[Resolvido] &nbspLog para analise

[Edvan 30]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:00:32, on 14/11/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Barra de aplicativos da ALOT Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O3 - Toolbar: Barra de aplicativos da ALOT - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Arquivos de programas\alotappbar\bin\ALOTHelper.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [upgrade.exe] C:\win7xe\upgrade.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

 

--

End of file - 6724 bytes

 

 

-----\\-------

 

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

 

Versão da Base de Dados: v2012.11.14.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f003407 :: FUN0085 [administrador]

 

14/11/2012 11:02:26

mbam-log-2012-11-14 (11-02-26).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 324785

Tempo decorrido: 1 hora(s), 52 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 2

C:\Documents and Settings\f003407\Meus documentos\Downloads\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

C:\RECYCLER\S-1-5-21-2586132527-314635491-3328972525-21374\Dc497.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

 

(fim)

 

 

=======\\==========

 

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

 

Versão da Base de Dados: v2012.11.14.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

f003407 :: FUN0085 [administrador]

 

14/11/2012 09:51:01

mbam-log-2012-11-14 (09-51-01).txt

 

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 270913

Tempo decorrido: 9 minuto(s), 27 segundo(s)

 

Processos de Memória Detectados: 2

C:\win7xe\win7.exe (Trojan.Banker) -> 2440 -> Será deletado na próxima inicialização.

C:\win7xe\win32.exe (Trojan.Banker) -> 2408 -> Será deletado na próxima inicialização.

 

Módulos de Memória Detectados: 2

C:\win7xe\icudt.dll (Trojan.Banker) -> Será deletado na próxima inicialização.

C:\win7xe\libcef.dll (Trojan.Banker) -> Será deletado na próxima inicialização.

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|win7.exe (Trojan.Banker) -> Data: C:\win7xe\win7.exe -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|win32.exe (Trojan.Banker) -> Data: C:\win7xe\win32.exe -> Enviado para a Quarentena e deletado com sucesso.

 

Itens de Dados no Registro Detectadas: 2

HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 13

C:\Documents and Settings\f003407\Desktop\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.

C:\Documents and Settings\f003407\Meus documentos\Downloads\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita.

C:\Documents and Settings\f003407\Meus documentos\Downloads\Nota_Fiscal.PDF.Cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

c:\documents and settings\f003407\meus documentos\downloads\nota_fiscal_eletronica.pdf (1).cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

c:\documents and settings\f003407\meus documentos\downloads\nota_fiscal_eletronica.pdf.cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f003407\My Documents\Downloads\84xd (Backdoor.Bot) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\f003407\My Documents\Downloads\84xd(1) (Backdoor.Bot) -> Enviado para a Quarentena e deletado com sucesso.

C:\win7xe\icudt.dll (Trojan.Banker) -> Será deletado na próxima inicialização.

C:\win7xe\libcef.dll (Trojan.Banker) -> Será deletado na próxima inicialização.

C:\win7xe\id.sys (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

C:\win7xe\up.exe (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso.

C:\win7xe\win7.exe (Trojan.Banker) -> Será deletado na próxima inicialização.

C:\win7xe\win32.exe (Trojan.Banker) -> Será deletado na próxima inicialização.

 

(fim)

 

=========\\\=============

 

# AdwCleaner v2.007 - Logfile created 11/14/2012 at 10:16:10

# Updated 06/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : f003407 - FUN0085

# Boot Mode : Normal

# Running from : C:\Documents and Settings\f003407\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Arquivos de programas\DealPly

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\Software\DealPly

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

*************************

 

AdwCleaner[s2].txt - [1352 octets] - [14/11/2012 10:16:10]

 

########## EOF - C:\AdwCleaner[s2].txt - [1412 octets] ##########

 

ComboFix 12-11-14.01 - f003407 14/11/2012 14:24:42.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1014.551 [GMT -2:00]

Executando de: c:\documents and settings\f003407\Desktop\Ferramentas para Diagn¾stico\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\arquivos de programas\alotappbar

c:\arquivos de programas\alotappbar\alotUninst.exe

c:\arquivos de programas\alotappbar\bin\alotappbar.dll

c:\arquivos de programas\alotappbar\bin\alothelper.dll

c:\arquivos de programas\alotappbar\bin\alotwidgets.exe

c:\arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll

c:\windows\system\chron32.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))

.

.

2012-11-14 15:59 . 2012-11-14 15:59 388608 ----a-w- C:\HiJackThis.exe

2012-11-14 11:48 . 2012-09-29 21:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-01 11:42 . 2012-11-01 11:42 -------- d-----w- c:\arquivos de programas\Mozilla Maintenance Service

2012-11-01 09:57 . 2012-11-01 09:57 -------- d-----w- c:\documents and settings\f003407\Configurações locais\Dados de aplicativos\Deployment

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-30 22:51 . 2011-09-06 11:34 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2011-09-06 11:10 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2011-09-06 11:10 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-30 22:51 . 2011-09-06 11:10 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2011-09-06 11:10 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-30 22:51 . 2011-09-06 11:10 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-30 22:51 . 2011-09-06 11:10 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2011-09-06 11:10 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-30 22:51 . 2011-09-06 11:34 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2011-09-06 11:10 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-10 18:35 . 2012-03-30 10:47 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-10 18:35 . 2011-09-12 12:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-28 15:18 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:18 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:18 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2006-03-02 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-23 06:27 . 2006-03-02 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27 . 2004-08-04 00:40 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-11-05 07:32 . 2011-11-18 12:07 134104 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 18:57 948672 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 11:58 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2012-02-02 15:55 3209216 ----a-w- c:\arquivos de programas\Ares\Ares.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker]

2008-12-11 16:45 114688 ----a-w- c:\arquivos de programas\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2009-10-28 15:07 33685504 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2008-11-12 13:04 173592 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2008-11-12 13:05 141336 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 19:30 249856 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-11 19:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2008-11-12 13:05 141336 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 17:02 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2011-09-06 13:16 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/09/2011 09:34 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/09/2011 09:10 361032]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2011 09:10 21256]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05/09/2011 18:42 1425280]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:35]

.

2012-11-14 c:\windows\Tasks\avast! Emergency Update.job

- c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-11-14 22:50]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-09-06 13:15]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-09-06 13:15]

.

2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{21063433-55B2-4AD2-B1C5-5B4ADC85930D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{521C2DBE-7C63-4EC0-8328-91EDAE8FDF5A}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{DD86A12D-8F58-4DE1-92CF-DA89FC798347}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.4.65.16

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\f003407\Dados de aplicativos\Mozilla\Firefox\Profiles\4ttxy0nj.default\

FF - prefs.js: network.proxy.type - 2

user_pref('extensions.dealply.partner', 'vn');

user_pref('extensions.dealply.channel', 'dpknlg4');

user_pref('extensions.dealply.installId', 'v23600221916417293635812012040911205417');

user_pref('extensions.dealply.installIdSource', 'inst');

user_pref('extensions.dealply.sampleGroup', '7');

FF - user.js: extensions.autoDisableScopes - 14//iBryte

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll

Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\arquivos de programas\alotappbar\bin\ALOTHelper.dll

MSConfigStartUp-upgrade - c:\win7xe\upgrade.exe

AddRemove-alotAppbar - c:\arquivos de programas\alotappbar\alotUninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-14 14:34

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0BCD4392EE8F0E114A5A8BCAF6798BE8\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\68AB67CA7DA76401B7448A0100000030\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="READER8;[1]"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'explorer.exe'(3424)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-11-14 14:39:30 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-11-14 16:39

.

Pré-execução: 8 pasta(s) 115.728.916.480 bytes disponíveis

Pós execução: 10 pasta(s) 116.620.980.224 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - DA240A636119F6C5D2654388214CA369

[DigRam 144]

Boa Tarde! Edvan

 

|- Após a execução destas ferramentas o problema foi resolvido?

 

-/-

 

|- Baixe: < > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

 

 

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

 

 

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

 

Abs!

[Edvan 30]

OBS: Não está mais mandando e-mails infectados para os contatos da dona deste pc.

 

P.S: A ferramenta combofix pode ser utilizada assim como o Malwarebytes nas maquinas que estão contaminadas? ou é uma ferramenta que tem que passar sobe orientação de vcs analistas?

 

 

Link http://pjjoint.malekal.com/files.php?read=ZHPDiag_20121116_b6x11c15l14y11

 

 

Rapport de ZHPDiag v1.31.31 par Nicolas Coolman, Update du 19/10/2012

Run by f003407 at 16/11/2012 08:20:36

Web site : http://nicolascoolman.skyrock.com/

State :

UAC : Not Found or deactivate by user

 

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

MFIE: Mozilla Firefox 8.0 v8.0

GCIE: Google Chrome v23.0.1271.64

 

---\\ Windows Product Information

~ Langage: Anglais

Windows XP Professional Service Pack 3 (Build 2600)

Windows Automatic Updates : OK

Windows Genuine Advantage : OK

 

---\\ System Information

~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 1014 MB (46% free)

System Restore: Activé (Enable)

System drive C: has 108 GB (72%) free of 149 GB

 

---\\ Logged in mode

~ Computer Name: FUN0085

~ User Name: f003407

~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Administrador,

~ Unselected Option: O45,O61,O62,O65,O82

Logged in as Administrator

 

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Documents and Settings\f003407\Dados de aplicativos\

~ %Desktop% : C:\Documents and Settings\f003407\Desktop\

~ %Favorites% : C:\Documents and Settings\f003407\Favoritos\

~ %LocalAppData% : C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\

~ %StartMenu% : C:\Documents and Settings\f003407\Menu Iniciar\

~ %Windir% : C:\WINDOWS\

~ %System% : C:\WINDOWS\system32\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 108 Go of 149 Go)

 

 

 

---\\ Security Center & Tools Informations

~ UAC deactivate by user

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

~ Scan Security Center in 00mn 00s

 

 

 

---\\ Search Generic System Files

[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]

[MD5.DAD29C471442BFC0300C594ED9BE339B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.28/08/2012 - 12:18:58.) -- C:\WINDOWS\system32\wininet.dll [916992]

[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]

[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]

[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]

[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]

[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]

[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]

[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]

[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]

[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]

[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]

[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]

[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]

[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]

[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]

[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]

[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]

[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]

[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]

[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/04/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]

~ Scan Generic Processes in 00mn 00s

 

 

 

---\\ Hidden files state (Hidden/Total)

~ Mes images (My Pictures) : 2/111

~ Mes musiques (My Musics) : 1/3464

~ Mes Favoris (My Favorites) : 1/47

~ Mes Documents (My Documents) : 1/5505

~ Mon Bureau (My Desktop) : 0/1734

~ Menu demarrer (Programs) : 0/26

~ Scan Hidden Files in 00mn 22s

 

 

 

---\\ Running Processes

[MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [44808] [PID.]

[MD5.D87ACAED61E417BBA546CED5E7E36D9C] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632] [PID.]

[MD5.0A5709543986843D37A92290B7838340] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376] [PID.]

[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.]

[MD5.70EA13A41C0D9D31343EC203A629F801] - (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe [3209216] [PID.]

[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.]

[MD5.FEE2BA1AD38F457F418E82EA30724053] - (.Microsoft Corporation - Microsoft Feeds Synchronization.) -- C:\WINDOWS\system32\msfeedssync.exe [13312] [PID.]

[MD5.D8510C2D48496B6C336E816FD67AA0F7] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [1242136] [PID.]

[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [4297136] [PID.]

[MD5.E897110EE5E67FABB83B154DF9C68D6A] - (...) -- C:\Documents and Settings\f003407\Desktop\ZHPDiag_silent.exe [794216] [PID.]

[MD5.56873D899C0707AA017AA2D74EC190AE] - (...) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [3770368] [PID.]

[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.]

~ Scan Processes Running in 00mn 00s

 

 

 

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\buscape.xml

M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\mercadolivre.xml

M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\twitter.xml

M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\wikipedia-br.xml

M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\yahoo-br.xml

P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_31 for Mozilla browsers.) -- C:\Arquivos de programas\Java\jre6\bin\plugin2\npjp2.dll

P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.123\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.123\npGoogleUpdate3.dll

~ Scan Firefox Browser in 00mn 00s

 

 

 

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

~ Scan IE Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

 

 

 

---\\ Changed inifile Value, Mapped to Registry (F2)

F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

~ Scan Keys in 00mn 00s

 

 

 

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 1

 

 

 

---\\ Browser Helper Objects (O2)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key

O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} Orphean Key

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Orphean Key

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key

O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key

~ Scan BHO in 00mn 00s

 

 

 

---\\ Internet Explorer toolbars (O3)

O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- (.not file.)

O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (...) -- (.not file.)

~ Scan Toolbar in 00mn 00s

 

 

 

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe

O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21374\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21374\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21374\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe

~ Scan Application in 00mn 00s

 

 

 

---\\ Other User Links (O4)

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Adobe Reader 8.lnk . (.Adobe Systems Incorporated.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\avast! Free Antivirus.lnk . (.AVAST Software.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\HD ADeck.lnk . (.VIA Technologies, Inc..) -- C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MV RegClean 6.0.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.EXE

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\PDFCreator.lnk . (.-.) -- C:\Arquivos de programas\PDFCreator\PDFCreator.exe

O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\PC Inspector File Recovery.lnk . (...) -- C:\Arquivos de programas\Convar\PC Inspector File Recovery\Filerecovery.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Adobe Reader 8.lnk . (.Adobe Systems Incorporated.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\avast! Free Antivirus.lnk . (.AVAST Software.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\HD ADeck.lnk . (.VIA Technologies, Inc..) -- C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MV RegClean 6.0.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.EXE

O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\PDFCreator.lnk . (.-.) -- C:\Arquivos de programas\PDFCreator\PDFCreator.exe

O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\PC Inspector File Recovery.lnk . (...) -- C:\Arquivos de programas\Convar\PC Inspector File Recovery\Filerecovery.exe

~ Scan Global Startup in 00mn 00s

 

 

 

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe

~ Scan IE Extra Buttons in 00mn 00s

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll

~ Scan Winsock in 00mn 00s

 

 

 

---\\ 'Reset Web Settings' hijack (O14)

O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"

~ Scan IE Paramètres WEB in 00mn 00s

 

 

 

---\\ ActiveX Objects (Downloaded Program Files) (O16)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

~ Scan Objets ActiveX in 00mn 00s

 

 

 

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpNameServer = 10.4.65.16

O17 - HKLM\System\CCS\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpDomain = funpec.br

O17 - HKLM\System\CS1\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpNameServer = 10.4.65.16

O17 - HKLM\System\CS1\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpDomain = funpec.br

O17 - HKLM\System\CS3\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpNameServer = 10.4.65.16

O17 - HKLM\System\CS3\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpDomain = funpec.br

~ Scan Domain in 00mn 00s

 

 

 

---\\ Extra protocols (O18)

O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll

O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll

O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll

O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll

O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll

O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll

O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll

O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll

O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll

O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll

O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll

O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll

O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll

O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll

~ Scan Protocole Additionnel in 00mn 00s

 

 

 

---\\ AppInit_DLLs Registry value Autorun (O20)

O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll

O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll

O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll

O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll

O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll

O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notificações do Programa de Vantagens do Wi.) -- C:\WINDOWS\system32\WgaLogon.dll

O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll

~ Scan Winlogon in 00mn 00s

 

 

 

---\\ ShellServiceObjectDelayLoad (O21)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objeto de serviço do shell de Systray.) -- C:\WINDOWS\system32\stobject.dll

~ Scan SSODL in 00mn 00s

 

 

 

---\\ SharedTaskScheduler (O22)

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - (.not file.)

~ Scan STS/SSO in 00mn 00s

 

 

 

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)

O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

~ Scan Services in 00mn 00s

 

 

 

---\\ Windows Active Desktop & MHTML Editor (O24)

O24 - Desktop Component 0: Minha página inicial atual - file:About:Home

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

~ Scan Desktop Component in 00mn 00s

 

 

 

---\\

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

~ Scan Keys in 00mn 00s

 

 

 

---\\ Task Planned Automatically(039)

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\avast! Emergency Update.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{21063433-55B2-4AD2-B1C5-5B4ADC85930D}.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{521C2DBE-7C63-4EC0-8328-91EDAE8FDF5A}.job

O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{DD86A12D-8F58-4DE1-92CF-DA89FC798347}.job

[MD5.44C00A385CA9DBC1D5CF3781F8C26AEA] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[MD5.7F19838AC317C34FCED020BE529AF71E] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

~ Scan Scheduled Task in 00mn 00s

 

 

 

---\\ ActiveSetup Installed Components (O40)

O40 - ASIC: Atualização de Versão do Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} . (.Microsoft Corporation - IE Per User Active Setup Uninstall Utility.) -- C:\WINDOWS\system32\ieudinit.exe

O40 - ASIC: Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Utilitário de Instalação do Microsoft Windows Media Player.) -- C:\WINDOWS\inf\unregmp2.exe

O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\WINDOWS\system32\ie4uinit.exe.mui

O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\WINDOWS\system32\iedkcs32.dll

O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} . (.Microsoft Corporation - Windows NT User Data Migration Tool.) -- C:\WINDOWS\system32\shmgrate.exe

O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\regutils.dll

O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll

O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll

O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\WINDOWS\system32\themeui.dll

O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe

O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf

O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (...) -- C:\WINDOWS\INF\msmsgs.inf

O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\WINDOWS\system32\msieftp.dll

O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp.inf

O40 - ASIC: Catálogo de endereços 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe

O40 - ASIC: Atualização da área de trabalho do Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll

O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\WINDOWS\system32\ie4uinit.exe.mui

O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- c:\WINDOWS\system32\mscories.dll

O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.4 r402.) -- C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_287.ocx

O40 - ASIC: Installed Component - S-1-5-21-2586132527-314635491-3328972525-21374 - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -- Not Hexadécimal CLSID

O40 - ASIC: Installed Component - S-1-5-21-2586132527-314635491-3328972525-21374 - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -- Not Hexadécimal CLSID

~ Scan Active Setup in 00mn 00s

 

 

 

---\\ Drivers launched at startup (O41)

O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys

O41 - Driver: (AsIO) . (...) - C:\WINDOWS\system32\drivers\AsIO.sys

O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys

O41 - Driver: (i8042prt) . (.Microsoft Corporation - Driver de porta i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys

O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys

O41 - Driver: (intelppm) . (.Microsoft Corporation - Driver de dispositivo de processador.) - C:\WINDOWS\system32\DRIVERS\intelppm.sys

O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys

O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Driver de classe teclado.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys

O41 - Driver: (Mouclass) . (.Microsoft Corporation - Driver de classe modem.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys

O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS\netbios.sys

O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS\netbt.sys

O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERS\rasacd.sys

O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERS\rdbss.sys

O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

O41 - Driver: (redbook) . (.Microsoft Corporation - Redbook Audio Filter Driver.) - C:\WINDOWS\system32\DRIVERS\redbook.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\WINDOWS\system32\DRIVERS\serial.sys

O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS\tcpip.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS\termdd.sys

O41 - Driver: Controlador de vídeo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys

O41 - Driver: Windows Socket 2.0 Non-IFS Service Provider Support Environment (WS2IFSL) . (.Microsoft Corporation - Winsock2 IFS Layer.) - C:\WINDOWS\system32\drivers\ws2ifsl.sys

~ Scan Drivers in 00mn 00s

 

 

 

---\\ Software installed (O42)

O42 - Logiciel: ASUSUpdate - (.Unknown owner.) [HKLM] -- {587178E7-B1DF-494E-9838-FA4DD36E873C}

O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Reader 8.1.0 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A81000000003}

O42 - Logiciel: Adobe Reader 8.2.0 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A82000000003}

O42 - Logiciel: Ares 2.1.8 - (.Ares Development Group.) [HKLM] -- Ares

O42 - Logiciel: Arquivo do WinRAR - (.Unknown owner.) [HKLM] -- WinRAR archiver

O42 - Logiciel: Atualização de Segurança para Microsoft Windows (KB2564958) - (.Microsoft Corporation.) [HKLM] -- KB2564958

O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2510531) - (.Microsoft Corporation.) [HKLM] -- KB2510531-IE8

O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2544521) - (.Microsoft Corporation.) [HKLM] -- KB2544521-IE8

O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2675157) - (.Microsoft Corporation.) [HKLM] -- KB2675157-IE8

O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2699988) - (.Microsoft Corporation.) [HKLM] -- KB2699988-IE8

O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2722913) - (.Microsoft Corporation.) [HKLM] -- KB2722913-IE8

O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2744842) - (.Microsoft Corporation.) [HKLM] -- KB2744842-IE8

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2079403) - (.Microsoft Corporation.) [HKLM] -- KB2079403

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2115168) - (.Microsoft Corporation.) [HKLM] -- KB2115168

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2229593) - (.Microsoft Corporation.) [HKLM] -- KB2229593

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2296011) - (.Microsoft Corporation.) [HKLM] -- KB2296011

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2347290) - (.Microsoft Corporation.) [HKLM] -- KB2347290

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2360937) - (.Microsoft Corporation.) [HKLM] -- KB2360937

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2387149) - (.Microsoft Corporation.) [HKLM] -- KB2387149

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2393802) - (.Microsoft Corporation.) [HKLM] -- KB2393802

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2412687) - (.Microsoft Corporation.) [HKLM] -- KB2412687

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2419632) - (.Microsoft Corporation.) [HKLM] -- KB2419632

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2423089) - (.Microsoft Corporation.) [HKLM] -- KB2423089

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2440591) - (.Microsoft Corporation.) [HKLM] -- KB2440591

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2443105) - (.Microsoft Corporation.) [HKLM] -- KB2443105

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2476490) - (.Microsoft Corporation.) [HKLM] -- KB2476490

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2478960) - (.Microsoft Corporation.) [HKLM] -- KB2478960

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2478971) - (.Microsoft Corporation.) [HKLM] -- KB2478971

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2479943) - (.Microsoft Corporation.) [HKLM] -- KB2479943

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2481109) - (.Microsoft Corporation.) [HKLM] -- KB2481109

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2483185) - (.Microsoft Corporation.) [HKLM] -- KB2483185

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2485663) - (.Microsoft Corporation.) [HKLM] -- KB2485663

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2506212) - (.Microsoft Corporation.) [HKLM] -- KB2506212

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2507618) - (.Microsoft Corporation.) [HKLM] -- KB2507618

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2507938) - (.Microsoft Corporation.) [HKLM] -- KB2507938

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2508429) - (.Microsoft Corporation.) [HKLM] -- KB2508429

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2509553) - (.Microsoft Corporation.) [HKLM] -- KB2509553

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2535512) - (.Microsoft Corporation.) [HKLM] -- KB2535512

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2536276-v2) - (.Microsoft Corporation.) [HKLM] -- KB2536276-v2

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2544893-v2) - (.Microsoft Corporation.) [HKLM] -- KB2544893-v2

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2566454) - (.Microsoft Corporation.) [HKLM] -- KB2566454

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2570947) - (.Microsoft Corporation.) [HKLM] -- KB2570947

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2584146) - (.Microsoft Corporation.) [HKLM] -- KB2584146

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2585542) - (.Microsoft Corporation.) [HKLM] -- KB2585542

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2592799) - (.Microsoft Corporation.) [HKLM] -- KB2592799

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2598479) - (.Microsoft Corporation.) [HKLM] -- KB2598479

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2603381) - (.Microsoft Corporation.) [HKLM] -- KB2603381

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2618451) - (.Microsoft Corporation.) [HKLM] -- KB2618451

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2619339) - (.Microsoft Corporation.) [HKLM] -- KB2619339

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2620712) - (.Microsoft Corporation.) [HKLM] -- KB2620712

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2621440) - (.Microsoft Corporation.) [HKLM] -- KB2621440

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2624667) - (.Microsoft Corporation.) [HKLM] -- KB2624667

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2631813) - (.Microsoft Corporation.) [HKLM] -- KB2631813

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2633171) - (.Microsoft Corporation.) [HKLM] -- KB2633171

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2641653) - (.Microsoft Corporation.) [HKLM] -- KB2641653

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2646524) - (.Microsoft Corporation.) [HKLM] -- KB2646524

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2647518) - (.Microsoft Corporation.) [HKLM] -- KB2647518

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2653956) - (.Microsoft Corporation.) [HKLM] -- KB2653956

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2655992) - (.Microsoft Corporation.) [HKLM] -- KB2655992

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2659262) - (.Microsoft Corporation.) [HKLM] -- KB2659262

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2661637) - (.Microsoft Corporation.) [HKLM] -- KB2661637

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2676562) - (.Microsoft Corporation.) [HKLM] -- KB2676562

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2685939) - (.Microsoft Corporation.) [HKLM] -- KB2685939

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2686509) - (.Microsoft Corporation.) [HKLM] -- KB2686509

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2691442) - (.Microsoft Corporation.) [HKLM] -- KB2691442

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2695962) - (.Microsoft Corporation.) [HKLM] -- KB2695962

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2698365) - (.Microsoft Corporation.) [HKLM] -- KB2698365

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2705219) - (.Microsoft Corporation.) [HKLM] -- KB2705219

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2707511) - (.Microsoft Corporation.) [HKLM] -- KB2707511

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2709162) - (.Microsoft Corporation.) [HKLM] -- KB2709162

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2712808) - (.Microsoft Corporation.) [HKLM] -- KB2712808

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2718523) - (.Microsoft Corporation.) [HKLM] -- KB2718523

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2719985) - (.Microsoft Corporation.) [HKLM] -- KB2719985

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2723135) - (.Microsoft Corporation.) [HKLM] -- KB2723135

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2724197) - (.Microsoft Corporation.) [HKLM] -- KB2724197

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2727528) - (.Microsoft Corporation.) [HKLM] -- KB2727528

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2731847) - (.Microsoft Corporation.) [HKLM] -- KB2731847

O42 - Logiciel: Atualização de Segurança para Windows XP (KB2761226) - (.Microsoft Corporation.) [HKLM] -- KB2761226

O42 - Logiciel: Atualização de Segurança para Windows XP (KB923561) - (.Microsoft Corporation.) [HKLM] -- KB923561

O42 - Logiciel: Atualização de Segurança para Windows XP (KB946648) - (.Microsoft Corporation.) [HKLM] -- KB946648

O42 - Logiciel: Atualização de Segurança para Windows XP (KB950762) - (.Microsoft Corporation.) [HKLM] -- KB950762

O42 - Logiciel: Atualização de Segurança para Windows XP (KB950974) - (.Microsoft Corporation.) [HKLM] -- KB950974

O42 - Logiciel: Atualização de Segurança para Windows XP (KB951376-v2) - (.Microsoft Corporation.) [HKLM] -- KB951376-v2

O42 - Logiciel: Atualização de Segurança para Windows XP (KB952004) - (.Microsoft Corporation.) [HKLM] -- KB952004

O42 - Logiciel: Atualização de Segurança para Windows XP (KB952954) - (.Microsoft Corporation.) [HKLM] -- KB952954

O42 - Logiciel: Atualização de Segurança para Windows XP (KB954459) - (.Microsoft Corporation.) [HKLM] -- KB954459

O42 - Logiciel: Atualização de Segurança para Windows XP (KB956572) - (.Microsoft Corporation.) [HKLM] -- KB956572

O42 - Logiciel: Atualização de Segurança para Windows XP (KB956744) - (.Microsoft Corporation.) [HKLM] -- KB956744

O42 - Logiciel: Atualização de Segurança para Windows XP (KB956802) - (.Microsoft Corporation.) [HKLM] -- KB956802

O42 - Logiciel: Atualização de Segurança para Windows XP (KB956844) - (.Microsoft Corporation.) [HKLM] -- KB956844

O42 - Logiciel: Atualização de Segurança para Windows XP (KB958644) - (.Microsoft Corporation.) [HKLM] -- KB958644

O42 - Logiciel: Atualização de Segurança para Windows XP (KB959426) - (.Microsoft Corporation.) [HKLM] -- KB959426

O42 - Logiciel: Atualização de Segurança para Windows XP (KB960803) - (.Microsoft Corporation.) [HKLM] -- KB960803

O42 - Logiciel: Atualização de Segurança para Windows XP (KB960859) - (.Microsoft Corporation.) [HKLM] -- KB960859

O42 - Logiciel: Atualização de Segurança para Windows XP (KB961501) - (.Microsoft Corporation.) [HKLM] -- KB961501

O42 - Logiciel: Atualização de Segurança para Windows XP (KB969059) - (.Microsoft Corporation.) [HKLM] -- KB969059

O42 - Logiciel: Atualização de Segurança para Windows XP (KB970430) - (.Microsoft Corporation.) [HKLM] -- KB970430

O42 - Logiciel: Atualização de Segurança para Windows XP (KB971657) - (.Microsoft Corporation.) [HKLM] -- KB971657

O42 - Logiciel: Atualização de Segurança para Windows XP (KB972270) - (.Microsoft Corporation.) [HKLM] -- KB972270

O42 - Logiciel: Atualização de Segurança para Windows XP (KB973507) - (.Microsoft Corporation.) [HKLM] -- KB973507

O42 - Logiciel: Atualização de Segurança para Windows XP (KB973869) - (.Microsoft Corporation.) [HKLM] -- KB973869

O42 - Logiciel: Atualização de Segurança para Windows XP (KB973904) - (.Microsoft Corporation.) [HKLM] -- KB973904

O42 - Logiciel: Atualização de Segurança para Windows XP (KB974112) - (.Microsoft Corporation.) [HKLM] -- KB974112

O42 - Logiciel: Atualização de Segurança para Windows XP (KB974318) - (.Microsoft Corporation.) [HKLM] -- KB974318

O42 - Logiciel: Atualização de Segurança para Windows XP (KB974392) - (.Microsoft Corporation.) [HKLM] -- KB974392

O42 - Logiciel: Atualização de Segurança para Windows XP (KB974571) - (.Microsoft Corporation.) [HKLM] -- KB974571

O42 - Logiciel: Atualização de Segurança para Windows XP (KB975025) - (.Microsoft Corporation.) [HKLM] -- KB975025

O42 - Logiciel: Atualização de Segurança para Windows XP (KB975467) - (.Microsoft Corporation.) [HKLM] -- KB975467

O42 - Logiciel: Atualização de Segurança para Windows XP (KB975560) - (.Microsoft Corporation.) [HKLM] -- KB975560

O42 - Logiciel: Atualização de Segurança para Windows XP (KB975713) - (.Microsoft Corporation.) [HKLM] -- KB975713

O42 - Logiciel: Atualização de Segurança para Windows XP (KB977816) - (.Microsoft Corporation.) [HKLM] -- KB977816

O42 - Logiciel: Atualização de Segurança para Windows XP (KB977914) - (.Microsoft Corporation.) [HKLM] -- KB977914

O42 - Logiciel: Atualização de Segurança para Windows XP (KB978338) - (.Microsoft Corporation.) [HKLM] -- KB978338

O42 - Logiciel: Atualização de Segurança para Windows XP (KB978542) - (.Microsoft Corporation.) [HKLM] -- KB978542

O42 - Logiciel: Atualização de Segurança para Windows XP (KB978706) - (.Microsoft Corporation.) [HKLM] -- KB978706

O42 - Logiciel: Atualização de Segurança para Windows XP (KB979309) - (.Microsoft Corporation.) [HKLM] -- KB979309

O42 - Logiciel: Atualização de Segurança para Windows XP (KB979482) - (.Microsoft Corporation.) [HKLM] -- KB979482

O42 - Logiciel: Atualização de Segurança para Windows XP (KB979687) - (.Microsoft Corporation.) [HKLM] -- KB979687

O42 - Logiciel: Atualização de Segurança para Windows XP (KB981322) - (.Microsoft Corporation.) [HKLM] -- KB981322

O42 - Logiciel: Atualização de Segurança para Windows XP (KB981997) - (.Microsoft Corporation.) [HKLM] -- KB981997

O42 - Logiciel: Atualização de Segurança para Windows XP (KB982132) - (.Microsoft Corporation.) [HKLM] -- KB982132

O42 - Logiciel: Atualização de Segurança para Windows XP (KB982665) - (.Microsoft Corporation.) [HKLM] -- KB982665

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB2378111) - (.Microsoft Corporation.) [HKLM] -- KB2378111_WM9

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB952069) - (.Microsoft Corporation.) [HKLM] -- KB952069_WM9

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB954155) - (.Microsoft Corporation.) [HKLM] -- KB954155_WM9

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB973540) - (.Microsoft Corporation.) [HKLM] -- KB973540_WM9

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB975558) - (.Microsoft Corporation.) [HKLM] -- KB975558_WM8

O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB978695) - (.Microsoft Corporation.) [HKLM] -- KB978695_WM9

O42 - Logiciel: Atualização para Windows XP (KB2345886) - (.Microsoft Corporation.) [HKLM] -- KB2345886

O42 - Logiciel: Atualização para Windows XP (KB2641690) - (.Microsoft Corporation.) [HKLM] -- KB2641690

O42 - Logiciel: Atualização para Windows XP (KB2661254-v2) - (.Microsoft Corporation.) [HKLM] -- KB2661254-v2

O42 - Logiciel: Atualização para Windows XP (KB2718704) - (.Microsoft Corporation.) [HKLM] -- KB2718704

O42 - Logiciel: Atualização para Windows XP (KB2736233) - (.Microsoft Corporation.) [HKLM] -- KB2736233

O42 - Logiciel: Atualização para Windows XP (KB2749655) - (.Microsoft Corporation.) [HKLM] -- KB2749655

O42 - Logiciel: Atualização para Windows XP (KB898461) - (.Microsoft Corporation.) [HKLM] -- KB898461

O42 - Logiciel: Atualização para Windows XP (KB951978) - (.Microsoft Corporation.) [HKLM] -- KB951978

O42 - Logiciel: Atualização para Windows XP (KB955759) - (.Microsoft Corporation.) [HKLM] -- KB955759

O42 - Logiciel: Atualização para Windows XP (KB968389) - (.Microsoft Corporation.) [HKLM] -- KB968389

O42 - Logiciel: Atualização para Windows XP (KB971029) - (.Microsoft Corporation.) [HKLM] -- KB971029

O42 - Logiciel: Atualização para Windows XP (KB973687) - (.Microsoft Corporation.) [HKLM] -- KB973687

O42 - Logiciel: Atualização para Windows XP (KB973815) - (.Microsoft Corporation.) [HKLM] -- KB973815

O42 - Logiciel: Auslogics Disk Defrag - (.Auslogics Software Pty Ltd.) [HKLM] -- {DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1

O42 - Logiciel: BR - (.Corel Corporation.) [HKLM] -- {C57CD366-C6BE-45B5-B5C6-0424E506F1D0}

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: CorelDRAW Graphics Suite X3 - (.Corel Corporation.) [HKLM] -- {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}

O42 - Logiciel: FontNav - (.Corel Corporation.) [HKLM] -- {4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}

O42 - Logiciel: Foxit PDF Editor - (.Foxit Corporation.) [HKLM] -- Foxit PDF Editor

O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome

O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] -- {2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}

O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}

O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5

O42 - Logiciel: Hotfix para Windows XP (KB2633952) - (.Microsoft Corporation.) [HKLM] -- KB2633952

O42 - Logiciel: Hotfix para Windows XP (KB2756822) - (.Microsoft Corporation.) [HKLM] -- KB2756822

O42 - Logiciel: Hotfix para Windows XP (KB952287) - (.Microsoft Corporation.) [HKLM] -- KB952287

O42 - Logiciel: Hotfix para Windows XP (KB961118) - (.Microsoft Corporation.) [HKLM] -- KB961118

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI

O42 - Logiciel: Java 6 Update 31 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216031FF}

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

O42 - Logiciel: MV RegClean 6.0 - (.Unknown owner.) [HKLM] -- MV RegClean 6.0_is1

O42 - Logiciel: Malwarebytes Anti-Malware versão 1.65.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1

O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- ENTERPRISE

O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Mozilla Firefox 8.0 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 8.0 (x86 pt-BR)

O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService

O42 - Logiciel: Mozilla Thunderbird (5.0) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird (5.0)

O42 - Logiciel: Mozilla Thunderbird 16.0.2 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird 16.0.2 (x86 pt-BR)

O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}

O42 - Logiciel: Photo! Editor 1.0 - (.Unknown owner.) [HKLM] -- PhotoToolkit_is1

O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM] -- {C9BED750-1211-4480-B1A5-718A3BE15525}

O42 - Logiciel: Revo Uninstaller 1.93 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller

O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2604111

O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2657424

O42 - Logiciel: TeamViewer 7 - (.TeamViewer.) [HKLM] -- TeamViewer 7

O42 - Logiciel: Update Manager - (.Corel Corporation.) [HKLM] -- {F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}

O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

O42 - Logiciel: VBA - (.Corel Corporation.) [HKLM] -- {C94E45B0-6AA6-4FB9-9AAE-22085F631880}

O42 - Logiciel: VIA Gerenciador de dispositivo de plataforma - (.VIA Technologies, Inc..) [HKLM] -- InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}

O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify

O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8

O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service Pack

O42 - Logiciel: avast! Free Antivirus v7.0.1474.0 - (.AVAST Software.) [HKLM] -- avast

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AVAST Software]

[HKCU\Software\Ad-Remover]

[HKCU\Software\Adobe]

[HKCU\Software\Ares]

[HKCU\Software\Auslogics]

[HKCU\Software\Baixaki]

[HKCU\Software\Canon]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\Corel]

[HKCU\Software\FIXIO PC Utilities]

[HKCU\Software\Foxit Corporation]

[HKCU\Software\Google]

[HKCU\Software\InstallShield]

[HKCU\Software\Intel]

[HKCU\Software\JavaSoft]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\PDFCreator]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\Protexis]

[HKCU\Software\Sysinternals]

[HKCU\Software\TeamViewer]

[HKCU\Software\Thunderbird]

[HKCU\Software\VSRevoGroup]

[HKCU\Software\VicMan Software]

[HKCU\Software\Wget]

[HKCU\Software\WinRAR]

[HKCU\Software\Wow6432Node]

[HKCU\Software\Zylom]

[HKCU\Software\alotappbar]

[HKLM\Software\781]

[HKLM\Software\ALWIL Software]

[HKLM\Software\ASUS]

[HKLM\Software\AVAST Software]

[HKLM\Software\Adobe]

[HKLM\Software\AdwCleaner]

[HKLM\Software\Bitstream]

[HKLM\Software\C07ft5Y]

[HKLM\Software\Canon]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Corel]

[HKLM\Software\Foxit Software]

[HKLM\Software\Gemplus]

[HKLM\Software\Google]

[HKLM\Software\InstallShield]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Kodak]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\McAfee.com]

[HKLM\Software\Mozilla Thunderbird-BackupByThunderbirdPortable]

[HKLM\Software\Mozilla Thunderbird]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\ODBC]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\Program Groups]

[HKLM\Software\RTLSetup]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Schlumberger]

[HKLM\Software\Swearware]

[HKLM\Software\TeamViewer]

[HKLM\Software\TrendMicro]

[HKLM\Software\VIA Technologies, Inc]

[HKLM\Software\Windows 3.1 Migration Status]

[HKLM\Software\Wow6432Node]

[HKLM\Software\mozilla.org]

~ Scan Softwares in 00mn 00s

 

 

 

---\\ Contents of the Common Files folders (O43)

O43 - CFD: 06/09/2011 - 09:25:16 - [217,110] ----D C:\Arquivos de programas\Adobe

O43 - CFD: 06/09/2011 - 09:09:57 - [277,848] ----D C:\Arquivos de programas\Alwil Software

O43 - CFD: 10/05/2012 - 11:44:54 - [6,885] ----D C:\Arquivos de programas\Ares

O43 - CFD: 14/11/2012 - 14:28:04 - [237,064] ----D C:\Arquivos de programas\Arquivos comuns

O43 - CFD: 06/09/2011 - 09:37:22 - [9,087] ----D C:\Arquivos de programas\ASUS

O43 - CFD: 06/09/2011 - 09:23:04 - [8,967] ----D C:\Arquivos de programas\Auslogics

O43 - CFD: 06/09/2011 - 09:28:22 - [1,391] ---AD C:\Arquivos de programas\Canon

O43 - CFD: 06/09/2011 - 09:51:39 - [3,927] ----D C:\Arquivos de programas\CCleaner

O43 - CFD: 05/09/2011 - 18:14:30 - [0] ----D C:\Arquivos de programas\ComPlus Applications

O43 - CFD: 08/09/2011 - 17:17:22 - [6,869] ----D C:\Arquivos de programas\Convar

O43 - CFD: 22/03/2012 - 16:14:20 - [256,926] ----D C:\Arquivos de programas\Corel

O43 - CFD: 30/07/2012 - 12:27:44 - [6,476] ----D C:\Arquivos de programas\Foxit Software

O43 - CFD: 16/01/2012 - 15:18:15 - [0] ----D C:\Arquivos de programas\Google

O43 - CFD: 06/09/2011 - 09:37:20 - [9,811] --H-D C:\Arquivos de programas\InstallShield Installation Information

O43 - CFD: 05/09/2011 - 18:40:20 - [0,074] ----D C:\Arquivos de programas\Intel

O43 - CFD: 25/09/2012 - 13:04:20 - [4,317] ----D C:\Arquivos de programas\Internet Explorer

O43 - CFD: 15/02/2012 - 17:22:26 - [77,962] ----D C:\Arquivos de programas\Java

O43 - CFD: 14/11/2012 - 09:48:17 - [12,630] ----D C:\Arquivos de programas\Malwarebytes' Anti-Malware

O43 - CFD: 06/09/2011 - 09:23:24 - [2,536] ----D C:\Arquivos de programas\Marcos Velasco Security

O43 - CFD: 16/04/2012 - 08:18:55 - [2,048] ----D C:\Arquivos de programas\Messenger

O43 - CFD: 05/09/2011 - 18:17:33 - [0] ----D C:\Arquivos de programas\microsoft frontpage

O43 - CFD: 06/09/2011 - 09:19:19 - [324,745] ----D C:\Arquivos de programas\Microsoft Office

O43 - CFD: 06/09/2011 - 09:19:12 - [0,014] ----D C:\Arquivos de programas\Microsoft Visual Studio

O43 - CFD: 06/09/2011 - 09:19:36 - [3,032] ----D C:\Arquivos de programas\Microsoft Works

O43 - CFD: 16/04/2012 - 08:08:51 - [9,864] ----D C:\Arquivos de programas\Movie Maker

O43 - CFD: 19/10/2012 - 16:39:11 - [35,672] ----D C:\Arquivos de programas\Mozilla Firefox

O43 - CFD: 01/11/2012 - 09:42:52 - [0,212] ----D C:\Arquivos de programas\Mozilla Maintenance Service

O43 - CFD: 12/09/2011 - 09:06:05 - [32,225] ----D C:\Arquivos de programas\Mozilla Thunderbird

O43 - CFD: 17/04/2012 - 08:13:14 - [0,025] ----D C:\Arquivos de programas\MSBuild

O43 - CFD: 05/09/2011 - 18:14:09 - [8,340] ----D C:\Arquivos de programas\MSN Gaming Zone

O43 - CFD: 16/04/2012 - 08:08:09 - [0] ----D C:\Arquivos de programas\MSXML 4.0

O43 - CFD: 06/09/2011 - 08:31:15 - [3,131] ----D C:\Arquivos de programas\NetMeeting

O43 - CFD: 16/04/2012 - 08:09:13 - [4,155] ----D C:\Arquivos de programas\Outlook Express

O43 - CFD: 06/09/2011 - 09:26:13 - [21,438] ----D C:\Arquivos de programas\PDFCreator

O43 - CFD: 26/12/2011 - 13:22:43 - [15,839] ----D C:\Arquivos de programas\Photo!

O43 - CFD: 08/09/2011 - 11:49:18 - [10,634] ----D C:\Arquivos de programas\PowerDataRecovery

O43 - CFD: 05/09/2011 - 18:39:23 - [1,575] ----D C:\Arquivos de programas\Realtek

O43 - CFD: 17/04/2012 - 08:13:02 - [34,726] ----D C:\Arquivos de programas\Reference Assemblies

O43 - CFD: 05/09/2011 - 18:16:05 - [0,001] ----D C:\Arquivos de programas\Serviços on-line

O43 - CFD: 10/02/2012 - 17:38:34 - [22,228] ----D C:\Arquivos de programas\TeamViewer

O43 - CFD: 05/09/2011 - 18:21:46 - [0] --H-D C:\Arquivos de programas\Uninstall Information

O43 - CFD: 05/09/2011 - 18:42:59 - [34,751] ----D C:\Arquivos de programas\VIA

O43 - CFD: 10/02/2012 - 17:32:41 - [6,498] ----D C:\Arquivos de programas\VS Revo Group

O43 - CFD: 06/09/2011 - 08:32:45 - [3,367] ----D C:\Arquivos de programas\Windows Media Player

O43 - CFD: 06/09/2011 - 08:31:13 - [3,752] ----D C:\Arquivos de programas\Windows NT

O43 - CFD: 05/09/2011 - 18:16:09 - [0] --H-D C:\Arquivos de programas\WindowsUpdate

O43 - CFD: 05/09/2011 - 18:38:57 - [4,826] ----D C:\Arquivos de programas\WinRAR

O43 - CFD: 05/09/2011 - 18:17:33 - [0] ----D C:\Arquivos de programas\xerox

O43 - CFD: 16/11/2012 - 08:21:00 - [10,361] ----D C:\Arquivos de programas\ZHPDiag

O43 - CFD: 06/06/2012 - 17:41:50 - [11,942] ----D C:\Arquivos de programas\Arquivos comuns\Adobe

O43 - CFD: 22/03/2012 - 16:14:20 - [16,555] ----D C:\Arquivos de programas\Arquivos comuns\Corel

O43 - CFD: 22/03/2012 - 16:16:30 - [0,195] ----D C:\Arquivos de programas\Arquivos comuns\DESIGNER

O43 - CFD: 22/03/2012 - 16:16:50 - [4,648] ----D C:\Arquivos de programas\Arquivos comuns\InstallShield

O43 - CFD: 15/02/2012 - 17:23:01 - [1,201] ----D C:\Arquivos de programas\Arquivos comuns\Java

O43 - CFD: 22/03/2012 - 16:16:30 - [159,518] ----D C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

O43 - CFD: 05/09/2011 - 18:15:25 - [0,271] ----D C:\Arquivos de programas\Arquivos comuns\MSSoap

O43 - CFD: 05/09/2011 - 15:07:03 - [0] ----D C:\Arquivos de programas\Arquivos comuns\ODBC

O43 - CFD: 05/09/2011 - 18:15:28 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços

O43 - CFD: 05/09/2011 - 15:07:00 - [3,612] ----D C:\Arquivos de programas\Arquivos comuns\SpeechEngines

O43 - CFD: 06/09/2011 - 08:31:11 - [39,115] ----D C:\Arquivos de programas\Arquivos comuns\System

O43 - CFD: 01/11/2012 - 09:42:51 - [62,194] R-H-D C:\Documents and Settings\All Users\Dados de aplicativos

O43 - CFD: 14/11/2012 - 09:48:14 - [0,008] ----D C:\Documents and Settings\All Users\Desktop

O43 - CFD: 05/09/2011 - 18:14:54 - [527,014] R---D C:\Documents and Settings\All Users\Documentos

O43 - CFD: 05/09/2011 - 18:17:06 - [0,003] -SH-D C:\Documents and Settings\All Users\DRM

O43 - CFD: 05/09/2011 - 15:06:39 - [0] ----D C:\Documents and Settings\All Users\Favoritos

O43 - CFD: 06/09/2011 - 09:23:24 - [0,147] R---D C:\Documents and Settings\All Users\Menu Iniciar

O43 - CFD: 05/09/2011 - 15:06:39 - [0] --H-D C:\Documents and Settings\All Users\Modelos

O43 - CFD: 12/09/2011 - 10:35:44 - [1,643] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Adobe

O43 - CFD: 09/04/2012 - 12:40:23 - [0,301] ----D C:\Documents and Settings\f003407\Dados de aplicativos\alotappbar

O43 - CFD: 15/02/2012 - 17:23:10 - [3,316] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Auslogics

O43 - CFD: 22/03/2012 - 16:21:21 - [1,299] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Corel

O43 - CFD: 16/01/2012 - 15:19:13 - [0,057] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Google

O43 - CFD: 06/09/2011 - 10:49:31 - [0] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Identities

O43 - CFD: 12/09/2011 - 10:35:44 - [0,015] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Macromedia

O43 - CFD: 10/02/2012 - 16:20:43 - [34,033] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Malwarebytes

O43 - CFD: 09/04/2012 - 11:26:57 - [15,765] -S--D C:\Documents and Settings\f003407\Dados de aplicativos\Microsoft

O43 - CFD: 18/11/2011 - 10:07:55 - [12,386] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Mozilla

O43 - CFD: 12/09/2011 - 10:01:43 - [3,773] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Sun

O43 - CFD: 10/02/2012 - 17:38:42 - [0,152] ----D C:\Documents and Settings\f003407\Dados de aplicativos\TeamViewer

O43 - CFD: 12/09/2011 - 09:08:58 - [0,000] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Thunderbird

O43 - CFD: 27/06/2012 - 09:06:29 - [3,438] ----D C:\Documents and Settings\f003407\Dados de aplicativos\U3

O43 - CFD: 22/09/2011 - 18:47:02 - [0] ----D C:\Documents and Settings\f003407\Dados de aplicativos\WinRAR

O43 - CFD: 12/09/2011 - 12:11:08 - [12,179] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Adobe

O43 - CFD: 10/05/2012 - 11:03:21 - [0,057] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Ares

O43 - CFD: 01/11/2012 - 07:57:32 - [0] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Deployment

O43 - CFD: 28/09/2012 - 09:23:55 - [474,758] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Google

O43 - CFD: 13/09/2011 - 15:58:22 - [0,289] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Identities

O43 - CFD: 10/10/2012 - 09:05:06 - [88,450] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft

O43 - CFD: 13/09/2011 - 17:19:12 - [0] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft Help

O43 - CFD: 18/11/2011 - 10:07:55 - [52,281] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Mozilla

O43 - CFD: 15/10/2012 - 08:54:13 - [0,008] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Thunderbird

O43 - CFD: 09/04/2012 - 11:22:04 - [0,002] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Zoom_Downloader

O43 - CFD: 06/09/2011 - 10:49:32 - [0,014] R---D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Acessórios

O43 - CFD: 14/11/2012 - 14:20:48 - [0,000] R---D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Ferramentas administrativas

O43 - CFD: 05/09/2011 - 15:06:39 - [0,000] R---D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Inicializar

O43 - CFD: 10/02/2012 - 17:32:42 - [0,004] ----D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Revo Uninstaller

~ Scan Program Folder in 00mn 08s

 

 

 

---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.91885427826F422DF5B9D53CD9FF65F9] - 16/11/2012 - 07:14:25 ---A- . (...) -- C:\WINDOWS\setupapi.log [50832]

O44 - LFC:[MD5.631E7000D41AF4B438E551AA41648DB3] - 16/11/2012 - 07:12:47 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1285269]

O44 - LFC:[MD5.B07ED11A859A7E36F40EA645B85DAFAE] - 16/11/2012 - 07:12:12 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [13646]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/11/2012 - 07:11:55 ---A- . (...) -- C:\WINDOWS\0.log [0]

O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 16/11/2012 - 07:11:40 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]

O44 - LFC:[MD5.01FE0C95A4FB6D98EED4C2AFBF362435] - 16/11/2012 - 06:44:13 ---A- . (...) -- C:\WINDOWS\system32\FNTCACHE.DAT [198552]

O44 - LFC:[MD5.B29F17DB96564D59D9CB210154C56CD5] - 16/11/2012 - 06:43:21 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [31870]

O44 - LFC:[MD5.178A8B5175D4F145F49E550209531B14] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\comsetup.log [287767]

O44 - LFC:[MD5.39005FA2CE6BD719B2159C90BDF348BB] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\iis6.log [925023]

O44 - LFC:[MD5.CDC3F3218EE1492AA4DD0CCFCB4B8C45] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\imsins.log [1393]

O44 - LFC:[MD5.65EAEFAFD98ECCFC889612F61508BEE3] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [173474]

O44 - LFC:[MD5.4A04EB7B1C2587E132D25F406482FF1D] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\ocmsn.log [54040]

O44 - LFC:[MD5.531ECB4139D935A0BCF8AB0DB35BD7DC] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\tabletoc.log [43540]

O44 - LFC:[MD5.456FB71AB5C8AEC798237CF60A8F4EAD] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\tsoc.log [394944]

O44 - LFC:[MD5.D498CFC2FB99F369068F6C7F06AB07EE] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [865614]

O44 - LFC:[MD5.66C4D74720C6ECCDAC7695FEEB4916D6] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\KB2727528.log [11121]

O44 - LFC:[MD5.8E7914DC9B409F992B8AFCDD1069F2E4] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [59500]

O44 - LFC:[MD5.D5F00FBAA6841277978736490F39A27F] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\msgsocm.log [43260]

O44 - LFC:[MD5.2BEFFC5B93980B9720C7CB589428430B] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\msmqinst.log [269536]

O44 - LFC:[MD5.98592FCC3DECC19A0EEFE6E581F9B886] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\netfxocm.log [151620]

O44 - LFC:[MD5.242561AAA5D1F84A5292632B92021B7F] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\ocgen.log [413840]

O44 - LFC:[MD5.75CD24CEA8ACA1555177F093054A8724] - 16/11/2012 - 06:41:06 ---A- . (...) -- C:\WINDOWS\KB2761226.log [12445]

O44 - LFC:[MD5.A678CE1D4142D0F872AF6E5DDC082D25] - 16/11/2012 - 06:41:06 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1393]

O44 - LFC:[MD5.F2CA876D22475DF351217A87FFE55999] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\PerfStringBackup.INI [1018214]

O44 - LFC:[MD5.BF0ED0098F6D7D013A7022336B6E26D6] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfc009.dat [67870]

O44 - LFC:[MD5.4D01138BD49611F131EAF0E56528F169] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfc016.dat [79662]

O44 - LFC:[MD5.17CBA86F2E770B88A9327F7B947A8C08] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfh009.dat [432914]

O44 - LFC:[MD5.523ACF284D0CF779DEC5B15D86ACA0A0] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfh016.dat [468884]

O44 - LFC:[MD5.080DFEF99350A937C9CD186A27E8C3C2] - 14/11/2012 - 13:39:31 ---A- . (...) -- C:\ComboFix.txt [13243]

O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 14/11/2012 - 13:34:47 ---A- . (...) -- C:\WINDOWS\system.ini [227]

O44 - LFC:[MD5.28E131D405455B6E4653F6AFC1708A2B] - 14/11/2012 - 13:23:28 RSHA- . (...) -- C:\boot.ini [327]

O44 - LFC:[MD5.753BC16326FEE4A421ACB636CCD602F4] - 14/11/2012 - 13:21:15 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [60416]

O44 - LFC:[MD5.A46842C9B0C567A5A9584E83A163560C] - 14/11/2012 - 13:21:15 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [518144]

O44 - LFC:[MD5.0297C72529807322B152F517FDB0A9FC] - 14/11/2012 - 13:21:15 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [406528]

O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 14/11/2012 - 13:21:15 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480]

O44 - LFC:[MD5.FA579938B0733B87066546AFE951082C] - 14/11/2012 - 13:05:48 ---A- . (...) -- C:\Boot.bak [211]

O44 - LFC:[MD5.C124E332FE3F0E737B865EDA0E90D5BF] - 14/11/2012 - 13:05:48 ---A- . (...) -- C:\WINDOWS\win.ini [498]

O44 - LFC:[MD5.4FBC3F271CDCA4D74ACECC84EE539DD3] - 14/11/2012 - 13:00:32 ---A- . (...) -- C:\hijackthis.log [6725]

O44 - LFC:[MD5.9A2347903D6EDB84C10F288BC0578C1C] - 14/11/2012 - 12:59:31 ---A- . (.Trend Micro Inc. - HijackThis.) -- C:\HiJackThis.exe [388608]

O44 - LFC:[MD5.F3A4DEC88AEB5B264897EEC4D3B665C7] - 14/11/2012 - 09:16:17 ---A- . (...) -- C:\AdwCleaner[s2].txt [1481]

O44 - LFC:[MD5.500D089CE760D83DA2B6CBA681AA9949] - 14/11/2012 - 08:48:11 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbam.sys [22856]

O44 - LFC:[MD5.65360A0EEF9FD4750267EC22A3ED4EE7] - 14/11/2012 - 08:45:41 ---A- . (...) -- C:\WINDOWS\system32\CONFIG.NT [3018]

O44 - LFC:[MD5.B55346B10464FFEE7722B3CE2B840DE3] - 07/11/2012 - 16:08:18 ---A- . (...) -- C:\WINDOWS\wmsetup.log [51056]

O44 - LFC:[MD5.E3E73B2B73A4DFADFDDF557192C4B08A] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\Drivers\aswTdi.sys [54232]

O44 - LFC:[MD5.7C9F0A2AB17D52261A9252A2EB320884] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! TDI Redirect Driver.) -- C:\WINDOWS\system32\Drivers\aswRdr.sys [35928]

O44 - LFC:[MD5.B32E9AD44A1DBB3E8095E80F8DF32B03] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\WINDOWS\system32\Drivers\aswSnx.sys [738504]

O44 - LFC:[MD5.67B558895695545FB0568B7541F3BCA7] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\Drivers\aswSP.sys [361032]

O44 - LFC:[MD5.B8236CDC3E9862F037B1F83E352BDF94] - 30/10/2012 - 19:51:57 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\system32\Drivers\aswmon.sys [89752]

O44 - LFC:[MD5.84F0BE324EE111338589F448C3E8BAB2] - 30/10/2012 - 19:51:57 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\system32\Drivers\aswmon2.sys [97608]

O44 - LFC:[MD5.149A8F7ADF9742554DC323E290551E3E] - 30/10/2012 - 19:51:56 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [25256]

O44 - LFC:[MD5.DE6ED95AEF259979B2830450072A627B] - 30/10/2012 - 19:51:56 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\Drivers\aswFsBlk.sys [21256]

O44 - LFC:[MD5.74D55DED81C61871F0DB7F3A63A4D312] - 30/10/2012 - 19:51:07 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\WINDOWS\avastSS.scr [41224]

O44 - LFC:[MD5.A4B4FE50CCA23B38688003EA85A30EF6] - 30/10/2012 - 19:50:59 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\WINDOWS\system32\aswBoot.exe [227648]

O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/06/2011 - 03:45:56 ---A- . (...) -- C:\WINDOWS\PEV.exe [256000]

O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 07/11/2010 - 14:20:24 ---A- . (...) -- C:\WINDOWS\MBR.exe [208896]

O44 - LFC:[MD5.C51A881398F29071239741AE16D07C1C] - 03/08/2004 - 22:00:16 RSHA- . (...) -- C:\cmldr [261856]

O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 30/08/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\grep.exe [80412]

O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 30/08/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\sed.exe [98816]

O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 30/08/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\zip.exe [68096]

~ Scan Files in 00mn 08s

 

 

 

---\\ Operations and functions at Windows Explorer startup (O46)

O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

~ Scan ShellExecuteHooks in 00mn 00s

 

 

 

---\\ Export authorized application key (O47)

O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TeamViewer\Version7\TeamViewer.exe" [Enabled] .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe" [Enabled] .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe

O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Ares\Ares.exe" [Enabled] .(.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe

O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe

O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Local Security Authority-LSA Deny (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\WINDOWS\system32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Safe Boot Control (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)

~ Scan CSB in 00mn 00s

 

 

 

---\\ Image File Execution Options (IFEO) (O50)

O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

~ Scan IFEO in 00mn 00s

 

 

 

---\\ MountPoints2 Shell Key (MPKS) (O51) (None)

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec de áudio DSP Group TrueSpeech para MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll

O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax

O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm

O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax

O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm

~ Scan Keys in 00mn 00s

 

 

 

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe

O53 - SMSR:HKLM\...\startupreg\ASUS Update Checker [Key] . (.Unknown owner - UpdateChecker MFC Application.) -- C:\Arquivos de programas\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

O53 - SMSR:HKLM\...\startupreg\ctfmon.exe [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

O53 - SMSR:HKLM\...\startupreg\HDAudDeck [Key] . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe

O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe

O53 - SMSR:HKLM\...\startupreg\ISUSPM Startup [Key] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

O53 - SMSR:HKLM\...\startupreg\ISUSScheduler [Key] . (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

O53 - SMSR:HKLM\...\startupreg\MSMSGS [Key] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe

O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe

O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

~ Scan SMSR Keys in 00mn 00s

 

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.149A8F7ADF9742554DC323E290551E3E] - 30/10/2012 - 19:51:56 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [25256]

O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 02/03/2006 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]

~ Scan Drivers in 00mn 00s

 

 

 

---\\ List all legacy services(LALS) (O64)

O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\Aavmker4.sys (Aavmker4) .(.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) - LEGACY_AAVMKER4

O64 - Services: CurCS - 10/10/2012 - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (AdobeFlashPlayerUpdateSvc) .(.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.4 r4.) - LEGACY_ADOBEFLASHPLAYERUPDATESVC

O64 - Services: CurCS - 17/12/2007 - C:\WINDOWS\system32\drivers\AsIO.sys - AsIO (AsIO) .(...) - LEGACY_ASIO

O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswFsBlk.sys (aswFsBlk) .(.AVAST Software - avast! File System Access Blocking Driver.) - LEGACY_ASWFSBLK

O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswMon2.sys (aswMon2) .(.AVAST Software - avast! File System Filter Driver for Window.) - LEGACY_ASWMON2

O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswRdr.sys (aswRdr) .(.AVAST Software - avast! TDI Redirect Driver.) - LEGACY_ASWRDR

O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswSnx.sys (aswSnx) .(.AVAST Software - avast! Virtualization Driver.) - LEGACY_ASWSNX

O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswSP.sys (aswSP) .(.AVAST Software - avast! self protection module.) - LEGACY_ASWSP

O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswTdi.sys (aswTdi) .(.AVAST Software - avast! TDI Filter Driver.) - LEGACY_ASWTDI

O64 - Services: CurCS - 30/10/2012 - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (avast! Antivirus) .(.AVAST Software - avast! Service.) - LEGACY_AVAST!_ANTIVIRUS

O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\drivers\dmboot.sys (dmboot) .(.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) - LEGACY_DMBOOT

O64 - Services: CurCS - 02/03/2006 - C:\WINDOWS\system32\drivers\dmload.sys (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD

O64 - Services: CurCS - 06/09/2011 - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (gupdate) .(.Google Inc. - Google Installer.) - LEGACY_GUPDATE

O64 - Services: CurCS - 06/09/2011 - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (gupdatem) .(.Google Inc. - Google Installer.) - LEGACY_GUPDATEM

O64 - Services: CurCS - 27/08/2012 - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc) .(.Google - gusvc.) - LEGACY_GUSVC

O64 - Services: CurCS - 15/02/2012 - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE

~ Scan Services in 00mn 00s

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.)

~ Scan Keys in 00mn 00s

 

 

 

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {78A9BE32-EF0D-47C6-97E3-794B397CD3AA} [DefaultScope] - (Google) - http://www.google.com

~ Scan Keys in 00mn 00s

 

 

 

---\\ Search Svchost Services (SSS) (O83)

O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\WINDOWS\system32\appmgmts.dll [172032]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496]

O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [78336]

O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464]

O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Dll do serviço do Gerenciador de discos lógicos.) -- C:\WINDOWS\system32\dmserver.dll [23552]

O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Serviço do Cliente DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll [126976]

O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040]

O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - No comment.) -- C:\WINDOWS\system32\es.dll [253952]

O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168]

O83 - Search Svchost Services: HidServ (HidServ) . (...) -- C:\WINDOWS\system32\hidserv.dll [0]

O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [99840]

O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [132096]

O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792]

O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gerenciador de conexões de rede.) -- C:\WINDOWS\system32\netman.dll [198144]

O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll [247808]

O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gerenciador de armazenamento removível.) -- C:\WINDOWS\system32\ntmssvc.dll [437248]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248]

O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Mecanismo do 'Agendador de tarefas'.) -- C:\WINDOWS\system32\schedsvc.dll [193536]

O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\WINDOWS\system32\seclogon.dll [18944]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\WINDOWS\system32\ipnathlp.dll [331264]

O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Serviço de restauração do sistema.) -- C:\WINDOWS\system32\srsvc.dll [171520]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\WINDOWS\system32\tapisrv.dll [249856]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168]

O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]

O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\WINDOWS\system32\w32time.dll [176128]

O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Serviço de configuração zero sem fio.) -- C:\WINDOWS\system32\wzcsvc.dll [483840]

O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API de base do Windows 32 avançada.) -- C:\WINDOWS\system32\advapi32.dll [683520]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408]

O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]

O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\WINDOWS\system32\qmgr.dll [409088]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168]

O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400]

O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Provedor de Serviços do Dispositivo de Mídia Microsoft.) -- C:\WINDOWS\system32\mspmsnsv.dll [52736]

O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Tempo de Execução de Serviço de Agente de Quarentena.) -- C:\WINDOWS\system32\qagentrt.dll [292864]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\WINDOWS\system32\kmsvc.dll [61440]

~ Scan Services in 00mn 01s

 

 

 

---\\ Search Particular Root Folder (SPRF) (O84)

[MD5.E897110EE5E67FABB83B154DF9C68D6A] [sPRF][16/11/2012] (...) -- C:\Documents and Settings\f003407\Desktop\ZHPDiag_silent.exe [794216]

[MD5.AE326A97F634217CAC29739D376DF934] [sPRF][15/08/2011] (...) -- C:\Documents and Settings\f003407\Desktop\ZHP_uninstall.exe [344187]

[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]

[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]

[MD5.FB30D948346F9367A83DFE5BAB2668F8] [sPRF][22/08/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r183.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3126944]

[MD5.B8F39C9E0F0B71E454DBA431CF3B99C9] [sPRF][11/08/2005] (.Macrovision Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [417792]

[MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [sPRF][29/08/2006] (.Zylom Games - Zylom Games Player.) -- C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll [161976]

~ Scan Files in 00mn 00s

 

 

 

---\\ Router Hijack DNS (O89) (None)

 

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 10/10/2012 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe

SS - | Auto 06/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

SS - | Demand 06/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

SS - | Demand 27/08/2012 194032 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

SR - | Auto 15/02/2012 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

SS - | Demand 01/11/2012 115168 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

~ Scan Services in 00mn 02s

 

 

 

---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Run by f003407 at 16/11/2012 08:21:34

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x8654CAB8]

3 CLASSPNP[0xF75FEFD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\00000065[0x865E0030]

5 ACPI[0xF7495620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IdeDeviceP2T0L0-5[0x86500940]

kernel: MBR read successfully

user & kernel MBR OK

~ Scan MBR in 00mn 02s

 

 

 

---\\ Search Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by f003407 at 16/11/2012 08:21:36

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ Scan MBR in 00mn 04s

 

 

 

End of the scan (1187 lines in 00mn 59s)(0)

[DigRam 144]

Bom Dia! Edvan

 

P.S: A ferramenta combofix pode ser utilizada assim como o Malwarebytes nas maquinas que estão contaminadas? ou é uma ferramenta que tem que passar sobe orientação de vcs analistas?

|- Somente a ferramenta ComboFix deve ter supervisão,mas como você tem experiência no seu manuseio...pode utilizá-la.

 

-/-

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

 

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} Orphean Key
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Orphean Key
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) --  (.not file.)
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (...) --  (.not file.)

[HKLM\Software\Swearware]
[HKCU\Software\Ad-Remover]

emptytemp
emptyflash
proxyfix
firewallraz

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abs!

[Edvan 30]

|- Somente a ferramenta ComboFix deve ter supervisão,mas como você tem experiência no seu manuseio...pode utilizá-la.

 

OK. amigo. :thumbsup:

 

Sobre a maquina, está bem melhor. :grin:

 

Mais algum procedimento?

 

 

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012

Fichier d'export Registre :

Run by f003407 at 20/11/2012 08:02:10

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://nicolascoolman.skyrock.com/

 

 

 

========== Registry Key ==========

DELETED Key: CLSID BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED Key: CLSID BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7}

DELETED Key: CLSID BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}

DELETED Key: CLSID BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

DELETED Key: HKLM\Software\Swearware

DELETED Key: HKCU\Software\Ad-Remover

 

========== Registry Value ==========

DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe

DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Repertory ==========

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETED Window Temporary:

DELETED Flash Cookies:

 

 

========== Summary ==========

9 : Registry Key

13 : Registry Value

2 : Repertory

2 : File

 

 

End of clean in 00mn 04s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 20/11/2012 08:02:11 [1784]

[DigRam 144]

Boa Noite! Edvan

 

Edvan, em 20 novembro 2012 - 09:04 , disse: Mais algum procedimento?

 

|- Caso queira,execute a verificação de seu computador,com EsetNod32.

 

-/-

 

 

|- Desinstale ZHPDiag,clicando em "ZHP_uninstall".

 

-/-

 

|- Execute escaneamento online em | |

|- Utilize o navegador "Internet Explorer",para essa tarefa!

 

 

|- Siga,conforme a imagem,essa verificação ou scan.

 

 

|- Ao concluir,clique em "List of found threats" >> "Export to text file"

|- Salve esse texto no desktop,com o nome: Esetlog

|- Ps: Caso nada seja detectado,não teremos relatório ou lista presente.

|- Poste o relatório que estará no desktop! ( Esetlog.txt )

 

Abs!

[Edvan 30]

pode fechar o tópico amigo.

 

a maquina esta ok. :thumbsup:

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.