Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:00:32, on 14/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O1 - Hosts: ::1 localhost
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Barra de aplicativos da ALOT Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Barra de aplicativos da ALOT - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Arquivos de programas\alotappbar\bin\ALOTHelper.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [upgrade.exe] C:\win7xe\upgrade.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 6724 bytes
-----\\-------
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Versão da Base de Dados: v2012.11.14.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
f003407 :: FUN0085 [administrador]
14/11/2012 11:02:26
mbam-log-2012-11-14 (11-02-26).txt
Tipo de Verificação: Verificação Completa (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 324785
Tempo decorrido: 1 hora(s), 52 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 2
C:\Documents and Settings\f003407\Meus documentos\Downloads\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\RECYCLER\S-1-5-21-2586132527-314635491-3328972525-21374\Dc497.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
=======\\==========
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Versão da Base de Dados: v2012.11.14.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
f003407 :: FUN0085 [administrador]
14/11/2012 09:51:01
mbam-log-2012-11-14 (09-51-01).txt
Tipo de Verificação: Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 270913
Tempo decorrido: 9 minuto(s), 27 segundo(s)
Processos de Memória Detectados: 2
C:\win7xe\win7.exe (Trojan.Banker) -> 2440 -> Será deletado na próxima inicialização.
C:\win7xe\win32.exe (Trojan.Banker) -> 2408 -> Será deletado na próxima inicialização.
Módulos de Memória Detectados: 2
C:\win7xe\icudt.dll (Trojan.Banker) -> Será deletado na próxima inicialização.
C:\win7xe\libcef.dll (Trojan.Banker) -> Será deletado na próxima inicialização.
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Valores de Registro Detectadas: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|win7.exe (Trojan.Banker) -> Data: C:\win7xe\win7.exe -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|win32.exe (Trojan.Banker) -> Data: C:\win7xe\win32.exe -> Enviado para a Quarentena e deletado com sucesso.
Itens de Dados no Registro Detectadas: 2
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 13
C:\Documents and Settings\f003407\Desktop\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.
C:\Documents and Settings\f003407\Meus documentos\Downloads\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.
C:\Documents and Settings\f003407\Meus documentos\Downloads\Nota_Fiscal.PDF.Cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
c:\documents and settings\f003407\meus documentos\downloads\nota_fiscal_eletronica.pdf (1).cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
c:\documents and settings\f003407\meus documentos\downloads\nota_fiscal_eletronica.pdf.cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\f003407\My Documents\Downloads\84xd (Backdoor.Bot) -> Enviado para a Quarentena e deletado com sucesso.
C:\Documents and Settings\f003407\My Documents\Downloads\84xd(1) (Backdoor.Bot) -> Enviado para a Quarentena e deletado com sucesso.
C:\win7xe\icudt.dll (Trojan.Banker) -> Será deletado na próxima inicialização.
C:\win7xe\libcef.dll (Trojan.Banker) -> Será deletado na próxima inicialização.
C:\win7xe\id.sys (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
C:\win7xe\up.exe (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.
C:\win7xe\win7.exe (Trojan.Banker) -> Será deletado na próxima inicialização.
C:\win7xe\win32.exe (Trojan.Banker) -> Será deletado na próxima inicialização.
(fim)
=========\\\=============
*** [services] ***
*** [Files / Folders] ***
Folder Deleted : C:\Arquivos de programas\DealPly
*** [Registry] ***
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
*** [internet Browsers] ***
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[s2].txt - [1352 octets] - [14/11/2012 10:16:10]
########## EOF - C:\AdwCleaner[s2].txt - [1412 octets] ##########
ComboFix 12-11-14.01 - f003407 14/11/2012 14:24:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1014.551 [GMT -2:00]
Executando de: c:\documents and settings\f003407\Desktop\Ferramentas para Diagn¾stico\ComboFix.exe
AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\alotappbar
c:\arquivos de programas\alotappbar\alotUninst.exe
c:\arquivos de programas\alotappbar\bin\alotappbar.dll
c:\arquivos de programas\alotappbar\bin\alothelper.dll
c:\arquivos de programas\alotappbar\bin\alotwidgets.exe
c:\arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll
c:\windows\system\chron32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))
.
.
2012-11-14 15:59 . 2012-11-14 15:59 388608 ----a-w- C:\HiJackThis.exe
2012-11-14 11:48 . 2012-09-29 21:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-01 11:42 . 2012-11-01 11:42 -------- d-----w- c:\arquivos de programas\Mozilla Maintenance Service
2012-11-01 09:57 . 2012-11-01 09:57 -------- d-----w- c:\documents and settings\f003407\Configurações locais\Dados de aplicativos\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-09-06 11:34 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-09-06 11:10 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-09-06 11:10 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2011-09-06 11:10 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-09-06 11:10 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2011-09-06 11:10 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2011-09-06 11:10 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-09-06 11:10 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2011-09-06 11:34 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-09-06 11:10 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-10 18:35 . 2012-03-30 10:47 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 18:35 . 2011-09-12 12:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-03-02 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2006-03-02 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2004-08-04 00:40 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-05 07:32 . 2011-11-18 12:07 134104 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 18:57 948672 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 11:58 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2012-02-02 15:55 3209216 ----a-w- c:\arquivos de programas\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]
2008-12-11 16:45 114688 ----a-w- c:\arquivos de programas\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-10-28 15:07 33685504 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-11-12 13:04 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-11-12 13:05 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 19:30 249856 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 19:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-11-12 13:05 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 17:02 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-09-06 13:16 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/09/2011 09:34 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/09/2011 09:10 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2011 09:10 21256]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05/09/2011 18:42 1425280]
.
--- =Outros Serviços/Drivers Na Memória ---
.
NewlyCreated - WS2IFSL
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
.
2012-11-14 c:\windows\Tasks\avast! Emergency Update.job
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-09-06 13:15]
.2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-09-06 13:15]
.2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{21063433-55B2-4AD2-B1C5-5B4ADC85930D}.job
.
2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{521C2DBE-7C63-4EC0-8328-91EDAE8FDF5A}.job
.
2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{DD86A12D-8F58-4DE1-92CF-DA89FC798347}.job
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.4.65.16
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\f003407\Dados de aplicativos\Mozilla\Firefox\Profiles\4ttxy0nj.default\
FF - prefs.js: network.proxy.type - 2
user_pref('extensions.dealply.partner', 'vn');
user_pref('extensions.dealply.channel', 'dpknlg4');
user_pref('extensions.dealply.installId', 'v23600221916417293635812012040911205417');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '7');FF - user.js: extensions.autoDisableScopes - 14//iBryte
.
.
BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll
Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\arquivos de programas\alotappbar\bin\ALOTHelper.dll
MSConfigStartUp-upgrade - c:\win7xe\upgrade.exe
AddRemove-alotAppbar - c:\arquivos de programas\alotappbar\alotUninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-14 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0BCD4392EE8F0E114A5A8BCAF6798BE8\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\68AB67CA7DA76401B7448A0100000030\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="READER8;[1]"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-11-14 14:39:30 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-11-14 16:39
.
Pré-execução: 8 pasta(s) 115.728.916.480 bytes disponíveis
Pós execução: 10 pasta(s) 116.620.980.224 bytes disponíveis
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
OBS: Não está mais mandando e-mails infectados para os contatos da dona deste pc.
P.S: A ferramenta combofix pode ser utilizada assim como o Malwarebytes nas maquinas que estão contaminadas? ou é uma ferramenta que tem que passar sobe orientação de vcs analistas?
Link http://pjjoint.malekal.com/files.php?read=ZHPDiag_20121116_b6x11c15l14y11
Rapport de ZHPDiag v1.31.31 par Nicolas Coolman, Update du 19/10/2012
Run by f003407 at 16/11/2012 08:20:36
Web site : http://nicolascoolman.skyrock.com/
State :
UAC : Not Found or deactivate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 8.0 v8.0
GCIE: Google Chrome v23.0.1271.64
---\\ Windows Product Information
~ Langage: Anglais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 108 GB (72%) free of 149 GB
---\\ Logged in mode
~ Computer Name: FUN0085
~ User Name: f003407
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Administrador,
~ Unselected Option: O45,O61,O62,O65,O82
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\f003407\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\f003407\Desktop\
~ %Favorites% : C:\Documents and Settings\f003407\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\f003407\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 108 Go of 149 Go)
---\\ Security Center & Tools Informations
~ UAC deactivate by user
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn 00s
---\\ Search Generic System Files
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.DAD29C471442BFC0300C594ED9BE339B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.28/08/2012 - 12:18:58.) -- C:\WINDOWS\system32\wininet.dll [916992]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/04/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Scan Generic Processes in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/111
~ Mes musiques (My Musics) : 1/3464
~ Mes Favoris (My Favorites) : 1/47
~ Mes Documents (My Documents) : 1/5505
~ Mon Bureau (My Desktop) : 0/1734
~ Menu demarrer (Programs) : 0/26
~ Scan Hidden Files in 00mn 22s
---\\ Running Processes
[MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [44808] [PID.]
[MD5.D87ACAED61E417BBA546CED5E7E36D9C] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632] [PID.]
[MD5.0A5709543986843D37A92290B7838340] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376] [PID.]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.]
[MD5.70EA13A41C0D9D31343EC203A629F801] - (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe [3209216] [PID.]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.]
[MD5.FEE2BA1AD38F457F418E82EA30724053] - (.Microsoft Corporation - Microsoft Feeds Synchronization.) -- C:\WINDOWS\system32\msfeedssync.exe [13312] [PID.]
[MD5.D8510C2D48496B6C336E816FD67AA0F7] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [1242136] [PID.]
[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [4297136] [PID.]
[MD5.E897110EE5E67FABB83B154DF9C68D6A] - (...) -- C:\Documents and Settings\f003407\Desktop\ZHPDiag_silent.exe [794216] [PID.]
[MD5.56873D899C0707AA017AA2D74EC190AE] - (...) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [3770368] [PID.]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.]
~ Scan Processes Running in 00mn 00s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\twitter.xml
M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\yahoo-br.xml
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_31 for Mozilla browsers.) -- C:\Arquivos de programas\Java\jre6\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.123\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.123\npGoogleUpdate3.dll~ Scan Firefox Browser in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ Scan IE Browser in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s
---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 1
---\\ Browser Helper Objects (O2)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} Orphean Key
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Orphean Key
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key
~ Scan BHO in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (...) -- (.not file.)
~ Scan Toolbar in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe
O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21374\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21374\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21374\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe
~ Scan Application in 00mn 00s
---\\ Other User Links (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Adobe Reader 8.lnk . (.Adobe Systems Incorporated.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\avast! Free Antivirus.lnk . (.AVAST Software.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\HD ADeck.lnk . (.VIA Technologies, Inc..) -- C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MV RegClean 6.0.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.EXE
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\PDFCreator.lnk . (.-.) -- C:\Arquivos de programas\PDFCreator\PDFCreator.exe
O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\PC Inspector File Recovery.lnk . (...) -- C:\Arquivos de programas\Convar\PC Inspector File Recovery\Filerecovery.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Adobe Reader 8.lnk . (.Adobe Systems Incorporated.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\avast! Free Antivirus.lnk . (.AVAST Software.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\HD ADeck.lnk . (.VIA Technologies, Inc..) -- C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MV RegClean 6.0.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.EXE
O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\PDFCreator.lnk . (.-.) -- C:\Arquivos de programas\PDFCreator\PDFCreator.exe
O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\PC Inspector File Recovery.lnk . (...) -- C:\Arquivos de programas\Convar\PC Inspector File Recovery\Filerecovery.exe
~ Scan Global Startup in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ Scan IE Extra Buttons in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll
~ Scan Winsock in 00mn 00s
---\\ 'Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ Scan IE Paramètres WEB in 00mn 00s
---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Scan Objets ActiveX in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpDomain = funpec.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpDomain = funpec.br
O17 - HKLM\System\CS3\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpNameServer = 10.4.65.16
O17 - HKLM\System\CS3\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpDomain = funpec.br
~ Scan Domain in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Scan Protocole Additionnel in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notificações do Programa de Vantagens do Wi.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Scan Winlogon in 00mn 00s
---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objeto de serviço do shell de Systray.) -- C:\WINDOWS\system32\stobject.dll
~ Scan SSODL in 00mn 00s
---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - (.not file.)
~ Scan STS/SSO in 00mn 00s
---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
~ Scan Services in 00mn 00s
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Scan Desktop Component in 00mn 00s
---\\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ Scan Keys in 00mn 00s
---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\avast! Emergency Update.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{21063433-55B2-4AD2-B1C5-5B4ADC85930D}.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{521C2DBE-7C63-4EC0-8328-91EDAE8FDF5A}.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{DD86A12D-8F58-4DE1-92CF-DA89FC798347}.job
[MD5.44C00A385CA9DBC1D5CF3781F8C26AEA] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.7F19838AC317C34FCED020BE529AF71E] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe~ Scan Scheduled Task in 00mn 00s
---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Atualização de Versão do Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} . (.Microsoft Corporation - IE Per User Active Setup Uninstall Utility.) -- C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Utilitário de Instalação do Microsoft Windows Media Player.) -- C:\WINDOWS\inf\unregmp2.exe
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\WINDOWS\system32\ie4uinit.exe.mui
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\WINDOWS\system32\iedkcs32.dll
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} . (.Microsoft Corporation - Windows NT User Data Migration Tool.) -- C:\WINDOWS\system32\shmgrate.exe
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\regutils.dll
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (...) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\WINDOWS\system32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp.inf
O40 - ASIC: Catálogo de endereços 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe
O40 - ASIC: Atualização da área de trabalho do Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\WINDOWS\system32\ie4uinit.exe.mui
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- c:\WINDOWS\system32\mscories.dll
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.4 r402.) -- C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_287.ocx
O40 - ASIC: Installed Component - S-1-5-21-2586132527-314635491-3328972525-21374 - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -- Not Hexadécimal CLSID
O40 - ASIC: Installed Component - S-1-5-21-2586132527-314635491-3328972525-21374 - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -- Not Hexadécimal CLSID
~ Scan Active Setup in 00mn 00s
---\\ Drivers launched at startup (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (AsIO) . (...) - C:\WINDOWS\system32\drivers\AsIO.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Driver de porta i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver: (intelppm) . (.Microsoft Corporation - Driver de dispositivo de processador.) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Driver de classe teclado.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Driver de classe modem.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Redbook Audio Filter Driver.) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: Controlador de vídeo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys
O41 - Driver: Windows Socket 2.0 Non-IFS Service Provider Support Environment (WS2IFSL) . (.Microsoft Corporation - Winsock2 IFS Layer.) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
~ Scan Drivers in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: ASUSUpdate - (.Unknown owner.) [HKLM] -- {587178E7-B1DF-494E-9838-FA4DD36E873C}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 8.1.0 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A81000000003}
O42 - Logiciel: Adobe Reader 8.2.0 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A82000000003}
O42 - Logiciel: Ares 2.1.8 - (.Ares Development Group.) [HKLM] -- Ares
O42 - Logiciel: Arquivo do WinRAR - (.Unknown owner.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Atualização de Segurança para Microsoft Windows (KB2564958) - (.Microsoft Corporation.) [HKLM] -- KB2564958
O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2510531) - (.Microsoft Corporation.) [HKLM] -- KB2510531-IE8
O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2544521) - (.Microsoft Corporation.) [HKLM] -- KB2544521-IE8
O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2675157) - (.Microsoft Corporation.) [HKLM] -- KB2675157-IE8
O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2699988) - (.Microsoft Corporation.) [HKLM] -- KB2699988-IE8
O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2722913) - (.Microsoft Corporation.) [HKLM] -- KB2722913-IE8
O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2744842) - (.Microsoft Corporation.) [HKLM] -- KB2744842-IE8
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2079403) - (.Microsoft Corporation.) [HKLM] -- KB2079403
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2115168) - (.Microsoft Corporation.) [HKLM] -- KB2115168
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2229593) - (.Microsoft Corporation.) [HKLM] -- KB2229593
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2296011) - (.Microsoft Corporation.) [HKLM] -- KB2296011
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2347290) - (.Microsoft Corporation.) [HKLM] -- KB2347290
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2360937) - (.Microsoft Corporation.) [HKLM] -- KB2360937
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2387149) - (.Microsoft Corporation.) [HKLM] -- KB2387149
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2393802) - (.Microsoft Corporation.) [HKLM] -- KB2393802
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2412687) - (.Microsoft Corporation.) [HKLM] -- KB2412687
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2419632) - (.Microsoft Corporation.) [HKLM] -- KB2419632
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2423089) - (.Microsoft Corporation.) [HKLM] -- KB2423089
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2440591) - (.Microsoft Corporation.) [HKLM] -- KB2440591
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2443105) - (.Microsoft Corporation.) [HKLM] -- KB2443105
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2476490) - (.Microsoft Corporation.) [HKLM] -- KB2476490
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2478960) - (.Microsoft Corporation.) [HKLM] -- KB2478960
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2478971) - (.Microsoft Corporation.) [HKLM] -- KB2478971
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2479943) - (.Microsoft Corporation.) [HKLM] -- KB2479943
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2481109) - (.Microsoft Corporation.) [HKLM] -- KB2481109
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2483185) - (.Microsoft Corporation.) [HKLM] -- KB2483185
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2485663) - (.Microsoft Corporation.) [HKLM] -- KB2485663
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2506212) - (.Microsoft Corporation.) [HKLM] -- KB2506212
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2507618) - (.Microsoft Corporation.) [HKLM] -- KB2507618
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2507938) - (.Microsoft Corporation.) [HKLM] -- KB2507938
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2508429) - (.Microsoft Corporation.) [HKLM] -- KB2508429
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2509553) - (.Microsoft Corporation.) [HKLM] -- KB2509553
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2535512) - (.Microsoft Corporation.) [HKLM] -- KB2535512
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2536276-v2) - (.Microsoft Corporation.) [HKLM] -- KB2536276-v2
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2544893-v2) - (.Microsoft Corporation.) [HKLM] -- KB2544893-v2
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2566454) - (.Microsoft Corporation.) [HKLM] -- KB2566454
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2570947) - (.Microsoft Corporation.) [HKLM] -- KB2570947
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2584146) - (.Microsoft Corporation.) [HKLM] -- KB2584146
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2585542) - (.Microsoft Corporation.) [HKLM] -- KB2585542
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2592799) - (.Microsoft Corporation.) [HKLM] -- KB2592799
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2598479) - (.Microsoft Corporation.) [HKLM] -- KB2598479
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2603381) - (.Microsoft Corporation.) [HKLM] -- KB2603381
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2618451) - (.Microsoft Corporation.) [HKLM] -- KB2618451
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2619339) - (.Microsoft Corporation.) [HKLM] -- KB2619339
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2620712) - (.Microsoft Corporation.) [HKLM] -- KB2620712
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2621440) - (.Microsoft Corporation.) [HKLM] -- KB2621440
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2624667) - (.Microsoft Corporation.) [HKLM] -- KB2624667
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2631813) - (.Microsoft Corporation.) [HKLM] -- KB2631813
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2633171) - (.Microsoft Corporation.) [HKLM] -- KB2633171
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2641653) - (.Microsoft Corporation.) [HKLM] -- KB2641653
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2646524) - (.Microsoft Corporation.) [HKLM] -- KB2646524
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2647518) - (.Microsoft Corporation.) [HKLM] -- KB2647518
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2653956) - (.Microsoft Corporation.) [HKLM] -- KB2653956
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2655992) - (.Microsoft Corporation.) [HKLM] -- KB2655992
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2659262) - (.Microsoft Corporation.) [HKLM] -- KB2659262
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2661637) - (.Microsoft Corporation.) [HKLM] -- KB2661637
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2676562) - (.Microsoft Corporation.) [HKLM] -- KB2676562
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2685939) - (.Microsoft Corporation.) [HKLM] -- KB2685939
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2686509) - (.Microsoft Corporation.) [HKLM] -- KB2686509
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2691442) - (.Microsoft Corporation.) [HKLM] -- KB2691442
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2695962) - (.Microsoft Corporation.) [HKLM] -- KB2695962
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2698365) - (.Microsoft Corporation.) [HKLM] -- KB2698365
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2705219) - (.Microsoft Corporation.) [HKLM] -- KB2705219
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2707511) - (.Microsoft Corporation.) [HKLM] -- KB2707511
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2709162) - (.Microsoft Corporation.) [HKLM] -- KB2709162
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2712808) - (.Microsoft Corporation.) [HKLM] -- KB2712808
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2718523) - (.Microsoft Corporation.) [HKLM] -- KB2718523
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2719985) - (.Microsoft Corporation.) [HKLM] -- KB2719985
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2723135) - (.Microsoft Corporation.) [HKLM] -- KB2723135
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2724197) - (.Microsoft Corporation.) [HKLM] -- KB2724197
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2727528) - (.Microsoft Corporation.) [HKLM] -- KB2727528
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2731847) - (.Microsoft Corporation.) [HKLM] -- KB2731847
O42 - Logiciel: Atualização de Segurança para Windows XP (KB2761226) - (.Microsoft Corporation.) [HKLM] -- KB2761226
O42 - Logiciel: Atualização de Segurança para Windows XP (KB923561) - (.Microsoft Corporation.) [HKLM] -- KB923561
O42 - Logiciel: Atualização de Segurança para Windows XP (KB946648) - (.Microsoft Corporation.) [HKLM] -- KB946648
O42 - Logiciel: Atualização de Segurança para Windows XP (KB950762) - (.Microsoft Corporation.) [HKLM] -- KB950762
O42 - Logiciel: Atualização de Segurança para Windows XP (KB950974) - (.Microsoft Corporation.) [HKLM] -- KB950974
O42 - Logiciel: Atualização de Segurança para Windows XP (KB951376-v2) - (.Microsoft Corporation.) [HKLM] -- KB951376-v2
O42 - Logiciel: Atualização de Segurança para Windows XP (KB952004) - (.Microsoft Corporation.) [HKLM] -- KB952004
O42 - Logiciel: Atualização de Segurança para Windows XP (KB952954) - (.Microsoft Corporation.) [HKLM] -- KB952954
O42 - Logiciel: Atualização de Segurança para Windows XP (KB954459) - (.Microsoft Corporation.) [HKLM] -- KB954459
O42 - Logiciel: Atualização de Segurança para Windows XP (KB956572) - (.Microsoft Corporation.) [HKLM] -- KB956572
O42 - Logiciel: Atualização de Segurança para Windows XP (KB956744) - (.Microsoft Corporation.) [HKLM] -- KB956744
O42 - Logiciel: Atualização de Segurança para Windows XP (KB956802) - (.Microsoft Corporation.) [HKLM] -- KB956802
O42 - Logiciel: Atualização de Segurança para Windows XP (KB956844) - (.Microsoft Corporation.) [HKLM] -- KB956844
O42 - Logiciel: Atualização de Segurança para Windows XP (KB958644) - (.Microsoft Corporation.) [HKLM] -- KB958644
O42 - Logiciel: Atualização de Segurança para Windows XP (KB959426) - (.Microsoft Corporation.) [HKLM] -- KB959426
O42 - Logiciel: Atualização de Segurança para Windows XP (KB960803) - (.Microsoft Corporation.) [HKLM] -- KB960803
O42 - Logiciel: Atualização de Segurança para Windows XP (KB960859) - (.Microsoft Corporation.) [HKLM] -- KB960859
O42 - Logiciel: Atualização de Segurança para Windows XP (KB961501) - (.Microsoft Corporation.) [HKLM] -- KB961501
O42 - Logiciel: Atualização de Segurança para Windows XP (KB969059) - (.Microsoft Corporation.) [HKLM] -- KB969059
O42 - Logiciel: Atualização de Segurança para Windows XP (KB970430) - (.Microsoft Corporation.) [HKLM] -- KB970430
O42 - Logiciel: Atualização de Segurança para Windows XP (KB971657) - (.Microsoft Corporation.) [HKLM] -- KB971657
O42 - Logiciel: Atualização de Segurança para Windows XP (KB972270) - (.Microsoft Corporation.) [HKLM] -- KB972270
O42 - Logiciel: Atualização de Segurança para Windows XP (KB973507) - (.Microsoft Corporation.) [HKLM] -- KB973507
O42 - Logiciel: Atualização de Segurança para Windows XP (KB973869) - (.Microsoft Corporation.) [HKLM] -- KB973869
O42 - Logiciel: Atualização de Segurança para Windows XP (KB973904) - (.Microsoft Corporation.) [HKLM] -- KB973904
O42 - Logiciel: Atualização de Segurança para Windows XP (KB974112) - (.Microsoft Corporation.) [HKLM] -- KB974112
O42 - Logiciel: Atualização de Segurança para Windows XP (KB974318) - (.Microsoft Corporation.) [HKLM] -- KB974318
O42 - Logiciel: Atualização de Segurança para Windows XP (KB974392) - (.Microsoft Corporation.) [HKLM] -- KB974392
O42 - Logiciel: Atualização de Segurança para Windows XP (KB974571) - (.Microsoft Corporation.) [HKLM] -- KB974571
O42 - Logiciel: Atualização de Segurança para Windows XP (KB975025) - (.Microsoft Corporation.) [HKLM] -- KB975025
O42 - Logiciel: Atualização de Segurança para Windows XP (KB975467) - (.Microsoft Corporation.) [HKLM] -- KB975467
O42 - Logiciel: Atualização de Segurança para Windows XP (KB975560) - (.Microsoft Corporation.) [HKLM] -- KB975560
O42 - Logiciel: Atualização de Segurança para Windows XP (KB975713) - (.Microsoft Corporation.) [HKLM] -- KB975713
O42 - Logiciel: Atualização de Segurança para Windows XP (KB977816) - (.Microsoft Corporation.) [HKLM] -- KB977816
O42 - Logiciel: Atualização de Segurança para Windows XP (KB977914) - (.Microsoft Corporation.) [HKLM] -- KB977914
O42 - Logiciel: Atualização de Segurança para Windows XP (KB978338) - (.Microsoft Corporation.) [HKLM] -- KB978338
O42 - Logiciel: Atualização de Segurança para Windows XP (KB978542) - (.Microsoft Corporation.) [HKLM] -- KB978542
O42 - Logiciel: Atualização de Segurança para Windows XP (KB978706) - (.Microsoft Corporation.) [HKLM] -- KB978706
O42 - Logiciel: Atualização de Segurança para Windows XP (KB979309) - (.Microsoft Corporation.) [HKLM] -- KB979309
O42 - Logiciel: Atualização de Segurança para Windows XP (KB979482) - (.Microsoft Corporation.) [HKLM] -- KB979482
O42 - Logiciel: Atualização de Segurança para Windows XP (KB979687) - (.Microsoft Corporation.) [HKLM] -- KB979687
O42 - Logiciel: Atualização de Segurança para Windows XP (KB981322) - (.Microsoft Corporation.) [HKLM] -- KB981322
O42 - Logiciel: Atualização de Segurança para Windows XP (KB981997) - (.Microsoft Corporation.) [HKLM] -- KB981997
O42 - Logiciel: Atualização de Segurança para Windows XP (KB982132) - (.Microsoft Corporation.) [HKLM] -- KB982132
O42 - Logiciel: Atualização de Segurança para Windows XP (KB982665) - (.Microsoft Corporation.) [HKLM] -- KB982665
O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB2378111) - (.Microsoft Corporation.) [HKLM] -- KB2378111_WM9
O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB952069) - (.Microsoft Corporation.) [HKLM] -- KB952069_WM9
O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB954155) - (.Microsoft Corporation.) [HKLM] -- KB954155_WM9
O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB973540) - (.Microsoft Corporation.) [HKLM] -- KB973540_WM9
O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB975558) - (.Microsoft Corporation.) [HKLM] -- KB975558_WM8
O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB978695) - (.Microsoft Corporation.) [HKLM] -- KB978695_WM9
O42 - Logiciel: Atualização para Windows XP (KB2345886) - (.Microsoft Corporation.) [HKLM] -- KB2345886
O42 - Logiciel: Atualização para Windows XP (KB2641690) - (.Microsoft Corporation.) [HKLM] -- KB2641690
O42 - Logiciel: Atualização para Windows XP (KB2661254-v2) - (.Microsoft Corporation.) [HKLM] -- KB2661254-v2
O42 - Logiciel: Atualização para Windows XP (KB2718704) - (.Microsoft Corporation.) [HKLM] -- KB2718704
O42 - Logiciel: Atualização para Windows XP (KB2736233) - (.Microsoft Corporation.) [HKLM] -- KB2736233
O42 - Logiciel: Atualização para Windows XP (KB2749655) - (.Microsoft Corporation.) [HKLM] -- KB2749655
O42 - Logiciel: Atualização para Windows XP (KB898461) - (.Microsoft Corporation.) [HKLM] -- KB898461
O42 - Logiciel: Atualização para Windows XP (KB951978) - (.Microsoft Corporation.) [HKLM] -- KB951978
O42 - Logiciel: Atualização para Windows XP (KB955759) - (.Microsoft Corporation.) [HKLM] -- KB955759
O42 - Logiciel: Atualização para Windows XP (KB968389) - (.Microsoft Corporation.) [HKLM] -- KB968389
O42 - Logiciel: Atualização para Windows XP (KB971029) - (.Microsoft Corporation.) [HKLM] -- KB971029
O42 - Logiciel: Atualização para Windows XP (KB973687) - (.Microsoft Corporation.) [HKLM] -- KB973687
O42 - Logiciel: Atualização para Windows XP (KB973815) - (.Microsoft Corporation.) [HKLM] -- KB973815
O42 - Logiciel: Auslogics Disk Defrag - (.Auslogics Software Pty Ltd.) [HKLM] -- {DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
O42 - Logiciel: BR - (.Corel Corporation.) [HKLM] -- {C57CD366-C6BE-45B5-B5C6-0424E506F1D0}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: CorelDRAW Graphics Suite X3 - (.Corel Corporation.) [HKLM] -- {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
O42 - Logiciel: FontNav - (.Corel Corporation.) [HKLM] -- {4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
O42 - Logiciel: Foxit PDF Editor - (.Foxit Corporation.) [HKLM] -- Foxit PDF Editor
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome
O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] -- {2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix para Windows XP (KB2633952) - (.Microsoft Corporation.) [HKLM] -- KB2633952
O42 - Logiciel: Hotfix para Windows XP (KB2756822) - (.Microsoft Corporation.) [HKLM] -- KB2756822
O42 - Logiciel: Hotfix para Windows XP (KB952287) - (.Microsoft Corporation.) [HKLM] -- KB952287
O42 - Logiciel: Hotfix para Windows XP (KB961118) - (.Microsoft Corporation.) [HKLM] -- KB961118
O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: Java 6 Update 31 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216031FF}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MV RegClean 6.0 - (.Unknown owner.) [HKLM] -- MV RegClean 6.0_is1
O42 - Logiciel: Malwarebytes Anti-Malware versão 1.65.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- ENTERPRISE
O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Mozilla Firefox 8.0 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 8.0 (x86 pt-BR)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService
O42 - Logiciel: Mozilla Thunderbird (5.0) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird (5.0)
O42 - Logiciel: Mozilla Thunderbird 16.0.2 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird 16.0.2 (x86 pt-BR)
O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
O42 - Logiciel: Photo! Editor 1.0 - (.Unknown owner.) [HKLM] -- PhotoToolkit_is1
O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM] -- {C9BED750-1211-4480-B1A5-718A3BE15525}
O42 - Logiciel: Revo Uninstaller 1.93 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2604111
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2657424O42 - Logiciel: TeamViewer 7 - (.TeamViewer.) [HKLM] -- TeamViewer 7
O42 - Logiciel: Update Manager - (.Corel Corporation.) [HKLM] -- {F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707O42 - Logiciel: VBA - (.Corel Corporation.) [HKLM] -- {C94E45B0-6AA6-4FB9-9AAE-22085F631880}
O42 - Logiciel: VIA Gerenciador de dispositivo de plataforma - (.VIA Technologies, Inc..) [HKLM] -- InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service Pack
O42 - Logiciel: avast! Free Antivirus v7.0.1474.0 - (.AVAST Software.) [HKLM] -- avast
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AVAST Software]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\Ares]
[HKCU\Software\Auslogics]
[HKCU\Software\Baixaki]
[HKCU\Software\Canon]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Corel]
[HKCU\Software\FIXIO PC Utilities]
[HKCU\Software\Foxit Corporation]
[HKCU\Software\Google]
[HKCU\Software\InstallShield]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\PDFCreator]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Protexis]
[HKCU\Software\Sysinternals]
[HKCU\Software\TeamViewer]
[HKCU\Software\Thunderbird]
[HKCU\Software\VSRevoGroup]
[HKCU\Software\VicMan Software]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\Zylom]
[HKCU\Software\alotappbar]
[HKLM\Software\781]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ASUS]
[HKLM\Software\AVAST Software]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\Bitstream]
[HKLM\Software\C07ft5Y]
[HKLM\Software\Canon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Corel]
[HKLM\Software\Foxit Software]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Kodak]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfee.com]
[HKLM\Software\Mozilla Thunderbird-BackupByThunderbirdPortable]
[HKLM\Software\Mozilla Thunderbird]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Schlumberger]
[HKLM\Software\Swearware]
[HKLM\Software\TeamViewer]
[HKLM\Software\TrendMicro]
[HKLM\Software\VIA Technologies, Inc]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Wow6432Node]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 06/09/2011 - 09:25:16 - [217,110] ----D C:\Arquivos de programas\Adobe
O43 - CFD: 06/09/2011 - 09:09:57 - [277,848] ----D C:\Arquivos de programas\Alwil Software
O43 - CFD: 10/05/2012 - 11:44:54 - [6,885] ----D C:\Arquivos de programas\Ares
O43 - CFD: 14/11/2012 - 14:28:04 - [237,064] ----D C:\Arquivos de programas\Arquivos comuns
O43 - CFD: 06/09/2011 - 09:37:22 - [9,087] ----D C:\Arquivos de programas\ASUS
O43 - CFD: 06/09/2011 - 09:23:04 - [8,967] ----D C:\Arquivos de programas\Auslogics
O43 - CFD: 06/09/2011 - 09:28:22 - [1,391] ---AD C:\Arquivos de programas\Canon
O43 - CFD: 06/09/2011 - 09:51:39 - [3,927] ----D C:\Arquivos de programas\CCleaner
O43 - CFD: 05/09/2011 - 18:14:30 - [0] ----D C:\Arquivos de programas\ComPlus Applications
O43 - CFD: 08/09/2011 - 17:17:22 - [6,869] ----D C:\Arquivos de programas\Convar
O43 - CFD: 22/03/2012 - 16:14:20 - [256,926] ----D C:\Arquivos de programas\Corel
O43 - CFD: 30/07/2012 - 12:27:44 - [6,476] ----D C:\Arquivos de programas\Foxit Software
O43 - CFD: 16/01/2012 - 15:18:15 - [0] ----D C:\Arquivos de programas\Google
O43 - CFD: 06/09/2011 - 09:37:20 - [9,811] --H-D C:\Arquivos de programas\InstallShield Installation Information
O43 - CFD: 05/09/2011 - 18:40:20 - [0,074] ----D C:\Arquivos de programas\Intel
O43 - CFD: 25/09/2012 - 13:04:20 - [4,317] ----D C:\Arquivos de programas\Internet Explorer
O43 - CFD: 15/02/2012 - 17:22:26 - [77,962] ----D C:\Arquivos de programas\Java
O43 - CFD: 14/11/2012 - 09:48:17 - [12,630] ----D C:\Arquivos de programas\Malwarebytes' Anti-Malware
O43 - CFD: 06/09/2011 - 09:23:24 - [2,536] ----D C:\Arquivos de programas\Marcos Velasco Security
O43 - CFD: 16/04/2012 - 08:18:55 - [2,048] ----D C:\Arquivos de programas\Messenger
O43 - CFD: 05/09/2011 - 18:17:33 - [0] ----D C:\Arquivos de programas\microsoft frontpage
O43 - CFD: 06/09/2011 - 09:19:19 - [324,745] ----D C:\Arquivos de programas\Microsoft Office
O43 - CFD: 06/09/2011 - 09:19:12 - [0,014] ----D C:\Arquivos de programas\Microsoft Visual Studio
O43 - CFD: 06/09/2011 - 09:19:36 - [3,032] ----D C:\Arquivos de programas\Microsoft Works
O43 - CFD: 16/04/2012 - 08:08:51 - [9,864] ----D C:\Arquivos de programas\Movie Maker
O43 - CFD: 19/10/2012 - 16:39:11 - [35,672] ----D C:\Arquivos de programas\Mozilla Firefox
O43 - CFD: 01/11/2012 - 09:42:52 - [0,212] ----D C:\Arquivos de programas\Mozilla Maintenance Service
O43 - CFD: 12/09/2011 - 09:06:05 - [32,225] ----D C:\Arquivos de programas\Mozilla Thunderbird
O43 - CFD: 17/04/2012 - 08:13:14 - [0,025] ----D C:\Arquivos de programas\MSBuild
O43 - CFD: 05/09/2011 - 18:14:09 - [8,340] ----D C:\Arquivos de programas\MSN Gaming Zone
O43 - CFD: 16/04/2012 - 08:08:09 - [0] ----D C:\Arquivos de programas\MSXML 4.0
O43 - CFD: 06/09/2011 - 08:31:15 - [3,131] ----D C:\Arquivos de programas\NetMeeting
O43 - CFD: 16/04/2012 - 08:09:13 - [4,155] ----D C:\Arquivos de programas\Outlook Express
O43 - CFD: 06/09/2011 - 09:26:13 - [21,438] ----D C:\Arquivos de programas\PDFCreator
O43 - CFD: 26/12/2011 - 13:22:43 - [15,839] ----D C:\Arquivos de programas\Photo!
O43 - CFD: 08/09/2011 - 11:49:18 - [10,634] ----D C:\Arquivos de programas\PowerDataRecovery
O43 - CFD: 05/09/2011 - 18:39:23 - [1,575] ----D C:\Arquivos de programas\Realtek
O43 - CFD: 17/04/2012 - 08:13:02 - [34,726] ----D C:\Arquivos de programas\Reference Assemblies
O43 - CFD: 05/09/2011 - 18:16:05 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 10/02/2012 - 17:38:34 - [22,228] ----D C:\Arquivos de programas\TeamViewer
O43 - CFD: 05/09/2011 - 18:21:46 - [0] --H-D C:\Arquivos de programas\Uninstall Information
O43 - CFD: 05/09/2011 - 18:42:59 - [34,751] ----D C:\Arquivos de programas\VIA
O43 - CFD: 10/02/2012 - 17:32:41 - [6,498] ----D C:\Arquivos de programas\VS Revo Group
O43 - CFD: 06/09/2011 - 08:32:45 - [3,367] ----D C:\Arquivos de programas\Windows Media Player
O43 - CFD: 06/09/2011 - 08:31:13 - [3,752] ----D C:\Arquivos de programas\Windows NT
O43 - CFD: 05/09/2011 - 18:16:09 - [0] --H-D C:\Arquivos de programas\WindowsUpdate
O43 - CFD: 05/09/2011 - 18:38:57 - [4,826] ----D C:\Arquivos de programas\WinRAR
O43 - CFD: 05/09/2011 - 18:17:33 - [0] ----D C:\Arquivos de programas\xerox
O43 - CFD: 16/11/2012 - 08:21:00 - [10,361] ----D C:\Arquivos de programas\ZHPDiag
O43 - CFD: 06/06/2012 - 17:41:50 - [11,942] ----D C:\Arquivos de programas\Arquivos comuns\Adobe
O43 - CFD: 22/03/2012 - 16:14:20 - [16,555] ----D C:\Arquivos de programas\Arquivos comuns\Corel
O43 - CFD: 22/03/2012 - 16:16:30 - [0,195] ----D C:\Arquivos de programas\Arquivos comuns\DESIGNER
O43 - CFD: 22/03/2012 - 16:16:50 - [4,648] ----D C:\Arquivos de programas\Arquivos comuns\InstallShield
O43 - CFD: 15/02/2012 - 17:23:01 - [1,201] ----D C:\Arquivos de programas\Arquivos comuns\Java
O43 - CFD: 22/03/2012 - 16:16:30 - [159,518] ----D C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
O43 - CFD: 05/09/2011 - 18:15:25 - [0,271] ----D C:\Arquivos de programas\Arquivos comuns\MSSoap
O43 - CFD: 05/09/2011 - 15:07:03 - [0] ----D C:\Arquivos de programas\Arquivos comuns\ODBC
O43 - CFD: 05/09/2011 - 18:15:28 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 05/09/2011 - 15:07:00 - [3,612] ----D C:\Arquivos de programas\Arquivos comuns\SpeechEngines
O43 - CFD: 06/09/2011 - 08:31:11 - [39,115] ----D C:\Arquivos de programas\Arquivos comuns\System
O43 - CFD: 01/11/2012 - 09:42:51 - [62,194] R-H-D C:\Documents and Settings\All Users\Dados de aplicativos
O43 - CFD: 14/11/2012 - 09:48:14 - [0,008] ----D C:\Documents and Settings\All Users\Desktop
O43 - CFD: 05/09/2011 - 18:14:54 - [527,014] R---D C:\Documents and Settings\All Users\Documentos
O43 - CFD: 05/09/2011 - 18:17:06 - [0,003] -SH-D C:\Documents and Settings\All Users\DRM
O43 - CFD: 05/09/2011 - 15:06:39 - [0] ----D C:\Documents and Settings\All Users\Favoritos
O43 - CFD: 06/09/2011 - 09:23:24 - [0,147] R---D C:\Documents and Settings\All Users\Menu Iniciar
O43 - CFD: 05/09/2011 - 15:06:39 - [0] --H-D C:\Documents and Settings\All Users\Modelos
O43 - CFD: 12/09/2011 - 10:35:44 - [1,643] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Adobe
O43 - CFD: 09/04/2012 - 12:40:23 - [0,301] ----D C:\Documents and Settings\f003407\Dados de aplicativos\alotappbar
O43 - CFD: 15/02/2012 - 17:23:10 - [3,316] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Auslogics
O43 - CFD: 22/03/2012 - 16:21:21 - [1,299] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Corel
O43 - CFD: 16/01/2012 - 15:19:13 - [0,057] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Google
O43 - CFD: 06/09/2011 - 10:49:31 - [0] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Identities
O43 - CFD: 12/09/2011 - 10:35:44 - [0,015] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Macromedia
O43 - CFD: 10/02/2012 - 16:20:43 - [34,033] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Malwarebytes
O43 - CFD: 09/04/2012 - 11:26:57 - [15,765] -S--D C:\Documents and Settings\f003407\Dados de aplicativos\Microsoft
O43 - CFD: 18/11/2011 - 10:07:55 - [12,386] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Mozilla
O43 - CFD: 12/09/2011 - 10:01:43 - [3,773] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Sun
O43 - CFD: 10/02/2012 - 17:38:42 - [0,152] ----D C:\Documents and Settings\f003407\Dados de aplicativos\TeamViewer
O43 - CFD: 12/09/2011 - 09:08:58 - [0,000] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Thunderbird
O43 - CFD: 27/06/2012 - 09:06:29 - [3,438] ----D C:\Documents and Settings\f003407\Dados de aplicativos\U3
O43 - CFD: 22/09/2011 - 18:47:02 - [0] ----D C:\Documents and Settings\f003407\Dados de aplicativos\WinRAR
O43 - CFD: 12/09/2011 - 12:11:08 - [12,179] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Adobe
O43 - CFD: 10/05/2012 - 11:03:21 - [0,057] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Ares
O43 - CFD: 01/11/2012 - 07:57:32 - [0] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Deployment
O43 - CFD: 28/09/2012 - 09:23:55 - [474,758] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Google
O43 - CFD: 13/09/2011 - 15:58:22 - [0,289] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Identities
O43 - CFD: 10/10/2012 - 09:05:06 - [88,450] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft
O43 - CFD: 13/09/2011 - 17:19:12 - [0] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft Help
O43 - CFD: 18/11/2011 - 10:07:55 - [52,281] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Mozilla
O43 - CFD: 15/10/2012 - 08:54:13 - [0,008] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Thunderbird
O43 - CFD: 09/04/2012 - 11:22:04 - [0,002] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Zoom_Downloader
O43 - CFD: 06/09/2011 - 10:49:32 - [0,014] R---D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Acessórios
O43 - CFD: 14/11/2012 - 14:20:48 - [0,000] R---D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Ferramentas administrativas
O43 - CFD: 05/09/2011 - 15:06:39 - [0,000] R---D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Inicializar
O43 - CFD: 10/02/2012 - 17:32:42 - [0,004] ----D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Revo Uninstaller
~ Scan Program Folder in 00mn 08s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.91885427826F422DF5B9D53CD9FF65F9] - 16/11/2012 - 07:14:25 ---A- . (...) -- C:\WINDOWS\setupapi.log [50832]
O44 - LFC:[MD5.631E7000D41AF4B438E551AA41648DB3] - 16/11/2012 - 07:12:47 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1285269]
O44 - LFC:[MD5.B07ED11A859A7E36F40EA645B85DAFAE] - 16/11/2012 - 07:12:12 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [13646]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/11/2012 - 07:11:55 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 16/11/2012 - 07:11:40 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.01FE0C95A4FB6D98EED4C2AFBF362435] - 16/11/2012 - 06:44:13 ---A- . (...) -- C:\WINDOWS\system32\FNTCACHE.DAT [198552]
O44 - LFC:[MD5.B29F17DB96564D59D9CB210154C56CD5] - 16/11/2012 - 06:43:21 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [31870]
O44 - LFC:[MD5.178A8B5175D4F145F49E550209531B14] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\comsetup.log [287767]
O44 - LFC:[MD5.39005FA2CE6BD719B2159C90BDF348BB] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\iis6.log [925023]
O44 - LFC:[MD5.CDC3F3218EE1492AA4DD0CCFCB4B8C45] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\imsins.log [1393]
O44 - LFC:[MD5.65EAEFAFD98ECCFC889612F61508BEE3] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [173474]
O44 - LFC:[MD5.4A04EB7B1C2587E132D25F406482FF1D] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\ocmsn.log [54040]
O44 - LFC:[MD5.531ECB4139D935A0BCF8AB0DB35BD7DC] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\tabletoc.log [43540]
O44 - LFC:[MD5.456FB71AB5C8AEC798237CF60A8F4EAD] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\tsoc.log [394944]
O44 - LFC:[MD5.D498CFC2FB99F369068F6C7F06AB07EE] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [865614]
O44 - LFC:[MD5.66C4D74720C6ECCDAC7695FEEB4916D6] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\KB2727528.log [11121]
O44 - LFC:[MD5.8E7914DC9B409F992B8AFCDD1069F2E4] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [59500]
O44 - LFC:[MD5.D5F00FBAA6841277978736490F39A27F] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\msgsocm.log [43260]
O44 - LFC:[MD5.2BEFFC5B93980B9720C7CB589428430B] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\msmqinst.log [269536]
O44 - LFC:[MD5.98592FCC3DECC19A0EEFE6E581F9B886] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\netfxocm.log [151620]
O44 - LFC:[MD5.242561AAA5D1F84A5292632B92021B7F] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\ocgen.log [413840]
O44 - LFC:[MD5.75CD24CEA8ACA1555177F093054A8724] - 16/11/2012 - 06:41:06 ---A- . (...) -- C:\WINDOWS\KB2761226.log [12445]
O44 - LFC:[MD5.A678CE1D4142D0F872AF6E5DDC082D25] - 16/11/2012 - 06:41:06 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1393]
O44 - LFC:[MD5.F2CA876D22475DF351217A87FFE55999] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\PerfStringBackup.INI [1018214]
O44 - LFC:[MD5.BF0ED0098F6D7D013A7022336B6E26D6] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfc009.dat [67870]
O44 - LFC:[MD5.4D01138BD49611F131EAF0E56528F169] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfc016.dat [79662]
O44 - LFC:[MD5.17CBA86F2E770B88A9327F7B947A8C08] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfh009.dat [432914]
O44 - LFC:[MD5.523ACF284D0CF779DEC5B15D86ACA0A0] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfh016.dat [468884]
O44 - LFC:[MD5.080DFEF99350A937C9CD186A27E8C3C2] - 14/11/2012 - 13:39:31 ---A- . (...) -- C:\ComboFix.txt [13243]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 14/11/2012 - 13:34:47 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.28E131D405455B6E4653F6AFC1708A2B] - 14/11/2012 - 13:23:28 RSHA- . (...) -- C:\boot.ini [327]
O44 - LFC:[MD5.753BC16326FEE4A421ACB636CCD602F4] - 14/11/2012 - 13:21:15 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [60416]
O44 - LFC:[MD5.A46842C9B0C567A5A9584E83A163560C] - 14/11/2012 - 13:21:15 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [518144]
O44 - LFC:[MD5.0297C72529807322B152F517FDB0A9FC] - 14/11/2012 - 13:21:15 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [406528]
O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 14/11/2012 - 13:21:15 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480]
O44 - LFC:[MD5.FA579938B0733B87066546AFE951082C] - 14/11/2012 - 13:05:48 ---A- . (...) -- C:\Boot.bak [211]
O44 - LFC:[MD5.C124E332FE3F0E737B865EDA0E90D5BF] - 14/11/2012 - 13:05:48 ---A- . (...) -- C:\WINDOWS\win.ini [498]
O44 - LFC:[MD5.4FBC3F271CDCA4D74ACECC84EE539DD3] - 14/11/2012 - 13:00:32 ---A- . (...) -- C:\hijackthis.log [6725]
O44 - LFC:[MD5.9A2347903D6EDB84C10F288BC0578C1C] - 14/11/2012 - 12:59:31 ---A- . (.Trend Micro Inc. - HijackThis.) -- C:\HiJackThis.exe [388608]
O44 - LFC:[MD5.F3A4DEC88AEB5B264897EEC4D3B665C7] - 14/11/2012 - 09:16:17 ---A- . (...) -- C:\AdwCleaner[s2].txt [1481]
O44 - LFC:[MD5.500D089CE760D83DA2B6CBA681AA9949] - 14/11/2012 - 08:48:11 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbam.sys [22856]
O44 - LFC:[MD5.65360A0EEF9FD4750267EC22A3ED4EE7] - 14/11/2012 - 08:45:41 ---A- . (...) -- C:\WINDOWS\system32\CONFIG.NT [3018]
O44 - LFC:[MD5.B55346B10464FFEE7722B3CE2B840DE3] - 07/11/2012 - 16:08:18 ---A- . (...) -- C:\WINDOWS\wmsetup.log [51056]
O44 - LFC:[MD5.E3E73B2B73A4DFADFDDF557192C4B08A] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\Drivers\aswTdi.sys [54232]
O44 - LFC:[MD5.7C9F0A2AB17D52261A9252A2EB320884] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! TDI Redirect Driver.) -- C:\WINDOWS\system32\Drivers\aswRdr.sys [35928]
O44 - LFC:[MD5.B32E9AD44A1DBB3E8095E80F8DF32B03] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\WINDOWS\system32\Drivers\aswSnx.sys [738504]
O44 - LFC:[MD5.67B558895695545FB0568B7541F3BCA7] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\Drivers\aswSP.sys [361032]
O44 - LFC:[MD5.B8236CDC3E9862F037B1F83E352BDF94] - 30/10/2012 - 19:51:57 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\system32\Drivers\aswmon.sys [89752]
O44 - LFC:[MD5.84F0BE324EE111338589F448C3E8BAB2] - 30/10/2012 - 19:51:57 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\system32\Drivers\aswmon2.sys [97608]
O44 - LFC:[MD5.149A8F7ADF9742554DC323E290551E3E] - 30/10/2012 - 19:51:56 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [25256]
O44 - LFC:[MD5.DE6ED95AEF259979B2830450072A627B] - 30/10/2012 - 19:51:56 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\Drivers\aswFsBlk.sys [21256]
O44 - LFC:[MD5.74D55DED81C61871F0DB7F3A63A4D312] - 30/10/2012 - 19:51:07 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\WINDOWS\avastSS.scr [41224]
O44 - LFC:[MD5.A4B4FE50CCA23B38688003EA85A30EF6] - 30/10/2012 - 19:50:59 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\WINDOWS\system32\aswBoot.exe [227648]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/06/2011 - 03:45:56 ---A- . (...) -- C:\WINDOWS\PEV.exe [256000]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 07/11/2010 - 14:20:24 ---A- . (...) -- C:\WINDOWS\MBR.exe [208896]
O44 - LFC:[MD5.C51A881398F29071239741AE16D07C1C] - 03/08/2004 - 22:00:16 RSHA- . (...) -- C:\cmldr [261856]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 30/08/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 30/08/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 30/08/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\zip.exe [68096]
~ Scan Files in 00mn 08s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ Scan ShellExecuteHooks in 00mn 00s
---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TeamViewer\Version7\TeamViewer.exe" [Enabled] .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe" [Enabled] .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Ares\Ares.exe" [Enabled] .(.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
~ Scan Keys in 00mn 00s
---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\WINDOWS\system32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll
~ Scan Keys in 00mn 00s
---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
~ Scan CSB in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ Scan IFEO in 00mn 00s
---\\ MountPoints2 Shell Key (MPKS) (O51) (None)
---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec de áudio DSP Group TrueSpeech para MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
~ Scan Keys in 00mn 00s
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe
O53 - SMSR:HKLM\...\startupreg\ASUS Update Checker [Key] . (.Unknown owner - UpdateChecker MFC Application.) -- C:\Arquivos de programas\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
O53 - SMSR:HKLM\...\startupreg\ctfmon.exe [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O53 - SMSR:HKLM\...\startupreg\HDAudDeck [Key] . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O53 - SMSR:HKLM\...\startupreg\ISUSPM Startup [Key] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe
O53 - SMSR:HKLM\...\startupreg\ISUSScheduler [Key] . (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exeO53 - SMSR:HKLM\...\startupreg\MSMSGS [Key] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
~ Scan SMSR Keys in 00mn 00s
---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll
~ Scan Keys in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0
~ Scan Keys in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0
~ Scan Keys in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.149A8F7ADF9742554DC323E290551E3E] - 30/10/2012 - 19:51:56 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [25256]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 02/03/2006 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
~ Scan Drivers in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\Aavmker4.sys (Aavmker4) .(.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) - LEGACY_AAVMKER4
O64 - Services: CurCS - 10/10/2012 - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (AdobeFlashPlayerUpdateSvc) .(.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.4 r4.) - LEGACY_ADOBEFLASHPLAYERUPDATESVC
O64 - Services: CurCS - 17/12/2007 - C:\WINDOWS\system32\drivers\AsIO.sys - AsIO (AsIO) .(...) - LEGACY_ASIO
O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswFsBlk.sys (aswFsBlk) .(.AVAST Software - avast! File System Access Blocking Driver.) - LEGACY_ASWFSBLK
O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswMon2.sys (aswMon2) .(.AVAST Software - avast! File System Filter Driver for Window.) - LEGACY_ASWMON2
O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswRdr.sys (aswRdr) .(.AVAST Software - avast! TDI Redirect Driver.) - LEGACY_ASWRDR
O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswSnx.sys (aswSnx) .(.AVAST Software - avast! Virtualization Driver.) - LEGACY_ASWSNX
O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswSP.sys (aswSP) .(.AVAST Software - avast! self protection module.) - LEGACY_ASWSP
O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswTdi.sys (aswTdi) .(.AVAST Software - avast! TDI Filter Driver.) - LEGACY_ASWTDI
O64 - Services: CurCS - 30/10/2012 - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (avast! Antivirus) .(.AVAST Software - avast! Service.) - LEGACY_AVAST!_ANTIVIRUS
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\drivers\dmboot.sys (dmboot) .(.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) - LEGACY_DMBOOT
O64 - Services: CurCS - 02/03/2006 - C:\WINDOWS\system32\drivers\dmload.sys (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD
O64 - Services: CurCS - 06/09/2011 - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (gupdate) .(.Google Inc. - Google Installer.) - LEGACY_GUPDATE
O64 - Services: CurCS - 06/09/2011 - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (gupdatem) .(.Google Inc. - Google Installer.) - LEGACY_GUPDATEMO64 - Services: CurCS - 27/08/2012 - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc) .(.Google - gusvc.) - LEGACY_GUSVC
O64 - Services: CurCS - 15/02/2012 - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE
~ Scan Services in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe~ Scan Keys in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.)~ Scan Keys in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {78A9BE32-EF0D-47C6-97E3-794B397CD3AA} [DefaultScope] - (Google) - http://www.google.com
~ Scan Keys in 00mn 00s
---\\ Search Svchost Services (SSS) (O83)
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\WINDOWS\system32\appmgmts.dll [172032]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496]
O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [78336]
O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464]
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Dll do serviço do Gerenciador de discos lógicos.) -- C:\WINDOWS\system32\dmserver.dll [23552]
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Serviço do Cliente DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll [126976]
O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040]
O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - No comment.) -- C:\WINDOWS\system32\es.dll [253952]
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: HidServ (HidServ) . (...) -- C:\WINDOWS\system32\hidserv.dll [0]
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [99840]
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [132096]
O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792]
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gerenciador de conexões de rede.) -- C:\WINDOWS\system32\netman.dll [198144]
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll [247808]
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gerenciador de armazenamento removível.) -- C:\WINDOWS\system32\ntmssvc.dll [437248]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248]
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Mecanismo do 'Agendador de tarefas'.) -- C:\WINDOWS\system32\schedsvc.dll [193536]
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\WINDOWS\system32\seclogon.dll [18944]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\WINDOWS\system32\ipnathlp.dll [331264]
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Serviço de restauração do sistema.) -- C:\WINDOWS\system32\srsvc.dll [171520]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\WINDOWS\system32\tapisrv.dll [249856]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]
O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\WINDOWS\system32\w32time.dll [176128]
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Serviço de configuração zero sem fio.) -- C:\WINDOWS\system32\wzcsvc.dll [483840]
O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API de base do Windows 32 avançada.) -- C:\WINDOWS\system32\advapi32.dll [683520]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408]
O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]
O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\WINDOWS\system32\qmgr.dll [409088]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168]
O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400]
O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Provedor de Serviços do Dispositivo de Mídia Microsoft.) -- C:\WINDOWS\system32\mspmsnsv.dll [52736]
O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Tempo de Execução de Serviço de Agente de Quarentena.) -- C:\WINDOWS\system32\qagentrt.dll [292864]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\WINDOWS\system32\kmsvc.dll [61440]
~ Scan Services in 00mn 01s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.E897110EE5E67FABB83B154DF9C68D6A] [sPRF][16/11/2012] (...) -- C:\Documents and Settings\f003407\Desktop\ZHPDiag_silent.exe [794216]
[MD5.AE326A97F634217CAC29739D376DF934] [sPRF][15/08/2011] (...) -- C:\Documents and Settings\f003407\Desktop\ZHP_uninstall.exe [344187]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608][MD5.FB30D948346F9367A83DFE5BAB2668F8] [sPRF][22/08/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r183.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3126944]
[MD5.B8F39C9E0F0B71E454DBA431CF3B99C9] [sPRF][11/08/2005] (.Macrovision Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [417792]
[MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [sPRF][29/08/2006] (.Zylom Games - Zylom Games Player.) -- C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll [161976]
~ Scan Files in 00mn 00s
---\\ Router Hijack DNS (O89) (None)
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/10/2012 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 06/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 06/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exeSS - | Demand 27/08/2012 194032 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 15/02/2012 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
SS - | Demand 01/11/2012 115168 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
~ Scan Services in 00mn 02s
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by f003407 at 16/11/2012 08:21:34
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x8654CAB8]
3 CLASSPNP[0xF75FEFD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\00000065[0x865E0030]
5 ACPI[0xF7495620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IdeDeviceP2T0L0-5[0x86500940]
kernel: MBR read successfully
user & kernel MBR OK
~ Scan MBR in 00mn 02s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by f003407 at 16/11/2012 08:21:36
******* Dump file Name *******
C:\PhysicalDisk0_MBR.bin
~ Scan MBR in 00mn 04s
End of the scan (1187 lines in 00mn 59s)(0)
Bom Dia! Edvan
P.S: A ferramenta combofix pode ser utilizada assim como o Malwarebytes nas maquinas que estão contaminadas? ou é uma ferramenta que tem que passar sobe orientação de vcs analistas?
|- Somente a ferramenta ComboFix deve ter supervisão,mas como você tem experiência no seu manuseio...pode utilizá-la.
-/-
|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a UAC.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPFix_silent_zps532d2db6.jpg&key=e3bca71d24a0067fad1910903f2d756650c2d526a3a3b4495f41f8a5e073328a" alt="ZHPFix_silent_zps532d2db6.jpg" />
|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} Orphean Key
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Orphean Key
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- (.not file.)
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (...) -- (.not file.)
[HKLM\Software\Swearware]
[HKCU\Software\Ad-Remover]
emptytemp
emptyflash
proxyfix
firewallraz
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_PasteClipboard.jpg&key=e48613cfa6f79756d0d3087d1f9470f91a4d063f3d1285295d93d87cacbfb63d" alt="ZHPDiag_PasteClipboard.jpg" />
|- Clique no menu,"Paste ClipBoard".
|- Clique em "GO" -> Oui.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPFix_GO.jpg&key=558fe81face1e694faa61f1e0c3985db203e8ad910d59aa68f5da5f2fd114f02" alt="ZHPFix_GO.jpg" />
|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
Abs!
|- Somente a ferramenta ComboFix deve ter supervisão,mas como você tem experiência no seu manuseio...pode utilizá-la.
OK. amigo. :thumbsup:
Sobre a maquina, está bem melhor. :grin:
Mais algum procedimento?
Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012
Fichier d'export Registre :
Run by f003407 at 20/11/2012 08:02:10
Windows XP Professional Service Pack 3 (Build 2600)
Web site : http://nicolascoolman.skyrock.com/
========== Registry Key ==========
DELETED Key: CLSID BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
DELETED Key: CLSID BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7}
DELETED Key: CLSID BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
DELETED Key: CLSID BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
DELETED Key: HKLM\Software\Swearware
DELETED Key: HKCU\Software\Ad-Remover
========== Registry Value ==========
DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
DELETED Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
No Value in Firewall Exception Register Key (FirewallRaz)
========== Repertory ==========
DELETED Window Temporary:
DELETED Flash Cookies:
========== File ==========
DELETED Window Temporary:
DELETED Flash Cookies:
========== Summary ==========
9 : Registry Key
13 : Registry Value
2 : Repertory
2 : File
End of clean in 00mn 04s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 20/11/2012 08:02:11 [1784]
Boa Noite! Edvan
>
/applications/core/interface/imageproxy/imageproxy.php?img=http://forum.imasters.com.br/public/style_images/imasters-2011/snapback.png&key=6c4595d94bb1086600237aa9845db775ed272665f16a239c5c53fcdbbbb6a3c3" alt="snapback.png" /> Edvan, em 20 novembro 2012 - 09:04 , disse: Mais algum procedimento?
|- Caso queira,execute a verificação de seu computador,com EsetNod32.
-/-
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHP_uninstall_zps01617da3.jpg&key=4c72f6071ce1a6017cbd38c7d970b405f7ad80ff93aa3ea6619a232702a6b035" alt="ZHP_uninstall_zps01617da3.jpg" />
|- Desinstale ZHPDiag,clicando em "ZHP_uninstall".
-/-
|- Execute escaneamento online em | /applications/core/interface/imageproxy/imageproxy.php?img=http://img237.imageshack.us/img237/223/hh3lp9.jpg&key=b9c458b783f8ec469d9a67ce5b0da9137554ca65f2a7fb5a504f004bef116210" alt="hh3lp9.jpg" /> |
|- Utilize o navegador "Internet Explorer",para essa tarefa!
|- Siga,conforme a imagem,essa verificação ou scan.
|- Ao concluir,clique em "List of found threats" >> "Export to text file"
|- Salve esse texto no desktop,com o nome: Esetlog
|- Ps: Caso nada seja detectado,não teremos relatório ou lista presente.
|- Poste o relatório que estará no desktop! ( Esetlog.txt )
Abs!
pode fechar o tópico amigo.
a maquina esta ok. :thumbsup:
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa Tarde! Edvan
|- Após a execução destas ferramentas o problema foi resolvido?
-/-
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Silent.jpg&key=b108c6f3da4b9ebe004c6fc63c6e29fc4f2043056612e16f58c8a6da9600eaea" alt="ZHPDiag_Silent.jpg" /> > ( ... par Nicolas Coolman )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Caso utilize o Avast,estabeleça esta configuração à SandBox.
|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.
|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_4cones.jpg&key=1fa875282159446f710d915aa0f19515c10ea929b8487f1466b6ce34a529ae11" alt="ZHPDiag_4cones.jpg" />
|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abi6rX9e.jpg&key=92c78ea35f87f8eb069ae0f2916f89217f86c2317aef892b27e6440e4dd75740" alt="abi6rX9e.jpg" />
|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.
Abs!