[Resolvido] &nbspErros e Virus

[Raphael da Cruz 0]

Boa noite!

 

Sou novo no pedaço, caso eu esteja postando de forma errada, me avisem!

 

Seguinte, nos ultimos 2 dias tenho percebido que alguns programas e arquivos vem dando alguns erros,

como por exemplo, tenho leitor biométrico no meu notebook e toda vez que posiciono meu dedo para fazer o

logon do windows, como eu sempre fiz, ele acusa um erro e eu tenho que fazer o logon manualmente. Outro

erro acontece quando tentava acessar o windows live messenger, porém, esse foi solucionado deletando e

reinstalando o msn live plus 5.0, sendo assim, comecei a rodar o combofix e pra minha surpresa, ele não

rodou.

 

Diante disso já sakei que é virus/malware, notei que quando eu eu rodo o combofix é criada uma pasta

na raiz C: com o nome 32788R22FWJFW e é criado um arquivo Start_.cmd juntamente com a pasta Qoobox, achei

tudo muito estranho por isso preciso da ajuda de vcs.

 

Segue o LOG do HIJACKTHIS:

 

__________________________________________________________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:40:37, on 16/3/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\cacaoweb\cacaoweb.exe

C:\Arquivos de programas\Winstep\Nexus.exe

C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

F:\Programas\Segurança\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Arquivos de programas\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [uCam_Menu] "C:\Arquivos de programas\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Arquivos de programas\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [Chiave] C:\WINDOWS\system32\Program Files\Meadows Interactives\Chiave\Chiave.exe

O4 - HKCU\..\Run: [cacaoweb] "C:\Arquivos de programas\cacaoweb\cacaoweb.exe" -noplayer

O4 - HKCU\..\Run: [Nexus] C:\Arquivos de programas\Winstep\Nexus.exe autostart

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-2025429265-1123561945-1177238915-500\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" (User 'Administrador')

O4 - HKUS\S-1-5-21-2025429265-1123561945-1177238915-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrador')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://bankline.itau.com.br/gbplugin2/cab/GbPluginUni.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: OneCard - C:\Arquivos de programas\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 9338 bytes

[wings 22]

Olá Raphael da Cruz

 

 

*Faça um scan online com o NOD32

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

[Raphael da Cruz 0]

Bom dia WINGS

 

Segue o log que me pediu, desde já agradeço pela atenção.

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=a4ff632fd24b504e98b2a40c5e615352

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-03-17 09:27:01

# local_time=2011-03-17 06:27:01 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775125 100 93 0 33120456 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=66656

# found=1

# cleaned=1

# scan_time=10807

C:\Documents and Settings\Usuario\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\56\65b133b8-77360643 Java/Agent.AA trojan (deleted - quarantined) 00000000000000000000000000000000 C

[wings 22]

1.

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

 

2. Desinstale o Combofix

 

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

 

*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

 

3.

*Vá em Adicionar/remover programas e desinstale cacaoweb

 

4.

*Baixe o ZHPDiag_silent e salve-o no desktop

*Mantenha-se conectado a internet

*Execute-o e cole o relatório apresentado

 

Caso o relatório fique demasiadamente grande...

 

*Acesse este link

*Clique [Enviar arquivo]

*Localize o arquivo C:\Arquivos de programas\ZHPDiag\ZHPDiag.txt

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

[Raphael da Cruz 0]

WINGS...

 

Antes de enviar o primeiro log do hijackthis eu ja havia feito scan com combofix, e o mesmo ja havia deletado o cacaoweb.

De qualquer forma eu fui até o Adicionar/Remover programas e não achei o cacaoweb lá, quanto ao Combofix eu fiz o que me pediu para desinstalar,

mas deu um erro (O Windows não conseguiu encontrar 'Combofix'. Certifique-se que o nome foi digitado corretamente e tente de novo. Para procurar um

arquivo, clique no botão 'Iniciar' e em 'Pesquisar'.), acho que esse erro ocorreu pq deletei o Combofix e suas pastas manualmente.

 

Segue o log do ZHPDiag:

 

_____________________________________________________________________________________________________________

 

 

Rapport de ZHPDiag v1.27.1610 par Nicolas Coolman, Update du 19/02/2011

Run by Usuario at 17/3/2011 18:21:20

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Contact : nicolascoolman@yahoo.fr

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

GCIE: Google Chrome

 

---\\ System Information

Windows XP Professional Service Pack 3 (Build 2600)

Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3062 MB (70% free)

System Restore: Activé (Enable)

System drive C: has 63 GB (63%) free of 99 GB

 

---\\ Logged in mode

Computer Name: RAPHAEL

User Name: Usuario

All Users Names: Usuario, SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador,

Unselected Option: O45,O61,O62,O65,O82

Logged in as Administrator

 

---\\ Environnement Variables

%AppData%=C:\Documents and Settings\Usuario\Dados de aplicativos

%LocalAppData%=C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos

%StartMenu%=C:\Documents and Settings\Usuario\Menu Iniciar

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 63 Go of 99 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 14 Go of 50 Go)

E:\ CD-ROM drive (Not Inserted)

G:\ CD-ROM drive (Free 0 Go of 5 Go)

H:\ CD-ROM drive (Free 0 Go of 7 Go)

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

 

 

---\\ Search Generic System Files

[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 07:00:00.) -- C:\Windows\Explorer.exe [1035776]

[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 07:00:00.) -- C:\Windows\System32\Winlogon.exe [509952]

[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 04:10:32.) -- C:\Windows\System32\drivers\atapi.sys [96512]

[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 07:00:00.) -- C:\Windows\System32\drivers\ntfs.sys [574976]

 

 

---\\ Running Processes

[MD5.6B27686EB93C2756ECF0CE6EEFDF0455] - (.Unknown owner - G-Buster Browser Defense - Service.) -- C:\ARQUIV~1\GbPlugin\GbpSv.exe [54696]

[MD5.7A329FB22BF03A2FE50E018746AD0096] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [135336]

[MD5.3D74378876E8DFDC5F6D5EE3C1B81275] - (.Cognizance Corporation - Global Virtual Card Host.) -- C:\Arquivos de programas\Bioscrypt\VeriSoft\Bin\AsGHost.exe [56832]

[MD5.171F4F202ED7529EDB5E18E26415224A] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [267944]

[MD5.189C45C7CC2526DA72932872E152A061] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe [258103]

[MD5.E731921DB2E17DCD3DB472FAD5549C57] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376]

[MD5.339B2C2DFB344F2896A14BE27401D3F2] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe [76968]

[MD5.04C1DCBB226C6AE647B794833CE3CEB6] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Arquivos de programas\Hewlett-Packard\Shared\hpqWmiEx.exe [135168]

[MD5.AD7994EF4243AA5DDE0E187F61DF7231] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [281768]

[MD5.AAB015DB2A44B5CD0DF0392896A8A6B7] - (.Unknown owner - No comment.) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe [356080]

[MD5.964C642E923A06E8C4FE20C5D7DEA276] - (.Winstep Software Technologies - NeXuS.) -- C:\Arquivos de programas\Winstep\Nexus.exe [13816960]

[MD5.F34E7705751BB413283434697BF8E55D] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe [357696]

[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408]

[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE [638816]

[MD5.4B4D7626E7330F091100BFC22230ECF0] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe [273544]

[MD5.80557066058569BC5D55856592E20985] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120]

[MD5.474C4819EEC595978D183C807FB58334] - (.Unknown owner - No comment.) -- C:\Documents and Settings\Usuario\Desktop\ZHPDiag_silent.exe [704238]

[MD5.8EDAC4D2659E1F525D432D991BF97C53] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [630784]

 

 

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

M3 - MFPP: Plugins - [usuario] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\fcmdSrchcine.xml

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.615.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_23 for Mozilla browsers.) -- C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

P2 - FPN: [HKLM] [@real.com/nppl3260;version=12.0.1.633] - (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll

P2 - FPN: [HKLM] [@real.com/nprjplug;version=12.0.1.633] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprjplug.dll

P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=12.0.1.633] - (.RealNetworks, Inc. - RealPlayer HTML5VideoShim Plug-In.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

P2 - FPN: [HKLM] [@real.com/nprpjplug;version=12.0.1.633] - (.RealNetworks, Inc. - 12.0.1.633.) -- C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpjplug.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll

 

 

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/'>http://www.google.com.br/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKUS\S-1-5-21-2025429265-1123561945-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/'>http://www.google.com.br/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R1 - HKUS\S-1-5-21-2025429265-1123561945-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)) -- C:\WINDOWS\system32\ieframe.dll

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

 

 

---\\ Changed inifile Value, Mapped to Registry (F2)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

 

 

---\\ Browser Helper Objects (O2)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Scopus Tecnologia Ltda - scpsssh2 Module.) -- C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Unibanco - Gbieh Module.) -- C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} . (.Bioscrypt Inc. - SSO IE Listener.) -- C:\Arquivos de programas\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

 

 

---\\ Internet Explorer toolbars (O3)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

 

 

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Run: [uCam_Menu] . (.CyberLink Corp. - StartMen Application.) -- C:\Arquivos de programas\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe

O4 - HKCU\..\Run: [Nexus] . (.Winstep Software Technologies - NeXuS.) -- C:\Arquivos de programas\Winstep\Nexus.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-2025429265-1123561945-1177238915-1003\..\Run: [cacaoweb] . (.Unknown owner - No comment.) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe

O4 - HKUS\S-1-5-21-2025429265-1123561945-1177238915-1003\..\Run: [Nexus] . (.Winstep Software Technologies - NeXuS.) -- C:\Arquivos de programas\Winstep\Nexus.exe

O4 - HKUS\S-1-5-21-2025429265-1123561945-1177238915-1003\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

O4 - HKUS\S-1-5-21-2025429265-1123561945-1177238915-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-21-2025429265-1123561945-1177238915-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

 

 

---\\ Other User Links (O4)

O4 - Global Startup: C:\Documents And Settings\Usuario\Desktop\FIFA 11.lnk . (.Electronic Arts Canada.) -- C:\Arquivos de programas\EA Sports\FIFA 11\Game\fifasetup\fifaconfig.exe

O4 - Global Startup: C:\Documents And Settings\Usuario\Desktop\MBRCheck.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe

O4 - Global Startup: C:\Documents And Settings\Usuario\Desktop\PES 2010.lnk . (.Konami Digital Entertainment Co., Ltd..) -- G:\autorun.exe

O4 - Global Startup: C:\Documents And Settings\Usuario\Desktop\PES 2011.lnk . (.Konami Digital Entertainment Co., Ltd..) -- H:\autorun.exe

O4 - Global Startup: C:\Documents And Settings\Usuario\Desktop\ZHPDiag.lnk . (.Nicolas Coolman.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe

O4 - Global Startup: C:\Documents And Settings\Usuario\Desktop\ZHPFix.lnk . (.Nicolas Coolman.) -- C:\Arquivos de programas\ZHPDiag\ZHPFix.exe

 

 

---\\ Extra items in the IE right-click menu (O8)

O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\WINDOWS\system32\GPhotos.scr

O8 - Extra context menu item: E&xportar para o Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\ARQUIV~1\MICROS~3\Office12\EXCEL.exe

O8 - Extra context menu item: Enviar para &Bluetooth . (.Unknown owner - No comment.) -- C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll

 

 

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)

O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: &Enviar para o OneNote - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Unknown owner - No comment.) -- C:\ARQUIV~1\MICROS~3\Office12\REFBARH.ICO

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.Unknown owner - No comment.) -- C:\ARQUIV~1\MICROS~3\Office12\REFBARH.ICO

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll

 

 

---\\ 'Reset Web Settings' hijack (O14)

O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"

 

 

---\\ ActiveX Objects (Downloaded Program Files) (O16)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} () - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://bankline.itau.com.br/gbplugin2/cab/GbPluginUni.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

 

 

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{57D75A50-D83C-4A23-BAB1-882AA46F958A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{57D75A50-D83C-4A23-BAB1-882AA46F958A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{57D75A50-D83C-4A23-BAB1-882AA46F958A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS3\Services\Tcpip\..\{57D75A50-D83C-4A23-BAB1-882AA46F958A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

 

 

---\\ AppInit_DLLs Registry value Autorun (O20)

O20 - Winlogon Notify: GbPluginUni . (.Banco Unibanco - Gbieh Module.) -- C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll

O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll

O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\Windows\System32\cscdll.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

O20 - Winlogon Notify: OneCard . (.Cognizance Corporation - Winlogon notification handler.) -- C:\Arquivos de programas\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll

O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\Windows\System32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\Windows\System32\WlNotify.dll

O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\Windows\System32\wlnotify.dll

O20 - Winlogon Notify: WgaLogon . (.Unknown owner - No comment.) -- C:\Windows\System32\WgaLogon.dll

O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\Windows\System32\wlnotify.dll

 

 

---\\ ShellServiceObjectDelayLoad (O21)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objeto de serviço do shell de Systray.) -- C:\WINDOWS\system32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Scopus Tecnologia Ltda - scpIBLoad Module.) -- C:\Arquivos de programas\Scpad\scpLIB.dll

 

 

---\\ SharedTaskScheduler (O22)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: (no name) - {A3717295-941D-416F-9384-ED1736729F1C} . (.Scopus Tecnologia Ltda - scpIBLoad Module.) -- C:\Arquivos de programas\Scpad\scpLIB.dll

 

 

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)

O23 - Service: (AddFiltr) . (.Hewlett-Packard Development Company, L.P. - Add Filter For Usb.) - C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processo do serviço do gerenciador de disco.) - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: (GbpSv) . (.Unknown owner - G-Buster Browser Defense - Service.) - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: (gupdate) . (.Google Inc. - Google Installer.) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: (gusvc) . (.Google - gusvc.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: (hpqwmiex) . (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: (NBService) . (.Nero AG - Nero BackItUp.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: (NMIndexingService) . (.Nero AG - Nero Home.) - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: (TermService) - Orphean Key

 

 

---\\ Windows Active Desktop & MHTML Editor (O24)

O24 - Desktop Component 0: Minha página inicial atual - file:About:Home

O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.exe

 

 

---\\ Task Planned Automatically(039)

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AWC AutoSweep.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-1123561945-1177238915-1003.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-1123561945-1177238915-1003.job

[MD5.D6E96E6A872C6754014D694712342FC5] [APT] [AWC AutoSweep] (.IObit.) -- C:\Arquivos de programas\IObit\Advanced SystemCare 3\AutoSweep.exe

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

[MD5.8FB92EF6740EB2E10429C542160A3F84] [APT] [RealUpgradeLogonTaskS-1-5-21-2025429265-1123561945-1177238915-1003] (.RealNetworks, Inc..) -- C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe

[MD5.8FB92EF6740EB2E10429C542160A3F84] [APT] [RealUpgradeScheduledTaskS-1-5-21-2025429265-1123561945-1177238915-1003] (.RealNetworks, Inc..) -- C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe

 

 

---\\ Drivers launched at startup (O41)

O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys

O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys

O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys

O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: (i8042prt) . (.Microsoft Corporation - Driver de porta i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys

O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys

O41 - Driver: (intelppm) . (.Microsoft Corporation - Driver de dispositivo de processador.) - C:\Windows\System32\DRIVERS\intelppm.sys

O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys

O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Driver de classe teclado.) - C:\Windows\System32\DRIVERS\kbdclass.sys

O41 - Driver: (Mouclass) . (.Microsoft Corporation - Driver de classe modem.) - C:\Windows\System32\DRIVERS\mouclass.sys

O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys

O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: (redbook) . (.Microsoft Corporation - Redbook Audio Filter Driver.) - C:\Windows\System32\DRIVERS\redbook.sys

O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys

O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys

O41 - Driver: (WmiAcpi) . (.Microsoft Corporation - Windows Management Interface for ACPI.) - C:\Windows\System32\DRIVERS\wmiacpi.sys

O41 - Driver: (SASDIFSV) . (. - .) - C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.sys (.not file.)

O41 - Driver: (SASKUTIL) . (. - .) - C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys (.not file.)

 

 

---\\ Software installed (O42)

O42 - Logiciel: ALPS Touch Pad Driver - (.Unknown owner.) [HKLM] -- {9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}

O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR

O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Reader 9.4.2 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A94000000001}

O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player

O42 - Logiciel: Advanced SystemCare 3 - (.IObit.) [HKLM] -- Advanced SystemCare 3_is1

O42 - Logiciel: Arquivo do WinRAR - (.Unknown owner.) [HKLM] -- WinRAR archiver

O42 - Logiciel: Assistente de Conexão do Windows Live - (.Microsoft Corporation.) [HKLM] -- {51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}

O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2416400) - (.Microsoft Corporation.) [HKLM] -- KB2416400-IE8

O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2482017) - (.Microsoft Corporation.) [HKLM] -- KB2482017-IE8

O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB971961) - (.Microsoft Corporation.) [HKLM] -- KB971961-IE8

O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB981332) - (.Microsoft Corporation.) [HKLM] -- KB981332-IE8

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2079403) - (.Microsoft Corporation.) [HKLM] -- KB2079403

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2115168) - (.Microsoft Corporation.) [HKLM] -- KB2115168

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2121546) - (.Microsoft Corporation.) [HKLM] -- KB2121546

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2229593) - (.Microsoft Corporation.) [HKLM] -- KB2229593

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2259922) - (.Microsoft Corporation.) [HKLM] -- KB2259922

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2286198) - (.Microsoft Corporation.) [HKLM] -- KB2286198

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2296011) - (.Microsoft Corporation.) [HKLM] -- KB2296011

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2296199) - (.Microsoft Corporation.) [HKLM] -- KB2296199

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2347290) - (.Microsoft Corporation.) [HKLM] -- KB2347290

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2360937) - (.Microsoft Corporation.) [HKLM] -- KB2360937

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2387149) - (.Microsoft Corporation.) [HKLM] -- KB2387149

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2393802) - (.Microsoft Corporation.) [HKLM] -- KB2393802

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2419632) - (.Microsoft Corporation.) [HKLM] -- KB2419632

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2423089) - (.Microsoft Corporation.) [HKLM] -- KB2423089

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2436673) - (.Microsoft Corporation.) [HKLM] -- KB2436673

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2440591) - (.Microsoft Corporation.) [HKLM] -- KB2440591

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2443105) - (.Microsoft Corporation.) [HKLM] -- KB2443105

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2476687) - (.Microsoft Corporation.) [HKLM] -- KB2476687

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2478960) - (.Microsoft Corporation.) [HKLM] -- KB2478960

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2478971) - (.Microsoft Corporation.) [HKLM] -- KB2478971

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2479628) - (.Microsoft Corporation.) [HKLM] -- KB2479628

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2479943) - (.Microsoft Corporation.) [HKLM] -- KB2479943

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2481109) - (.Microsoft Corporation.) [HKLM] -- KB2481109

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2483185) - (.Microsoft Corporation.) [HKLM] -- KB2483185

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2485376) - (.Microsoft Corporation.) [HKLM] -- KB2485376

O42 - Logiciel: Atualização de Segurança para Windows XP (KB923561) - (.Microsoft Corporation.) [HKLM] -- KB923561

O42 - Logiciel: Atualização de Segurança para Windows XP (KB941569) - (.Microsoft Corporation.) [HKLM] -- KB941569

O42 - Logiciel: Atualização de Segurança para Windows XP (KB946648) - (.Microsoft Corporation.) [HKLM] -- KB946648

O42 - Logiciel: Atualização de Segurança para Windows XP (KB951376-v2) - (.Microsoft Corporation.) [HKLM] -- KB951376-v2

O42 - Logiciel: Atualização de Segurança para Windows XP (KB952004) - (.Microsoft Corporation.) [HKLM] -- KB952004

O42 - Logiciel: Atualização de Segurança para Windows XP (KB956572) - (.Microsoft Corporation.) [HKLM] -- KB956572

O42 - Logiciel: Atualização de Segurança para Windows XP (KB956744) - (.Microsoft Corporation.) [HKLM] -- KB956744

O42 - Logiciel: Atualização de Segurança para Windows XP (KB956844) - (.Microsoft Corporation.) [HKLM] -- KB956844

O42 - Logiciel: Atualização de Segurança para Windows XP (KB958869) - (.Microsoft Corporation.) [HKLM] -- KB958869

O42 - Logiciel: Atualização de Segurança para Windows XP (KB959426) - (.Microsoft Corporation.) [HKLM] -- KB959426

O42 - Logiciel: Atualização de Segurança para Windows XP (KB960803) - (.Microsoft Corporation.) [HKLM] -- KB960803

O42 - Logiciel: Atualização de Segurança para Windows XP (KB960859) - (.Microsoft Corporation.) [HKLM] -- KB960859

O42 - Logiciel: Atualização de Segurança para Windows XP (KB961501) - (.Microsoft Corporation.) [HKLM] -- KB961501

O42 - Logiciel: Atualização de Segurança para Windows XP (KB969059) - (.Microsoft Corporation.) [HKLM] -- KB969059

O42 - Logiciel: Atualização de Segurança para Windows XP (KB970430) - (.Microsoft Corporation.) [HKLM] -- KB970430

O42 - Logiciel: Atualização de Segurança para Windows XP (KB971657) - (.Microsoft Corporation.) [HKLM] -- KB971657

O42 - Logiciel: Atualização de Segurança para Windows XP (KB972270) - (.Microsoft Corporation.) [HKLM] -- KB972270

O42 - Logiciel: Atualização de Segurança para Windows XP (KB973507) - (.Microsoft Corporation.) [HKLM] -- KB973507

O42 - Logiciel: Atualização de Segurança para Windows XP (KB973869) - (.Microsoft Corporation.) [HKLM] -- KB973869

O42 - Logiciel: Atualização de Segurança para Windows XP (KB973904) - (.Microsoft Corporation.) [HKLM] -- KB973904

O42 - Logiciel: Atualização de Segurança para Windows XP (KB974112) - (.Microsoft Corporation.) [HKLM] -- KB974112

O42 - Logiciel: Atualização de Segurança para Windows XP (KB974318) - (.Microsoft Corporation.) [HKLM] -- KB974318

O42 - Logiciel: Atualização de Segurança para Windows XP (KB974392) - (.Microsoft Corporation.) [HKLM] -- KB974392

O42 - Logiciel: Atualização de Segurança para Windows XP (KB974571) - (.Microsoft Corporation.) [HKLM] -- KB974571

O42 - Logiciel: Atualização de Segurança para Windows XP (KB975025) - (.Microsoft Corporation.) [HKLM] -- KB975025

O42 - Logiciel: Atualização de Segurança para Windows XP (KB975467) - (.Microsoft Corporation.) [HKLM] -- KB975467

O42 - Logiciel: Atualização de Segurança para Windows XP (KB975560) - (.Microsoft Corporation.) [HKLM] -- KB975560

O42 - Logiciel: Atualização de Segurança para Windows XP (KB975562) - (.Microsoft Corporation.) [HKLM] -- KB975562

O42 - Logiciel: Atualização de Segurança para Windows XP (KB975713) - (.Microsoft Corporation.) [HKLM] -- KB975713

O42 - Logiciel: Atualização de Segurança para Windows XP (KB977816) - (.Microsoft Corporation.) [HKLM] -- KB977816

O42 - Logiciel: Atualização de Segurança para Windows XP (KB977914) - (.Microsoft Corporation.) [HKLM] -- KB977914

O42 - Logiciel: Atualização de Segurança para Windows XP (KB978037) - (.Microsoft Corporation.) [HKLM] -- KB978037

O42 - Logiciel: Atualização de Segurança para Windows XP (KB978338) - (.Microsoft Corporation.) [HKLM] -- KB978338

O42 - Logiciel: Atualização de Segurança para Windows XP (KB978542) - (.Microsoft Corporation.) [HKLM] -- KB978542

O42 - Logiciel: Atualização de Segurança para Windows XP (KB978601) - (.Microsoft Corporation.) [HKLM] -- KB978601

O42 - Logiciel: Atualização de Segurança para Windows XP (KB978706) - (.Microsoft Corporation.) [HKLM] -- KB978706

O42 - Logiciel: Atualização de Segurança para Windows XP (KB979309) - (.Microsoft Corporation.) [HKLM] -- KB979309

O42 - Logiciel: Atualização de Segurança para Windows XP (KB979482) - (.Microsoft Corporation.) [HKLM] -- KB979482

O42 - Logiciel: Atualização de Segurança para Windows XP (KB979687) - (.Microsoft Corporation.) [HKLM] -- KB979687

O42 - Logiciel: Atualização de Segurança para Windows XP (KB980195) - (.Microsoft Corporation.) [HKLM] -- KB980195

O42 - Logiciel: Atualização de Segurança para Windows XP (KB980232) - (.Microsoft Corporation.) [HKLM] -- KB980232

O42 - Logiciel: Atualização de Segurança para Windows XP (KB980436) - (.Microsoft Corporation.) [HKLM] -- KB980436

O42 - Logiciel: Atualização de Segurança para Windows XP (KB981322) - (.Microsoft Corporation.) [HKLM] -- KB981322

O42 - Logiciel: Atualização de Segurança para Windows XP (KB981852) - (.Microsoft Corporation.) [HKLM] -- KB981852

O42 - Logiciel: Atualização de Segurança para Windows XP (KB981997) - (.Microsoft Corporation.) [HKLM] -- KB981997

O42 - Logiciel: Atualização de Segurança para Windows XP (KB982132) - (.Microsoft Corporation.) [HKLM] -- KB982132

O42 - Logiciel: Atualização de Segurança para Windows XP (KB982214) - (.Microsoft Corporation.) [HKLM] -- KB982214

O42 - Logiciel: Atualização de Segurança para Windows XP (KB982665) - (.Microsoft Corporation.) [HKLM] -- KB982665

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB2378111) - (.Microsoft Corporation.) [HKLM] -- KB2378111_WM9

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB952069) - (.Microsoft Corporation.) [HKLM] -- KB952069_WM9

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB954155) - (.Microsoft Corporation.) [HKLM] -- KB954155_WM9

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB973540) - (.Microsoft Corporation.) [HKLM] -- KB973540_WM9

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB975558) - (.Microsoft Corporation.) [HKLM] -- KB975558_WM8

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB978695) - (.Microsoft Corporation.) [HKLM] -- KB978695_WM9

O42 - Logiciel: Atualização de Segurança para o Windows Media Player 11 (KB954154) - (.Microsoft Corporation.) [HKLM] -- KB954154_WM11

O42 - Logiciel: Atualização para Windows Internet Explorer 8 (KB976662) - (.Microsoft Corporation.) [HKLM] -- KB976662-IE8

O42 - Logiciel: Atualização para Windows XP (KB2141007) - (.Microsoft Corporation.) [HKLM] -- KB2141007

O42 - Logiciel: Atualização para Windows XP (KB2345886) - (.Microsoft Corporation.) [HKLM] -- KB2345886

O42 - Logiciel: Atualização para Windows XP (KB2467659) - (.Microsoft Corporation.) [HKLM] -- KB2467659

O42 - Logiciel: Atualização para Windows XP (KB898461) - (.Microsoft Corporation.) [HKLM] -- KB898461

O42 - Logiciel: Atualização para Windows XP (KB955759) - (.Microsoft Corporation.) [HKLM] -- KB955759

O42 - Logiciel: Atualização para Windows XP (KB961503) - (.Microsoft Corporation.) [HKLM] -- KB961503

O42 - Logiciel: Atualização para Windows XP (KB968389) - (.Microsoft Corporation.) [HKLM] -- KB968389

O42 - Logiciel: Atualização para Windows XP (KB971029) - (.Microsoft Corporation.) [HKLM] -- KB971029

O42 - Logiciel: Atualização para Windows XP (KB971737) - (.Microsoft Corporation.) [HKLM] -- KB971737

O42 - Logiciel: Atualização para Windows XP (KB973687) - (.Microsoft Corporation.) [HKLM] -- KB973687

O42 - Logiciel: Atualização para Windows XP (KB973815) - (.Microsoft Corporation.) [HKLM] -- KB973815

O42 - Logiciel: AuthenTec Fingerprint Sensor Minimum Install - (.AuthenTec, Inc..) [HKLM] -- {55CABB2F-4513-4FF1-B912-B45F93FC5B01}

O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop

O42 - Logiciel: Cine Turbo versão 2.0 - (.Umbrella Corp.) [HKLM] -- {F48612EB-90C9-4A82-95EC-9082176AB406}_is1

O42 - Logiciel: Conexant HD Audio - (.Conexant.) [HKLM] -- CNXT_AUDIO_HDA

O42 - Logiciel: ConvertXtoDVD 4.1.10.348 - (.Unknown owner.) [HKLM] -- {DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1

O42 - Logiciel: Corel Graphics - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- _{51DD370C-6690-424E-9674-5F14468B323F}

O42 - Logiciel: Corel Graphics - Windows Shell Extension - (.Corel Corporation.) [HKLM] -- {51DD370C-6690-424E-9674-5F14468B323F}

O42 - Logiciel: CorelDRAW Graphics Suite X5 - IPM - (.Corel Corporation.) [HKLM] -- {DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}

O42 - Logiciel: CorelDRAW Graphics Suite X5 - WT - (. Corel Corporation.) [HKLM] -- {9244E956-5939-4B88-930C-0699D4AB2B95}

O42 - Logiciel: CorelDRAW® Graphics Suite X5 - (.Corel Corporation.) [HKLM] -- _{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}

O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}

O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D}

O42 - Logiciel: Driver Genius Professional Edition - (.Driver-Soft Inc..) [HKLM] -- Driver Genius Professional Edition_is1

O42 - Logiciel: FIFA 11 - (.Electronic Arts.) [HKLM] -- {3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}

O42 - Logiciel: Ferramenta de Carregamento do Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}

O42 - Logiciel: FormatFactory 2.60 - (.Free Time.) [HKLM] -- FormatFactory

O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}

O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: HDAUDIO Soft Data Fax Modem with SmartCP - (.Unknown owner.) [HKLM] -- CNXT_MODEM_HDAUDIO_HERMOSA_HSF

O42 - Logiciel: HP Integrated Module with Bluetooth wireless technology - (.HP.) [HKLM] -- {3F4EC965-28EF-45C3-B063-04B25D4E9679}

O42 - Logiciel: HP Quick Launch Buttons 6.10 B9 - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}

O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {CBAE4F50-9FC9-4557-AB36-9826DF3C103C}

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

O42 - Logiciel: Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040) - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}.KB946040

O42 - Logiciel: Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308) - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}.KB946308

O42 - Logiciel: Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344) - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}.KB946344

O42 - Logiciel: Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540) - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}.KB947540

O42 - Logiciel: Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}.KB947789

O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) - (.Microsoft Corporation.) [HKLM] -- KB929399

O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5

O42 - Logiciel: Hotfix para Windows XP (KB2443685) - (.Microsoft Corporation.) [HKLM] -- KB2443685

O42 - Logiciel: Hotfix para Windows XP (KB961118) - (.Microsoft Corporation.) [HKLM] -- KB961118

O42 - Logiciel: Hotfix para o Windows Media Player 11 (KB939683) - (.Microsoft Corporation.) [HKLM] -- KB939683

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI

O42 - Logiciel: Java 6 Update 23 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216023FF}

O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619}

O42 - Logiciel: K-Lite Codec Pack 6.6.0 (Full) - (.Unknown owner.) [HKLM] -- KLiteCodecPack_is1

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Marvell Miniport Driver - (.Marvell.) [HKLM] -- Marvell Miniport Driver

O42 - Logiciel: Messenger Plus! 5 - (.Yuna Software.) [HKLM] -- Messenger Plus!

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB - (.Microsoft Corporation.) [HKLM] -- {EDA9F30A-8B65-3E6F-B353-CCA1C9241471}

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB - (.Microsoft Corporation.) [HKLM] -- {94C65B81-1CCE-3D93-95B5-853B1A3DA539}

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile PTB Language Pack - (.Microsoft Corporation.) [HKLM] -- {20A15757-4AE4-3C82-9711-863C84AFE6AA}

O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended

O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- {0A0CADCF-78DA-33C4-A350-CD51849B9702}

O42 - Logiciel: Microsoft .NET Framework 4 Extended PTB Language Pack - (.Microsoft Corporation.) [HKLM] -- {98ADF875-648F-3E73-8F3B-010C2464C948}

O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}

O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- ENTERPRISE

O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}

O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM] -- {196BB40D-1578-3D01-B289-BEFC77A11A1E}

O42 - Logiciel: Microsoft Visual Studio Tools for Applications 2.0 - ENU - (.Microsoft Corporation.) [HKLM] -- {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}

O42 - Logiciel: Microsoft Visual Studio Tools for Applications 2.0 Runtime - (.Microsoft Corporation.) [HKLM] -- {299C0434-4F4E-341F-A916-4E07AEB35E79}

O42 - Logiciel: Nero 7 Premium - (.Nero AG.) [HKLM] -- {7516254D-7F98-49DD-8209-5D2208BD1046}

O42 - Logiciel: Nexus 10.9 - (.Unknown owner.) [HKLM] -- Winstep Xtreme_is1

O42 - Logiciel: Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile PTB Language Pack

O42 - Logiciel: Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended PTB Language Pack

O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3

O42 - Logiciel: Placa LAN sem Fios Broadcom 802.11 - (.Broadcom Corporation.) [HKLM] -- Broadcom 802.11b Network Adapter

O42 - Logiciel: Portinho 4.3.0.0 - (.Unknown owner.) [HKLM] -- {19431145-71F3-4062-8DE7-BA07EBF3EBAA}_is1

O42 - Logiciel: Pro Evolution Soccer 2010 - (.KONAMI.) [HKLM] -- {283FFB23-8751-4B08-ACB8-5E0F8BCF7727}

O42 - Logiciel: Pro Evolution Soccer 2011 - (.KONAMI.) [HKLM] -- {1148E85C-E1AF-48E0-A29C-68DACE07E054}

O42 - Logiciel: ProXCine versão 2.0 - (.Umbrella Corp.) [HKLM] -- {33B057D8-1C5E-40FB-946E-802228871434}_is1

O42 - Logiciel: RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 - (.Unknown owner.) [HKLM] -- {59F6A514-9813-47A3-948C-8A155460CC2A}

O42 - Logiciel: RealNetworks - Microsoft Visual C++ 2008 Runtime - (.RealNetworks, Inc.) [HKLM] -- {7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}

O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0

O42 - Logiciel: RealUpgrade 1.1 - (.RealNetworks, Inc..) [HKLM] -- {28C2DED6-325B-4CC7-983A-1777C8F7FBAB}

O42 - Logiciel: Revo Uninstaller 1.91 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5C497F0B-2061-4CC9-A61C-6B45B867354D}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CD769337-C8AC-46DB-A7DC-643E50089263}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2289158) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{210B16C0-CEBD-4DE9-B474-04A7E8735E16}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2344875) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{536FB502-775F-4494-BACE-C02CC90B7A5B}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7F207DCA-3399-40CB-A968-6E5991B1421A}

O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Extended (KB2416472) - (.Microsoft Corporation.) [HKLM] -- {0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2416472

O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}

O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5A4E43D5-858F-49BD-BA72-8F30E1793060}

O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2345035) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B23002DD-34EC-4988-B810-A5E2A0BF04F1}

O42 - Logiciel: Security Update for Microsoft Office Groove 2007 (KB2494047) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B91E2AEC-7F93-4E33-ACF6-EC90640CBE4F}

O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}

O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer (KB2413381) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3DED0A62-44C8-4E00-A785-5212F297A9D9}

O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2284697) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3A4CDE54-2403-483D-8D9A-15E3264410DF}

O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}

O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}

O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

O42 - Logiciel: Super Tela 4.0 - (.Super Tela.) [HKLM] -- Super Tela 4.0

O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}

O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2473228) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228

O42 - Logiciel: Update for Microsoft Office OneNote 2007 (KB980729) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{329050A9-EF80-40F9-B633-74508F54C1FF}

O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB2412171) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{752A0B7C-BD24-4362-AC86-AB63FEE6F46F}

O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (KB2508979) - (.Microsoft.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{D2137BBA-250B-4548-BC1C-19E5009893D7}

O42 - Logiciel: VeriSoft Access Manager - (.Bioscrypt Inc..) [HKLM] -- {D83899AB-9964-4CFC-A246-F1BD430A455F}

O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729) - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}

O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01 - (.Microsoft Corporation.) [HKLM] -- {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01

O42 - Logiciel: Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray - (.Microsoft Corporation.) [HKLM] -- KB952011

O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify

O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8

O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {590035D9-BFA0-406A-A7F0-479C72C0DDB2}

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- {0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}

O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {74AD1846-2010-4FB1-8E24-B6F2B87150C2}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {9ADC3E4F-34DA-48CD-8727-BB26D90257BD}

O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11

O42 - Logiciel: Windows Media Format 11 runtime - (.Unknown owner.) [HKLM] -- Windows Media Format Runtime

O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11

O42 - Logiciel: Windows Media Player 11 - (.Unknown owner.) [HKLM] -- Windows Media Player

O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC

O42 - Logiciel: aTube Catcher - (.DsNET Corp.) [HKLM] -- aTube Catcher

O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\Adobe]

[HKCU\Software\Ahead]

[HKCU\Software\Alps]

[HKCU\Software\Avira]

[HKCU\Software\BitComet]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\Corel]

[HKCU\Software\CyberLink]

[HKCU\Software\DT Soft]

[HKCU\Software\EA Sports]

[HKCU\Software\ESET]

[HKCU\Software\FreeTime]

[HKCU\Software\GNU]

[HKCU\Software\Gabest]

[HKCU\Software\GbPlugin]

[HKCU\Software\Google]

[HKCU\Software\Haali]

[HKCU\Software\Hewlett-Packard]

[HKCU\Software\IM Providers]

[HKCU\Software\ITConcepts]

[HKCU\Software\Intel]

[HKCU\Software\JavaSoft]

[HKCU\Software\KasperskyLab]

[HKCU\Software\Leadertech]

[HKCU\Software\LogMeIn]

[HKCU\Software\MONOGRAM]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\MediaInfo]

[HKCU\Software\Mozilla]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\Policies]

[HKCU\Software\Portinho]

[HKCU\Software\QSPControl]

[HKCU\Software\RealNetworks]

[HKCU\Software\Sysinternals]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\VSO]

[HKCU\Software\VSRevoGroup]

[HKCU\Software\Wget]

[HKCU\Software\Widcomm]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\WinSTEP2000]

[HKCU\Software\Yuna Software]

[HKCU\Software\cacaoweb]

[HKCU\Software\dskMetrics]

[HKCU\Software\madFlac]

[HKLM\Software\14919ea49a8f3b4aa3cf1058d9a64cec]

[HKLM\Software\A-Patch]

[HKLM\Software\ACE Compression Software]

[HKLM\Software\ALPS]

[HKLM\Software\Adobe]

[HKLM\Software\Ahead]

[HKLM\Software\AppDataLow]

[HKLM\Software\Audible]

[HKLM\Software\Authentec]

[HKLM\Software\AviSynth]

[HKLM\Software\Avira]

[HKLM\Software\BcmSetup]

[HKLM\Software\Broadcom]

[HKLM\Software\C07ft5Y]

[HKLM\Software\CDDB]

[HKLM\Software\CXT]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Codec Tweak Tool]

[HKLM\Software\Conexant]

[HKLM\Software\Corel]

[HKLM\Software\CyberLink]

[HKLM\Software\DT Soft]

[HKLM\Software\DivXNetworks]

[HKLM\Software\Driver-Soft]

[HKLM\Software\EA Sports]

[HKLM\Software\Electronic Arts]

[HKLM\Software\Eset]

[HKLM\Software\GNU]

[HKLM\Software\Gemplus]

[HKLM\Software\Google]

[HKLM\Software\HPQ]

[HKLM\Software\HP]

[HKLM\Software\HaaliMkx]

[HKLM\Software\Hewlett-Packard]

[HKLM\Software\IObit]

[HKLM\Software\ITConcepts]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\KLCodecPack]

[HKLM\Software\KONAMI]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\Marvell]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Nero]

[HKLM\Software\ODBC]

[HKLM\Software\Policies]

[HKLM\Software\Program Groups]

[HKLM\Software\RealNetworks]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\SUPERAntiSpyware.com]

[HKLM\Software\Schlumberger]

[HKLM\Software\Siemens]

[HKLM\Software\Swearware]

[HKLM\Software\TrendMicro]

[HKLM\Software\VSO]

[HKLM\Software\Widcomm]

[HKLM\Software\WinRAR]

[HKLM\Software\Windows 3.1 Migration Status]

[HKLM\Software\X-AVCSD]

[HKLM\Software\Xing Technology Corp.]

[HKLM\Software\Yuna Software]

 

 

---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.CB4CC3D4EA7C94A35F1D81C3D750BC8D] - 10/3/2011 - 01:34:53 ---A- . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\WINDOWS\System32\vp7vfw.dll [626688]

O44 - LFC:[MD5.5FB0F4D86C76470E559CFC0A320B2D35] - 10/3/2011 - 01:34:53 ---A- . (.RealNetworks, Inc. - ACELP-NET Voice Codec for RealAudio.) -- C:\WINDOWS\System32\sipr3260.dll [102439]

O44 - LFC:[MD5.3E1054C32532E726D9DAF20FA9048BE8] - 10/3/2011 - 01:34:53 ---A- . (.RealNetworks, Inc. - RealNetworks Cooker G2 Audio Codec.) -- C:\WINDOWS\System32\cook3260.dll [65602]

O44 - LFC:[MD5.FFFAAEF7265285A274C3535B65238693] - 10/3/2011 - 01:34:53 ---A- . (.RealNetworks, Inc. - RealVideo 8.) -- C:\WINDOWS\System32\drv33260.dll [208935]

O44 - LFC:[MD5.711DBC8F0A5D89A2C946C33F2D717C75] - 10/3/2011 - 01:34:53 ---A- . (.RealNetworks, Inc. - RealVideo 9.) -- C:\WINDOWS\System32\drv43260.dll [217127]

O44 - LFC:[MD5.2BF29D229C9F685031945E77E6BABD34] - 10/3/2011 - 01:34:53 ---A- . (.RealNetworks, Inc. - RealVideo G2.) -- C:\WINDOWS\System32\drv23260.dll [176165]

O44 - LFC:[MD5.B4EB68502E52EBDC0B2C55EA3445284C] - 11/3/2011 - 13:15:56 ---A- . (.Progressive Networks - No comment.) -- C:\WINDOWS\System32\pncrt.dll [272896]

O44 - LFC:[MD5.33833B3EDA1B07EBD367FA9B38B23E60] - 11/3/2011 - 13:15:57 ---A- . (.RealNetworks, Inc. - 16 bit DirectX helper DLL.) -- C:\WINDOWS\System32\pndx5016.dll [6656]

O44 - LFC:[MD5.B74E422BC81236042529DC8A42A18423] - 11/3/2011 - 13:15:57 ---A- . (.RealNetworks, Inc. - 32 bit DirectX helper DLL.) -- C:\WINDOWS\System32\pndx5032.dll [5632]

O44 - LFC:[MD5.05D8164F205043AEB1707D79076F30DF] - 11/3/2011 - 13:16:04 ---A- . (.RealNetworks, Inc. - Real Player ActiveX Control.) -- C:\WINDOWS\System32\rmoc3260.dll [198848]

O44 - LFC:[MD5.8B138ED363128BFF2C2E1E7FEA9793B4] - 12/3/2011 - 02:51:10 ---A- . (...) -- C:\WINDOWS\avisplitter.ini [38]

O44 - LFC:[MD5.8DC7ACCB65E7C1D9AEC60FDAF21E23E8] - 15/3/2011 - 01:06:35 ---A- . (...) -- C:\WINDOWS\System32\wpa.dbl [2206]

O44 - LFC:[MD5.67B48A903430C6D4FB58CBACA1866601] - 15/3/2011 - 02:25:41 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [20952]

O44 - LFC:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 15/3/2011 - 02:25:42 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [38224]

O44 - LFC:[MD5.E0E70842FDE06A6A11F781CD461AFBA4] - 15/3/2011 - 15:11:48 -SHA- . (...) -- C:\WINDOWS\kaspersky_virus_removal_tools_9.0.0.722drv.spi [652]

O44 - LFC:[MD5.F23AA3AFB7B5F2E7D159E833A452C05A] - 15/3/2011 - 16:04:26 ---A- . (...) -- C:\WINDOWS\win.ini [582]

O44 - LFC:[MD5.A54A7FA6E109CFE9232DB7609AF4DB4C] - 15/3/2011 - 16:04:26 RSHA- . (...) -- C:\boot.ini [327]

O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 16/3/2011 - 01:33:57 ---A- . (...) -- C:\WINDOWS\system.ini [227]

O44 - LFC:[MD5.A5DD1F7081C622A55D24A51615DC676E] - 16/3/2011 - 01:37:21 ---A- . (...) -- C:\ComboFix.txt [19769]

O44 - LFC:[MD5.60C83F7D6B54341156876AA4FF458A29] - 16/3/2011 - 01:44:26 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [678514]

O44 - LFC:[MD5.CB6A1A4FBD2171DC4EDC304236C62E1A] - 16/3/2011 - 01:55:21 ---A- . (...) -- C:\WINDOWS\System32\PerfStringBackup.INI [1133998]

O44 - LFC:[MD5.E0332728A8B8BE8B020383BC64828204] - 16/3/2011 - 01:55:21 ---A- . (...) -- C:\WINDOWS\System32\perfc009.dat [76458]

O44 - LFC:[MD5.0EDD90D46F42609EDCEFC99D777DF857] - 16/3/2011 - 01:55:21 ---A- . (...) -- C:\WINDOWS\System32\perfc016.dat [87892]

O44 - LFC:[MD5.CC7ACCD382C6C8CF47C7C98502CE58FD] - 16/3/2011 - 01:55:21 ---A- . (...) -- C:\WINDOWS\System32\perfh009.dat [457748]

O44 - LFC:[MD5.193FBDDCFF09D9BEAD64B028B63B7DBF] - 16/3/2011 - 01:55:21 ---A- . (...) -- C:\WINDOWS\System32\perfh016.dat [497474]

O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 16/3/2011 - 11:52:29 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.0CF51200F915817C00FCFD7FE0F51200] - 16/3/2011 - 11:56:15 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]

O44 - LFC:[MD5.0CF51200F915817C00FCFD7FE0F51200] - 16/3/2011 - 11:56:15 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]

O44 - LFC:[MD5.DA39805E2BAD99D37FCE9477DD94E7F2] - 17/2/2011 - 08:01:34 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\System32\drivers\avipbb.sys [135096]

O44 - LFC:[MD5.DCC78B14C94A442C60981A7095B4A730] - 17/3/2011 - 02:45:31 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]

O44 - LFC:[MD5.C022A09812E1805F90F2203524E9BAED] - 17/3/2011 - 03:15:07 ---A- . (...) -- C:\WINDOWS\setupapi.log [9336]

O44 - LFC:[MD5.0CF51200F915817C00FCFD7FE0F51200] - 17/3/2011 - 06:38:00 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32564]

O44 - LFC:[MD5.0CF51200F915817C00FCFD7FE0F51200] - 17/3/2011 - 14:41:50 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1067917]

O44 - LFC:[MD5.C1AE5D1F53285D79A0B73A62AF20734F] - 23/2/2011 - 02:56:04 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [98392]

O44 - LFC:[MD5.A1DF44B61218CD36D3697755FE8FC445] - 4/3/2011 - 03:28:11 ---A- . (.Winstep Software Technologies - NeXT Style controls.) -- C:\WINDOWS\System32\NextControls.ocx [798208]

 

 

---\\ Operations and functions at Windows Explorer startup (O46)

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

 

 

---\\ Export authorized application key (O47)

O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Groove.) -- C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office OneNote.) -- C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2011\pes2011.exe" [Enabled] .(.Konami Digital Entertainment Co., Ltd..) -- C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2011\pes2011.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" [Enabled] .(.Konami Digital Entertainment Co., Ltd..) -- C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2010\pes2010.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\EA Sports\FIFA 11\Game\fifa.exe" [Enabled] .(.Electronic Arts - FIFA 11.) -- C:\Arquivos de programas\EA Sports\FIFA 11\Game\fifa.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\cacaoweb\cacaoweb.exe" [Enabled] .(.Unknown owner - No comment.) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe

O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export DP - "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(.Microsoft Corporation - Windows Live Call.) -- C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe

O47 - AAKE:Key Export DP - "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

 

---\\ Local Security Authority-LSA Deny (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\WINDOWS\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\System32\msv1_0.dll

 

 

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

 

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec de áudio DSP Group TrueSpeech para MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\System32\ir41_32.ax

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\System32\ir50_32.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\xvidvfw.dll

O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\WINDOWS\System32\yv12vfw.dll

O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm

O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\System32\lameACM.acm

O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ff_vfw.dll

O52 - TDSD: \Drivers32\"VIDC.FMVC"="fmcodec.dll" . (.Fox Magic Software - FM Screen Capture Codec (VFW).) -- C:\WINDOWS\System32\fmcodec.dll

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (.Unknown owner - No comment.) -- (.not file.)

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec 1.2.2" . (.Unknown owner - No comment.) -- (.not file.)

O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.98.2" . (.Unknown owner - No comment.) -- (.not file.)

O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\System32\ac3acm.acm

O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ff_vfw.dll

 

 

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

O53 - SMSR:HKLM\...\startupreg\Apoint [Key] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Arquivos de programas\Apoint2K\Apoint.exe

O53 - SMSR:HKLM\...\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [Key] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

O53 - SMSR:HKLM\...\startupreg\CognizanceTS [Key] . (.Cognizance Corporation - Terminal Services Virtual Channel Client.) -- C:\ARQUIV~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll

O53 - SMSR:HKLM\...\startupreg\ctfmon.exe [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O53 - SMSR:HKLM\...\startupreg\GrooveMonitor [Key] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe

O53 - SMSR:HKLM\...\startupreg\hpWirelessAssistant [Key] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Arquivos de programas\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe

O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe

O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0

O55 - MWPS:[HKCU\...\Policies\System] - "disableregistrytools"=0

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863

O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveSearch"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoPopUpsOnBoot"=1

 

 

---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.87EC3FDCAF6C5052E2E72B861DEDD3D3] - 24/7/2008 - 06:25:20 ---A- . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys [101874]

O58 - SDL:[MD5.963FCB101B224C3F01ADDC6AEB4D6796] - 1/11/2006 - 02:40:00 ---A- . (.AuthenTec, Inc. - Slide Fingerprint USB Driver.) -- C:\WINDOWS\system32\drivers\atswpdrv.sys [138632]

O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 17/6/2010 - 07:59:18 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\drivers\avgntdd.sys [45416]

O58 - SDL:[MD5.47B879406246FFDCED59E18D331A0E7D] - 24/1/2011 - 04:18:50 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\WINDOWS\system32\drivers\avgntflt.sys [61960]

O58 - SDL:[MD5.87451AA7CC6B6A590EBCEA05E755075A] - 17/6/2010 - 07:59:19 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver Manager.) -- C:\WINDOWS\system32\drivers\avgntmgr.sys [22360]

O58 - SDL:[MD5.DA39805E2BAD99D37FCE9477DD94E7F2] - 17/2/2011 - 08:01:34 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\WINDOWS\system32\drivers\avipbb.sys [135096]

O58 - SDL:[MD5.3292260A6AE8F328C7EF698B6EBD56E2] - 15/11/2002 - 04:45:08 ---A- . (.Broadcom Corporation - USB Driver for Bluetooth Adapter.) -- C:\WINDOWS\system32\drivers\bcbthub.sys [148794]

O58 - SDL:[MD5.C89327377D4B62DC792E8930EA55F571] - 24/1/2011 - 04:14:18 ---A- . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless driver.) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS [1294200]

O58 - SDL:[MD5.3BC0AFBD546162FE6ED6CCB15BEFAD73] - 12/5/2006 - 05:51:22 ---A- . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\WINDOWS\system32\drivers\btaudio.sys [401664]

O58 - SDL:[MD5.9515D10CEAF284AB1A21934E1958D4FD] - 12/5/2006 - 05:49:04 ---A- . (.Broadcom Corporation. - Bluetooth Bus Enumerator.) -- C:\WINDOWS\system32\drivers\btkrnl.sys [1342602]

O58 - SDL:[MD5.1D25FB8B6B073E6F4FB51034F734EA2C] - 12/5/2006 - 05:47:18 ---A- . (.Broadcom Corporation. - Bluetooth BTPORT Driver for Windows 2000.) -- C:\WINDOWS\system32\drivers\btport.sys [30363]

O58 - SDL:[MD5.66BFF2643E5F6A0F80208DDE1C4B653A] - 12/5/2006 - 05:43:46 ---A- . (.Broadcom Corporation. - Bluetooth LAN Access Server Driver.) -- C:\WINDOWS\system32\drivers\btwdndis.sys [148168]

O58 - SDL:[MD5.4272BAB9291D26DA5AC913BC79C3CE85] - 12/5/2006 - 05:46:44 ---A- . (.Broadcom Corporation. - Driver for Bluetooth USB Devices.) -- C:\WINDOWS\system32\drivers\btwusb.sys [57320]

O58 - SDL:[MD5.6CD3629F8352C79BFCFB805D18B1D7A6] - 18/12/2007 - 11:18:10 ---A- . (.Conexant Systems Inc. - High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\CHDAud.sys [732160]

O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 21/3/2009 - 14:25:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]

O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 21/3/2009 - 14:25:14 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]

O58 - SDL:[MD5.6A6235B73B0E64C35213DB055B94954C] - 11/10/2010 - 12:52:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\drivers\GbpKm.sys [45096]

O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/4/2008 - 07:00:00 ---A- . (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys [144384]

O58 - SDL:[MD5.0AAEF566E6782957252FA79F566FBC0B] - 1/11/2007 - 07:25:32 ---A- . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys [211456]

O58 - SDL:[MD5.0E666AC2766F2FD860CC03F405A2ACE1] - 1/11/2007 - 07:25:22 ---A- . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys [731520]

O58 - SDL:[MD5.E472E0CB4E716CC34C0E045F2C196221] - 1/11/2007 - 07:26:36 ---A- . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys [989696]

O58 - SDL:[MD5.DB0CC620B27A928D968C1A1E9CD9CB87] - 9/12/2010 - 23:46:21 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\WINDOWS\system32\drivers\iaStor.sys [312344]

O58 - SDL:[MD5.D1359E54D9755D28E56B17A352AB8AAE] - 11/9/2008 - 03:22:48 ---A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\igxpmp32.sys [6047904]

O58 - SDL:[MD5.9B2BECE9AFC21DA79A703034EF578ED8] - 4/10/2007 - 10:28:58 ---A- . (.Ahead Software AG - NERO IMAGEDRIVE SCSI miniport.) -- C:\WINDOWS\system32\drivers\imagedrv.sys [11304]

O58 - SDL:[MD5.8E0BE30A48D102A78DA6BDF4515B847F] - 4/10/2007 - 10:29:00 ---A- . (.Ahead Software AG - Nero Image Server.) -- C:\WINDOWS\system32\drivers\imagesrv.sys [132904]

O58 - SDL:[MD5.67B48A903430C6D4FB58CBACA1866601] - 29/4/2010 - 15:39:26 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [20952]

O58 - SDL:[MD5.C7DD7D9739785BD3A6B8499EEC1DEE7E] - 29/4/2010 - 15:39:38 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [38224]

O58 - SDL:[MD5.0CEA2D0D3FA284B85ED5B68365114F76] - 19/6/2006 - 04:26:58 ---A- . (.Conexant - Diagnostic Interface x86 Driver.) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys [12672]

O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 21/3/2009 - 14:25:14 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]

O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/4/2008 - 07:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]

O58 - SDL:[MD5.C35CA13D3627EBD9DD12A23CE781BC3D] - 8/8/2007 - 13:12:08 ---A- . (.REDC - RICOH SD Driver.) -- C:\WINDOWS\system32\drivers\rimmptsk.sys [45568]

O58 - SDL:[MD5.C398BCA91216755B098679A8DA8A2300] - 30/7/2007 - 03:12:58 ---A- . (.REDC - RICOH MS Driver.) -- C:\WINDOWS\system32\drivers\rimsptsk.sys [43008]

O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 21/3/2009 - 14:25:14 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]

O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 21/3/2009 - 14:25:14 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]

O58 - SDL:[MD5.2A2554CB24506E0A0508FC395C4A1B42] - 30/7/2007 - 04:24:02 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\WINDOWS\system32\drivers\rixdptsk.sys [38400]

O58 - SDL:[MD5.C1AE5D1F53285D79A0B73A62AF20734F] - 23/2/2011 - 02:56:04 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\WINDOWS\system32\drivers\SBREDrv.sys [98392]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 14/4/2008 - 07:00:00 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.0CF51200F915817C00FCFD7FE0F51200] - 15/3/2011 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [691696]

O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/6/2010 - 07:59:17 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\drivers\ssmdrv.sys [28520]

O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 21/3/2009 - 14:25:14 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]

O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 21/3/2009 - 14:25:14 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]

O58 - SDL:[MD5.67331FD053F97A874A60374BE6B59523] - 15/8/2007 - 05:22:00 ---A- . (.Marvell - NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller.) -- C:\WINDOWS\system32\drivers\yk51x86.sys [265856]

O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]

O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]

O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]

O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]

O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]

O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]

O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]

O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]

O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/4/2008 - 07:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe

 

 

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe

 

 

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com

 

 

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 26/6/2006 126976 | (AddFiltr) . (.Hewlett-Packard Development Company, L.P..) - C:\Arquivos de programas\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

SR - | Auto 3/9/2010 135336 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

SR - | Auto 24/1/2011 267944 | (AntiVirService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 12/5/2006 258103 | (btwdins) . (.Broadcom Corporation..) - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\dmadmin.exe

SS - | Auto 11/10/2010 54696 | (GbpSv) . (.Unknown owner.) - C:\ARQUIV~1\GbPlugin\GbpSv.exe

SS - | Auto 24/1/2011 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

SS - | Demand 24/1/2011 182768 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

SR - | Auto 2/5/2006 135168 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Arquivos de programas\Hewlett-Packard\Shared\hpqWmiEx.exe

SR - | Auto 24/1/2011 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

SS - | Demand 17/9/2007 800040 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

SS - | Demand 27/6/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

 

---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net

Run by Usuario at 17/3/2011 18:22:58

 

CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR

 

Disk trace:

kernel: MBR read successfully

user != kernel MBR !!!

 

 

---\\ Search Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Usuario at 17/3/2011 18:22:58

Use the desktop link 'MBRCheck' to have full report

 

 

 

---\\ List of CD/DVD Emulators (MBR Hook)

O58 - SDL:[MD5.0CF51200F915817C00FCFD7FE0F51200] - 15/3/2011 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [691696]

 

 

 

End of the scan (948 lines in 01mn 38s)(0)

[wings 22]

1.

*Cole o relatório mbr.txt criado em C:\Arquivos de programas\ZHPdiag

 

2.

*Copie o código abaixo:

[MD5.AAB015DB2A44B5CD0DF0392896A8A6B7] - (.Unknown owner - No comment.) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe [356080]

O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe

O4 - HKUS\S-1-5-21-2025429265-1123561945-1177238915-1003\..\Run: [cacaoweb] . (.Unknown owner - No comment.) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe

[HKCU\Software\cacaoweb]

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\cacaoweb\cacaoweb.exe" [Enabled] .(.Unknown owner - No comment.) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe

*Execute o ZHPFix, localizado no desktop

*Clique no botão

*Clique [OK] > [All] > [Fix]

*Cole o relatório criado em C:\Arquivos de programas\ZHPDiag\ZHPFixReport.txt

[Raphael da Cruz 0]

Boa noite WINGS,

 

Desculpe a demora pra retornar com o log. Segue abaixo:

 

 

 

Rapport de ZHPFix 1.12.3254 par Nicolas Coolman, Update du 18/02/2011

Fichier d'export Registre :

Run by Usuario at 19/3/2011 03:30:07

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Contact : nicolascoolman@yahoo.fr

 

========== Memory Process ==========

C:\Arquivos de programas\cacaoweb\cacaoweb.exe [356080] => Quarantined and Deleted successfully

 

========== Registry Key ==========

HKCU\Software\cacaoweb => Registry Key removed successfully

 

========== Registry Value ==========

O4 - HKCU\..\Run: [cacaoweb] . (...) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe => Registry key value removed successfully

O4 - HKUS\S-1-5-21-2025429265-1123561945-1177238915-1003\..\Run: [cacaoweb] . (.Unknown owner - No comment.) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe => Registry key value not found

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\cacaoweb\cacaoweb.exe" [Enabled] .(.Unknown owner - No comment.) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe => Registry key value removed successfully

 

========== File ==========

 

 

========== Summary ==========

1 : Memory Process

1 : Registry Key

3 : Registry Value

 

 

End of the scan

 

 

Valeu!

[wings 22]

Amigo, está faltando uma solicitação...

 

1.

*Cole o relatório mbr.txt criado em C:\Arquivos de programas\ZHPdiag

[Raphael da Cruz 0]

Boa tarde WINGS,

 

Falha nossa rs... segue o relatório:

 

 

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net

Windows 5.1.2600

 

CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys sphh.sys >>UNKNOWN [0x8AD6B938]<<

C:\WINDOWS\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver

sphh.sys

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AD02868]

3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000076[0x8AD05910]

5 ACPI[0xB9E74620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-0[0x8A716030]

kernel: MBR read successfully

user != kernel MBR !!!

 

 

Valeu.

[wings 22]

1.

*Execute o arquivo ZHP_Uninstall.exe localizado no desktop

 

2.

*Baixe o MBR e salve-o em C:\

*Clique [iniciar] > [Executar] > copie e cole: c:\mbr.exe -f

*Clique [OK].

*Duplo clique em C:\mbr.exe

*Cole o relatório C:\mbr.txt

[Raphael da Cruz 0]

Boa noite WINGS...

 

Desculpe a demora, segue o relatório:

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

 

CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

 

abraço!!

[wings 22]

OK...informe se o problema foi resolvido.

 

O log está limpo.

 

Delete os arquivos C:\mbr.exe e C:\mbr.txt

 

 

Um abraço.

[Raphael da Cruz 0]

Cara muito obrigado!

 

Agora sim, tá tudo OK, valeu pela atenção!

No que puder ajudar, estarei a disposição.

 

abraço a todos, o fórum é muito bom.

 

RAPHAEL

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.