Edvan 30 Denunciar post Postado Setembro 3, 2012 Boa tarde pessoal. É o seguinte: Recebemos um e-mail, com um anexo "Proposta-ID-00419.exe", só que era em doc com a extensão "exe"., então achei suspeito e analisei o arquivo pelo "https://www.virustotal.com/", e para minha surpresa o arquivo estava realmente infectado, conforme os logs abaixo: SHA256: e42cc58933e5736ae2abcc8c8aef634c6ae8ef155b1c3db1f01d5fe2bb9230be O nome do arquivo: proposta.docx.exe Rácio de detecção: 3/41 Data da análise: 2012/09/03 13:33:54 UTC (4 Minutos atrás) 0 0 Mais detalhes Antivírus Resultar Atualizar AhnLab-V3 - 20120903 AntiVir - 20120903 Antiy-AVL - 20120903 Avast - 20120903 AVG - 20120903 BitDefender - 20120903 ByteHero - 20120831 CAT-QuickHeal - 20120903 ClamAV - 20120828 Commtouch - 20120903 Comodo - 20120903 DrWeb Trojan.AVKill.22265 20120903 Emsisoft - 20120903 eSafe - 20120902 ESET NOD32- uma variante do MSIL / ProxyChanger.K 20120903 F-Prot - 20120903 F-Secure - 20120903 Fortinet - 20120830 GData - 20120903 Ikarus - 20120903 Jiangmin - 20120903 K7AntiVirus - 20120831 Kaspersky Trojan-Banker.Win32.Banbra.auqb 20120903 McAfee - 20120903 McAfee-GW-Edition - 20120903 Microsoft - 20120903 Normando - 20120902 nProtect - 20120903 Panda - 20120903 Ascensão - 20120903 Sophos - 20120903 SUPERAntiSpyware - 20120901 Symantec - 20120903 TheHacker - 20120902 TotalDefense - 20120903 TrendMicro - 20120903 TrendMicro-HouseCall - 20120903 VBA32 - 20120903 VIPRE - 20120903 ViRobot - 20120903 VirusBuster - 20120902 ----------------------xx---------------------------------------- Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Versão da Base de Dados: v2012.09.03.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 f003589 :: SUPORTE [administrador] 03/09/2012 10:49:42 mbam-log-2012-09-03 (10-49-42).txt Tipo de Verificação: Verificação Completa (C:\|) Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 308105 Tempo decorrido: 41 minuto(s), 56 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 1 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso. Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 10 C:\Documents and Settings\f003589\Meus documentos\suporte\8_HardWare & Manutenção\RemoveWGA.exe (PUP.RemoveWGA) -> Enviado para a Quarentena e deletado com sucesso. C:\Documents and Settings\f003589\Meus documentos\suporte\8_HardWare & Manutenção\Windows 7 Loader\Windows 7 Loader.exe (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso. C:\System Volume Information\_restore{605A10E1-8138-42AF-8AF6-20D6BBCEBE6E}\RP28\A0003336.exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso. C:\System Volume Information\_restore{605A10E1-8138-42AF-8AF6-20D6BBCEBE6E}\RP31\A0004195.exe (PUP.BundleInstaller.VG) -> Enviado para a Quarentena e deletado com sucesso. C:\System Volume Information\_restore{605A10E1-8138-42AF-8AF6-20D6BBCEBE6E}\RP31\A0004196.exe (PUP.BundleInstaller.VG) -> Enviado para a Quarentena e deletado com sucesso. C:\System Volume Information\_restore{605A10E1-8138-42AF-8AF6-20D6BBCEBE6E}\RP31\A0004197.exe (Adware.Sweetim.Force) -> Enviado para a Quarentena e deletado com sucesso. C:\System Volume Information\_restore{605A10E1-8138-42AF-8AF6-20D6BBCEBE6E}\RP31\A0004200.exe (PUP.BundleInstaller.VG) -> Enviado para a Quarentena e deletado com sucesso. C:\System Volume Information\_restore{605A10E1-8138-42AF-8AF6-20D6BBCEBE6E}\RP31\A0004201.exe (Adware.Sweetim.Force) -> Enviado para a Quarentena e deletado com sucesso. C:\System Volume Information\_restore{605A10E1-8138-42AF-8AF6-20D6BBCEBE6E}\RP31\A0004202.exe (Adware.Bundler) -> Enviado para a Quarentena e deletado com sucesso. C:\System Volume Information\_restore{605A10E1-8138-42AF-8AF6-20D6BBCEBE6E}\RP31\A0004374.exe (PUP.BundleInstaller.VG) -> Enviado para a Quarentena e deletado com sucesso. (fim) --------------------xx-------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:46:25, on 03/09/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Arquivos de programas\PSafe\PSafeCategoryFinder.exe C:\Arquivos de programas\PSafe\PSafesvc.exe C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Arquivos de programas\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [iAStorIcon] C:\Arquivos de programas\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Arquivos de programas\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: PSafeLockBoxSvc - PSafe - C:\Arquivos de programas\PSafe\PSafeCategoryFinder.exe O23 - Service: PSafeSVC - PSafe S/A - C:\Arquivos de programas\PSafe\PSafesvc.exe O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe -- End of file - 8525 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 3, 2012 Boa Tarde! Edvan |- Executou o arquivo? Acredito que não tenha executado... -/- |- Baixe: < Pre_Scan > ( ... par g3n-h@ckm@n ) |- Ou aqui: < Pre-Scan > Mirror! |- Ou aqui: < Pre-Scan > Mirror! |- Ou aqui: < Pre_Scan.pif > Caso ocorra impedimentos por malwares! |- Estando na página,clique na seta verde ou Mirror 1. |- Salve-o no desktop! < ( winlogon ) > |- Desabilite seu antivírus ou antispyware. |- Feche programas que estejam abertos,e execute a ferramenta! |- Duplo-clique em Pre_scan.exe. < > |- Poste o relatório: Pre_Scan.txt |- Acesse para isso: |- Ou...1fichier.com |- Ou...myfile.tk Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Setembro 3, 2012 Boa Tarde! Edvan |- Executou o arquivo? Acredito que não tenha executado... Boa tarde DigRam! Então, esses logs não são da minha maquina, então a resposta é sim, o arquivo foi executado pelo funcionário aqui da empresa, avisei a ele quando surgir arquivos desse tipo me avisasse antes para mim analisar. P.S: Duas maquinas executaram esse arquivo. Log: http://myfile.tk/3/Pre_Scan.txt Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 3, 2012 Boa Tarde! Edvan |- Verifique! O log Pre_Scan.txt veio incompleto! |- Cole-o,novamente,em myfile.tk ou pjjoint.malekal. Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Setembro 3, 2012 Boa Tarde! Edvan |- Verifique! O log Pre_Scan.txt veio incompleto! |- Cole-o,novamente,em myfile.tk ou pjjoint.malekal. Abs! Oxe, estranho, o log é esse mesmo!! http://myfile.tk/3/1586Pre_Scan.txt ou http://cjoint.com/12sp/BIdwecnbd1N.htm Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 3, 2012 Boa Tarde! Edvan |- A ferramenta Pre_Scan não completou seu scan e teve seu relatório interrompido. ----- ----- ¤¤¤¤¤¤¤¤¤¤ | quarantined at reboot ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair ¤¤¤¤¤¤¤¤¤¤ | Heuristic | Suspect ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Run ¤¤¤¤¤¤¤¤¤¤ | Others ¤¤¤¤¤¤¤¤¤¤ | BHO ¤¤¤¤¤¤¤¤¤¤ | ActiveX ¤¤¤¤¤¤¤¤¤¤ | HKCR\Applications ¤¤¤¤¤¤¤¤¤¤ | Windows ¤¤¤¤¤¤¤¤¤¤ | Svchost - Netsvc ¤¤¤¤¤¤¤¤¤¤ | HKU\S-1-5-21-2856907282-1339040672-1154749774-1000 ¤¤¤¤¤¤¤¤¤¤ | HKU64\S-1-5-21-2856907282-1339040672-1154749774-1000 ¤¤¤¤¤¤¤¤¤¤ | HKCU\Software\M$\Windows NT\CurrentVersion ¤¤¤¤¤¤¤¤¤¤ | HKLM\Software ¤¤¤¤¤¤¤¤¤¤ | HKLM\Software\M$\Windows NT\CurrentVersion ¤¤¤¤¤¤¤¤¤¤ | Last created/Modified ¤¤¤¤¤¤¤¤¤¤ | No Microsoft files | System32 (Not Necessary Malware) ¤¤¤¤¤¤¤¤¤¤ | Drives ¤¤¤¤¤¤¤¤¤¤ | Homedrive ¤¤¤¤¤¤¤¤¤¤ | Systemroot ¤¤¤¤¤¤¤¤¤¤ | C:\Windows files signature ¤¤¤¤¤¤¤¤¤¤ | Systemroot\System ¤¤¤¤¤¤¤¤¤¤ | Systemroot\Installer ¤¤¤¤¤¤¤¤¤¤ | %System%\*.ini ¤¤¤¤¤¤¤¤¤¤ | Profiles ¤¤¤¤¤¤¤¤¤¤ | Desktop ¤¤¤¤¤¤¤¤¤¤ | Downloads ¤¤¤¤¤¤¤¤¤¤ | StartMenu ¤¤¤¤¤¤¤¤¤¤ | StartMenu\Programs ¤¤¤¤¤¤¤¤¤¤ | StartMenu\Programs\Startup ¤¤¤¤¤¤¤¤¤¤ | CommonAppData ¤¤¤¤¤¤¤¤¤¤ | LocalAppData ¤¤¤¤¤¤¤¤¤¤ | ProgramFiles ¤¤¤¤¤¤¤¤¤¤ | CommonFiles ¤¤¤¤¤¤¤¤¤¤ | Temp\Low ¤¤¤¤¤¤¤¤¤¤ | Tasks ¤¤¤¤¤¤¤¤¤¤ | Firewall ¤¤¤¤¤¤¤¤¤¤ | Legacy ¤¤¤¤¤¤¤¤¤¤ | Drivers Launched ¤¤¤¤¤¤¤¤¤¤ | Services | 0 : Boot | 1 : System | 2 : Auto | 3 : Manual | 4 : Disabled | R : Running | S : Stopped ¤¤¤¤¤¤¤¤¤¤ | System files ¤¤¤¤¤¤¤¤¤¤ | Uninstall ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) ¤¤¤¤¤¤¤¤¤¤ | MBR Control ¤¤¤¤¤¤¤¤¤¤ | Security Center ¤¤¤¤¤¤¤¤¤¤ | Ports ¤¤¤¤¤¤¤¤¤¤ | Hidden files ¤¤¤¤¤ [HKLM | Winlogon] | AutoRestartShell : 0 -> 1 Fin : 13:45:27 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ |- Veja os ítens que restaram! |- O módulo SandBox estando habilitado,no Avast,costuma ser apontado como causador do bug. |- Baixe: < > ( ... par Nicolas Coolman ) |- Salve-o no desktop! |- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador. |- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde! |- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix |- Poste e/ou cole aqui,o link que foi gerado! Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Setembro 4, 2012 Bom dia! DigRam Ao executar o ZHP_uninstall, gerou esse link logo abaixo, e um relatório que também foi postado. link: http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120904_z15j12d6x10p8 P.S: se trata do mesmo log? Rapport de ZHPDiag v1.31.105 par Nicolas Coolman, Update du 25/06/2012 Run by f003589 at 04/09/2012 07:26:23 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html Web site : http://nicolascoolman.skyrock.com/ State : ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 (Defaut) GCIE: Google Chrome v21.0.1180.83 ---\\ Windows Product Information ~ Langage: Anglais Windows XP Professional Service Pack 3 (Build 2600) Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK Windows Genuine Advantage : KO ---\\ System Information ~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1959 MB (63% free) System Restore: Désactivé (Disabled) System drive C: has 295 GB (71%) free of 415 GB ---\\ Logged in mode ~ Computer Name: SUPORTE ~ User Name: f003589 ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Funpec, Convidado, Administrador, ~ Unselected Option: O45,O61,O62,O65,O82 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\f003589\Dados de aplicativos\ ~ %Desktop% : C:\Documents and Settings\f003589\Desktop\ ~ %Favorites% : C:\Documents and Settings\f003589\Favoritos\ ~ %LocalAppData% : C:\Documents and Settings\f003589\Configurações locais\Dados de aplicativos\ ~ %StartMenu% : C:\Documents and Settings\f003589\Menu Iniciar\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 295 Go of 415 Go) D:\ CD-ROM drive (Not Inserted) E:\ Hard drive, Flash drive, Thumb drive (Free 29 Go of 51 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK ~ Scan Security Center in 00mn 00s ---\\ Search Generic System Files [MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 18:21:00.) -- C:\WINDOWS\Explorer.exe [1035776] [MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/03/2009 - 04:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944] [MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 18:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952] [MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/04/2008 - 11:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 17:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 17:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/04/2008 - 11:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 18:34:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240] [MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/04/2008 - 17:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248] ~ Scan Generic Processes in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes musiques (My Musics) : 1/20 ~ Mes Videos (My Video) : 0/0 ~ Mes Favoris (My Favorites) : 1/9 ~ Mes Documents (My Documents) : 1/39621 ~ Mon Bureau (My Desktop) : 0/3425 ~ Menu demarrer (Programs) : 1/25 ~ Scan Hidden Files in 00mn 10s ---\\ Running Processes [MD5.04AC21E821F259845BD7367CEE057290] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe [44808] [PID.] [MD5.0E410EDC8D0527801B899CF29E60597C] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153584] [PID.] [MD5.0803906D607A9B83184447B75B60ECC2] - (.Intel Corporation - Local Manageability Service.) -- C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.] [MD5.92A4E2F762FF5091D03F1B2E420655A8] - (.PSafe - PSafe CategoryFinder.) -- C:\Arquivos de programas\PSafe\PSafeCategoryFinder.exe [1726216] [PID.] [MD5.8211FB9AEE57CD05CD30D88021CCDD6E] - (.PSafe S/A - PSafe-SVC.) -- C:\Arquivos de programas\PSafe\PSafesvc.exe [1733896] [PID.] [MD5.EB79C6C91A99930015EF29AE7FA802D1] - (.Intel Corporation - User Notification Service.) -- C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe [2655768] [PID.] [MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Arquivos de programas\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.] [MD5.A7EA40F680163808D96F89B4FF991876] - (.Microsoft Corporation - Aplicativo de logon Userinit.) -- C:\WINDOWS\system32\userinit.exe [26112] [PID.] [MD5.2D99B930F4FA52CE3A2E034D64D41A92] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [142616] [PID.] [MD5.1B1AD24374A904D190E581A507010BEE] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [182552] [PID.] [MD5.4CB7C0105E9BF50EF2C2F220FBEDBF49] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [20053608] [PID.] [MD5.DC73E11DC27E7D9AEF884EBE816C4240] - (.Intel Corporation - IAStorIcon.) -- C:\Arquivos de programas\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440] [PID.] [MD5.BAD0D303EF0A519409C625738F3E10A3] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe [4282728] [PID.] [MD5.98A078F838A70F84E1BD490D7C7675F4] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254696] [PID.] [MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [152872] [PID.] [MD5.A328A46D87BB92CE4D8A4528E9D84787] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [279848] [PID.] [MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.] [MD5.2339760B238226DAD9ED03F939D92323] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [1229848] [PID.] [MD5.E897110EE5E67FABB83B154DF9C68D6A] - (...) -- C:\Documents and Settings\f003589\Desktop\ZHPDiag_silent.exe [794216] [PID.] [MD5.BE955BAB4EFC2A28BE2692D102FFC85A] - (...) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [3838464] [PID.] [MD5.C81B8635DEE0D3EF5F64B3DD643023A5] - (.Microsoft Corporation - Windows User Mode Driver Manager.) -- C:\WINDOWS\system32\wdfmgr.exe [38912] [PID.] [MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.] ~ Scan Processes Running in 00mn 01s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@java.com/DTPlugin,version=1.6.0_35] - (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\WINDOWS\system32\npdeployJava1.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_35 for Mozilla browsers.) -- C:\Arquivos de programas\Java\jre6\bin\plugin2\npjp2.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.115\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.115\npGoogleUpdate3.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.2".) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)) -- C:\WINDOWS\system32\ieframe.dll ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Changed inifile Value, Mapped to Registry (F2) F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Scan Keys in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 11453 ---\\ Browser Helper Objects (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll ~ Scan Toolbar in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe O4 - HKLM\..\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Arquivos de programas\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21404\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21404\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21404\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe ~ Scan Application in 00mn 00s ---\\ Other User Links (O4) O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Adobe Reader 9.lnk . (.Adobe Systems Incorporated.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\avast! Free Antivirus.lnk . (.AVAST Software.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\EASEUS Partition Master 9.1.0 Home Edition.lnk . (.EASEUS.) -- C:\Arquivos de programas\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\bin\epm0.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MV RegClean 6.0.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.EXE O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Nero StartSmart.lnk . (.Nero AG.) -- C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\PDFCreator.lnk . (.-.) -- C:\Arquivos de programas\PDFCreator\PDFCreator.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\TeamViewer 7.lnk . (.TeamViewer GmbH.) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer.exe O4 - Global Startup: C:\Documents And Settings\Funpec\Desktop\Atalho para Funpec.lnk . (...) -- C:\sigap\Funpec.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Adobe Reader 9.lnk . (.Adobe Systems Incorporated.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AcroRd32.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\avast! Free Antivirus.lnk . (.AVAST Software.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\EASEUS Partition Master 9.1.0 Home Edition.lnk . (.EASEUS.) -- C:\Arquivos de programas\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\bin\epm0.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MV RegClean 6.0.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.EXE O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Nero StartSmart.lnk . (.Nero AG.) -- C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\PDFCreator.lnk . (.-.) -- C:\Arquivos de programas\PDFCreator\PDFCreator.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\TeamViewer 7.lnk . (.TeamViewer GmbH.) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer.exe O4 - Global Startup: C:\Documents And Settings\Funpec\Desktop\Atalho para Funpec.lnk . (...) -- C:\sigap\Funpec.exe ~ Scan Global Startup in 00mn 00s ---\\ Extra items in the IE right-click menu (O8) O8 - Extra context menu item: E&xportar para o Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\ARQUIV~1\MICROS~2\Office12\EXCEL.exe ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll ~ Scan Winsock in 00mn 00s ---\\ 'Reset Web Settings' hijack (O14) O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp" O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br" ~ Scan IE Paramètres WEB in 00mn 00s ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab ~ Scan Objets ActiveX in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{A2B73A8B-3CDF-4524-86A4-F9672EE481BD}: DhcpNameServer = 10.4.65.16 O17 - HKLM\System\CCS\Services\Tcpip\..\{A2B73A8B-3CDF-4524-86A4-F9672EE481BD}: DhcpDomain = funpec.br O17 - HKLM\System\CS1\Services\Tcpip\..\{A2B73A8B-3CDF-4524-86A4-F9672EE481BD}: DhcpNameServer = 10.4.65.16 O17 - HKLM\System\CS1\Services\Tcpip\..\{A2B73A8B-3CDF-4524-86A4-F9672EE481BD}: DhcpDomain = funpec.br O17 - HKLM\System\CS2\Services\Tcpip\..\{A2B73A8B-3CDF-4524-86A4-F9672EE481BD}: DhcpNameServer = 10.4.65.16 O17 - HKLM\System\CS2\Services\Tcpip\..\{A2B73A8B-3CDF-4524-86A4-F9672EE481BD}: DhcpDomain = funpec.br ~ Scan Domain in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll ~ Scan Winlogon in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objeto de serviço do shell de Systray.) -- C:\WINDOWS\system32\stobject.dll ~ Scan SSODL in 00mn 00s ---\\ SharedTaskScheduler (O22) O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll ~ Scan STS/SSO in 00mn 00s ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Arquivos de programas\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Intel® Management and Security Applica (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: PSafeLockBoxSvc (PSafeLockBoxSvc) . (.PSafe - PSafe CategoryFinder.) - C:\Arquivos de programas\PSafe\PSafeCategoryFinder.exe O23 - Service: PSafeSVC (PSafeSVC) . (.PSafe S/A - PSafe-SVC.) - C:\Arquivos de programas\PSafe\PSafesvc.exe O23 - Service: Intel® Management and Security Applica (UNS) . (.Intel Corporation - User Notification Service.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe ~ Scan Services in 00mn 00s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Desktop Component 0: Minha página inicial atual - file:About:Home O24 - Default MHTML Editor: Last - .(...) - (.not file.) O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp ~ Scan Desktop Component in 00mn 00s ---\\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ Scan Keys in 00mn 00s ---\\ Task Planned Automatically(039) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\avast! Emergency Update.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{2CC845D2-9C5F-4092-B2A1-163CBACB20D0}.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{4C4F7C39-E72B-4464-815F-A94CBB6C6D97}.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{71052C5B-9F03-4BDE-8A2A-900D3FAD0CAF}.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{B4BDDD21-1A79-4F80-B725-F3C8F5B17EF4}.job [MD5.B2B64AF436FACCFA854DD397027C5360] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.B174DE0DE6C9AA8AFFD3B926653E625F] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe ~ Scan Scheduled Task in 00mn 00s ---\\ ActiveSetup Installed Components (O40) O40 - ASIC: Atualização de Versão do Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} . (.Microsoft Corporation - IE Per User Active Setup Uninstall Utility.) -- C:\WINDOWS\system32\ieudinit.exe O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Utilitário de Instalação do Microsoft Windows Media Player.) -- C:\WINDOWS\inf\unregmp2.exe O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\WINDOWS\system32\ie4uinit.exe.mui O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\WINDOWS\system32\iedkcs32.dll O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} . (.Microsoft Corporation - Windows NT User Data Migration Tool.) -- C:\WINDOWS\system32\shmgrate.exe O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\regutils.dll O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\WINDOWS\system32\themeui.dll O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (...) -- C:\WINDOWS\INF\msmsgs.inf O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\WINDOWS\system32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp.inf O40 - ASIC: Catálogo de endereços 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe O40 - ASIC: Atualização da área de trabalho do Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\WINDOWS\system32\ie4uinit.exe.mui O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- c:\WINDOWS\system32\mscories.dll ~ Scan Active Setup in 00mn 00s ---\\ Drivers launched at startup (O41) O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\WINDOWS\system32\drivers\360FileOem.sys O41 - Driver: (360RegOem) . (.360???? - 360RegOem.) - C:\WINDOWS\system32\drivers\360RegOem.sys O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys O41 - Driver: (AppleCharger) . (...) - C:\WINDOWS\system32\DRIVERS\AppleCharger.sys O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys O41 - Driver: (i8042prt) . (.Microsoft Corporation - Driver de porta i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys O41 - Driver: (intelppm) . (.Microsoft Corporation - Driver de dispositivo de processador.) - C:\WINDOWS\system32\DRIVERS\intelppm.sys O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Driver de classe teclado.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys O41 - Driver: (kbdhid) . (.Microsoft Corporation - HID Mouse Filter Driver.) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys O41 - Driver: (Mouclass) . (.Microsoft Corporation - Driver de classe modem.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS\netbios.sys O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS\netbt.sys O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERS\rasacd.sys O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERS\rdbss.sys O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys O41 - Driver: (redbook) . (.Microsoft Corporation - Redbook Audio Filter Driver.) - C:\WINDOWS\system32\DRIVERS\redbook.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\WINDOWS\system32\DRIVERS\serial.sys O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS\tcpip.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys ~ Scan Drivers in 00mn 00s ---\\ Software installed (O42) O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Reader 9.5.2 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A95000000001} O42 - Logiciel: Arquivo do WinRAR - (.Unknown owner.) [HKLM] -- WinRAR archiver O42 - Logiciel: Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM] -- {3108C217-BE83-42E4-AE9E-A56A2A92E549} O42 - Logiciel: Auslogics Disk Defrag - (.Auslogics Software Pty Ltd.) [HKLM] -- {DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: EASEUS Partition Master 9.1.0 Home Edition - (.EASEUS.) [HKLM] -- EASEUS Partition Master Home Edition_is1 O42 - Logiciel: FormatFactory 2.95 - (.Free Time.) [HKLM] -- FormatFactory O42 - Logiciel: Foxit PDF Editor - (.Foxit Corporation.) [HKLM] -- Foxit PDF Editor O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C} O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: Intel® Management Engine Components - (.Intel Corporation.) [HKLM] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A} O42 - Logiciel: Intel® Processor Graphics - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} O42 - Logiciel: Intel® Rapid Storage Technology - (.Intel Corporation.) [HKLM] -- {3E29EE6C-963A-4aae-86C1-DC237C4A49FC} O42 - Logiciel: Java 6 Update 35 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216032FF} O42 - Logiciel: K-Lite Mega Codec Pack 9.1.0 - (.Unknown owner.) [HKLM] -- KLiteCodecPack_is1 O42 - Logiciel: MV RegClean 6.0 - (.Unknown owner.) [HKLM] -- MV RegClean 6.0_is1 O42 - Logiciel: Malwarebytes Anti-Malware versão 1.62.0.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- ENTERPRISE O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Word MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} O42 - Logiciel: Nero 7 Premium - (.Nero AG.) [HKLM] -- {847CAE64-4CD2-4B2D-AF00-978FF5431046} O42 - Logiciel: ON_OFF Charge B11.0110.1 - (.GIGABYTE.) [HKLM] -- {3DECD372-76A1-4483-BF10-B547790A3261} O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} O42 - Logiciel: TeamViewer 7 - (.TeamViewer.) [HKLM] -- TeamViewer 7 O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8 O42 - Logiciel: Windows Media Format Runtime - (.Unknown owner.) [HKLM] -- Windows Media Format Runtime O42 - Logiciel: avast! Free Antivirus v7.0.1466.0 - (.AVAST Software.) [HKLM] -- avast O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B} ---\\ HKCU & HKLM Software Keys [HKCU\Software\AVAST Software] [HKCU\Software\Adobe] [HKCU\Software\Ahead] [HKCU\Software\Auslogics] [HKCU\Software\Baixaki] [HKCU\Software\BitComet] [HKCU\Software\Canon] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\EASEUS] [HKCU\Software\Foxit Corporation] [HKCU\Software\FreeTime] [HKCU\Software\GNU] [HKCU\Software\Gabest] [HKCU\Software\Google] [HKCU\Software\Haali] [HKCU\Software\Icaros] [HKCU\Software\InstallCore] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\MediaInfo] [HKCU\Software\MozillaPlugins] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\PDFCreator] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\Realtek] [HKCU\Software\Sysinternals] [HKCU\Software\TeamViewer] [HKCU\Software\Trolltech] [HKCU\Software\WinRAR] [HKCU\Software\Zugo] [HKCU\Software\g3n-h@ckm@n] [HKCU\Software\madFlac] [HKCU\Software\madshi] [HKLM\Software\360Safe] [HKLM\Software\AVAST Software] [HKLM\Software\Adobe] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Atheros Communications Inc.] [HKLM\Software\Audible] [HKLM\Software\Babylon] [HKLM\Software\Bunndle] [HKLM\Software\C07ft5Y] [HKLM\Software\Canon] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Creative Tech] [HKLM\Software\Foxit Software] [HKLM\Software\GIGABYTE] [HKLM\Software\GNU] [HKLM\Software\Gabest] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\HaaliMkx] [HKLM\Software\Intel] [HKLM\Software\InterVideo] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\KLCodecPack] [HKLM\Software\LAV] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\Mozilla Thunderbird] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\Nero] [HKLM\Software\ODBC] [HKLM\Software\PSafe] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Schlumberger] [HKLM\Software\Secure] [HKLM\Software\TeamViewer] [HKLM\Software\TrendMicro] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Windows] [HKLM\Software\ahead] [HKLM\Software\iTinySoft] [HKLM\Software\mozilla.org] ~ Scan Softwares in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 22/08/2012 - 14:10:58 - [0,714] ----D C:\Arquivos de programas\Acronis O43 - CFD: 24/07/2012 - 17:46:14 - [104,437] ----D C:\Arquivos de programas\Adobe O43 - CFD: 22/08/2012 - 14:10:58 - [385,609] ----D C:\Arquivos de programas\Arquivos comuns O43 - CFD: 22/08/2012 - 10:52:05 - [8,967] ----D C:\Arquivos de programas\Auslogics O43 - CFD: 30/05/2012 - 12:26:43 - [341,808] ----D C:\Arquivos de programas\AVAST Software O43 - CFD: 01/06/2012 - 10:00:27 - [1,391] ---AD C:\Arquivos de programas\Canon O43 - CFD: 01/06/2012 - 09:41:26 - [4,620] ----D C:\Arquivos de programas\CCleaner O43 - CFD: 30/05/2012 - 11:54:49 - [0,154] ----D C:\Arquivos de programas\Common Files O43 - CFD: 30/05/2012 - 11:34:48 - [0] ----D C:\Arquivos de programas\ComPlus Applications O43 - CFD: 30/07/2012 - 10:59:29 - [221,102] ----D C:\Arquivos de programas\E.M. PowerPoint Video Converter O43 - CFD: 12/07/2012 - 09:51:00 - [36,814] ----D C:\Arquivos de programas\EASEUS O43 - CFD: 12/07/2012 - 09:58:05 - [6,476] ----D C:\Arquivos de programas\Foxit Software O43 - CFD: 30/07/2012 - 10:46:39 - [111,531] ----D C:\Arquivos de programas\FreeTime O43 - CFD: 30/05/2012 - 11:54:55 - [0,078] ----D C:\Arquivos de programas\GIGABYTE O43 - CFD: 01/06/2012 - 09:41:23 - [376,516] ----D C:\Arquivos de programas\Google O43 - CFD: 30/05/2012 - 11:54:55 - [11,204] --H-D C:\Arquivos de programas\InstallShield Installation Information O43 - CFD: 30/05/2012 - 11:54:48 - [34,385] ----D C:\Arquivos de programas\Intel O43 - CFD: 30/05/2012 - 13:04:52 - [4,315] ----D C:\Arquivos de programas\Internet Explorer O43 - CFD: 31/08/2012 - 07:17:27 - [77,630] ----D C:\Arquivos de programas\Java O43 - CFD: 30/07/2012 - 11:37:59 - [94,234] ----D C:\Arquivos de programas\K-Lite Codec Pack O43 - CFD: 03/09/2012 - 10:48:24 - [11,705] ----D C:\Arquivos de programas\Malwarebytes' Anti-Malware O43 - CFD: 30/05/2012 - 13:00:06 - [2,465] ----D C:\Arquivos de programas\Marcos Velasco Security O43 - CFD: 30/05/2012 - 11:34:45 - [2,068] ----D C:\Arquivos de programas\Messenger O43 - CFD: 30/05/2012 - 11:38:23 - [0] ----D C:\Arquivos de programas\microsoft frontpage O43 - CFD: 30/05/2012 - 12:35:52 - [324,745] ----D C:\Arquivos de programas\Microsoft Office O43 - CFD: 30/05/2012 - 12:35:50 - [0,014] ----D C:\Arquivos de programas\Microsoft Visual Studio O43 - CFD: 30/05/2012 - 12:36:00 - [3,032] ----D C:\Arquivos de programas\Microsoft Works O43 - CFD: 30/05/2012 - 12:35:35 - [7,774] ----D C:\Arquivos de programas\Microsoft.NET O43 - CFD: 30/05/2012 - 11:36:20 - [9,864] ----D C:\Arquivos de programas\Movie Maker O43 - CFD: 30/07/2012 - 10:46:04 - [0,000] ----D C:\Arquivos de programas\Mozilla Firefox O43 - CFD: 30/05/2012 - 11:52:32 - [0,025] ----D C:\Arquivos de programas\MSBuild O43 - CFD: 30/05/2012 - 11:34:34 - [8,340] ----D C:\Arquivos de programas\MSN Gaming Zone O43 - CFD: 19/07/2012 - 10:50:55 - [502,235] ----D C:\Arquivos de programas\Nero O43 - CFD: 30/05/2012 - 11:36:51 - [3,131] ----D C:\Arquivos de programas\NetMeeting O43 - CFD: 30/05/2012 - 11:36:43 - [4,155] ----D C:\Arquivos de programas\Outlook Express O43 - CFD: 30/05/2012 - 12:33:21 - [21,438] ----D C:\Arquivos de programas\PDFCreator O43 - CFD: 30/07/2012 - 10:59:48 - [0,000] ----D C:\Arquivos de programas\Powerpoint-PPT to AVI-GIF Converter O43 - CFD: 04/09/2012 - 07:26:38 - [79,312] ----D C:\Arquivos de programas\PSafe O43 - CFD: 30/05/2012 - 11:53:43 - [68,165] ----D C:\Arquivos de programas\Realtek O43 - CFD: 30/05/2012 - 11:52:30 - [34,664] ----D C:\Arquivos de programas\Reference Assemblies O43 - CFD: 30/05/2012 - 11:37:44 - [0,001] ----D C:\Arquivos de programas\Serviços on-line O43 - CFD: 03/09/2012 - 18:00:01 - [15,710] ----D C:\Arquivos de programas\TeamViewer O43 - CFD: 30/05/2012 - 11:43:45 - [0] --H-D C:\Arquivos de programas\Uninstall Information O43 - CFD: 19/07/2012 - 10:50:40 - [3,912] ----D C:\Arquivos de programas\Windows Media Player O43 - CFD: 30/05/2012 - 11:34:21 - [3,747] ----D C:\Arquivos de programas\Windows NT O43 - CFD: 30/05/2012 - 11:37:44 - [0] --H-D C:\Arquivos de programas\WindowsUpdate O43 - CFD: 30/05/2012 - 12:29:57 - [4,826] ----D C:\Arquivos de programas\WinRAR O43 - CFD: 30/05/2012 - 11:38:23 - [0] ----D C:\Arquivos de programas\xerox O43 - CFD: 04/09/2012 - 07:26:36 - [13,511] ----D C:\Arquivos de programas\ZHPDiag O43 - CFD: 30/08/2012 - 17:17:54 - [54,119] ----D C:\Arquivos de programas\Arquivos comuns\Acronis O43 - CFD: 24/07/2012 - 17:47:30 - [25,198] ----D C:\Arquivos de programas\Arquivos comuns\Adobe O43 - CFD: 19/07/2012 - 10:51:35 - [113,981] ----D C:\Arquivos de programas\Arquivos comuns\Ahead O43 - CFD: 30/05/2012 - 12:35:49 - [0,089] ----D C:\Arquivos de programas\Arquivos comuns\DESIGNER O43 - CFD: 30/05/2012 - 11:53:36 - [3,679] ----D C:\Arquivos de programas\Arquivos comuns\InstallShield O43 - CFD: 30/05/2012 - 11:56:36 - [0,009] ----D C:\Arquivos de programas\Arquivos comuns\Intel Corporation O43 - CFD: 30/05/2012 - 13:24:13 - [1,201] ----D C:\Arquivos de programas\Arquivos comuns\Java O43 - CFD: 30/05/2012 - 12:35:59 - [144,328] ----D C:\Arquivos de programas\Arquivos comuns\Microsoft Shared O43 - CFD: 30/05/2012 - 11:36:41 - [0,271] ----D C:\Arquivos de programas\Arquivos comuns\MSSoap O43 - CFD: 30/05/2012 - 08:23:06 - [0] ----D C:\Arquivos de programas\Arquivos comuns\ODBC O43 - CFD: 30/05/2012 - 11:36:49 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços O43 - CFD: 30/05/2012 - 08:23:00 - [3,612] ----D C:\Arquivos de programas\Arquivos comuns\SpeechEngines O43 - CFD: 30/05/2012 - 11:35:20 - [39,115] ----D C:\Arquivos de programas\Arquivos comuns\System O43 - CFD: 03/09/2012 - 10:48:22 - [219,870] R-H-D C:\Documents and Settings\All Users\Dados de aplicativos O43 - CFD: 03/09/2012 - 18:00:02 - [0,013] ----D C:\Documents and Settings\All Users\Desktop O43 - CFD: 24/07/2012 - 17:47:35 - [1,610] R---D C:\Documents and Settings\All Users\Documentos O43 - CFD: 19/07/2012 - 10:50:33 - [0,101] -SH-D C:\Documents and Settings\All Users\DRM O43 - CFD: 30/05/2012 - 08:22:19 - [0] ----D C:\Documents and Settings\All Users\Favoritos O43 - CFD: 13/07/2012 - 09:27:01 - [0,234] R---D C:\Documents and Settings\All Users\Menu Iniciar O43 - CFD: 30/05/2012 - 08:22:19 - [0] --H-D C:\Documents and Settings\All Users\Modelos O43 - CFD: 24/07/2012 - 17:44:42 - [1,558] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Adobe O43 - CFD: 31/07/2012 - 07:17:40 - [0,065] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Ahead O43 - CFD: 22/08/2012 - 10:52:09 - [0,378] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Auslogics O43 - CFD: 30/07/2012 - 10:45:33 - [0,007] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Babylon O43 - CFD: 24/07/2012 - 16:09:10 - [0,311] ----D C:\Documents and Settings\f003589\Dados de aplicativos\BitComet O43 - CFD: 20/07/2012 - 07:59:48 - [0,000] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Google O43 - CFD: 12/07/2012 - 09:40:18 - [0] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Identities O43 - CFD: 12/07/2012 - 09:40:30 - [0] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Intel Corporation O43 - CFD: 12/07/2012 - 09:42:30 - [0,000] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Macromedia O43 - CFD: 03/09/2012 - 10:48:30 - [5,763] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Malwarebytes O43 - CFD: 31/08/2012 - 07:31:06 - [0,000] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Media Player Classic O43 - CFD: 19/07/2012 - 08:46:24 - [4,196] -S--D C:\Documents and Settings\f003589\Dados de aplicativos\Microsoft O43 - CFD: 12/07/2012 - 09:52:00 - [0] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Mozilla O43 - CFD: 12/07/2012 - 09:46:54 - [17,443] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Sun O43 - CFD: 03/09/2012 - 18:00:04 - [0,020] ----D C:\Documents and Settings\f003589\Dados de aplicativos\TeamViewer O43 - CFD: 12/07/2012 - 09:51:59 - [0,000] ----D C:\Documents and Settings\f003589\Dados de aplicativos\Thunderbird O43 - CFD: 17/07/2012 - 17:53:15 - [0] ----D C:\Documents and Settings\f003589\Dados de aplicativos\WinRAR O43 - CFD: 24/07/2012 - 17:42:15 - [0,037] ----D C:\Documents and Settings\f003589\Configurações locais\Dados de aplicativos\Adobe O43 - CFD: 31/07/2012 - 07:17:35 - [122,454] ----D C:\Documents and Settings\f003589\Configurações locais\Dados de aplicativos\Ahead O43 - CFD: 30/07/2012 - 10:47:42 - [0,165] ----D C:\Documents and Settings\f003589\Configurações locais\Dados de aplicativos\APN O43 - CFD: 31/08/2012 - 07:12:25 - [107,444] ----D C:\Documents and Settings\f003589\Configurações locais\Dados de aplicativos\Google O43 - CFD: 17/07/2012 - 14:47:03 - [1,447] ----D C:\Documents and Settings\f003589\Configurações locais\Dados de aplicativos\Microsoft O43 - CFD: 12/07/2012 - 09:40:24 - [0,015] R---D C:\Documents and Settings\f003589\Menu Iniciar\Programas\Acessórios O43 - CFD: 30/07/2012 - 10:47:03 - [0,003] ----D C:\Documents and Settings\f003589\Menu Iniciar\Programas\FormatFactory O43 - CFD: 30/05/2012 - 08:22:19 - [0,000] R---D C:\Documents and Settings\f003589\Menu Iniciar\Programas\Inicializar ~ Scan Program Folder in 00mn 04s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.32A784BC287558873A93590785F35F5A] - 03/09/2012 - 17:15:00 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32630] O44 - LFC:[MD5.A9A98FD3A6505ECAB3131B0A37848F52] - 03/09/2012 - 15:22:11 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1233881] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 03/09/2012 - 15:21:07 ---A- . (...) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.94F0863F20847FB33758802327272EA0] - 03/09/2012 - 15:21:06 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [13646] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 03/09/2012 - 15:20:48 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.6CD1AE2694302424DB0208161FBE8CE8] - 03/09/2012 - 15:19:57 ---A- . (...) -- C:\Pre_Scan.txt [25724] O44 - LFC:[MD5.951D5EFF1B2D2A6E743ADF173BD921A7] - 03/09/2012 - 11:46:25 ---A- . (...) -- C:\hijackthis.log [8526] O44 - LFC:[MD5.6DFE7F2E8E8A337263AA5C92A215F161] - 03/09/2012 - 10:48:22 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbam.sys [22344] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 03/09/2012 - 10:31:52 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.8715347D6B7B2E3A7CFE5ADF2D510CE3] - 03/09/2012 - 10:31:52 ---A- . (...) -- C:\WINDOWS\win.ini [477] O44 - LFC:[MD5.882021418375303061B16C0AF33AB53F] - 03/09/2012 - 10:31:52 RSH-- . (...) -- C:\boot.ini [355] O44 - LFC:[MD5.018F418054C1AEA07FDEA5BAE92D32C5] - 31/08/2012 - 15:54:30 ---A- . (...) -- C:\WINDOWS\setupapi.log [23101] O44 - LFC:[MD5.A8715909CA22A12F69FFC26EA29C84B5] - 31/08/2012 - 15:33:02 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerApp.exe [696520] O44 - LFC:[MD5.947414E8F3866EE69245382521C1939E] - 31/08/2012 - 15:33:02 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl [73416] O44 - LFC:[MD5.DB49A5F4FA3AF4FFC239318135948F70] - 31/08/2012 - 15:17:01 ---A- . (...) -- C:\WINDOWS\system32\CONFIG.NT [3017] O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 31/08/2012 - 07:31:08 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69] O44 - LFC:[MD5.EB4643A16C28B8BE5EE494F46D72CA1D] - 31/08/2012 - 07:17:27 ---A- . (...) -- C:\WINDOWS\system32\jupdate-1.6.0_35-b10.log [3063] O44 - LFC:[MD5.6CD3A99DCEDE9C2D7D3BFBF6D4902F5F] - 28/08/2012 - 20:24:56 ---A- . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(T.) -- C:\WINDOWS\system32\npdeployJava1.dll [477168] O44 - LFC:[MD5.E874FA619CCE015314A5877039385D38] - 28/08/2012 - 20:24:53 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\system32\deployJava1.dll [473072] O44 - LFC:[MD5.35C188316BADDCE7281FE3D07245568F] - 28/08/2012 - 20:10:12 ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\WINDOWS\system32\javaws.exe [157680] O44 - LFC:[MD5.678A869DCD7BB901DAB7C83BC1693B43] - 28/08/2012 - 20:10:07 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\system32\javaw.exe [149488] O44 - LFC:[MD5.57E96B3B7B3784775649CEF2420222E2] - 28/08/2012 - 20:09:57 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\WINDOWS\system32\java.exe [149488] O44 - LFC:[MD5.5D79FE3EB2B66B4A084E67130C678BBC] - 28/08/2012 - 18:39:23 ---A- . (.Sun Microsystems, Inc. - Java Control Panel.) -- C:\WINDOWS\system32\javacpl.cpl [73728] O44 - LFC:[MD5.DFE9152ABFA89BB8CFDC057409B2D4DA] - 21/08/2012 - 06:13:15 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\Drivers\aswTdi.sys [54232] O44 - LFC:[MD5.30E45AF8B4D83176CA850FC9699E860B] - 21/08/2012 - 06:13:15 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\WINDOWS\system32\Drivers\aswSnx.sys [729752] O44 - LFC:[MD5.F04BDBCB965C05C51F4A7DE7B62063D6] - 21/08/2012 - 06:13:15 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\Drivers\aswSP.sys [355632] O44 - LFC:[MD5.F788769BF8EFDF038EA35E9CCD0A2057] - 21/08/2012 - 06:13:14 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\system32\Drivers\aswmon.sys [89624] O44 - LFC:[MD5.2B9B1DF809E965EF63402CBBA6DB50AE] - 21/08/2012 - 06:13:14 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\system32\Drivers\aswmon2.sys [97608] O44 - LFC:[MD5.B7D5E4486BA658ED08624D8084ABB830] - 21/08/2012 - 06:13:14 ---A- . (.AVAST Software - avast! TDI Redirect Driver.) -- C:\WINDOWS\system32\Drivers\aswRdr.sys [35928] O44 - LFC:[MD5.0352A73CD6B1782EA3ED7A03A8268F55] - 21/08/2012 - 06:13:13 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [25256] O44 - LFC:[MD5.F5DC168BF77572D51BE28BA261B30CB4] - 21/08/2012 - 06:13:13 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\Drivers\aswFsBlk.sys [21256] O44 - LFC:[MD5.B6A0320DFEFE916346CB900938661DAD] - 21/08/2012 - 06:12:33 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\WINDOWS\avastSS.scr [41224] O44 - LFC:[MD5.CCB414FEE0E81E1B7F64AEEA63BC2649] - 21/08/2012 - 06:12:23 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\WINDOWS\system32\aswBoot.exe [227648] ~ Scan Files in 00mn 06s ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ Scan ShellExecuteHooks in 00mn 00s ---\\ Export authorized application key (O47) O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\BitComet\BitComet.exe" [Enabled] .(...) -- C:\Arquivos de programas\BitComet\BitComet.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Bonjour\mDNSResponder.exe" [Enabled] .(...) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\PSafe\PSRsync.exe" [Enabled] .(...) -- C:\Arquivos de programas\PSafe\PSRsync.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TeamViewer\Version7\TeamViewer.exe" [Enabled] .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe" [Enabled] .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe ~ Scan Keys in 00mn 00s ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\WINDOWS\system32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll ~ Scan Keys in 00mn 00s ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.) ~ Scan CSB in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ Scan IFEO in 00mn 00s ---\\ MountPoints2 Shell Key (MPKS) (O51) (None) ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec de áudio DSP Group TrueSpeech para MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Unknown owner - ffdshow VFW.) -- C:\WINDOWS\system32\ff_vfw.dll O52 - TDSD: \Drivers32\"VIDC.LAGS"="lagarith.dll" . (.Unknown owner - Lagarith.) -- C:\WINDOWS\system32\lagarith.dll O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (...) -- C:\WINDOWS\system32\xvidvfw.dll O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\system32\ac3acm.acm O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\system32\lameACM.acm O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Unknown owner - ffdshow VFW.) -- C:\WINDOWS\system32\ff_vfw.dll O52 - TDSD: \drivers.desc\"lagarith.dll"="Lagarith lossless codec" . (.Unknown owner - Lagarith.) -- C:\WINDOWS\system32\lagarith.dll O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\WINDOWS\system32\ac3acm.acm ~ Scan Keys in 00mn 00s ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe ~ Scan SMSR Keys in 00mn 00s ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnablELUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktop"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDesktop"=0 ~ Scan Keys in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.BDECE634F62B3656DE73D51CA8EA32A9] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\WINDOWS\system32\Drivers\360FileOem.sys [146304] O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 02/03/2006 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032] ~ Scan Drivers in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe ~ Scan Keys in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.) ~ Scan Keys in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com O69 - SBI: SearchScopes [HKCU] {37454FE4-9189-46BF-B2D2-BD3DDC2987D7} - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {70BA3E6B-1059-2266-0B2C-40E4A85231B8} - (Yahoo!) - http://www.ddlstart.com O69 - SBI: SearchScopes [HKCU] {B9D6196F-6B6D-4D49-B265-32197268F5D3} - (Google) - http://www.google.com ~ Scan Keys in 00mn 00s ---\\ Search Svchost Services (SSS) (O83) O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\WINDOWS\system32\appmgmts.dll [172032] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496] O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [77824] O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464] O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Dll do serviço do Gerenciador de discos lógicos.) -- C:\WINDOWS\system32\dmserver.dll [23552] O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Serviço do Cliente DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll [126976] O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040] O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - No comment.) -- C:\WINDOWS\system32\es.dll [246272] O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: HidServ (HidServ) . (...) -- C:\WINDOWS\system32\hidserv.dll [0] O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [96768] O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [132096] O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792] O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gerenciador de conexões de rede.) -- C:\WINDOWS\system32\netman.dll [198144] O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll [247808] O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gerenciador de armazenamento removível.) -- C:\WINDOWS\system32\ntmssvc.dll [437248] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248] O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Mecanismo do 'Agendador de tarefas'.) -- C:\WINDOWS\system32\schedsvc.dll [193536] O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\WINDOWS\system32\seclogon.dll [18944] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\WINDOWS\system32\ipnathlp.dll [331264] O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Serviço de restauração do sistema.) -- C:\WINDOWS\system32\srsvc.dll [171520] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\WINDOWS\system32\tapisrv.dll [249856] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112] O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\WINDOWS\system32\w32time.dll [176128] O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Serviço de configuração zero sem fio.) -- C:\WINDOWS\system32\wzcsvc.dll [483840] O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API de base do Windows 32 avançada.) -- C:\WINDOWS\system32\advapi32.dll [683520] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408] O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896] O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024] O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Tempo de Execução de Serviço de Agente de Quarentena.) -- C:\WINDOWS\system32\qagentrt.dll [292864] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\WINDOWS\system32\kmsvc.dll [61440] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\WINDOWS\system32\qmgr.dll [409088] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400] O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\MsPMSNSv.dll [25088] ~ Scan Services in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.00B555E48E8A348BEED5DE7F5DEFB6E5] [sPRF][03/11/2011] (...) -- C:\Documents and Settings\f003589\Desktop\Folder2Iso.exe [1124352] [MD5.6DF385C25C1329E95107C5E22645E194] [sPRF][03/09/2012] (.Unknown owner - g3n-h@ckm@n.) -- C:\Documents and Settings\f003589\Desktop\winlogon0.exe [1888651] [MD5.E897110EE5E67FABB83B154DF9C68D6A] [sPRF][04/09/2012] (...) -- C:\Documents and Settings\f003589\Desktop\ZHPDiag_silent.exe [794216] [MD5.AE326A97F634217CAC29739D376DF934] [sPRF][15/08/2011] (...) -- C:\Documents and Settings\f003589\Desktop\ZHP_uninstall.exe [344187] ~ Scan Files in 00mn 00s ---\\ Additionnal Scan (O88) Database Version : 9170 - (25/06/2012) Clés trouvées (Keys found) : 10 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell =>Hijack.Shell.Gen [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Adware.MyWebSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKCU\Software\Zugo] =>Adware.Zugo C:\Documents and Settings\f003589\Dados de aplicativos\Babylon =>Toolbar.Babylon ~ Scan Additionnel in 00mn 04s ---\\ Router Hijack DNS (O89) (None) ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 31/08/2012 250568 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 0 | C:\WINDOWS\system32\AppleChargerSrv.exe (AppleChargerSrv) . (...) - c:\system32\AppleChargerSrv.exe SR - | Auto 21/08/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Auto 30/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 30/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 01/06/2012 182768 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Arquivos de programas\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 28/08/2012 153584 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe SR - | Auto 05/10/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\LMS\LMS.exe SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe SR - | Auto 31/05/2012 1726216 | (PSafeLockBoxSvc) . (.PSafe.) - C:\Arquivos de programas\PSafe\PSafeCategoryFinder.exe SR - | Auto 31/05/2012 1733896 | (PSafeSVC) . (.PSafe S/A.) - C:\Arquivos de programas\PSafe\PSafesvc.exe SR - | Auto 05/10/2010 2655768 | (UNS) . (.Intel Corporation.) - C:\Arquivos de programas\Intel\Intel® Management Engine Components\UNS\UNS.exe ~ Scan Services in 00mn 02s ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by f003589 at 04/09/2012 07:27:01 ~ Scan MBR in 00mn 02s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by f003589 at 04/09/2012 07:27:03 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ Scan MBR in 00mn 04s End of the scan (1035 lines in 00mn 39s)(0) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 4, 2012 Bom Dia! Edvan Edvan, em 04 setembro 2012 - 07:32 , disse:Ao executar o ZHP_uninstall, gerou esse link logo abaixo, e um relatório que também foi postado. link: http://pjjoint.malek...4_z15j12d6x10p8 P.S: se trata do mesmo log? |- Não vi diferenças! Mas utilizarei a ferramenta ZHPComp,de Nicolas Coolman,para confirmar. ---\\ Windows Product Information~ Langage: Anglais Windows XP Professional Service Pack 3 (Build 2600) Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK Windows Genuine Advantage : KO |- Aqui está indicando software de proteção desabilitado e Windows XP,possuindo cópia não original! -/- |- Feche programas/pastas que estejam abertos. |- Feche,também,o navegador! |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador. |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas". O44 - LFC:[MD5.951D5EFF1B2D2A6E743ADF173BD921A7] - 03/09/2012 - 11:46:25 ---A- . (...) -- C:\hijackthis.log [8526]O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}] [HKCU\Software\Zugo] => Infection Diverse (Adware.Zugo) [HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj) [HKLM\Software\Babylon] => Infection BT (Toolbar.Babylon) [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (Adware.MyWebSearch) [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon) [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B}] => Infection BT (Toolbar.Babylon) [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon) [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon) [HKCU\Software\Zugo] => Infection Diverse (Adware.Zugo) C:\Documents and Settings\f003589\Dados de aplicativos\Babylon proxyfix emptytemp emptyflash firewallraz sysrestore |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C" |- Minimize o Bloco de Notas. |- Clique no menu,"Paste ClipBoard". |- Clique em "GO" -> Oui. |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento. |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Setembro 4, 2012 Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012 Fichier d'export Registre : Run by f003589 at 04/09/2012 10:18:25 Windows XP Professional Service Pack 3 (Build 2600) Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html Web site : http://nicolascoolman.skyrock.com/ ========== Registry Key ========== DELETED Key*: SearchScopes :{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} DELETED Key*: HKCU\Software\Zugo DELETED Key*: HKLM\Software\360Safe DELETED Key*: HKLM\Software\Babylon NOT FOUND Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} DELETED Key*: HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} ========== Registry Value ========== NOT FOUND [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell ProxyFix : Proxy killed successfully DELETED ProxyServer Value DELETED ProxyEnable Value DELETED EnableHttp1_1 Value DELETED ProxyHttp1.1 Value DELETED ProxyOverride Value DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe DELETED FirewallRaz (SP) : C:\Arquivos de programas\BitComet\BitComet.exe DELETED FirewallRaz (SP) : C:\Arquivos de programas\Bonjour\mDNSResponder.exe DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe No Value in Firewall Exception Register Key (FirewallRaz) ========== Repertory ========== DELETED Folder: c:\documents and settings\f003589\dados de aplicativos\babylon DELETED Window Temporary: DELETED Flash Cookies: ========== File ========== DELETED File: c:\hijackthis.log DELETED Window Temporary: DELETED Flash Cookies: ========== Restoration ========== Restore System Point not created ========== Summary ========== 11 : Registry Key 14 : Registry Value 3 : Repertory 3 : File 1 : Restoration End of clean in 00mn 05s ========== Report File ========== C:\ZHP\ZHPFix[R1].txt - 04/09/2012 10:18:25 [2579] Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 4, 2012 Bom Dia! Edvan |- Como está o XP. Tudo Ok? |- Baixe: < > ( ... par Xplode ) |- Ao acessar,clique na imagem: < > |- Salve-o no desktop! |- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador". |- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression". |- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Setembro 4, 2012 Olá amigo! Não estou conseguindo fazer o download do dwcleaner.exe! :ermm: Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 4, 2012 Olá amigo! Não estou conseguindo fazer o download do dwcleaner.exe! :ermm: Olá! Edvan |- Tentou mudar de navegador,ao realizar o download? Testei aqui no meu Firefox,e não tive problemas. Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Setembro 4, 2012 Estranho tive que reiniciar a maquina pois nao estava conseguindo abrir o log do AdwCleaner. # AdwCleaner v2.000 - Logfile created 09/04/2012 at 10:46:48 # Updated 30/08/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : f003589 - SUPORTE # Boot Mode : Normal # Running from : C:\Documents and Settings\f003589\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\user.js Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] ************************* AdwCleaner[s1].txt - [1062 octets] - [04/09/2012 10:46:48] ########## EOF - C:\AdwCleaner[s1].txt - [1122 octets] ########## ha!! o winlogon0 iniciou automaticamente, está scaneando nesse exato momento. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 4, 2012 Bom Dia! Edvan ha!! o winlogon0 iniciou automaticamente, está scaneando nesse exato momento. |- Ótimo! Quem sabe,desta vez,o log venha completo e limpo! |- Poste-o,portanto,para alguma averiguação. Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Setembro 4, 2012 Opa!! desculpe a demora. Travou o scan na metade e nao concluiu, reiniciei a maquina, desabilitei o avast e tentei executar novamente, mais fica nessa tela: Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 4, 2012 Olá! Edvan |- Esta solicitação,ao script,seria mais adequado,caso o relatório estivesse completo. txt:: c:\boot.ini Driver:: Bonjour Service 40:: reboot:: |- Não vejo fortes motivos para realizá-lo! |- Caso queira,vai aqui algumas instruções que determinará se ocorreu backups e ações quanto ao Bonjour e integridade do boot.ini. |- Selecione e copie estas informações que estão no code. |- Clique na guia script e dê início à ferramenta,caso não inicie automáticamente. |- Não esqueça de colar,no campo,as informações que foram copiadas. |- Poste o relatório! ( Pre_Script.txt ) Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Setembro 4, 2012 Estou saindo agora, mais tarde dou continuidade, gerou esse log aqui: ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.0901 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ f003589 : Microsoft Windows XP (32 bits) Switchs : http://gen-hackman.forum-pro.fr/t89-les-switchs Script : 11:54:12 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤ | Deletion | Drivers | Services Service : Bonjour Service Not actif ¤ ¤¤¤¤¤¤¤¤¤¤ | Edition : c:\boot.ini ; ;Warning: Boot.ini is used on Windows XP and earlier operating systems. ;Warning: Use BCDEDIT.exe to modify Windows Vista boot options. ; [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT ¤ ¤¤¤¤¤¤¤¤¤¤ | Quarantine C:\Pre_Scan\Quarantine\-_7eavrf.dll.P_S C:\Pre_Scan\Quarantine\0u7pn43l.dll.P_S C:\Pre_Scan\Quarantine\11104982_Setup.EXE.P_S C:\Pre_Scan\Quarantine\6.0.P_S C:\Pre_Scan\Quarantine\73f3fdbd-3ceb-4f98-8d11-1c2346ee5dca.exe.P_S C:\Pre_Scan\Quarantine\ASK11.tmp.P_S C:\Pre_Scan\Quarantine\AVASTEMUPDATE.EXE-130514FA.pf.P_S C:\Pre_Scan\Quarantine\AVASTUI.EXE-34BA94C8.pf.P_S C:\Pre_Scan\Quarantine\ca_7.tmp.P_S C:\Pre_Scan\Quarantine\ca_8.tmp.P_S C:\Pre_Scan\Quarantine\CHROME.EXE-3006C925.pf.P_S C:\Pre_Scan\Quarantine\CHROME.EXE-3006C928.pf.P_S C:\Pre_Scan\Quarantine\CHROME.EXE-3006C92C.pf.P_S C:\Pre_Scan\Quarantine\CHROME.EXE-3006C931.pf.P_S C:\Pre_Scan\Quarantine\CHROME.EXE-3006C932.pf.P_S C:\Pre_Scan\Quarantine\CMD.EXE-087B4001.pf.P_S C:\Pre_Scan\Quarantine\CTFMON.EXE-0E17969B.pf.P_S C:\Pre_Scan\Quarantine\cuv9enzu.dll.P_S C:\Pre_Scan\Quarantine\Dc1.P_S C:\Pre_Scan\Quarantine\Dc1.zip.P_S C:\Pre_Scan\Quarantine\Dc2.pps.P_S C:\Pre_Scan\Quarantine\Dc2.P_S C:\Pre_Scan\Quarantine\Dc3.docx.P_S C:\Pre_Scan\Quarantine\Dc3.pps.P_S C:\Pre_Scan\Quarantine\Dc4.exe.P_S C:\Pre_Scan\Quarantine\Dc4.P_S C:\Pre_Scan\Quarantine\Dc5.exe.P_S C:\Pre_Scan\Quarantine\DEFRAG.EXE-273F131E.pf.P_S C:\Pre_Scan\Quarantine\desktop.ini.P_S C:\Pre_Scan\Quarantine\DFRGNTFS.EXE-269967DF.pf.P_S C:\Pre_Scan\Quarantine\FLASHPLAYERUPDATESERVICE.EXE-34BC5027.pf.P_S C:\Pre_Scan\Quarantine\FUNPEC.EXE-0C5E44B0.pf.P_S C:\Pre_Scan\Quarantine\GOOGLECRASHHANDLER.EXE-2CDC40A7.pf.P_S C:\Pre_Scan\Quarantine\GOOGLETOOLBARNOTIFIER.EXE-0F59580A.pf.P_S C:\Pre_Scan\Quarantine\GOOGLEUPDATE.EXE-19D08292.pf.P_S C:\Pre_Scan\Quarantine\GOOGLEUPDATERSERVICE.EXE-041510AA.pf.P_S C:\Pre_Scan\Quarantine\HiJackThis.exe.P_S C:\Pre_Scan\Quarantine\HKCMD.EXE-1D05234B.pf.P_S C:\Pre_Scan\Quarantine\IASTORICON.EXE-31B4E8D7.pf.P_S C:\Pre_Scan\Quarantine\IEXPLORE.EXE-2B53DE18.pf.P_S C:\Pre_Scan\Quarantine\IGFXSRVC.EXE-2FB63FE8.pf.P_S C:\Pre_Scan\Quarantine\IGFXTRAY.EXE-3391579A.pf.P_S C:\Pre_Scan\Quarantine\IMAPI.EXE-0BF740A4.pf.P_S C:\Pre_Scan\Quarantine\INFO2.P_S C:\Pre_Scan\Quarantine\jre-6u35-windows-i586-iftw.exe.P_S C:\Pre_Scan\Quarantine\JUSCHED.EXE-153A82FA.pf.P_S C:\Pre_Scan\Quarantine\LMS.EXE-26A0668B.pf.P_S C:\Pre_Scan\Quarantine\MSFEEDSSYNC.EXE-25E13438.pf.P_S C:\Pre_Scan\Quarantine\NMBGMONITOR.EXE-0E825204.pf.P_S C:\Pre_Scan\Quarantine\NMINDEXINGSERVICE.EXE-36A00300.pf.P_S C:\Pre_Scan\Quarantine\NMINDEXSTORESVR.EXE-2B439C8B.pf.P_S C:\Pre_Scan\Quarantine\READER_SL.EXE-31DF7149.pf.P_S C:\Pre_Scan\Quarantine\REGSVR32.EXE-25EEFE2F.pf.P_S C:\Pre_Scan\Quarantine\RTHDCPL.EXE-06918CFA.pf.P_S C:\Pre_Scan\Quarantine\RUNDLL32.EXE-147710F4.pf.P_S C:\Pre_Scan\Quarantine\SMSS.EXE-32BEC7FD.pf.P_S C:\Pre_Scan\Quarantine\SPOOLSV.EXE-282F76A7.pf.P_S C:\Pre_Scan\Quarantine\tmpD.tmp.P_S C:\Pre_Scan\Quarantine\TrueImageHomeInstall.exe.P_S C:\Pre_Scan\Quarantine\USERINIT.EXE-30B18140.pf.P_S C:\Pre_Scan\Quarantine\VERCLSID.EXE-3667BD89.pf.P_S C:\Pre_Scan\Quarantine\VGX46.tmp.P_S C:\Pre_Scan\Quarantine\VGX47.tmp.P_S C:\Pre_Scan\Quarantine\VGX8.tmp.P_S C:\Pre_Scan\Quarantine\VGX9.tmp.P_S C:\Pre_Scan\Quarantine\VGXA.tmp.P_S C:\Pre_Scan\Quarantine\VGXB.tmp.P_S C:\Pre_Scan\Quarantine\VGXC.tmp.P_S C:\Pre_Scan\Quarantine\VGXD.tmp.P_S C:\Pre_Scan\Quarantine\WINLOGON.EXE-0F12DA09.pf.P_S C:\Pre_Scan\Quarantine\WINLOGON0.EXE-1DE16447.pf.P_S C:\Pre_Scan\Quarantine\WMIPRVSE.EXE-28F301A9.pf.P_S C:\Pre_Scan\Quarantine\WUAUCLT.EXE-399A8E72.pf.P_S Fin : 11:54:13 ¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤ Um abraço. :thumbsup: Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 4, 2012 Olá! Edvan Estou saindo agora, mais tarde dou continuidade, gerou esse log aqui: |- Ok! Não vi nada de fundamental e que necessite ser restaurado,do que está quarantinado pela ferramenta Pre_Scan. |- Caso queira manter esses objetos em quarentena,fica à seu critério. |- Seus logs estão limpos! -/- |- Baixe: |DelFix| ( ... de Xplode ) |- Estando na página,clique na seta verde para o download. ( Seta verde! ) |- Salve-a em um local conveniente! ( desktop! ) |- Feche aplicativos que estejam abertos. |- Clique em "Suppression". -/- |- Tudo Ok? Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Setembro 4, 2012 Está tudo ok amigo, logo logo estarei abrindo um novo tópico, pois como falei, foram duas maquinas que executaram esse arquivo malicioso. Pode fechar esse tópico! :thumbsup: Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 4, 2012 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
