Edvan 30 Denunciar post Postado Novembro 14, 2012 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:00:32, on 14/11/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Ares\Ares.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch O1 - Hosts: ::1 localhost O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Barra de aplicativos da ALOT Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Barra de aplicativos da ALOT - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Arquivos de programas\alotappbar\bin\ALOTHelper.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [upgrade.exe] C:\win7xe\upgrade.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- End of file - 6724 bytes -----\\------- Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Versão da Base de Dados: v2012.11.14.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 f003407 :: FUN0085 [administrador] 14/11/2012 11:02:26 mbam-log-2012-11-14 (11-02-26).txt Tipo de Verificação: Verificação Completa (C:\|) Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 324785 Tempo decorrido: 1 hora(s), 52 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 2 C:\Documents and Settings\f003407\Meus documentos\Downloads\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso. C:\RECYCLER\S-1-5-21-2586132527-314635491-3328972525-21374\Dc497.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso. (fim) =======\\========== Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Versão da Base de Dados: v2012.11.14.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 f003407 :: FUN0085 [administrador] 14/11/2012 09:51:01 mbam-log-2012-11-14 (09-51-01).txt Tipo de Verificação: Verificação Rápida Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 270913 Tempo decorrido: 9 minuto(s), 27 segundo(s) Processos de Memória Detectados: 2 C:\win7xe\win7.exe (Trojan.Banker) -> 2440 -> Será deletado na próxima inicialização. C:\win7xe\win32.exe (Trojan.Banker) -> 2408 -> Será deletado na próxima inicialização. Módulos de Memória Detectados: 2 C:\win7xe\icudt.dll (Trojan.Banker) -> Será deletado na próxima inicialização. C:\win7xe\libcef.dll (Trojan.Banker) -> Será deletado na próxima inicialização. Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|win7.exe (Trojan.Banker) -> Data: C:\win7xe\win7.exe -> Enviado para a Quarentena e deletado com sucesso. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|win32.exe (Trojan.Banker) -> Data: C:\win7xe\win32.exe -> Enviado para a Quarentena e deletado com sucesso. Itens de Dados no Registro Detectadas: 2 HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|ConnectionsTab (PUM.Hijack.ConnectionControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso. Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 13 C:\Documents and Settings\f003407\Desktop\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita. C:\Documents and Settings\f003407\Meus documentos\Downloads\malwarebytes-anti-malware-16511000-baixaki-32-bits.exe (PUP.AdBundle) -> Nenhuma ação foi feita. C:\Documents and Settings\f003407\Meus documentos\Downloads\Nota_Fiscal.PDF.Cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso. c:\documents and settings\f003407\meus documentos\downloads\nota_fiscal_eletronica.pdf (1).cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso. c:\documents and settings\f003407\meus documentos\downloads\nota_fiscal_eletronica.pdf.cpl (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso. C:\Documents and Settings\f003407\My Documents\Downloads\84xd (Backdoor.Bot) -> Enviado para a Quarentena e deletado com sucesso. C:\Documents and Settings\f003407\My Documents\Downloads\84xd(1) (Backdoor.Bot) -> Enviado para a Quarentena e deletado com sucesso. C:\win7xe\icudt.dll (Trojan.Banker) -> Será deletado na próxima inicialização. C:\win7xe\libcef.dll (Trojan.Banker) -> Será deletado na próxima inicialização. C:\win7xe\id.sys (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso. C:\win7xe\up.exe (Trojan.Banker) -> Enviado para a Quarentena e deletado com sucesso. C:\win7xe\win7.exe (Trojan.Banker) -> Será deletado na próxima inicialização. C:\win7xe\win32.exe (Trojan.Banker) -> Será deletado na próxima inicialização. (fim) =========\\\============= # AdwCleaner v2.007 - Logfile created 11/14/2012 at 10:16:10 # Updated 06/11/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : f003407 - FUN0085 # Boot Mode : Normal # Running from : C:\Documents and Settings\f003407\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Arquivos de programas\DealPly ***** [Registry] ***** Key Deleted : HKCU\Software\DealPly Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Deleted : HKLM\Software\DealPly Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. ************************* AdwCleaner[s2].txt - [1352 octets] - [14/11/2012 10:16:10] ########## EOF - C:\AdwCleaner[s2].txt - [1412 octets] ########## ComboFix 12-11-14.01 - f003407 14/11/2012 14:24:42.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1014.551 [GMT -2:00] Executando de: c:\documents and settings\f003407\Desktop\Ferramentas para Diagn¾stico\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\arquivos de programas\alotappbar c:\arquivos de programas\alotappbar\alotUninst.exe c:\arquivos de programas\alotappbar\bin\alotappbar.dll c:\arquivos de programas\alotappbar\bin\alothelper.dll c:\arquivos de programas\alotappbar\bin\alotwidgets.exe c:\arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll c:\windows\system\chron32.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MYWEBSEARCHSERVICE . . (((((((((((((((( Arquivos/Ficheiros criados de 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))) . . 2012-11-14 15:59 . 2012-11-14 15:59 388608 ----a-w- C:\HiJackThis.exe 2012-11-14 11:48 . 2012-09-29 21:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-01 11:42 . 2012-11-01 11:42 -------- d-----w- c:\arquivos de programas\Mozilla Maintenance Service 2012-11-01 09:57 . 2012-11-01 09:57 -------- d-----w- c:\documents and settings\f003407\Configurações locais\Dados de aplicativos\Deployment . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:51 . 2011-09-06 11:34 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2011-09-06 11:10 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2011-09-06 11:10 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-10-30 22:51 . 2011-09-06 11:10 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2011-09-06 11:10 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-10-30 22:51 . 2011-09-06 11:10 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-10-30 22:51 . 2011-09-06 11:10 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2011-09-06 11:10 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-10-30 22:51 . 2011-09-06 11:34 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2011-09-06 11:10 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-10 18:35 . 2012-03-30 10:47 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-10 18:35 . 2011-09-12 12:35 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-28 15:18 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:18 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:18 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2006-03-02 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2006-03-02 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2004-08-04 00:40 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-11-05 07:32 . 2011-11-18 12:07 134104 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 18:57 948672 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 11:58 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] 2012-02-02 15:55 3209216 ----a-w- c:\arquivos de programas\Ares\Ares.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Update Checker] 2008-12-11 16:45 114688 ----a-w- c:\arquivos de programas\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-13 22:20 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck] 2009-10-28 15:07 33685504 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-11-12 13:04 173592 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-11-12 13:05 141336 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-08-11 19:30 249856 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-08-11 19:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-11-12 13:05 141336 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 17:02 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2011-09-06 13:16 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"= "c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/09/2011 09:34 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/09/2011 09:10 361032] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2011 09:10 21256] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05/09/2011 18:42 1425280] . --- =Outros Serviços/Drivers Na Memória --- . *NewlyCreated* - WS2IFSL . Conteúdo da pasta 'Tarefas Agendadas' . 2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:35] . 2012-11-14 c:\windows\Tasks\avast! Emergency Update.job - c:\arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [2012-11-14 22:50] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-09-06 13:15] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-09-06 13:15] . 2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{21063433-55B2-4AD2-B1C5-5B4ADC85930D}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . 2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{521C2DBE-7C63-4EC0-8328-91EDAE8FDF5A}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . 2012-11-14 c:\windows\Tasks\User_Feed_Synchronization-{DD86A12D-8F58-4DE1-92CF-DA89FC798347}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.4.65.16 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\f003407\Dados de aplicativos\Mozilla\Firefox\Profiles\4ttxy0nj.default\ FF - prefs.js: network.proxy.type - 2 user_pref('extensions.dealply.partner', 'vn'); user_pref('extensions.dealply.channel', 'dpknlg4'); user_pref('extensions.dealply.installId', 'v23600221916417293635812012040911205417'); user_pref('extensions.dealply.installIdSource', 'inst'); user_pref('extensions.dealply.sampleGroup', '7'); FF - user.js: extensions.autoDisableScopes - 14//iBryte . - - - - ORFÃOS REMOVIDOS - - - - . BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\arquivos de programas\alotappbar\bin\BHO\ALOTHelperBHO.dll Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\arquivos de programas\alotappbar\bin\ALOTHelper.dll MSConfigStartUp-upgrade - c:\win7xe\upgrade.exe AddRemove-alotAppbar - c:\arquivos de programas\alotappbar\alotUninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-14 14:34 Windows 5.1.2600 Service Pack 3 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0BCD4392EE8F0E114A5A8BCAF6798BE8\SourceList\Media] @DACL=(02 0000) "DiskPrompt"="[1]" "1"="DISK1;1" . [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\68AB67CA7DA76401B7448A0100000030\SourceList\Media] @DACL=(02 0000) "DiskPrompt"="[1]" "1"="READER8;[1]" . [HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media] @DACL=(02 0000) "DiskPrompt"="[1]" "1"=";1" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'explorer.exe'(3424) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Tempo para conclusão: 2012-11-14 14:39:30 - Máquina reiniciou ComboFix-quarantined-files.txt 2012-11-14 16:39 . Pré-execução: 8 pasta(s) 115.728.916.480 bytes disponíveis Pós execução: 10 pasta(s) 116.620.980.224 bytes disponíveis . WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - DA240A636119F6C5D2654388214CA369 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 14, 2012 Boa Tarde! Edvan |- Após a execução destas ferramentas o problema foi resolvido? -/- |- Baixe: < > ( ... par Nicolas Coolman ) |- Salve-o no desktop! |- Desabilite seu antivírus! |- Caso utilize o Avast,estabeleça esta configuração à SandBox. |- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador. |- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde! |- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix |- Poste e/ou cole aqui,o link que será gerado,logo após o relatório. Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Novembro 16, 2012 OBS: Não está mais mandando e-mails infectados para os contatos da dona deste pc. P.S: A ferramenta combofix pode ser utilizada assim como o Malwarebytes nas maquinas que estão contaminadas? ou é uma ferramenta que tem que passar sobe orientação de vcs analistas? Link http://pjjoint.malekal.com/files.php?read=ZHPDiag_20121116_b6x11c15l14y11 Rapport de ZHPDiag v1.31.31 par Nicolas Coolman, Update du 19/10/2012 Run by f003407 at 16/11/2012 08:20:36 Web site : http://nicolascoolman.skyrock.com/ State : UAC : Not Found or deactivate by user ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 (Defaut) MFIE: Mozilla Firefox 8.0 v8.0 GCIE: Google Chrome v23.0.1271.64 ---\\ Windows Product Information ~ Langage: Anglais Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1014 MB (46% free) System Restore: Activé (Enable) System drive C: has 108 GB (72%) free of 149 GB ---\\ Logged in mode ~ Computer Name: FUN0085 ~ User Name: f003407 ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, Administrador, ~ Unselected Option: O45,O61,O62,O65,O82 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\f003407\Dados de aplicativos\ ~ %Desktop% : C:\Documents and Settings\f003407\Desktop\ ~ %Favorites% : C:\Documents and Settings\f003407\Favoritos\ ~ %LocalAppData% : C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\ ~ %StartMenu% : C:\Documents and Settings\f003407\Menu Iniciar\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 108 Go of 149 Go) ---\\ Security Center & Tools Informations ~ UAC deactivate by user [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Scan Security Center in 00mn 00s ---\\ Search Generic System Files [MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776] [MD5.DAD29C471442BFC0300C594ED9BE339B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.28/08/2012 - 12:18:58.) -- C:\WINDOWS\system32\wininet.dll [916992] [MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows ® Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240] [MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/04/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248] ~ Scan Generic Processes in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 2/111 ~ Mes musiques (My Musics) : 1/3464 ~ Mes Favoris (My Favorites) : 1/47 ~ Mes Documents (My Documents) : 1/5505 ~ Mon Bureau (My Desktop) : 0/1734 ~ Menu demarrer (Programs) : 0/26 ~ Scan Hidden Files in 00mn 22s ---\\ Running Processes [MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [44808] [PID.] [MD5.D87ACAED61E417BBA546CED5E7E36D9C] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632] [PID.] [MD5.0A5709543986843D37A92290B7838340] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376] [PID.] [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.] [MD5.70EA13A41C0D9D31343EC203A629F801] - (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe [3209216] [PID.] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.] [MD5.FEE2BA1AD38F457F418E82EA30724053] - (.Microsoft Corporation - Microsoft Feeds Synchronization.) -- C:\WINDOWS\system32\msfeedssync.exe [13312] [PID.] [MD5.D8510C2D48496B6C336E816FD67AA0F7] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [1242136] [PID.] [MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [4297136] [PID.] [MD5.E897110EE5E67FABB83B154DF9C68D6A] - (...) -- C:\Documents and Settings\f003407\Desktop\ZHPDiag_silent.exe [794216] [PID.] [MD5.56873D899C0707AA017AA2D74EC190AE] - (...) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [3770368] [PID.] [MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.] ~ Scan Processes Running in 00mn 00s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\buscape.xml M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\mercadolivre.xml M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\twitter.xml M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\wikipedia-br.xml M3 - MFPP: Plugins - [f003407] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\yahoo-br.xml P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_31 for Mozilla browsers.) -- C:\Arquivos de programas\Java\jre6\bin\plugin2\npjp2.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.123\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.123\npGoogleUpdate3.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Changed inifile Value, Mapped to Registry (F2) F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Scan Keys in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 1 ---\\ Browser Helper Objects (O2) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} Orphean Key O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Orphean Key O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key ~ Scan BHO in 00mn 00s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- (.not file.) O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (...) -- (.not file.) ~ Scan Toolbar in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21374\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21374\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-2586132527-314635491-3328972525-21374\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe ~ Scan Application in 00mn 00s ---\\ Other User Links (O4) O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Adobe Reader 8.lnk . (.Adobe Systems Incorporated.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\avast! Free Antivirus.lnk . (.AVAST Software.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\HD ADeck.lnk . (.VIA Technologies, Inc..) -- C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MV RegClean 6.0.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.EXE O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\PDFCreator.lnk . (.-.) -- C:\Arquivos de programas\PDFCreator\PDFCreator.exe O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\PC Inspector File Recovery.lnk . (...) -- C:\Arquivos de programas\Convar\PC Inspector File Recovery\Filerecovery.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Adobe Reader 8.lnk . (.Adobe Systems Incorporated.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\avast! Free Antivirus.lnk . (.AVAST Software.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\CCleaner.lnk . (.Piriform Ltd.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\HD ADeck.lnk . (.VIA Technologies, Inc..) -- C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\MV RegClean 6.0.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\MVREGCLEAN.EXE O4 - Global Startup: C:\Documents And Settings\All Users\Desktop\PDFCreator.lnk . (.-.) -- C:\Arquivos de programas\PDFCreator\PDFCreator.exe O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\PC Inspector File Recovery.lnk . (...) -- C:\Arquivos de programas\Convar\PC Inspector File Recovery\Filerecovery.exe ~ Scan Global Startup in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll ~ Scan Winsock in 00mn 00s ---\\ 'Reset Web Settings' hijack (O14) O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp" O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br" ~ Scan IE Paramètres WEB in 00mn 00s ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Scan Objets ActiveX in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpNameServer = 10.4.65.16 O17 - HKLM\System\CCS\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpDomain = funpec.br O17 - HKLM\System\CS1\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpNameServer = 10.4.65.16 O17 - HKLM\System\CS1\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpDomain = funpec.br O17 - HKLM\System\CS3\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpNameServer = 10.4.65.16 O17 - HKLM\System\CS3\Services\Tcpip\..\{41FCAA3A-8C35-4A79-BD5E-0291F1042D6F}: DhcpDomain = funpec.br ~ Scan Domain in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notificações do Programa de Vantagens do Wi.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll ~ Scan Winlogon in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objeto de serviço do shell de Systray.) -- C:\WINDOWS\system32\stobject.dll ~ Scan SSODL in 00mn 00s ---\\ SharedTaskScheduler (O22) O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - (.not file.) ~ Scan STS/SSO in 00mn 00s ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe ~ Scan Services in 00mn 00s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Desktop Component 0: Minha página inicial atual - file:About:Home O24 - Default MHTML Editor: Last - .(...) - (.not file.) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp ~ Scan Desktop Component in 00mn 00s ---\\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ Scan Keys in 00mn 00s ---\\ Task Planned Automatically(039) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\avast! Emergency Update.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{21063433-55B2-4AD2-B1C5-5B4ADC85930D}.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{521C2DBE-7C63-4EC0-8328-91EDAE8FDF5A}.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{DD86A12D-8F58-4DE1-92CF-DA89FC798347}.job [MD5.44C00A385CA9DBC1D5CF3781F8C26AEA] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.7F19838AC317C34FCED020BE529AF71E] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe ~ Scan Scheduled Task in 00mn 00s ---\\ ActiveSetup Installed Components (O40) O40 - ASIC: Atualização de Versão do Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} . (.Microsoft Corporation - IE Per User Active Setup Uninstall Utility.) -- C:\WINDOWS\system32\ieudinit.exe O40 - ASIC: Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Utilitário de Instalação do Microsoft Windows Media Player.) -- C:\WINDOWS\inf\unregmp2.exe O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\WINDOWS\system32\ie4uinit.exe.mui O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\WINDOWS\system32\iedkcs32.dll O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} . (.Microsoft Corporation - Windows NT User Data Migration Tool.) -- C:\WINDOWS\system32\shmgrate.exe O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\regutils.dll O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\WINDOWS\system32\themeui.dll O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (...) -- C:\WINDOWS\INF\msmsgs.inf O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\WINDOWS\system32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp.inf O40 - ASIC: Catálogo de endereços 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe O40 - ASIC: Atualização da área de trabalho do Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\WINDOWS\system32\ie4uinit.exe.mui O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- c:\WINDOWS\system32\mscories.dll O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.4 r402.) -- C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_287.ocx O40 - ASIC: Installed Component - S-1-5-21-2586132527-314635491-3328972525-21374 - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -- Not Hexadécimal CLSID O40 - ASIC: Installed Component - S-1-5-21-2586132527-314635491-3328972525-21374 - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -- Not Hexadécimal CLSID ~ Scan Active Setup in 00mn 00s ---\\ Drivers launched at startup (O41) O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys O41 - Driver: (AsIO) . (...) - C:\WINDOWS\system32\drivers\AsIO.sys O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys O41 - Driver: (i8042prt) . (.Microsoft Corporation - Driver de porta i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys O41 - Driver: (intelppm) . (.Microsoft Corporation - Driver de dispositivo de processador.) - C:\WINDOWS\system32\DRIVERS\intelppm.sys O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Driver de classe teclado.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys O41 - Driver: (Mouclass) . (.Microsoft Corporation - Driver de classe modem.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS\netbios.sys O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS\netbt.sys O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERS\rasacd.sys O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERS\rdbss.sys O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys O41 - Driver: (redbook) . (.Microsoft Corporation - Redbook Audio Filter Driver.) - C:\WINDOWS\system32\DRIVERS\redbook.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\WINDOWS\system32\DRIVERS\serial.sys O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS\tcpip.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS\termdd.sys O41 - Driver: Controlador de vídeo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys O41 - Driver: Windows Socket 2.0 Non-IFS Service Provider Support Environment (WS2IFSL) . (.Microsoft Corporation - Winsock2 IFS Layer.) - C:\WINDOWS\system32\drivers\ws2ifsl.sys ~ Scan Drivers in 00mn 00s ---\\ Software installed (O42) O42 - Logiciel: ASUSUpdate - (.Unknown owner.) [HKLM] -- {587178E7-B1DF-494E-9838-FA4DD36E873C} O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Reader 8.1.0 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A81000000003} O42 - Logiciel: Adobe Reader 8.2.0 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A82000000003} O42 - Logiciel: Ares 2.1.8 - (.Ares Development Group.) [HKLM] -- Ares O42 - Logiciel: Arquivo do WinRAR - (.Unknown owner.) [HKLM] -- WinRAR archiver O42 - Logiciel: Atualização de Segurança para Microsoft Windows (KB2564958) - (.Microsoft Corporation.) [HKLM] -- KB2564958 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2510531) - (.Microsoft Corporation.) [HKLM] -- KB2510531-IE8 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2544521) - (.Microsoft Corporation.) [HKLM] -- KB2544521-IE8 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2675157) - (.Microsoft Corporation.) [HKLM] -- KB2675157-IE8 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2699988) - (.Microsoft Corporation.) [HKLM] -- KB2699988-IE8 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2722913) - (.Microsoft Corporation.) [HKLM] -- KB2722913-IE8 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 8 (KB2744842) - (.Microsoft Corporation.) [HKLM] -- KB2744842-IE8 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2079403) - (.Microsoft Corporation.) [HKLM] -- KB2079403 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2115168) - (.Microsoft Corporation.) [HKLM] -- KB2115168 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2229593) - (.Microsoft Corporation.) [HKLM] -- KB2229593 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2296011) - (.Microsoft Corporation.) [HKLM] -- KB2296011 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2347290) - (.Microsoft Corporation.) [HKLM] -- KB2347290 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2360937) - (.Microsoft Corporation.) [HKLM] -- KB2360937 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2387149) - (.Microsoft Corporation.) [HKLM] -- KB2387149 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2393802) - (.Microsoft Corporation.) [HKLM] -- KB2393802 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2412687) - (.Microsoft Corporation.) [HKLM] -- KB2412687 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2419632) - (.Microsoft Corporation.) [HKLM] -- KB2419632 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2423089) - (.Microsoft Corporation.) [HKLM] -- KB2423089 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2440591) - (.Microsoft Corporation.) [HKLM] -- KB2440591 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2443105) - (.Microsoft Corporation.) [HKLM] -- KB2443105 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2476490) - (.Microsoft Corporation.) [HKLM] -- KB2476490 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2478960) - (.Microsoft Corporation.) [HKLM] -- KB2478960 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2478971) - (.Microsoft Corporation.) [HKLM] -- KB2478971 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2479943) - (.Microsoft Corporation.) [HKLM] -- KB2479943 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2481109) - (.Microsoft Corporation.) [HKLM] -- KB2481109 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2483185) - (.Microsoft Corporation.) [HKLM] -- KB2483185 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2485663) - (.Microsoft Corporation.) [HKLM] -- KB2485663 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2506212) - (.Microsoft Corporation.) [HKLM] -- KB2506212 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2507618) - (.Microsoft Corporation.) [HKLM] -- KB2507618 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2507938) - (.Microsoft Corporation.) [HKLM] -- KB2507938 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2508429) - (.Microsoft Corporation.) [HKLM] -- KB2508429 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2509553) - (.Microsoft Corporation.) [HKLM] -- KB2509553 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2535512) - (.Microsoft Corporation.) [HKLM] -- KB2535512 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2536276-v2) - (.Microsoft Corporation.) [HKLM] -- KB2536276-v2 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2544893-v2) - (.Microsoft Corporation.) [HKLM] -- KB2544893-v2 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2566454) - (.Microsoft Corporation.) [HKLM] -- KB2566454 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2570947) - (.Microsoft Corporation.) [HKLM] -- KB2570947 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2584146) - (.Microsoft Corporation.) [HKLM] -- KB2584146 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2585542) - (.Microsoft Corporation.) [HKLM] -- KB2585542 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2592799) - (.Microsoft Corporation.) [HKLM] -- KB2592799 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2598479) - (.Microsoft Corporation.) [HKLM] -- KB2598479 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2603381) - (.Microsoft Corporation.) [HKLM] -- KB2603381 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2618451) - (.Microsoft Corporation.) [HKLM] -- KB2618451 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2619339) - (.Microsoft Corporation.) [HKLM] -- KB2619339 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2620712) - (.Microsoft Corporation.) [HKLM] -- KB2620712 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2621440) - (.Microsoft Corporation.) [HKLM] -- KB2621440 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2624667) - (.Microsoft Corporation.) [HKLM] -- KB2624667 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2631813) - (.Microsoft Corporation.) [HKLM] -- KB2631813 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2633171) - (.Microsoft Corporation.) [HKLM] -- KB2633171 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2641653) - (.Microsoft Corporation.) [HKLM] -- KB2641653 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2646524) - (.Microsoft Corporation.) [HKLM] -- KB2646524 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2647518) - (.Microsoft Corporation.) [HKLM] -- KB2647518 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2653956) - (.Microsoft Corporation.) [HKLM] -- KB2653956 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2655992) - (.Microsoft Corporation.) [HKLM] -- KB2655992 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2659262) - (.Microsoft Corporation.) [HKLM] -- KB2659262 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2661637) - (.Microsoft Corporation.) [HKLM] -- KB2661637 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2676562) - (.Microsoft Corporation.) [HKLM] -- KB2676562 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2685939) - (.Microsoft Corporation.) [HKLM] -- KB2685939 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2686509) - (.Microsoft Corporation.) [HKLM] -- KB2686509 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2691442) - (.Microsoft Corporation.) [HKLM] -- KB2691442 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2695962) - (.Microsoft Corporation.) [HKLM] -- KB2695962 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2698365) - (.Microsoft Corporation.) [HKLM] -- KB2698365 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2705219) - (.Microsoft Corporation.) [HKLM] -- KB2705219 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2707511) - (.Microsoft Corporation.) [HKLM] -- KB2707511 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2709162) - (.Microsoft Corporation.) [HKLM] -- KB2709162 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2712808) - (.Microsoft Corporation.) [HKLM] -- KB2712808 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2718523) - (.Microsoft Corporation.) [HKLM] -- KB2718523 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2719985) - (.Microsoft Corporation.) [HKLM] -- KB2719985 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2723135) - (.Microsoft Corporation.) [HKLM] -- KB2723135 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2724197) - (.Microsoft Corporation.) [HKLM] -- KB2724197 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2727528) - (.Microsoft Corporation.) [HKLM] -- KB2727528 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2731847) - (.Microsoft Corporation.) [HKLM] -- KB2731847 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2761226) - (.Microsoft Corporation.) [HKLM] -- KB2761226 O42 - Logiciel: Atualização de Segurança para Windows XP (KB923561) - (.Microsoft Corporation.) [HKLM] -- KB923561 O42 - Logiciel: Atualização de Segurança para Windows XP (KB946648) - (.Microsoft Corporation.) [HKLM] -- KB946648 O42 - Logiciel: Atualização de Segurança para Windows XP (KB950762) - (.Microsoft Corporation.) [HKLM] -- KB950762 O42 - Logiciel: Atualização de Segurança para Windows XP (KB950974) - (.Microsoft Corporation.) [HKLM] -- KB950974 O42 - Logiciel: Atualização de Segurança para Windows XP (KB951376-v2) - (.Microsoft Corporation.) [HKLM] -- KB951376-v2 O42 - Logiciel: Atualização de Segurança para Windows XP (KB952004) - (.Microsoft Corporation.) [HKLM] -- KB952004 O42 - Logiciel: Atualização de Segurança para Windows XP (KB952954) - (.Microsoft Corporation.) [HKLM] -- KB952954 O42 - Logiciel: Atualização de Segurança para Windows XP (KB954459) - (.Microsoft Corporation.) [HKLM] -- KB954459 O42 - Logiciel: Atualização de Segurança para Windows XP (KB956572) - (.Microsoft Corporation.) [HKLM] -- KB956572 O42 - Logiciel: Atualização de Segurança para Windows XP (KB956744) - (.Microsoft Corporation.) [HKLM] -- KB956744 O42 - Logiciel: Atualização de Segurança para Windows XP (KB956802) - (.Microsoft Corporation.) [HKLM] -- KB956802 O42 - Logiciel: Atualização de Segurança para Windows XP (KB956844) - (.Microsoft Corporation.) [HKLM] -- KB956844 O42 - Logiciel: Atualização de Segurança para Windows XP (KB958644) - (.Microsoft Corporation.) [HKLM] -- KB958644 O42 - Logiciel: Atualização de Segurança para Windows XP (KB959426) - (.Microsoft Corporation.) [HKLM] -- KB959426 O42 - Logiciel: Atualização de Segurança para Windows XP (KB960803) - (.Microsoft Corporation.) [HKLM] -- KB960803 O42 - Logiciel: Atualização de Segurança para Windows XP (KB960859) - (.Microsoft Corporation.) [HKLM] -- KB960859 O42 - Logiciel: Atualização de Segurança para Windows XP (KB961501) - (.Microsoft Corporation.) [HKLM] -- KB961501 O42 - Logiciel: Atualização de Segurança para Windows XP (KB969059) - (.Microsoft Corporation.) [HKLM] -- KB969059 O42 - Logiciel: Atualização de Segurança para Windows XP (KB970430) - (.Microsoft Corporation.) [HKLM] -- KB970430 O42 - Logiciel: Atualização de Segurança para Windows XP (KB971657) - (.Microsoft Corporation.) [HKLM] -- KB971657 O42 - Logiciel: Atualização de Segurança para Windows XP (KB972270) - (.Microsoft Corporation.) [HKLM] -- KB972270 O42 - Logiciel: Atualização de Segurança para Windows XP (KB973507) - (.Microsoft Corporation.) [HKLM] -- KB973507 O42 - Logiciel: Atualização de Segurança para Windows XP (KB973869) - (.Microsoft Corporation.) [HKLM] -- KB973869 O42 - Logiciel: Atualização de Segurança para Windows XP (KB973904) - (.Microsoft Corporation.) [HKLM] -- KB973904 O42 - Logiciel: Atualização de Segurança para Windows XP (KB974112) - (.Microsoft Corporation.) [HKLM] -- KB974112 O42 - Logiciel: Atualização de Segurança para Windows XP (KB974318) - (.Microsoft Corporation.) [HKLM] -- KB974318 O42 - Logiciel: Atualização de Segurança para Windows XP (KB974392) - (.Microsoft Corporation.) [HKLM] -- KB974392 O42 - Logiciel: Atualização de Segurança para Windows XP (KB974571) - (.Microsoft Corporation.) [HKLM] -- KB974571 O42 - Logiciel: Atualização de Segurança para Windows XP (KB975025) - (.Microsoft Corporation.) [HKLM] -- KB975025 O42 - Logiciel: Atualização de Segurança para Windows XP (KB975467) - (.Microsoft Corporation.) [HKLM] -- KB975467 O42 - Logiciel: Atualização de Segurança para Windows XP (KB975560) - (.Microsoft Corporation.) [HKLM] -- KB975560 O42 - Logiciel: Atualização de Segurança para Windows XP (KB975713) - (.Microsoft Corporation.) [HKLM] -- KB975713 O42 - Logiciel: Atualização de Segurança para Windows XP (KB977816) - (.Microsoft Corporation.) [HKLM] -- KB977816 O42 - Logiciel: Atualização de Segurança para Windows XP (KB977914) - (.Microsoft Corporation.) [HKLM] -- KB977914 O42 - Logiciel: Atualização de Segurança para Windows XP (KB978338) - (.Microsoft Corporation.) [HKLM] -- KB978338 O42 - Logiciel: Atualização de Segurança para Windows XP (KB978542) - (.Microsoft Corporation.) [HKLM] -- KB978542 O42 - Logiciel: Atualização de Segurança para Windows XP (KB978706) - (.Microsoft Corporation.) [HKLM] -- KB978706 O42 - Logiciel: Atualização de Segurança para Windows XP (KB979309) - (.Microsoft Corporation.) [HKLM] -- KB979309 O42 - Logiciel: Atualização de Segurança para Windows XP (KB979482) - (.Microsoft Corporation.) [HKLM] -- KB979482 O42 - Logiciel: Atualização de Segurança para Windows XP (KB979687) - (.Microsoft Corporation.) [HKLM] -- KB979687 O42 - Logiciel: Atualização de Segurança para Windows XP (KB981322) - (.Microsoft Corporation.) [HKLM] -- KB981322 O42 - Logiciel: Atualização de Segurança para Windows XP (KB981997) - (.Microsoft Corporation.) [HKLM] -- KB981997 O42 - Logiciel: Atualização de Segurança para Windows XP (KB982132) - (.Microsoft Corporation.) [HKLM] -- KB982132 O42 - Logiciel: Atualização de Segurança para Windows XP (KB982665) - (.Microsoft Corporation.) [HKLM] -- KB982665 O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB2378111) - (.Microsoft Corporation.) [HKLM] -- KB2378111_WM9 O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB952069) - (.Microsoft Corporation.) [HKLM] -- KB952069_WM9 O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB954155) - (.Microsoft Corporation.) [HKLM] -- KB954155_WM9 O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB973540) - (.Microsoft Corporation.) [HKLM] -- KB973540_WM9 O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB975558) - (.Microsoft Corporation.) [HKLM] -- KB975558_WM8 O42 - Logiciel: Atualização de Segurança para o Windows Media Player (KB978695) - (.Microsoft Corporation.) [HKLM] -- KB978695_WM9 O42 - Logiciel: Atualização para Windows XP (KB2345886) - (.Microsoft Corporation.) [HKLM] -- KB2345886 O42 - Logiciel: Atualização para Windows XP (KB2641690) - (.Microsoft Corporation.) [HKLM] -- KB2641690 O42 - Logiciel: Atualização para Windows XP (KB2661254-v2) - (.Microsoft Corporation.) [HKLM] -- KB2661254-v2 O42 - Logiciel: Atualização para Windows XP (KB2718704) - (.Microsoft Corporation.) [HKLM] -- KB2718704 O42 - Logiciel: Atualização para Windows XP (KB2736233) - (.Microsoft Corporation.) [HKLM] -- KB2736233 O42 - Logiciel: Atualização para Windows XP (KB2749655) - (.Microsoft Corporation.) [HKLM] -- KB2749655 O42 - Logiciel: Atualização para Windows XP (KB898461) - (.Microsoft Corporation.) [HKLM] -- KB898461 O42 - Logiciel: Atualização para Windows XP (KB951978) - (.Microsoft Corporation.) [HKLM] -- KB951978 O42 - Logiciel: Atualização para Windows XP (KB955759) - (.Microsoft Corporation.) [HKLM] -- KB955759 O42 - Logiciel: Atualização para Windows XP (KB968389) - (.Microsoft Corporation.) [HKLM] -- KB968389 O42 - Logiciel: Atualização para Windows XP (KB971029) - (.Microsoft Corporation.) [HKLM] -- KB971029 O42 - Logiciel: Atualização para Windows XP (KB973687) - (.Microsoft Corporation.) [HKLM] -- KB973687 O42 - Logiciel: Atualização para Windows XP (KB973815) - (.Microsoft Corporation.) [HKLM] -- KB973815 O42 - Logiciel: Auslogics Disk Defrag - (.Auslogics Software Pty Ltd.) [HKLM] -- {DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1 O42 - Logiciel: BR - (.Corel Corporation.) [HKLM] -- {C57CD366-C6BE-45B5-B5C6-0424E506F1D0} O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: CorelDRAW Graphics Suite X3 - (.Corel Corporation.) [HKLM] -- {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} O42 - Logiciel: FontNav - (.Corel Corporation.) [HKLM] -- {4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE} O42 - Logiciel: Foxit PDF Editor - (.Foxit Corporation.) [HKLM] -- Foxit PDF Editor O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] -- {2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E} O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C} O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: High Definition Audio Driver Package - KB888111 - (.Microsoft Corporation.) [HKLM] -- KB888111WXPSP2 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484 O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: Hotfix para Windows XP (KB2633952) - (.Microsoft Corporation.) [HKLM] -- KB2633952 O42 - Logiciel: Hotfix para Windows XP (KB2756822) - (.Microsoft Corporation.) [HKLM] -- KB2756822 O42 - Logiciel: Hotfix para Windows XP (KB952287) - (.Microsoft Corporation.) [HKLM] -- KB952287 O42 - Logiciel: Hotfix para Windows XP (KB961118) - (.Microsoft Corporation.) [HKLM] -- KB961118 O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI O42 - Logiciel: Java 6 Update 31 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216031FF} O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} O42 - Logiciel: MV RegClean 6.0 - (.Unknown owner.) [HKLM] -- MV RegClean 6.0_is1 O42 - Logiciel: Malwarebytes Anti-Malware versão 1.65.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- ENTERPRISE O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Word MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} O42 - Logiciel: Mozilla Firefox 8.0 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 8.0 (x86 pt-BR) O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService O42 - Logiciel: Mozilla Thunderbird (5.0) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird (5.0) O42 - Logiciel: Mozilla Thunderbird 16.0.2 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird 16.0.2 (x86 pt-BR) O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} O42 - Logiciel: Photo! Editor 1.0 - (.Unknown owner.) [HKLM] -- PhotoToolkit_is1 O42 - Logiciel: REALTEK GbE & FE Ethernet PCI-E NIC Driver - (.Realtek.) [HKLM] -- {C9BED750-1211-4480-B1A5-718A3BE15525} O42 - Logiciel: Revo Uninstaller 1.93 - (.VS Revo Group.) [HKLM] -- Revo Uninstaller O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2604111 O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2657424 O42 - Logiciel: TeamViewer 7 - (.TeamViewer.) [HKLM] -- TeamViewer 7 O42 - Logiciel: Update Manager - (.Corel Corporation.) [HKLM] -- {F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707 O42 - Logiciel: VBA - (.Corel Corporation.) [HKLM] -- {C94E45B0-6AA6-4FB9-9AAE-22085F631880} O42 - Logiciel: VIA Gerenciador de dispositivo de plataforma - (.VIA Technologies, Inc..) [HKLM] -- InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8 O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service Pack O42 - Logiciel: avast! Free Antivirus v7.0.1474.0 - (.AVAST Software.) [HKLM] -- avast ---\\ HKCU & HKLM Software Keys [HKCU\Software\AVAST Software] [HKCU\Software\Ad-Remover] [HKCU\Software\Adobe] [HKCU\Software\Ares] [HKCU\Software\Auslogics] [HKCU\Software\Baixaki] [HKCU\Software\Canon] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\Corel] [HKCU\Software\FIXIO PC Utilities] [HKCU\Software\Foxit Corporation] [HKCU\Software\Google] [HKCU\Software\InstallShield] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\PDFCreator] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\Protexis] [HKCU\Software\Sysinternals] [HKCU\Software\TeamViewer] [HKCU\Software\Thunderbird] [HKCU\Software\VSRevoGroup] [HKCU\Software\VicMan Software] [HKCU\Software\Wget] [HKCU\Software\WinRAR] [HKCU\Software\Wow6432Node] [HKCU\Software\Zylom] [HKCU\Software\alotappbar] [HKLM\Software\781] [HKLM\Software\ALWIL Software] [HKLM\Software\ASUS] [HKLM\Software\AVAST Software] [HKLM\Software\Adobe] [HKLM\Software\AdwCleaner] [HKLM\Software\Bitstream] [HKLM\Software\C07ft5Y] [HKLM\Software\Canon] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Corel] [HKLM\Software\Foxit Software] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Kodak] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\McAfee.com] [HKLM\Software\Mozilla Thunderbird-BackupByThunderbirdPortable] [HKLM\Software\Mozilla Thunderbird] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\RTLSetup] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Schlumberger] [HKLM\Software\Swearware] [HKLM\Software\TeamViewer] [HKLM\Software\TrendMicro] [HKLM\Software\VIA Technologies, Inc] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Wow6432Node] [HKLM\Software\mozilla.org] ~ Scan Softwares in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 06/09/2011 - 09:25:16 - [217,110] ----D C:\Arquivos de programas\Adobe O43 - CFD: 06/09/2011 - 09:09:57 - [277,848] ----D C:\Arquivos de programas\Alwil Software O43 - CFD: 10/05/2012 - 11:44:54 - [6,885] ----D C:\Arquivos de programas\Ares O43 - CFD: 14/11/2012 - 14:28:04 - [237,064] ----D C:\Arquivos de programas\Arquivos comuns O43 - CFD: 06/09/2011 - 09:37:22 - [9,087] ----D C:\Arquivos de programas\ASUS O43 - CFD: 06/09/2011 - 09:23:04 - [8,967] ----D C:\Arquivos de programas\Auslogics O43 - CFD: 06/09/2011 - 09:28:22 - [1,391] ---AD C:\Arquivos de programas\Canon O43 - CFD: 06/09/2011 - 09:51:39 - [3,927] ----D C:\Arquivos de programas\CCleaner O43 - CFD: 05/09/2011 - 18:14:30 - [0] ----D C:\Arquivos de programas\ComPlus Applications O43 - CFD: 08/09/2011 - 17:17:22 - [6,869] ----D C:\Arquivos de programas\Convar O43 - CFD: 22/03/2012 - 16:14:20 - [256,926] ----D C:\Arquivos de programas\Corel O43 - CFD: 30/07/2012 - 12:27:44 - [6,476] ----D C:\Arquivos de programas\Foxit Software O43 - CFD: 16/01/2012 - 15:18:15 - [0] ----D C:\Arquivos de programas\Google O43 - CFD: 06/09/2011 - 09:37:20 - [9,811] --H-D C:\Arquivos de programas\InstallShield Installation Information O43 - CFD: 05/09/2011 - 18:40:20 - [0,074] ----D C:\Arquivos de programas\Intel O43 - CFD: 25/09/2012 - 13:04:20 - [4,317] ----D C:\Arquivos de programas\Internet Explorer O43 - CFD: 15/02/2012 - 17:22:26 - [77,962] ----D C:\Arquivos de programas\Java O43 - CFD: 14/11/2012 - 09:48:17 - [12,630] ----D C:\Arquivos de programas\Malwarebytes' Anti-Malware O43 - CFD: 06/09/2011 - 09:23:24 - [2,536] ----D C:\Arquivos de programas\Marcos Velasco Security O43 - CFD: 16/04/2012 - 08:18:55 - [2,048] ----D C:\Arquivos de programas\Messenger O43 - CFD: 05/09/2011 - 18:17:33 - [0] ----D C:\Arquivos de programas\microsoft frontpage O43 - CFD: 06/09/2011 - 09:19:19 - [324,745] ----D C:\Arquivos de programas\Microsoft Office O43 - CFD: 06/09/2011 - 09:19:12 - [0,014] ----D C:\Arquivos de programas\Microsoft Visual Studio O43 - CFD: 06/09/2011 - 09:19:36 - [3,032] ----D C:\Arquivos de programas\Microsoft Works O43 - CFD: 16/04/2012 - 08:08:51 - [9,864] ----D C:\Arquivos de programas\Movie Maker O43 - CFD: 19/10/2012 - 16:39:11 - [35,672] ----D C:\Arquivos de programas\Mozilla Firefox O43 - CFD: 01/11/2012 - 09:42:52 - [0,212] ----D C:\Arquivos de programas\Mozilla Maintenance Service O43 - CFD: 12/09/2011 - 09:06:05 - [32,225] ----D C:\Arquivos de programas\Mozilla Thunderbird O43 - CFD: 17/04/2012 - 08:13:14 - [0,025] ----D C:\Arquivos de programas\MSBuild O43 - CFD: 05/09/2011 - 18:14:09 - [8,340] ----D C:\Arquivos de programas\MSN Gaming Zone O43 - CFD: 16/04/2012 - 08:08:09 - [0] ----D C:\Arquivos de programas\MSXML 4.0 O43 - CFD: 06/09/2011 - 08:31:15 - [3,131] ----D C:\Arquivos de programas\NetMeeting O43 - CFD: 16/04/2012 - 08:09:13 - [4,155] ----D C:\Arquivos de programas\Outlook Express O43 - CFD: 06/09/2011 - 09:26:13 - [21,438] ----D C:\Arquivos de programas\PDFCreator O43 - CFD: 26/12/2011 - 13:22:43 - [15,839] ----D C:\Arquivos de programas\Photo! O43 - CFD: 08/09/2011 - 11:49:18 - [10,634] ----D C:\Arquivos de programas\PowerDataRecovery O43 - CFD: 05/09/2011 - 18:39:23 - [1,575] ----D C:\Arquivos de programas\Realtek O43 - CFD: 17/04/2012 - 08:13:02 - [34,726] ----D C:\Arquivos de programas\Reference Assemblies O43 - CFD: 05/09/2011 - 18:16:05 - [0,001] ----D C:\Arquivos de programas\Serviços on-line O43 - CFD: 10/02/2012 - 17:38:34 - [22,228] ----D C:\Arquivos de programas\TeamViewer O43 - CFD: 05/09/2011 - 18:21:46 - [0] --H-D C:\Arquivos de programas\Uninstall Information O43 - CFD: 05/09/2011 - 18:42:59 - [34,751] ----D C:\Arquivos de programas\VIA O43 - CFD: 10/02/2012 - 17:32:41 - [6,498] ----D C:\Arquivos de programas\VS Revo Group O43 - CFD: 06/09/2011 - 08:32:45 - [3,367] ----D C:\Arquivos de programas\Windows Media Player O43 - CFD: 06/09/2011 - 08:31:13 - [3,752] ----D C:\Arquivos de programas\Windows NT O43 - CFD: 05/09/2011 - 18:16:09 - [0] --H-D C:\Arquivos de programas\WindowsUpdate O43 - CFD: 05/09/2011 - 18:38:57 - [4,826] ----D C:\Arquivos de programas\WinRAR O43 - CFD: 05/09/2011 - 18:17:33 - [0] ----D C:\Arquivos de programas\xerox O43 - CFD: 16/11/2012 - 08:21:00 - [10,361] ----D C:\Arquivos de programas\ZHPDiag O43 - CFD: 06/06/2012 - 17:41:50 - [11,942] ----D C:\Arquivos de programas\Arquivos comuns\Adobe O43 - CFD: 22/03/2012 - 16:14:20 - [16,555] ----D C:\Arquivos de programas\Arquivos comuns\Corel O43 - CFD: 22/03/2012 - 16:16:30 - [0,195] ----D C:\Arquivos de programas\Arquivos comuns\DESIGNER O43 - CFD: 22/03/2012 - 16:16:50 - [4,648] ----D C:\Arquivos de programas\Arquivos comuns\InstallShield O43 - CFD: 15/02/2012 - 17:23:01 - [1,201] ----D C:\Arquivos de programas\Arquivos comuns\Java O43 - CFD: 22/03/2012 - 16:16:30 - [159,518] ----D C:\Arquivos de programas\Arquivos comuns\Microsoft Shared O43 - CFD: 05/09/2011 - 18:15:25 - [0,271] ----D C:\Arquivos de programas\Arquivos comuns\MSSoap O43 - CFD: 05/09/2011 - 15:07:03 - [0] ----D C:\Arquivos de programas\Arquivos comuns\ODBC O43 - CFD: 05/09/2011 - 18:15:28 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços O43 - CFD: 05/09/2011 - 15:07:00 - [3,612] ----D C:\Arquivos de programas\Arquivos comuns\SpeechEngines O43 - CFD: 06/09/2011 - 08:31:11 - [39,115] ----D C:\Arquivos de programas\Arquivos comuns\System O43 - CFD: 01/11/2012 - 09:42:51 - [62,194] R-H-D C:\Documents and Settings\All Users\Dados de aplicativos O43 - CFD: 14/11/2012 - 09:48:14 - [0,008] ----D C:\Documents and Settings\All Users\Desktop O43 - CFD: 05/09/2011 - 18:14:54 - [527,014] R---D C:\Documents and Settings\All Users\Documentos O43 - CFD: 05/09/2011 - 18:17:06 - [0,003] -SH-D C:\Documents and Settings\All Users\DRM O43 - CFD: 05/09/2011 - 15:06:39 - [0] ----D C:\Documents and Settings\All Users\Favoritos O43 - CFD: 06/09/2011 - 09:23:24 - [0,147] R---D C:\Documents and Settings\All Users\Menu Iniciar O43 - CFD: 05/09/2011 - 15:06:39 - [0] --H-D C:\Documents and Settings\All Users\Modelos O43 - CFD: 12/09/2011 - 10:35:44 - [1,643] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Adobe O43 - CFD: 09/04/2012 - 12:40:23 - [0,301] ----D C:\Documents and Settings\f003407\Dados de aplicativos\alotappbar O43 - CFD: 15/02/2012 - 17:23:10 - [3,316] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Auslogics O43 - CFD: 22/03/2012 - 16:21:21 - [1,299] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Corel O43 - CFD: 16/01/2012 - 15:19:13 - [0,057] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Google O43 - CFD: 06/09/2011 - 10:49:31 - [0] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Identities O43 - CFD: 12/09/2011 - 10:35:44 - [0,015] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Macromedia O43 - CFD: 10/02/2012 - 16:20:43 - [34,033] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Malwarebytes O43 - CFD: 09/04/2012 - 11:26:57 - [15,765] -S--D C:\Documents and Settings\f003407\Dados de aplicativos\Microsoft O43 - CFD: 18/11/2011 - 10:07:55 - [12,386] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Mozilla O43 - CFD: 12/09/2011 - 10:01:43 - [3,773] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Sun O43 - CFD: 10/02/2012 - 17:38:42 - [0,152] ----D C:\Documents and Settings\f003407\Dados de aplicativos\TeamViewer O43 - CFD: 12/09/2011 - 09:08:58 - [0,000] ----D C:\Documents and Settings\f003407\Dados de aplicativos\Thunderbird O43 - CFD: 27/06/2012 - 09:06:29 - [3,438] ----D C:\Documents and Settings\f003407\Dados de aplicativos\U3 O43 - CFD: 22/09/2011 - 18:47:02 - [0] ----D C:\Documents and Settings\f003407\Dados de aplicativos\WinRAR O43 - CFD: 12/09/2011 - 12:11:08 - [12,179] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Adobe O43 - CFD: 10/05/2012 - 11:03:21 - [0,057] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Ares O43 - CFD: 01/11/2012 - 07:57:32 - [0] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Deployment O43 - CFD: 28/09/2012 - 09:23:55 - [474,758] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Google O43 - CFD: 13/09/2011 - 15:58:22 - [0,289] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Identities O43 - CFD: 10/10/2012 - 09:05:06 - [88,450] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft O43 - CFD: 13/09/2011 - 17:19:12 - [0] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Microsoft Help O43 - CFD: 18/11/2011 - 10:07:55 - [52,281] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Mozilla O43 - CFD: 15/10/2012 - 08:54:13 - [0,008] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Thunderbird O43 - CFD: 09/04/2012 - 11:22:04 - [0,002] ----D C:\Documents and Settings\f003407\Configurações locais\Dados de aplicativos\Zoom_Downloader O43 - CFD: 06/09/2011 - 10:49:32 - [0,014] R---D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Acessórios O43 - CFD: 14/11/2012 - 14:20:48 - [0,000] R---D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Ferramentas administrativas O43 - CFD: 05/09/2011 - 15:06:39 - [0,000] R---D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Inicializar O43 - CFD: 10/02/2012 - 17:32:42 - [0,004] ----D C:\Documents and Settings\f003407\Menu Iniciar\Programas\Revo Uninstaller ~ Scan Program Folder in 00mn 08s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.91885427826F422DF5B9D53CD9FF65F9] - 16/11/2012 - 07:14:25 ---A- . (...) -- C:\WINDOWS\setupapi.log [50832] O44 - LFC:[MD5.631E7000D41AF4B438E551AA41648DB3] - 16/11/2012 - 07:12:47 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1285269] O44 - LFC:[MD5.B07ED11A859A7E36F40EA645B85DAFAE] - 16/11/2012 - 07:12:12 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [13646] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/11/2012 - 07:11:55 ---A- . (...) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 16/11/2012 - 07:11:40 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.01FE0C95A4FB6D98EED4C2AFBF362435] - 16/11/2012 - 06:44:13 ---A- . (...) -- C:\WINDOWS\system32\FNTCACHE.DAT [198552] O44 - LFC:[MD5.B29F17DB96564D59D9CB210154C56CD5] - 16/11/2012 - 06:43:21 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [31870] O44 - LFC:[MD5.178A8B5175D4F145F49E550209531B14] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\comsetup.log [287767] O44 - LFC:[MD5.39005FA2CE6BD719B2159C90BDF348BB] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\iis6.log [925023] O44 - LFC:[MD5.CDC3F3218EE1492AA4DD0CCFCB4B8C45] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\imsins.log [1393] O44 - LFC:[MD5.65EAEFAFD98ECCFC889612F61508BEE3] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [173474] O44 - LFC:[MD5.4A04EB7B1C2587E132D25F406482FF1D] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\ocmsn.log [54040] O44 - LFC:[MD5.531ECB4139D935A0BCF8AB0DB35BD7DC] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\tabletoc.log [43540] O44 - LFC:[MD5.456FB71AB5C8AEC798237CF60A8F4EAD] - 16/11/2012 - 06:41:16 ---A- . (...) -- C:\WINDOWS\tsoc.log [394944] O44 - LFC:[MD5.D498CFC2FB99F369068F6C7F06AB07EE] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [865614] O44 - LFC:[MD5.66C4D74720C6ECCDAC7695FEEB4916D6] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\KB2727528.log [11121] O44 - LFC:[MD5.8E7914DC9B409F992B8AFCDD1069F2E4] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [59500] O44 - LFC:[MD5.D5F00FBAA6841277978736490F39A27F] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\msgsocm.log [43260] O44 - LFC:[MD5.2BEFFC5B93980B9720C7CB589428430B] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\msmqinst.log [269536] O44 - LFC:[MD5.98592FCC3DECC19A0EEFE6E581F9B886] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\netfxocm.log [151620] O44 - LFC:[MD5.242561AAA5D1F84A5292632B92021B7F] - 16/11/2012 - 06:41:15 ---A- . (...) -- C:\WINDOWS\ocgen.log [413840] O44 - LFC:[MD5.75CD24CEA8ACA1555177F093054A8724] - 16/11/2012 - 06:41:06 ---A- . (...) -- C:\WINDOWS\KB2761226.log [12445] O44 - LFC:[MD5.A678CE1D4142D0F872AF6E5DDC082D25] - 16/11/2012 - 06:41:06 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1393] O44 - LFC:[MD5.F2CA876D22475DF351217A87FFE55999] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\PerfStringBackup.INI [1018214] O44 - LFC:[MD5.BF0ED0098F6D7D013A7022336B6E26D6] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfc009.dat [67870] O44 - LFC:[MD5.4D01138BD49611F131EAF0E56528F169] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfc016.dat [79662] O44 - LFC:[MD5.17CBA86F2E770B88A9327F7B947A8C08] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfh009.dat [432914] O44 - LFC:[MD5.523ACF284D0CF779DEC5B15D86ACA0A0] - 16/11/2012 - 06:39:42 ---A- . (...) -- C:\WINDOWS\system32\perfh016.dat [468884] O44 - LFC:[MD5.080DFEF99350A937C9CD186A27E8C3C2] - 14/11/2012 - 13:39:31 ---A- . (...) -- C:\ComboFix.txt [13243] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 14/11/2012 - 13:34:47 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.28E131D405455B6E4653F6AFC1708A2B] - 14/11/2012 - 13:23:28 RSHA- . (...) -- C:\boot.ini [327] O44 - LFC:[MD5.753BC16326FEE4A421ACB636CCD602F4] - 14/11/2012 - 13:21:15 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [60416] O44 - LFC:[MD5.A46842C9B0C567A5A9584E83A163560C] - 14/11/2012 - 13:21:15 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [518144] O44 - LFC:[MD5.0297C72529807322B152F517FDB0A9FC] - 14/11/2012 - 13:21:15 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [406528] O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 14/11/2012 - 13:21:15 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480] O44 - LFC:[MD5.FA579938B0733B87066546AFE951082C] - 14/11/2012 - 13:05:48 ---A- . (...) -- C:\Boot.bak [211] O44 - LFC:[MD5.C124E332FE3F0E737B865EDA0E90D5BF] - 14/11/2012 - 13:05:48 ---A- . (...) -- C:\WINDOWS\win.ini [498] O44 - LFC:[MD5.4FBC3F271CDCA4D74ACECC84EE539DD3] - 14/11/2012 - 13:00:32 ---A- . (...) -- C:\hijackthis.log [6725] O44 - LFC:[MD5.9A2347903D6EDB84C10F288BC0578C1C] - 14/11/2012 - 12:59:31 ---A- . (.Trend Micro Inc. - HijackThis.) -- C:\HiJackThis.exe [388608] O44 - LFC:[MD5.F3A4DEC88AEB5B264897EEC4D3B665C7] - 14/11/2012 - 09:16:17 ---A- . (...) -- C:\AdwCleaner[s2].txt [1481] O44 - LFC:[MD5.500D089CE760D83DA2B6CBA681AA9949] - 14/11/2012 - 08:48:11 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbam.sys [22856] O44 - LFC:[MD5.65360A0EEF9FD4750267EC22A3ED4EE7] - 14/11/2012 - 08:45:41 ---A- . (...) -- C:\WINDOWS\system32\CONFIG.NT [3018] O44 - LFC:[MD5.B55346B10464FFEE7722B3CE2B840DE3] - 07/11/2012 - 16:08:18 ---A- . (...) -- C:\WINDOWS\wmsetup.log [51056] O44 - LFC:[MD5.E3E73B2B73A4DFADFDDF557192C4B08A] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\Drivers\aswTdi.sys [54232] O44 - LFC:[MD5.7C9F0A2AB17D52261A9252A2EB320884] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! TDI Redirect Driver.) -- C:\WINDOWS\system32\Drivers\aswRdr.sys [35928] O44 - LFC:[MD5.B32E9AD44A1DBB3E8095E80F8DF32B03] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\WINDOWS\system32\Drivers\aswSnx.sys [738504] O44 - LFC:[MD5.67B558895695545FB0568B7541F3BCA7] - 30/10/2012 - 19:51:58 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\Drivers\aswSP.sys [361032] O44 - LFC:[MD5.B8236CDC3E9862F037B1F83E352BDF94] - 30/10/2012 - 19:51:57 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\system32\Drivers\aswmon.sys [89752] O44 - LFC:[MD5.84F0BE324EE111338589F448C3E8BAB2] - 30/10/2012 - 19:51:57 ---A- . (.AVAST Software - avast! File System Filter Driver for Window.) -- C:\WINDOWS\system32\Drivers\aswmon2.sys [97608] O44 - LFC:[MD5.149A8F7ADF9742554DC323E290551E3E] - 30/10/2012 - 19:51:56 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [25256] O44 - LFC:[MD5.DE6ED95AEF259979B2830450072A627B] - 30/10/2012 - 19:51:56 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\Drivers\aswFsBlk.sys [21256] O44 - LFC:[MD5.74D55DED81C61871F0DB7F3A63A4D312] - 30/10/2012 - 19:51:07 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\WINDOWS\avastSS.scr [41224] O44 - LFC:[MD5.A4B4FE50CCA23B38688003EA85A30EF6] - 30/10/2012 - 19:50:59 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\WINDOWS\system32\aswBoot.exe [227648] O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/06/2011 - 03:45:56 ---A- . (...) -- C:\WINDOWS\PEV.exe [256000] O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 07/11/2010 - 14:20:24 ---A- . (...) -- C:\WINDOWS\MBR.exe [208896] O44 - LFC:[MD5.C51A881398F29071239741AE16D07C1C] - 03/08/2004 - 22:00:16 RSHA- . (...) -- C:\cmldr [261856] O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 30/08/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 30/08/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 30/08/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\zip.exe [68096] ~ Scan Files in 00mn 08s ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ Scan ShellExecuteHooks in 00mn 00s ---\\ Export authorized application key (O47) O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TeamViewer\Version7\TeamViewer.exe" [Enabled] .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe" [Enabled] .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Ares\Ares.exe" [Enabled] .(.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation - Network Diagnostic for Windows XP.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe ~ Scan Keys in 00mn 00s ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\WINDOWS\system32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll ~ Scan Keys in 00mn 00s ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.) ~ Scan CSB in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ Scan IFEO in 00mn 00s ---\\ MountPoints2 Shell Key (MPKS) (O51) (None) ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec de áudio DSP Group TrueSpeech para MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm ~ Scan Keys in 00mn 00s ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe O53 - SMSR:HKLM\...\startupreg\ASUS Update Checker [Key] . (.Unknown owner - UpdateChecker MFC Application.) -- C:\Arquivos de programas\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe O53 - SMSR:HKLM\...\startupreg\ctfmon.exe [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O53 - SMSR:HKLM\...\startupreg\HDAudDeck [Key] . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O53 - SMSR:HKLM\...\startupreg\ISUSPM Startup [Key] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe O53 - SMSR:HKLM\...\startupreg\ISUSScheduler [Key] . (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe O53 - SMSR:HKLM\...\startupreg\MSMSGS [Key] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ~ Scan SMSR Keys in 00mn 00s ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0 ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0 ~ Scan Keys in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.149A8F7ADF9742554DC323E290551E3E] - 30/10/2012 - 19:51:56 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [25256] O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 02/03/2006 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032] ~ Scan Drivers in 00mn 00s ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\Aavmker4.sys (Aavmker4) .(.AVAST Software - avast! Base Kernel-Mode Device Driver for W.) - LEGACY_AAVMKER4 O64 - Services: CurCS - 10/10/2012 - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (AdobeFlashPlayerUpdateSvc) .(.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.4 r4.) - LEGACY_ADOBEFLASHPLAYERUPDATESVC O64 - Services: CurCS - 17/12/2007 - C:\WINDOWS\system32\drivers\AsIO.sys - AsIO (AsIO) .(...) - LEGACY_ASIO O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswFsBlk.sys (aswFsBlk) .(.AVAST Software - avast! File System Access Blocking Driver.) - LEGACY_ASWFSBLK O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswMon2.sys (aswMon2) .(.AVAST Software - avast! File System Filter Driver for Window.) - LEGACY_ASWMON2 O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswRdr.sys (aswRdr) .(.AVAST Software - avast! TDI Redirect Driver.) - LEGACY_ASWRDR O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswSnx.sys (aswSnx) .(.AVAST Software - avast! Virtualization Driver.) - LEGACY_ASWSNX O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswSP.sys (aswSP) .(.AVAST Software - avast! self protection module.) - LEGACY_ASWSP O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\aswTdi.sys (aswTdi) .(.AVAST Software - avast! TDI Filter Driver.) - LEGACY_ASWTDI O64 - Services: CurCS - 30/10/2012 - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (avast! Antivirus) .(.AVAST Software - avast! Service.) - LEGACY_AVAST!_ANTIVIRUS O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\drivers\dmboot.sys (dmboot) .(.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) - LEGACY_DMBOOT O64 - Services: CurCS - 02/03/2006 - C:\WINDOWS\system32\drivers\dmload.sys (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD O64 - Services: CurCS - 06/09/2011 - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (gupdate) .(.Google Inc. - Google Installer.) - LEGACY_GUPDATE O64 - Services: CurCS - 06/09/2011 - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (gupdatem) .(.Google Inc. - Google Installer.) - LEGACY_GUPDATEM O64 - Services: CurCS - 27/08/2012 - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc) .(.Google - gusvc.) - LEGACY_GUSVC O64 - Services: CurCS - 15/02/2012 - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE ~ Scan Services in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <ChromeHTML>[HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe ~ Scan Keys in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (.not file.) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (.not file.) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe (.not file.) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\WINDOWS\system32\ie4uinit.exe (.not file.) ~ Scan Keys in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {78A9BE32-EF0D-47C6-97E3-794B397CD3AA} [DefaultScope] - (Google) - http://www.google.com ~ Scan Keys in 00mn 00s ---\\ Search Svchost Services (SSS) (O83) O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\WINDOWS\system32\appmgmts.dll [172032] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496] O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [78336] O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464] O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Dll do serviço do Gerenciador de discos lógicos.) -- C:\WINDOWS\system32\dmserver.dll [23552] O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Serviço do Cliente DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll [126976] O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040] O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - No comment.) -- C:\WINDOWS\system32\es.dll [253952] O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: HidServ (HidServ) . (...) -- C:\WINDOWS\system32\hidserv.dll [0] O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [99840] O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [132096] O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792] O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gerenciador de conexões de rede.) -- C:\WINDOWS\system32\netman.dll [198144] O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll [247808] O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gerenciador de armazenamento removível.) -- C:\WINDOWS\system32\ntmssvc.dll [437248] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248] O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Mecanismo do 'Agendador de tarefas'.) -- C:\WINDOWS\system32\schedsvc.dll [193536] O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\WINDOWS\system32\seclogon.dll [18944] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\WINDOWS\system32\ipnathlp.dll [331264] O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Serviço de restauração do sistema.) -- C:\WINDOWS\system32\srsvc.dll [171520] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\WINDOWS\system32\tapisrv.dll [249856] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112] O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\WINDOWS\system32\w32time.dll [176128] O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Serviço de configuração zero sem fio.) -- C:\WINDOWS\system32\wzcsvc.dll [483840] O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API de base do Windows 32 avançada.) -- C:\WINDOWS\system32\advapi32.dll [683520] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408] O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896] O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\WINDOWS\system32\qmgr.dll [409088] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400] O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Provedor de Serviços do Dispositivo de Mídia Microsoft.) -- C:\WINDOWS\system32\mspmsnsv.dll [52736] O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Tempo de Execução de Serviço de Agente de Quarentena.) -- C:\WINDOWS\system32\qagentrt.dll [292864] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\WINDOWS\system32\kmsvc.dll [61440] ~ Scan Services in 00mn 01s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.E897110EE5E67FABB83B154DF9C68D6A] [sPRF][16/11/2012] (...) -- C:\Documents and Settings\f003407\Desktop\ZHPDiag_silent.exe [794216] [MD5.AE326A97F634217CAC29739D376DF934] [sPRF][15/08/2011] (...) -- C:\Documents and Settings\f003407\Desktop\ZHP_uninstall.exe [344187] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608] [MD5.FB30D948346F9367A83DFE5BAB2668F8] [sPRF][22/08/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r183.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3126944] [MD5.B8F39C9E0F0B71E454DBA431CF3B99C9] [sPRF][11/08/2005] (.Macrovision Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [417792] [MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [sPRF][29/08/2006] (.Zylom Games - Zylom Games Player.) -- C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll [161976] ~ Scan Files in 00mn 00s ---\\ Router Hijack DNS (O89) (None) ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 10/10/2012 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Auto 06/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 06/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 27/08/2012 194032 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 15/02/2012 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe SS - | Demand 01/11/2012 115168 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe ~ Scan Services in 00mn 02s ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by f003407 at 16/11/2012 08:21:34 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Harddisk0\DR0[0x8654CAB8] 3 CLASSPNP[0xF75FEFD7] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\00000065[0x865E0030] 5 ACPI[0xF7495620] -> ntkrnlpa!IofCallDriver[0x804EF1F0] -> \Device\Ide\IdeDeviceP2T0L0-5[0x86500940] kernel: MBR read successfully user & kernel MBR OK ~ Scan MBR in 00mn 02s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by f003407 at 16/11/2012 08:21:36 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ Scan MBR in 00mn 04s End of the scan (1187 lines in 00mn 59s)(0) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 16, 2012 Bom Dia! Edvan P.S: A ferramenta combofix pode ser utilizada assim como o Malwarebytes nas maquinas que estão contaminadas? ou é uma ferramenta que tem que passar sobe orientação de vcs analistas? |- Somente a ferramenta ComboFix deve ter supervisão,mas como você tem experiência no seu manuseio...pode utilizá-la. -/- |- Feche programas/pastas que estejam abertas. |- Feche,também,o navegador! |- Para Windows Vista,desabilite a UAC. |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador. |- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas". O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Orphean Key O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} Orphean Key O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Orphean Key O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} Orphean Key O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) -- (.not file.) O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (...) -- (.not file.) [HKLM\Software\Swearware] [HKCU\Software\Ad-Remover] emptytemp emptyflash proxyfix firewallraz |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C" |- Minimize o Bloco de Notas. |- Clique no menu,"Paste ClipBoard". |- Clique em "GO" -> Oui. |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento. |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Novembro 20, 2012 |- Somente a ferramenta ComboFix deve ter supervisão,mas como você tem experiência no seu manuseio...pode utilizá-la. OK. amigo. :thumbsup: Sobre a maquina, está bem melhor. :grin: Mais algum procedimento? Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012 Fichier d'export Registre : Run by f003407 at 20/11/2012 08:02:10 Windows XP Professional Service Pack 3 (Build 2600) Web site : http://nicolascoolman.skyrock.com/ ========== Registry Key ========== DELETED Key: CLSID BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} DELETED Key: CLSID BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} DELETED Key: CLSID BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} DELETED Key: CLSID BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} DELETED Key: HKLM\Software\Swearware DELETED Key: HKCU\Software\Ad-Remover ========== Registry Value ========== DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} DELETED Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} ProxyFix : Proxy killed successfully DELETED ProxyServer Value DELETED ProxyEnable Value DELETED EnableHttp1_1 Value DELETED ProxyHttp1.1 Value DELETED ProxyOverride Value DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe No Value in Firewall Exception Register Key (FirewallRaz) ========== Repertory ========== DELETED Window Temporary: DELETED Flash Cookies: ========== File ========== DELETED Window Temporary: DELETED Flash Cookies: ========== Summary ========== 9 : Registry Key 13 : Registry Value 2 : Repertory 2 : File End of clean in 00mn 04s ========== Report File ========== C:\ZHP\ZHPFix[R1].txt - 20/11/2012 08:02:11 [1784] Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 20, 2012 Boa Noite! Edvan Edvan, em 20 novembro 2012 - 09:04 , disse: Mais algum procedimento? |- Caso queira,execute a verificação de seu computador,com EsetNod32. -/- |- Desinstale ZHPDiag,clicando em "ZHP_uninstall". -/- |- Execute escaneamento online em | | |- Utilize o navegador "Internet Explorer",para essa tarefa! |- Siga,conforme a imagem,essa verificação ou scan. |- Ao concluir,clique em "List of found threats" >> "Export to text file" |- Salve esse texto no desktop,com o nome: Esetlog |- Ps: Caso nada seja detectado,não teremos relatório ou lista presente. |- Poste o relatório que estará no desktop! ( Esetlog.txt ) Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Novembro 24, 2012 pode fechar o tópico amigo. a maquina esta ok. :thumbsup: Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 24, 2012 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites