x64)\UltraISO\drivers\ISODrv64.sys
17:43:27.0598 7752 ISODrive - ok
17:43:27.0616 7752 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:43:27.0628 7752 kbdclass - ok
17:43:27.0645 7752 [ A935432429948DC39F4C3B03031BB100 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:43:27.0658 7752 kbdhid - ok
17:43:27.0678 7752 [ 77119F1F9B492B260030C34F9BE327FA ] KeyIso C:\Windows\system32\lsass.exe
17:43:27.0680 7752 KeyIso - ok
17:43:27.0842 7752 [ 1280F9C845666C3DC97315CEEB428C20 ] KinectManagement C:\Program Files\Microsoft SDKs\Kinect\v1.0 Beta2\Service\KinectManagementService.exe
17:43:27.0859 7752 KinectManagement - ok
17:43:27.0923 7752 [ E2A74E21F4362A36C5610CAE4FA0B3F7 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:43:27.0934 7752 KSecDD - ok
17:43:27.0969 7752 [ 2D466699839F92FD5B5BFF734A391291 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:43:27.0976 7752 KSecPkg - ok
17:43:28.0000 7752 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:43:28.0001 7752 ksthunk - ok
17:43:28.0096 7752 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:43:28.0099 7752 KtmRm - ok
17:43:28.0172 7752 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:43:28.0175 7752 LanmanServer - ok
17:43:28.0221 7752 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:43:28.0224 7752 LanmanWorkstation - ok
17:43:28.0246 7752 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:43:28.0247 7752 lltdio - ok
17:43:28.0320 7752 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:43:28.0322 7752 lltdsvc - ok
17:43:28.0443 7752 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:43:28.0444 7752 lmhosts - ok
17:43:28.0492 7752 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:43:28.0493 7752 LSI_FC - ok
17:43:28.0509 7752 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:43:28.0509 7752 LSI_SAS - ok
17:43:28.0615 7752 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:43:28.0615 7752 LSI_SAS2 - ok
17:43:28.0682 7752 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:43:28.0682 7752 LSI_SCSI - ok
17:43:28.0704 7752 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:43:28.0741 7752 luafv - ok
17:43:28.0781 7752 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys
17:43:28.0829 7752 ManyCam - ok
17:43:28.0876 7752 [ F2AE2C6B72F272AE696E22D6A9F1DAFC ] Maplom C:\Windows\system32\drivers\Maplom.sys
17:43:28.0908 7752 Maplom - ok
17:43:28.0936 7752 [ 405460F392DE8311C1FCC65DA77ED4AB ] MaplomL C:\Windows\system32\drivers\MaplomL.sys
17:43:28.0946 7752 MaplomL - ok
17:43:28.0980 7752 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:43:28.0981 7752 MBAMProtector - ok
17:43:29.0132 7752 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programas (x64)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:43:29.0144 7752 MBAMScheduler - ok
17:43:29.0289 7752 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programas (x64)\Malwarebytes' Anti-Malware\mbamservice.exe
17:43:29.0299 7752 MBAMService - ok
17:43:29.0364 7752 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
17:43:29.0375 7752 mcdbus - ok
17:43:29.0430 7752 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:43:29.0446 7752 Mcx2Svc - ok
17:43:29.0471 7752 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:43:29.0472 7752 megasas - ok
17:43:29.0527 7752 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:43:29.0540 7752 MegaSR - ok
17:43:29.0746 7752 Microsoft SharePoint Workspace Audit Service - ok
17:43:29.0788 7752 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:43:29.0789 7752 MMCSS - ok
17:43:29.0815 7752 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:43:29.0827 7752 Modem - ok
17:43:29.0849 7752 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:43:29.0861 7752 monitor - ok
17:43:29.0898 7752 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:43:29.0913 7752 mouclass - ok
17:43:29.0929 7752 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:43:29.0940 7752 mouhid - ok
17:43:29.0964 7752 [ 8F23520AC943335FA7A6A910EB0A929A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:43:29.0981 7752 mountmgr - ok
17:43:30.0042 7752 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:43:30.0052 7752 MozillaMaintenance - ok
17:43:30.0106 7752 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:43:30.0121 7752 MpFilter - ok
17:43:30.0169 7752 [ 4A73C2225A03CA3B202E1220B67FB157 ] mpio C:\Windows\system32\drivers\mpio.sys
17:43:30.0183 7752 mpio - ok
17:43:30.0200 7752 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:43:30.0216 7752 mpsdrv - ok
17:43:30.0354 7752 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:43:30.0358 7752 MpsSvc - ok
17:43:30.0389 7752 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:43:30.0390 7752 MRxDAV - ok
17:43:30.0427 7752 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:43:30.0428 7752 mrxsmb - ok
17:43:30.0506 7752 [ 7C95D3C4E3DA5289CE94E408DDC42E0D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:43:30.0507 7752 mrxsmb10 - ok
17:43:30.0529 7752 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:43:30.0538 7752 mrxsmb20 - ok
17:43:30.0549 7752 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:43:30.0550 7752 msahci - ok
17:43:30.0559 7752 [ 4F42C9CE2BD3444B1B98593A2DFBC547 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:43:30.0561 7752 msdsm - ok
17:43:30.0577 7752 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:43:30.0580 7752 MSDTC - ok
17:43:30.0592 7752 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:43:30.0593 7752 Msfs - ok
17:43:30.0616 7752 [ 7DB54C30F684D591F42CC966EE6BA6A3 ] MsgPlusDriver C:\Windows\system32\DRIVERS\MsgPlusDriver.sys
17:43:30.0618 7752 MsgPlusDriver - ok
17:43:30.0633 7752 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:43:30.0634 7752 mshidkmdf - ok
17:43:30.0645 7752 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:43:30.0646 7752 msisadrv - ok
17:43:30.0670 7752 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:43:30.0673 7752 MSiSCSI - ok
17:43:30.0676 7752 msiserver - ok
17:43:30.0690 7752 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:43:30.0691 7752 MSKSSRV - ok
17:43:30.0720 7752 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:43:30.0721 7752 MsMpSvc - ok
17:43:30.0735 7752 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:43:30.0736 7752 MSPCLOCK - ok
17:43:30.0749 7752 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:43:30.0749 7752 MSPQM - ok
17:43:30.0766 7752 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:43:30.0769 7752 MsRPC - ok
17:43:30.0809 7752 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:43:30.0819 7752 mssmbios - ok
17:43:30.0829 7752 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:43:30.0842 7752 MSTEE - ok
17:43:30.0863 7752 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:43:30.0871 7752 MTConfig - ok
17:43:30.0896 7752 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:43:30.0908 7752 Mup - ok
17:43:30.0996 7752 [ BEF18AD7B37A640922260086F775CA63 ] namehelp C:\Programas (x64)\Aqualab\namehelp\nssm.exe
17:43:31.0008 7752 namehelp - ok
17:43:31.0084 7752 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:43:31.0088 7752 napagent - ok
17:43:31.0132 7752 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:43:31.0145 7752 NativeWifiP - ok
17:43:31.0292 7752 [ 5E74508FCB5820B29EEAFE24E6035BCF ] NDIS C:\Windows\system32\drivers\ndis.sys
17:43:31.0296 7752 NDIS - ok
17:43:31.0308 7752 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:43:31.0318 7752 NdisCap - ok
17:43:31.0348 7752 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:43:31.0359 7752 NdisTapi - ok
17:43:31.0384 7752 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:43:31.0399 7752 Ndisuio - ok
17:43:31.0446 7752 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:43:31.0455 7752 NdisWan - ok
17:43:31.0475 7752 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:43:31.0492 7752 NDProxy - ok
17:43:31.0511 7752 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:43:31.0521 7752 NetBIOS - ok
17:43:31.0561 7752 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:43:31.0562 7752 NetBT - ok
17:43:31.0586 7752 [ 77119F1F9B492B260030C34F9BE327FA ] Netlogon C:\Windows\system32\lsass.exe
17:43:31.0588 7752 Netlogon - ok
17:43:31.0687 7752 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:43:31.0690 7752 Netman - ok
17:43:31.0790 7752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:43:31.0795 7752 NetMsmqActivator - ok
17:43:31.0808 7752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:43:31.0809 7752 NetPipeActivator - ok
17:43:31.0854 7752 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:43:31.0870 7752 netprofm - ok
17:43:31.0879 7752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:43:31.0879 7752 NetTcpActivator - ok
17:43:31.0887 7752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:43:31.0888 7752 NetTcpPortSharing - ok
17:43:31.0908 7752 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:43:31.0919 7752 nfrd960 - ok
17:43:31.0960 7752 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:43:31.0961 7752 NisDrv - ok
17:43:32.0042 7752 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
17:43:32.0052 7752 NisSrv - ok
17:43:32.0144 7752 [ 2BF56772E15F53B0565175940E65E356 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:43:32.0162 7752 NlaSvc - ok
17:43:32.0200 7752 [ F554C5FD7BD1EFA4DA5CFE2EED86391F ] nm3 C:\Windows\system32\DRIVERS\nm3.sys
17:43:32.0223 7752 nm3 - ok
17:43:32.0265 7752 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
17:43:32.0293 7752 nmwcd - ok
17:43:32.0338 7752 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
17:43:32.0346 7752 nmwcdc - ok
17:43:32.0390 7752 [ 697CA586209E022D15DD0C838B235D6A ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys
17:43:32.0406 7752 nmwcdnsucx64 - ok
17:43:32.0425 7752 [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
17:43:32.0452 7752 nmwcdnsux64 - ok
17:43:32.0479 7752 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:43:32.0487 7752 Npfs - ok
17:43:32.0519 7752 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:43:32.0530 7752 nsi - ok
17:43:32.0559 7752 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:43:32.0560 7752 nsiproxy - ok
17:43:32.0883 7752 [ B2746D84DDF68D09B41B72DF745CCBA6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:43:32.0890 7752 Ntfs - ok
17:43:32.0893 7752 ntiomin - ok
17:43:32.0943 7752 [ 69E894C5A09C6A6E6372E35653BB05F3 ] ntiopnp C:\Windows\system32\drivers\ntiopnp.sys
17:43:32.0953 7752 ntiopnp - ok
17:43:33.0014 7752 nTuneService - ok
17:43:33.0038 7752 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:43:33.0053 7752 Null - ok
17:43:33.0102 7752 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:43:33.0112 7752 NVHDA - ok
17:43:35.0180 7752 [ CC1EFEA1F0AB17E59BD4B5BAFF3E5CB0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:43:35.0330 7752 nvlddmkm - ok
17:43:35.0374 7752 [ 8C1D181480796D7D3366A9381FD7782D ] nvoclk64 C:\Windows\system32\DRIVERS\nvoclk64.sys
17:43:35.0386 7752 nvoclk64 - ok
17:43:35.0411 7752 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:43:35.0413 7752 nvraid - ok
17:43:35.0470 7752 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:43:35.0472 7752 nvstor - ok
17:43:35.0593 7752 [ 39F933CA2798156B0B7A19D104B73B9A ] nvsvc C:\Windows\system32\nvvsvc.exe
17:43:35.0605 7752 nvsvc - ok
17:43:36.0070 7752 [ 4E5C5D88EB0A8D21824D5A3EB7327E69 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:43:36.0101 7752 nvUpdatusService - ok
17:43:36.0111 7752 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:43:36.0157 7752 nv_agp - ok
17:43:36.0179 7752 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:43:36.0198 7752 ohci1394 - ok
17:43:36.0341 7752 [ 0955DBBAD35118EE334BDD74916DC089 ] OpenVPNService C:\Programas (x64)\OpenVPN\bin\openvpnserv.exe
17:43:36.0350 7752 OpenVPNService - ok
17:43:36.0460 7752 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:43:36.0487 7752 ose64 - ok
17:43:37.0388 7752 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:43:37.0449 7752 osppsvc - ok
17:43:37.0506 7752 [ 85EA378116E2C4385993BA5124536FFC ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
17:43:37.0512 7752 ossrv - ok
17:43:37.0621 7752 [ 8830D42427D05B15B032108EBBDBD289 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:43:37.0624 7752 p2pimsvc - ok
17:43:37.0718 7752 [ 5B7BADED6943AA6F4B6C1ABA5FCCB25F ] p2psvc C:\Windows\system32\p2psvc.dll
17:43:37.0721 7752 p2psvc - ok
17:43:37.0773 7752 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:43:37.0774 7752 Parport - ok
17:43:37.0777 7752 Partizan - ok
17:43:37.0823 7752 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:43:37.0824 7752 partmgr - ok
17:43:37.0863 7752 [ 00D526170A0EA4555F0618AF19274574 ] Passwdrenew C:\Windows\system32\rnpasswd.exe
17:43:37.0865 7752 Passwdrenew - ok
17:43:37.0899 7752 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:43:37.0910 7752 PcaSvc - ok
17:43:37.0947 7752 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:43:37.0960 7752 pccsmcfd - ok
17:43:38.0006 7752 [ 9383EF799098529165CAB34B733C22ED ] pci C:\Windows\system32\drivers\pci.sys
17:43:38.0008 7752 pci - ok
17:43:38.0020 7752 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:43:38.0021 7752 pciide - ok
17:43:38.0037 7752 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:43:38.0040 7752 pcmcia - ok
17:43:38.0065 7752 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
17:43:38.0066 7752 pcouffin - ok
17:43:38.0073 7752 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:43:38.0075 7752 pcw - ok
17:43:38.0108 7752 [ CCEF81EBCEF2BCB44274D01360A31AAF ] PdiPorts C:\Windows\system32\DRIVERS\PdiPorts.sys
17:43:38.0108 7752 PdiPorts - ok
17:43:38.0244 7752 [ 43F969BAA4C4E517102D16D4B2DAF2C0 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
17:43:38.0245 7752 PdiService - ok
17:43:38.0267 7752 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:43:38.0273 7752 PEAUTH - ok
17:43:38.0448 7752 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:43:38.0455 7752 PeerDistSvc - ok
17:43:38.0570 7752 [ 657019754CAFD745EDE098D50859DDB0 ] perfexpose C:\Programas (x64)\CodeFromThe70s.org\Perfgraph\perfexpose.exe
17:43:38.0581 7752 perfexpose - ok
17:43:39.0059 7752 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:43:39.0061 7752 PerfHost - ok
17:43:39.0338 7752 [ 601E47C30CEA734CEE883D9A6FAA8032 ] pla C:\Windows\system32\pla.dll
17:43:39.0353 7752 pla - ok
17:43:39.0472 7752 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:43:39.0489 7752 PlugPlay - ok
17:43:39.0508 7752 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:43:39.0518 7752 PNRPAutoReg - ok
17:43:39.0572 7752 [ 8830D42427D05B15B032108EBBDBD289 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:43:39.0575 7752 PNRPsvc - ok
17:43:39.0601 7752 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
17:43:39.0613 7752 Point64 - ok
17:43:39.0704 7752 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:43:39.0714 7752 PolicyAgent - ok
17:43:39.0756 7752 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
17:43:39.0759 7752 Power - ok
17:43:39.0800 7752 [ 2679383C17C7A61C75347E496EEFC5DE ] PPJoyBus C:\Windows\system32\DRIVERS\PPJoyBus64.sys
17:43:39.0811 7752 PPJoyBus - ok
17:43:39.0847 7752 [ 21BAC8DDC2EE0962DCFD417FFFAF0BA2 ] PPortJoystick C:\Windows\system32\DRIVERS\PPortJoy64.sys
17:43:39.0847 7752 PPortJoystick - ok
17:43:39.0903 7752 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:43:39.0904 7752 PptpMiniport - ok
17:43:40.0162 7752 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:43:40.0163 7752 Processor - ok
17:43:40.0166 7752 PROCEXP151 - ok
17:43:40.0237 7752 [ 5CBC20E15923025997C2253A7DD5193F ] ProfSvc C:\Windows\system32\profsvc.dll
17:43:40.0240 7752 ProfSvc - ok
17:43:40.0420 7752 [ 77119F1F9B492B260030C34F9BE327FA ] ProtectedStorage C:\Windows\system32\lsass.exe
17:43:40.0422 7752 ProtectedStorage - ok
17:43:40.0504 7752 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:43:40.0505 7752 Psched - ok
17:43:40.0572 7752 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
17:43:40.0572 7752 PSI - ok
17:43:40.0825 7752 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:43:40.0846 7752 ql2300 - ok
17:43:40.0866 7752 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:43:40.0872 7752 ql40xx - ok
17:43:40.0917 7752 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:43:40.0926 7752 QWAVE - ok
17:43:40.0940 7752 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:43:40.0952 7752 QWAVEdrv - ok
17:43:41.0039 7752 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
17:43:41.0049 7752 RapiMgr - ok
17:43:41.0073 7752 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:43:41.0079 7752 RasAcd - ok
17:43:41.0119 7752 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:43:41.0134 7752 RasAgileVpn - ok
17:43:41.0161 7752 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:43:41.0173 7752 RasAuto - ok
17:43:41.0212 7752 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:43:41.0220 7752 Rasl2tp - ok
17:43:41.0290 7752 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:43:41.0303 7752 RasMan - ok
17:43:41.0329 7752 [ 77682DE44B334E6AAFCD0ED61FB7404F ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:43:41.0330 7752 RasPppoe - ok
17:43:41.0359 7752 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:43:41.0360 7752 RasSstp - ok
17:43:41.0391 7752 [ CB98D2472334DA666D97577A147E3144 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:43:41.0392 7752 rdbss - ok
17:43:41.0417 7752 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:43:41.0428 7752 rdpbus - ok
17:43:41.0445 7752 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:43:41.0446 7752 RDPCDD - ok
17:43:41.0481 7752 [ 9E53D41BD99BEB981180978C4AE0BDEB ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:43:41.0483 7752 RDPDR - ok
17:43:41.0488 7752 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:43:41.0489 7752 RDPENCDD - ok
17:43:41.0514 7752 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:43:41.0514 7752 RDPREFMP - ok
17:43:41.0567 7752 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:43:41.0578 7752 RdpVideoMiniport - ok
17:43:41.0646 7752 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:43:41.0661 7752 RDPWD - ok
17:43:41.0710 7752 [ A115F49BEA840A5F049BC6310F35F776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:43:41.0720 7752 rdyboost - ok
17:43:41.0763 7752 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:43:41.0770 7752 RemoteAccess - ok
17:43:41.0821 7752 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:43:41.0823 7752 RemoteRegistry - ok
17:43:41.0857 7752 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
17:43:41.0867 7752 Revoflt - ok
17:43:41.0920 7752 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:43:41.0936 7752 RFCOMM - ok
17:43:41.0952 7752 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
17:43:41.0966 7752 ROOTMODEM - ok
17:43:41.0988 7752 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:43:41.0999 7752 RpcEptMapper - ok
17:43:42.0058 7752 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:43:42.0059 7752 RpcLocator - ok
17:43:42.0178 7752 [ 225EFEE8960E554F3AB9A4A91790C039 ] RpcSs C:\Windows\system32\rpcss.dll
17:43:42.0182 7752 RpcSs - ok
17:43:42.0192 7752 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:43:42.0212 7752 rspndr - ok
17:43:42.0355 7752 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:43:42.0376 7752 RTL8167 - ok
17:43:42.0427 7752 [ E16B7C030A05EF649B18FAB0A93D871F ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
17:43:42.0452 7752 RtNdPt60 - ok
17:43:42.0474 7752 [ 1DE78F5008120CD79B34C12394DCD493 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
17:43:42.0475 7752 RTTEAMPT - ok
17:43:42.0496 7752 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
17:43:42.0497 7752 RTVLANPT - ok
17:43:42.0553 7752 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:43:42.0554 7752 s3cap - ok
17:43:42.0557 7752 SABDIFSV - ok
17:43:42.0560 7752 SABKUTIL - ok
17:43:42.0564 7752 SABProcEnum - ok
17:43:42.0656 7752 [ 738AE56909E7D1413ED3602493B0091F ] SABSVC C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
17:43:42.0656 7752 SABSVC - ok
17:43:42.0678 7752 [ 77119F1F9B492B260030C34F9BE327FA ] SamSs C:\Windows\system32\lsass.exe
17:43:42.0680 7752 SamSs - ok
17:43:42.0792 7752 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:43:42.0792 7752 SASDIFSV - ok
17:43:42.0812 7752 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:43:42.0812 7752 SASKUTIL - ok
17:43:42.0836 7752 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:43:42.0847 7752 sbp2port - ok
17:43:43.0064 7752 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Programas (x64)\Spybot - Search & Destroy\SDWinSec.exe
17:43:43.0079 7752 SBSDWSCService - ok
17:43:43.0134 7752 [ 38224FF66A734F973D10E1465AD4CB07 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:43:43.0149 7752 SCardSvr - ok
17:43:43.0186 7752 [ C81EB41E9FFC35560E5025891DC01A6E ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
17:43:43.0203 7752 SCDEmu - ok
17:43:43.0230 7752 [ CDF622EFC748F82EA9571138406871EA ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:43:43.0241 7752 scfilter - ok
17:43:43.0319 7752 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:43:43.0325 7752 Schedule - ok
17:43:43.0392 7752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:43:43.0393 7752 SCPolicySvc - ok
17:43:43.0452 7752 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:43:43.0456 7752 SDRSVC - ok
17:43:43.0476 7752 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:43:43.0485 7752 secdrv - ok
17:43:43.0521 7752 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:43:43.0536 7752 seclogon - ok
17:43:43.0806 7752 [ 6F499768267211309B01688CF1F0B9A2 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
17:43:43.0827 7752 Secunia PSI Agent - ok
17:43:43.0930 7752 [ 401B34E310E6BFBD9305C027A9AF23E5 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
17:43:43.0933 7752 Secunia Update Agent - ok
17:43:43.0954 7752 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:43:43.0956 7752 SENS - ok
17:43:43.0984 7752 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:43:43.0986 7752 SensrSvc - ok
17:43:44.0011 7752 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:43:44.0012 7752 Serenum - ok
17:43:44.0049 7752 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:43:44.0058 7752 Serial - ok
17:43:44.0082 7752 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:43:44.0082 7752 sermouse - ok
17:43:44.0303 7752 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
17:43:44.0305 7752 ServiceLayer - ok
17:43:44.0397 7752 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:43:44.0404 7752 SessionEnv - ok
17:43:44.0466 7752 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:43:44.0479 7752 sffdisk - ok
17:43:44.0499 7752 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:43:44.0514 7752 sffp_mmc - ok
17:43:44.0539 7752 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:43:44.0550 7752 sffp_sd - ok
17:43:44.0571 7752 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:43:44.0576 7752 sfloppy - ok
17:43:44.0679 7752 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:43:44.0684 7752 SharedAccess - ok
17:43:44.0743 7752 [ EA9092F3DB26EDC7199AB64C9EF0D2D7 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:43:44.0748 7752 ShellHWDetection - ok
17:43:44.0758 7752 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:43:44.0759 7752 SiSRaid2 - ok
17:43:44.0775 7752 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:43:44.0776 7752 SiSRaid4 - ok
17:43:44.0780 7752 slicedisk.sys - ok
17:43:44.0784 7752 SliceDisk5 - ok
17:43:44.0796 7752 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:43:44.0796 7752 Smb - ok
17:43:44.0825 7752 [ 3DA591BBAB178A3152B8685DC43B20CD ] smbusp C:\Windows\system32\DRIVERS\intelsmb.sys
17:43:44.0825 7752 smbusp - ok
17:43:44.0860 7752 [ BBFB94699C8C265A6AF5FD51BDE26DFC ] snapman C:\Windows\system32\DRIVERS\snapman.sys
17:43:44.0861 7752 snapman - ok
17:43:44.0873 7752 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:43:44.0876 7752 SNMPTRAP - ok
17:43:45.0739 7752 [ 2991256AE2669897978A7112B10D452D ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
17:43:45.0841 7752 SNPSTD3 - ok
17:43:46.0929 7752 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
17:43:46.0944 7752 speedfan - ok
17:43:46.0977 7752 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:43:46.0987 7752 spldr - ok
17:43:47.0095 7752 [ B9D7A4858CF32A6A15D2763F1DE47E0E ] Spooler C:\Windows\System32\spoolsv.exe
17:43:47.0110 7752 Spooler - ok
17:43:47.0548 7752 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:43:47.0589 7752 sppsvc - ok
17:43:47.0647 7752 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:43:47.0658 7752 sppuinotify - ok
17:43:47.0737 7752 [ DFC4E2081324E505CA479E473A78D893 ] sptd C:\Windows\System32\Drivers\sptd.sys
17:43:47.0746 7752 sptd - ok
17:43:47.0830 7752 [ 10586F14752ACE786AB120FF8BB6BDA4 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:43:47.0845 7752 srv - ok
17:43:47.0890 7752 [ E10010AC9A4E8D7676EC89700BB6A24C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:43:47.0906 7752 srv2 - ok
17:43:47.0973 7752 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:43:47.0990 7752 srvnet - ok
17:43:48.0067 7752 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:43:48.0070 7752 SSDPSRV - ok
17:43:48.0112 7752 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:43:48.0148 7752 SstpSvc - ok
17:43:48.0272 7752 [ 9BF7E58D9113CE15CF4F1E1B18CEFF83 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:43:48.0282 7752 Stereo Service - ok
17:43:48.0300 7752 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:43:48.0309 7752 stexstor - ok
17:43:48.0408 7752 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:43:48.0423 7752 stisvc - ok
17:43:48.0445 7752 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:43:48.0457 7752 storflt - ok
17:43:48.0475 7752 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:43:48.0484 7752 storvsc - ok
17:43:48.0513 7752 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:43:48.0526 7752 swenum - ok
17:43:48.0604 7752 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:43:48.0620 7752 swprv - ok
17:43:49.0542 7752 [ C14B5A2AB058B0B95F8FEA4798195ED5 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
17:43:49.0562 7752 syncagentsrv - ok
17:43:49.0583 7752 [ 96E6D1CDA59FD9FF53C3C474CFFF4A55 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
17:43:49.0598 7752 Synth3dVsc - ok
17:43:49.0849 7752 [ 7BE4CDEA6BC7832BFE3112A350D8B9EA ] SysMain C:\Windows\system32\sysmain.dll
17:43:49.0866 7752 SysMain - ok
17:43:49.0898 7752 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:43:49.0910 7752 TabletInputService - ok
17:43:49.0946 7752 [ 2C1686795B9307265F649249AD11D629 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
17:43:49.0959 7752 tap0901 - ok
17:43:49.0999 7752 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
17:43:50.0039 7752 taphss - ok
17:43:50.0084 7752 [ 8B9FD32C71F29DF235A27CE9FF4F19DC ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
17:43:50.0093 7752 taphss6 - ok
17:43:50.0184 7752 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:43:50.0188 7752 TapiSrv - ok
17:43:50.0227 7752 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
17:43:50.0237 7752 tapoas - ok
17:43:50.0286 7752 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:43:50.0288 7752 TBS - ok
17:43:50.0769 7752 [ D5707FC2300AA5B04B7BFE86D40C0133 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:43:50.0777 7752 Tcpip - ok
17:43:50.0909 7752 [ D5707FC2300AA5B04B7BFE86D40C0133 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:43:50.0916 7752 TCPIP6 - ok
17:43:50.0970 7752 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:43:50.0971 7752 tcpipreg - ok
17:43:50.0978 7752 TCPZ - ok
17:43:50.0981 7752 Tcpz-x64 - ok
17:43:51.0014 7752 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:43:51.0015 7752 TDPIPE - ok
17:43:51.0289 7752 [ 9C1A823D4E729C965167B6E71E984296 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
17:43:51.0304 7752 tdrpman - ok
17:43:51.0338 7752 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:43:51.0343 7752 TDTCP - ok
17:43:51.0363 7752 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:43:51.0374 7752 tdx - ok
17:43:51.0424 7752 [ 1DE78F5008120CD79B34C12394DCD493 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
17:43:51.0424 7752 TEAM - ok
17:43:51.0607 7752 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:43:51.0624 7752 TermDD - ok
17:43:51.0667 7752 [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt C:\Windows\system32\drivers\terminpt.sys
17:43:51.0690 7752 terminpt - ok
17:43:51.0819 7752 [ 5ADFC101F47A366302018371DE4353EA ] TermService C:\Windows\System32\termsrv.dll
17:43:51.0824 7752 TermService - ok
17:43:51.0841 7752 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:43:51.0843 7752 Themes - ok
17:43:51.0862 7752 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:43:51.0864 7752 THREADORDER - ok
17:43:51.0902 7752 [ 990447334615A0DB84F620E1426DCFE0 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
17:43:51.0906 7752 timounter - ok
17:43:52.0001 7752 [ 1CA76F8D8F56D5B0D716717693B6E484 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:43:52.0002 7752 TOSHIBA Bluetooth Service - ok
17:43:52.0049 7752 [ C14882C535E97B180ACA9FC716C228FB ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
17:43:52.0049 7752 tosporte - ok
17:43:52.0100 7752 [ A2242F46131F3BEE3D1DA279B74111BA ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
17:43:52.0101 7752 tosrfbd - ok
17:43:52.0146 7752 [ 0716088A07A468FFF2DBFCA1DE55C0B6 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
17:43:52.0147 7752 tosrfbnp - ok
17:43:52.0165 7752 [ 98C10D5862C4C5E58A9E09BEB07FB6C5 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
17:43:52.0166 7752 Tosrfcom - ok
17:43:52.0185 7752 [ 33C90B98B74D01D179E1963A5BF5EDF9 ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
17:43:52.0186 7752 Tosrfhid - ok
17:43:52.0202 7752 [ 95552D0B11C70846299DCA2FF0082205 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
17:43:52.0203 7752 tosrfnds - ok
17:43:52.0229 7752 [ A99D0670095414C7B3244DC3D0314ACB ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
17:43:52.0229 7752 TosRfSnd - ok
17:43:52.0287 7752 [ A69030B8F4C73C475E81A35F93C9C964 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
17:43:52.0288 7752 Tosrfusb - ok
17:43:52.0323 7752 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:43:52.0326 7752 TrkWks - ok
17:43:52.0420 7752 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:43:52.0421 7752 TrustedInstaller - ok
17:43:52.0460 7752 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:43:52.0461 7752 tssecsrv - ok
17:43:52.0504 7752 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:43:52.0505 7752 TsUsbFlt - ok
17:43:52.0548 7752 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:43:52.0549 7752 TsUsbGD - ok
17:43:52.0581 7752 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
17:43:52.0582 7752 tsusbhub - ok
17:43:52.0598 7752 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:43:52.0599 7752 tunnel - ok
17:43:52.0645 7752 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
17:43:52.0645 7752 TurboB - ok
17:43:52.0743 7752 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:43:52.0744 7752 TurboBoost - ok
17:43:52.0779 7752 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:43:52.0779 7752 uagp35 - ok
17:43:52.0837 7752 [ 689EDE95BBAAC3F3209190EBCB4B2D22 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:43:52.0839 7752 udfs - ok
17:43:52.0866 7752 uhlparps - ok
17:43:52.0881 7752 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:43:52.0895 7752 UI0Detect - ok
17:43:52.0939 7752 [ 9E688A5835E19CC698C57DEAEFBAE491 ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
17:43:52.0955 7752 UimBus - ok
17:43:53.0071 7752 [ 2D613EA5D5C324F2B0DBE95F433CE1A6 ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys
17:43:53.0080 7752 Uim_IM - ok
17:43:53.0162 7752 [ 50189D4C0CFFDA15E160DED8B61C54C8 ] Uim_VIM C:\Windows\system32\Drivers\uim_vimx64.sys
17:43:53.0180 7752 Uim_VIM - ok
17:43:53.0202 7752 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:43:53.0211 7752 uliagpkx - ok
17:43:53.0245 7752 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:43:53.0257 7752 umbus - ok
17:43:53.0298 7752 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:43:53.0309 7752 UmPass - ok
17:43:53.0419 7752 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:43:53.0422 7752 UmRdpService - ok
17:43:53.0671 7752 UpdateCenterService - ok
17:43:53.0736 7752 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:43:53.0751 7752 upnphost - ok
17:43:53.0798 7752 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
17:43:53.0812 7752 upperdev - ok
17:43:53.0849 7752 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:43:53.0861 7752 usbccgp - ok
17:43:53.0887 7752 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:43:53.0892 7752 usbcir - ok
17:43:53.0929 7752 [ 453DA9639D980E3B845F6D4910B98642 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:43:53.0938 7752 usbehci - ok
17:43:54.0008 7752 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:43:54.0010 7752 usbhub - ok
17:43:54.0029 7752 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:43:54.0039 7752 usbohci - ok
17:43:54.0060 7752 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:43:54.0074 7752 usbprint - ok
17:43:54.0332 7752 [ 5BB8D11001581D3662F34BD11EAF0342 ] USBSafelyRemoveService C:\Programas (x64)\USB Safely Remove\USBSRService.exe
17:43:54.0344 7752 USBSafelyRemoveService - ok
17:43:54.0377 7752 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
17:43:54.0399 7752 usbser - ok
17:43:54.0446 7752 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
17:43:54.0453 7752 UsbserFilt - ok
17:43:54.0495 7752 [ 5235931851FAC3534D520E682EF07A72 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:43:54.0508 7752 USBSTOR - ok
17:43:54.0526 7752 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:43:54.0539 7752 usbuhci - ok
17:43:54.0564 7752 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:43:54.0579 7752 UxSms - ok
17:43:54.0619 7752 [ 77119F1F9B492B260030C34F9BE327FA ] VaultSvc C:\Windows\system32\lsass.exe
17:43:54.0621 7752 VaultSvc - ok
17:43:54.0750 7752 [ C30F3D43CEB6F79ADE9B805387E5F63C ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
17:43:54.0768 7752 VBoxDrv - ok
17:43:54.0826 7752 [ 8ACF22B86CE4E85C23E3E9513BF45C37 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
17:43:54.0841 7752 VBoxNetAdp - ok
17:43:54.0892 7752 [ 7B657669C53A0E6583F07EBAA303D9EA ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
17:43:54.0902 7752 VBoxNetFlt - ok
17:43:54.0940 7752 [ CF3EE68CD9723E9F21E3198A0F690400 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
17:43:54.0941 7752 VBoxUSBMon - ok
17:43:54.0986 7752 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
17:43:54.0987 7752 VClone - ok
17:43:55.0003 7752 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:43:55.0004 7752 vdrvroot - ok
17:43:55.0104 7752 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:43:55.0108 7752 vds - ok
17:43:55.0124 7752 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:43:55.0125 7752 vga - ok
17:43:55.0145 7752 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:43:55.0146 7752 VgaSave - ok
17:43:55.0150 7752 VGPU - ok
17:43:55.0201 7752 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:43:55.0202 7752 vhdmp - ok
17:43:55.0227 7752 [ 9F7575710FE740D667CFD9E9341A60F1 ] vhidmini C:\Windows\system32\DRIVERS\vjoy.sys
17:43:55.0228 7752 vhidmini - ok
17:43:55.0255 7752 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:43:55.0256 7752 viaide - ok
17:43:55.0326 7752 VideoAcceleratorService - ok
17:43:55.0412 7752 [ EE12FAFFDD1FB13BE0D6EF67CB0D1617 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
17:43:55.0413 7752 vididr - ok
17:43:55.0460 7752 [ 6DC5D9A5BBA6A858D06B7ABEFBA1A1E6 ] vidsflt58 C:\Windows\system32\DRIVERS\vsflt58.sys
17:43:55.0467 7752 vidsflt58 - ok
17:43:55.0540 7752 [ 3ACCF0C817A2BB34EFBFB72B57B00252 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
17:43:55.0540 7752 VMAuthdService - ok
17:43:55.0621 7752 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:43:55.0636 7752 vmbus - ok
17:43:55.0666 7752 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:43:55.0680 7752 VMBusHID - ok
17:43:55.0720 7752 [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci C:\Windows\system32\DRIVERS\vmci.sys
17:43:55.0737 7752 vmci - ok
17:43:55.0771 7752 [ ED82D26B5E26542615483B8BED77D826 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
17:43:55.0772 7752 vmkbd - ok
17:43:55.0806 7752 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
17:43:55.0812 7752 VMnetAdapter - ok
17:43:55.0837 7752 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
17:43:55.0841 7752 VMnetBridge - ok
17:43:55.0882 7752 [ 1E74142DED099DE7ADA258042F891A8D ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
17:43:55.0883 7752 VMnetuserif - ok
17:43:56.0079 7752 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
17:43:56.0104 7752 VMUSBArbService - ok
17:43:59.0373 7752 [ F95C4DEFCC06A1C9E3E1699C845980F1 ] VMwareHostd C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
17:43:59.0418 7752 VMwareHostd - ok
17:43:59.0450 7752 [ 18A28EDA522B6C0560E59D5BE638D076 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
17:43:59.0451 7752 vmx86 - ok
17:43:59.0485 7752 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:43:59.0496 7752 volmgr - ok
17:43:59.0572 7752 [ 2E8E56B115B2AED2014CC4DFF6B74F89 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:43:59.0574 7752 volmgrx - ok
17:43:59.0657 7752 [ 33A1623EE5977F09F5DDF6DF288CD6AF ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:43:59.0658 7752 volsnap - ok
17:43:59.0738 7752 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
17:43:59.0739 7752 vpcbus - ok
17:43:59.0789 7752 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:43:59.0790 7752 vpcnfltr - ok
17:43:59.0849 7752 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
17:43:59.0850 7752 vpcusb - ok
17:43:59.0899 7752 [ 63F4E10873BEB4124028C6D1A66B0968 ] vpcuxd C:\Windows\system32\DRIVERS\vpcuxd.sys
17:43:59.0899 7752 vpcuxd - ok
17:43:59.0962 7752 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
17:43:59.0964 7752 vpcvmm - ok
17:43:59.0992 7752 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:43:59.0993 7752 vsmraid - ok
17:44:00.0382 7752 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:44:00.0409 7752 VSS - ok
17:44:01.0116 7752 [ 6107E33A30C0B923F31C872E1980D2D1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
17:44:01.0122 7752 vstor2-mntapi10-shared - ok
17:44:01.0141 7752 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:44:01.0141 7752 vwifibus - ok
17:44:01.0149 7752 vymc - ok
17:44:01.0235 7752 [ C7B83BD98BA3560374569C0C13EA3685 ] W32Time C:\Windows\system32\w32time.dll
17:44:01.0246 7752 W32Time - ok
17:44:01.0289 7752 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:44:01.0290 7752 WacomPen - ok
17:44:01.0329 7752 [ 226028D956C43CE4D8DDFFA89873E890 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:44:01.0329 7752 WANARP - ok
17:44:01.0342 7752 [ 226028D956C43CE4D8DDFFA89873E890 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:44:01.0343 7752 Wanarpv6 - ok
17:44:01.0639 7752 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:44:01.0653 7752 WatAdminSvc - ok
17:44:01.0969 7752 [ E3AED78575601B7106B87A0A1BF93017 ] wbengine C:\Windows\system32\wbengine.exe
17:44:01.0988 7752 wbengine - ok
17:44:02.0026 7752 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:44:02.0029 7752 WbioSrvc - ok
17:44:02.0156 7752 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
17:44:02.0158 7752 WcesComm - ok
17:44:02.0211 7752 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:44:02.0215 7752 wcncsvc - ok
17:44:02.0252 7752 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:44:02.0255 7752 WcsPlugInService - ok
17:44:02.0289 7752 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:44:02.0290 7752 Wd - ok
17:44:02.0468 7752 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:44:02.0471 7752 Wdf01000 - ok
17:44:02.0499 7752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:44:02.0515 7752 WdiServiceHost - ok
17:44:02.0540 7752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:44:02.0542 7752 WdiSystemHost - ok
17:44:02.0587 7752 [ 201C00A839D2A915F1B31AAF99794EFB ] WebClient C:\Windows\System32\webclnt.dll
17:44:02.0597 7752 WebClient - ok
17:44:02.0672 7752 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:44:02.0689 7752 Wecsvc - ok
17:44:02.0715 7752 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:44:02.0733 7752 wercplsupport - ok
17:44:02.0776 7752 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:44:02.0794 7752 WerSvc - ok
17:44:02.0817 7752 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:44:02.0817 7752 WfpLwf - ok
17:44:02.0846 7752 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:44:02.0846 7752 WIMMount - ok
17:44:02.0907 7752 WinDefend - ok
17:44:02.0917 7752 WinHttpAutoProxySvc - ok
17:44:03.0371 7752 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:44:03.0399 7752 Winmgmt - ok
17:44:03.0810 7752 [ 1D8576DCC0E32BFEF95B69E0DDF399DA ] WinRM C:\Windows\system32\WsmSvc.dll
17:44:03.0833 7752 WinRM - ok
17:44:03.0907 7752 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:44:03.0908 7752 WinUsb - ok
17:44:04.0076 7752 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:44:04.0096 7752 Wlansvc - ok
17:44:04.0270 7752 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:44:04.0286 7752 wlcrasvc - ok
17:44:04.0627 7752 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:44:04.0647 7752 wlidsvc - ok
17:44:04.0697 7752 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:44:04.0697 7752 WmiAcpi - ok
17:44:04.0774 7752 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:44:04.0776 7752 wmiApSrv - ok
17:44:04.0862 7752 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:44:04.0876 7752 WPCSvc - ok
17:44:04.0895 7752 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:44:04.0898 7752 WPDBusEnum - ok
17:44:04.0915 7752 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:44:04.0916 7752 ws2ifsl - ok
17:44:04.0935 7752 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:44:04.0938 7752 wscsvc - ok
17:44:04.0942 7752 WSearch - ok
17:44:05.0497 7752 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:44:05.0536 7752 wuauserv - ok
17:44:05.0563 7752 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:44:05.0564 7752 WudfPf - ok
17:44:05.0593 7752 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:44:05.0597 7752 wudfsvc - ok
17:44:05.0620 7752 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll
17:44:05.0625 7752 WwanSvc - ok
17:44:05.0660 7752 [ 876F0C41035C04BA7A44EC0418408F69 ] XTUService C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
17:44:05.0661 7752 XTUService - ok
17:44:05.0804 7752 ================ Scan global ===============================
17:44:05.0860 7752 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:44:05.0883 7752 [ 111AFE35DD2D423EE8E176CA7B2BBDC7 ] C:\Windows\system32\winsrv.dll
17:44:05.0889 7752 [ 111AFE35DD2D423EE8E176CA7B2BBDC7 ] C:\Windows\system32\winsrv.dll
17:44:05.0901 7752 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:44:05.0923 7752 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:44:05.0927 7752 [Global] - ok
17:44:05.0927 7752 ================ Scan MBR ==================================
17:44:05.0941 7752 [ DA78E083D0717E99AF44EDA1BB65F878 ] \Device\Harddisk2\DR2
17:44:06.0111 7752 \Device\Harddisk2\DR2 - ok
17:44:06.0203 7752 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:44:06.0977 7752 \Device\Harddisk0\DR0 - ok
17:44:07.0001 7752 [ DA78E083D0717E99AF44EDA1BB65F878 ] \Device\Harddisk1\DR1
17:44:07.0107 7752 \Device\Harddisk1\DR1 - ok
17:44:07.0107 7752 ================ Scan VBR ==================================
17:44:07.0108 7752 [ 0466875A69E9F2FC17A9652557C4C9EE ] \Device\Harddisk2\DR2\Partition1
17:44:07.0109 7752 \Device\Harddisk2\DR2\Partition1 - ok
17:44:07.0127 7752 [ EDC671C9E9BDCCEB26009D6793BEFC48 ] \Device\Harddisk2\DR2\Partition2
17:44:07.0128 7752 \Device\Harddisk2\DR2\Partition2 - ok
17:44:07.0143 7752 [ ECC9B191C9CE82B49009D08CEDF516BA ] \Device\Harddisk0\DR0\Partition1
17:44:07.0160 7752 \Device\Harddisk0\DR0\Partition1 - ok
17:44:07.0181 7752 [ 0C2A407CA1B42D3B38DD0E94103606C8 ] \Device\Harddisk0\DR0\Partition2
17:44:07.0189 7752 \Device\Harddisk0\DR0\Partition2 - ok
17:44:07.0210 7752 [ F8EEB96D3CE278C1997F8C8E2A0AA33D ] \Device\Harddisk0\DR0\Partition3
17:44:07.0234 7752 \Device\Harddisk0\DR0\Partition3 - ok
17:44:07.0235 7752 [ D57802C64D6EE0BCD8728E2B54B733BA ] \Device\Harddisk1\DR1\Partition1
17:44:07.0236 7752 \Device\Harddisk1\DR1\Partition1 - ok
17:44:07.0236 7752 ============================================================
17:44:07.0236 7752 Scan finished
17:44:07.0236 7752 ============================================================
17:44:07.0238 4708 Detected object count: 0
17:44:07.0238 4708 Actual detected object count: 0
17:44:37.0409 3832 Deinitialize success


edit: nasdaq can't run aswMBR it gives an error while scanning: avas! Antirootkit stopped working. A problem caused the program to stop working correctly.Windows will close it and warn you if there's an available solution.

while scanning i get a red line: \driver\atapi[0xfffffa800d580bb0] --> IRP_MJ_CREATE --> 0xfffffa800d09d2c0 and the scan stops while scanning in c:\windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationID.Policy

edit: managed to make the antirootkit to run dont know how :)

here's the aswMBR log:



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-30 20:15:15
-----------------------------
20:15:15.293 OS Version: Windows x64 6.1.7601 Service Pack 1
20:15:15.293 Number of processors: 4 586 0x2A07
20:15:15.293 ComputerName: PC-HOME UserName:
20:15:16.536 Initialize success
20:15:16.571 AVAST engine defs: 12113000
20:15:49.208 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-6
20:15:49.210 Disk 0 Vendor: WDC_WD10EALX-009BA0 15.01H15 Size: 953869MB BusType: 3
20:15:49.212 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
20:15:49.213 Disk 1 Vendor: ST3500418AS CC49 Size: 476940MB BusType: 3
20:15:49.219 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
20:15:49.220 Disk 2 Vendor: ST3160021A 8.01 Size: 152627MB BusType: 3
20:15:49.229 Disk 0 MBR read successfully
20:15:49.232 Disk 0 MBR scan
20:15:49.234 Disk 0 Windows 7 default MBR code
20:15:49.236 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:15:49.238 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476828 MB offset 206848
20:15:49.258 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 476937 MB offset 976752000
20:15:49.293 Disk 0 scanning C:\Windows\system32\drivers
20:16:04.395 Service scanning
20:16:38.025 Modules scanning
20:16:38.026 Disk 0 trace - called modules:
20:16:38.043 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt58.sys ACPI.sys >>UNKNOWN [0xfffffa800d09d2c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:16:38.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d934080]
20:16:38.044 3 CLASSPNP.SYS[fffff880013a643f] -> nt!IofCallDriver -> [0xfffffa800d736b30]
20:16:38.044 5 vsflt58.sys[fffff88000f240ed] -> nt!IofCallDriver -> [0xfffffa800d56d790]
20:16:38.044 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-6[0xfffffa800d5ac080]
20:16:38.044 \Driver\atapi[0xfffffa800d580bb0] -> IRP_MJ_CREATE -> 0xfffffa800d09d2c0
20:16:39.231 AVAST engine scan C:\Windows
20:16:45.167 AVAST engine scan C:\Windows\system32
20:17:02.285 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:17:02.290 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:17:43.453 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:17:43.458 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:17:49.064 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:17:49.069 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:17:54.511 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:17:54.516 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:18:00.423 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:18:00.428 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:18:08.006 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:18:08.011 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:18:23.818 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:18:23.824 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:18:32.627 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:18:32.632 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:18:47.973 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:18:47.979 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:19:04.390 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:19:04.396 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:19:19.717 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:19:19.722 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:19:30.506 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:19:30.511 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:19:54.476 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:19:54.481 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:20:09.611 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:20:09.616 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:20:15.661 AVAST engine scan C:\Windows\system32\drivers
20:20:19.225 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:20:34.913 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:20:49.261 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:21:05.273 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:21:05.279 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:21:05.545 AVAST engine scan C:\Users\Paulo Monteiro
20:22:41.330 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:22:41.335 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:24:13.400 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:24:13.405 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:26:21.272 File: C:\Users\Paulo Monteiro\Desktop\ATR.exe **INFECTED** Win32:Trojan-gen
20:33:59.619 AVAST engine scan C:\ProgramData
20:34:15.267 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:34:15.270 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:36:44.875 Scan finished successfully
20:37:14.261 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:37:14.264 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:37:40.478 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:37:40.481 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"
20:39:31.457 Disk 0 MBR has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\MBR.dat"
20:39:31.460 The log file has been saved successfully to "C:\Users\Paulo Monteiro\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   572bytes   0 downloads

Edited by Picollo30, 30 November 2012 - 03:44 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:52 PM

Posted 06 December 2012 - 09:31 AM

Sorry for this long delay.

Do you know what this file in bold is for?

C:\Users\Paulo Monteiro\Desktop\ATR.exe **INFECTED** Win32:Trojan-gen

If not rename it ATR.exe.old and restart the computer.

Let me know if the problem persists.

#15 Picollo30

Picollo30
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 06 December 2012 - 01:48 PM

Sorry for this long delay.

Do you know what this file in bold is for?

C:\Users\Paulo Monteiro\Desktop\ATR.exe **INFECTED** Win32:Trojan-gen

If not rename it ATR.exe.old and restart the computer.

Let me know if the problem persists.


hi nasdaq ie9 32 bit is working now, the only problem is that it crashes running adobe flash and doesnt run shockwave flash player plugin.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users