Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

VandreBorges

[Resolvido]  Log para Analise / Possivel Keylogge

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:35:20, on 24/11/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Windows\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tibia.com/news/?subtopic=latestnews

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [AMD AVT] "Cmd.exe" /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [Google Update] "C:\Users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: CurseClientStartup.ccip

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe

 

--

End of file - 9019 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá VandreBorges

 

 

:seta: Faça um scan online com o NOD32

 

th_Nod32.gif

 

*Ao término cole o relatório criado em C:\Program Files (x86)\ESET\ESET Online Scanner\log

Compartilhar este post


Link para o post
Compartilhar em outros sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

DLL:pipe not connected. attempts=120

DLL:pipe not connected. attempts=120

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-11-26 04:48:12

# local_time=2012-11-26 02:48:12 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 57687166 105492639 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16776893 100 13 0 0 0 0

# scanned=193706

# found=2

# cleaned=2

# scan_time=2902

C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

---------------------------------

Estou com Firewall ZoneAlarm, e ta pior que msn no dia de sabado, toda hora esta popando algum pacote bloqueado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

 

:seta: Informe ou cole o que está sendo bloqueado pelo ZoneAlarm.

 

 

:seta: Baixe o ZHPDiag_silent (...de H3RV3) e salve-o no Desktop (Área de Trabalho)

 

*Mantenha-se conectado a internet

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Aguarde o download e a execução do programa

 

*Ao término uma janela contendo um link surgirá. Clique [Copier] e cole o link.

 

abi6rX9e.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

ZoneAlarm Logging Client v11.0.000.020

Windows 7 x64-6.1.7601-Service Pack 1-SMP

type,date,time,source,destination,transport (Security)

type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)

type,date,time,source,destination,action,service (IM Security)

type,date,time,source,destination,program,action (Malicious Code Protection)

type,date,time,action,product,file,event,subevent,class,data,data,... (OSFirewall)

type,date,time,name,type,mode (Anti-Spyware)

PE,2012/11/23,19:30:22 -2:00 GMT,TeamSpeak 3 Client,C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe,54.243.128.29:41144,N/A,http://pralerts.zonealarm.com/pralerts/pranalyze.jsp?PN=&VER=&FN=&Size=0&MD5=35000000f8da7c03ae69d360707eee04&SKIMP=35000000f8da7c03ae69d360707eee04&&RIPA=&RP=47264&Connect=1&Pgmstatus=1&Zone=2&Keycode=j5hvqhisiu3s4he7bhx644bu4g0&Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=1&PU=1&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046

OSFW,2012/11/23,19:30:32 -2:00 GMT,UNKNOWN(0),aswRunDll.exe,C:\Program Files\AVAST Software\Avast\aswRunDll.exe,PROCESS,SPAWNPROCESS,,C:\Program Files\AVAST Software\Avast\Setup\avast.setup,8000046a,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=aswRunDll.exe&VER=10%2F02%2F2011+16%3A30%3A04&FN=aswRunDll.exe&Created=3e4a83c2&Size=107568&MD5=92b476dd52794881a4b91a5529c2706b&SKIMP=90f6e252376c8808e5235e65613099e4&&CT=6003&EV=1&SUB=3&SEV=3&ARG1=C%3A%5CProgram+Files%5CAVAST+Software%5CAvast%5CSetup%5Cavast.setup&ARG2=8000046a

OSFW,2012/11/23,19:30:32 -2:00 GMT,ALLOWED,aswRunDll.exe,C:\Program Files\AVAST Software\Avast\aswRunDll.exe,PROCESS,SPAWNPROCESS,,C:\Program Files\AVAST Software\Avast\Setup\avast.setup,8000046a,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=aswRunDll.exe&VER=10%2F02%2F2011+16%3A30%3A04&FN=aswRunDll.exe&Created=3e4a83c2&Size=107568&MD5=92b476dd52794881a4b91a5529c2706b&SKIMP=90f6e252376c8808e5235e65613099e4&&CT=6003&EV=1&SUB=3&SEV=3&ARG1=C%3A%5CProgram+Files%5CAVAST+Software%5CAvast%5CSetup%5Cavast.setup&ARG2=8000046a

OSFW,2012/11/23,19:31:36 -2:00 GMT,UNKNOWN(0),avast! antivirus Update,C:\Program Files\AVAST Software\Avast\Setup\avast.setup,PROCESS,OPENPROCESS,,C:\Program Files\AVAST Software\Avast\Setup\Inf\x64\netcfg_x64.exe,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=avast!+antivirus+Update&VER=7.0.1474.765&FN=avast.setup&Created=415ea663&Size=6527128&MD5=893f8e81d1117c48cb9d6e9e5f64bab1&SKIMP=7a0feb70584d1fb9bbde90506b8f80b1&&CT=6001&EV=1&SUB=1&SEV=3&ARG1=C%3A%5CProgram+Files%5CAVAST+Software%5CAvast%5CSetup%5CInf%5Cx64%5Cnetcfg_x64.exe

OSFW,2012/11/23,19:31:36 -2:00 GMT,ALLOWED,avast! antivirus Update,C:\Program Files\AVAST Software\Avast\Setup\avast.setup,PROCESS,OPENPROCESS,,C:\Program Files\AVAST Software\Avast\Setup\Inf\x64\netcfg_x64.exe,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=avast!+antivirus+Update&VER=7.0.1474.765&FN=avast.setup&Created=415ea663&Size=6527128&MD5=893f8e81d1117c48cb9d6e9e5f64bab1&SKIMP=7a0feb70584d1fb9bbde90506b8f80b1&&CT=6001&EV=1&SUB=1&SEV=3&ARG1=C%3A%5CProgram+Files%5CAVAST+Software%5CAvast%5CSetup%5CInf%5Cx64%5Cnetcfg_x64.exe

OSFW,2012/11/23,19:31:36 -2:00 GMT,UNKNOWN(0),Console Window Host,C:\Windows\System32\conhost.exe,PROCESS,OPENPROCESS,,C:\Program Files\AVAST Software\Avast\Setup\Inf\x64\netcfg_x64.exe,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Console+Window+Host&VER=6.1.7601.17514&FN=conhost.exe&Created=3d750afb&Size=337920&MD5=bd51024fb014064bc9fe8c715c18392f&SKIMP=f53bf1a3d5b05c8378beda3e32a10558&&CT=6001&EV=1&SUB=1&SEV=3&ARG1=C%3A%5CProgram+Files%5CAVAST+Software%5CAvast%5CSetup%5CInf%5Cx64%5Cnetcfg_x64.exe

OSFW,2012/11/23,19:31:36 -2:00 GMT,ALLOWED,Console Window Host,C:\Windows\System32\conhost.exe,PROCESS,OPENPROCESS,,C:\Program Files\AVAST Software\Avast\Setup\Inf\x64\netcfg_x64.exe,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Console+Window+Host&VER=6.1.7601.17514&FN=conhost.exe&Created=3d750afb&Size=337920&MD5=bd51024fb014064bc9fe8c715c18392f&SKIMP=f53bf1a3d5b05c8378beda3e32a10558&&CT=6001&EV=1&SUB=1&SEV=3&ARG1=C%3A%5CProgram+Files%5CAVAST+Software%5CAvast%5CSetup%5CInf%5Cx64%5Cnetcfg_x64.exe

OSFW,2012/11/23,19:31:56 -2:00 GMT,UNKNOWN(0),avast! RegSvr,C:\Program Files\AVAST Software\Avast\aswRegSvr.exe,REGISTRY,SETKEY,,HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=avast!+RegSvr&VER=7.0.1474.765&FN=aswRegSvr.exe&Created=415ea648&Size=47832&MD5=c0fa215167a0e5f8f137704bc45efb1b&SKIMP=f3e9a2f3b071b1253c7f8fa74e6a1923&&CT=4018&EV=4&SUB=10&SEV=2&ARG1=HKLM%5CSOFTWARE%5CMICROSOFT%5CWINDOWS%5CCURRENTVERSION%5CEXPLORER%5CBROWSER+HELPER+OBJECTS

OSFW,2012/11/23,19:31:56 -2:00 GMT,ALLOWED,avast! RegSvr,C:\Program Files\AVAST Software\Avast\aswRegSvr.exe,REGISTRY,SETKEY,,HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=avast!+RegSvr&VER=7.0.1474.765&FN=aswRegSvr.exe&Created=415ea648&Size=47832&MD5=c0fa215167a0e5f8f137704bc45efb1b&SKIMP=f3e9a2f3b071b1253c7f8fa74e6a1923&&CT=4018&EV=4&SUB=10&SEV=2&ARG1=HKLM%5CSOFTWARE%5CMICROSOFT%5CWINDOWS%5CCURRENTVERSION%5CEXPLORER%5CBROWSER+HELPER+OBJECTS

OSFW,2012/11/23,19:32:18 -2:00 GMT,UNKNOWN(0),Program Compatibility Assistant,C:\Windows\System32\pcalua.exe,PROCESS,SPAWNPROCESS,,C:\Program Files\AVAST Software\Avast\aswRunDll.exe,80000468,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Program+Compatibility+Assistant&VER=6.1.7600.16385&FN=pcalua.exe&Created=3aedbcee&Size=9728&MD5=2549089234e799d510296d327ea2b679&SKIMP=38cf35b6946f924c0ae2c584b381b516&&CT=6003&EV=1&SUB=3&SEV=3&ARG1=C%3A%5CProgram+Files%5CAVAST+Software%5CAvast%5CaswRunDll.exe&ARG2=80000468

OSFW,2012/11/23,19:32:18 -2:00 GMT,ALLOWED,Program Compatibility Assistant,C:\Windows\System32\pcalua.exe,PROCESS,SPAWNPROCESS,,C:\Program Files\AVAST Software\Avast\aswRunDll.exe,80000468,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Program+Compatibility+Assistant&VER=6.1.7600.16385&FN=pcalua.exe&Created=3aedbcee&Size=9728&MD5=2549089234e799d510296d327ea2b679&SKIMP=38cf35b6946f924c0ae2c584b381b516&&CT=6003&EV=1&SUB=3&SEV=3&ARG1=C%3A%5CProgram+Files%5CAVAST+Software%5CAvast%5CaswRunDll.exe&ARG2=80000468

FWIN,2012/11/23,18:21:04 -2:00 GMT,192.168.1.100:50748,192.168.1.101:445,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWTAqAFlxjwAAAG9AAABAAAAAQAAAAIAAAABAAAAooYBADAxMDIWBAIAAQANAQIPmEIAAAAAAAACQAAA//8Q+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWIN,2012/11/23,18:21:04 -2:00 GMT,192.168.1.100:50751,192.168.1.101:445,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWTAqAFlxj8AAAG9AAABAAAAAQAAAAIAAAABAAAAooYBADAxMDIWBAIAAQANAQIbmEIAAAAAAAACQAAA//8Q+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWIN,2012/11/23,18:21:04 -2:00 GMT,192.168.1.100:50752,192.168.1.101:445,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWTAqAFlxkAAAAG9AAABAAAAAQAAAAIAAAABAAAAooYBADAxMDIWBAIAAQANAQJBmEIAAAAAAAACQAAA//8Q+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:53875,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0nMAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJrWUYAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:53919,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0p8AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJ/q0YAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:53963,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0ssAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQLF/UYAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:53968,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0tAAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQLUT0cAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:53971,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0tMAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQIbokcAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:53974,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0tYAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQId90cAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:53978,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0toAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJHSUgAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:53983,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0t8AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJem0gAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54031,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0w8AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQL+YkkAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54033,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0xEAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQIOtUkAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54051,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0yMAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJLB0oAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54064,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0zAAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJhWUoAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54067,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0zMAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQKxq0oAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54075,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0zsAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQK6/UoAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54077,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0z0AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQL2T0sAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54079,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0z8AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQICoksAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54105,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk01kAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQKPaUwAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54106,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk01oAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQKYu0wAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54109,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk010AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQLyDU0AAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54110,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk014AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQIHYE0AAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54111,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk018AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJWsk0AAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54116,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk02QAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJjBE4AAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54117,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk02UAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQK4Vk4AAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54118,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk02YAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQLFqE4AAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54122,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk02oAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJhcE8AAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54127,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk028AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJqwk8AAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54140,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk03wAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQKrFFAAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

OSFW,2012/11/23,19:48:40 -2:00 GMT,UNKNOWN(0),Microsoft Windows Search Indexer,C:\Windows\System32\SearchIndexer.exe,PROCESS,OPENPROCESS,,C:\Windows\system32\SearchProtocolHost.exe,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Microsoft+Windows+Search+Indexer&VER=7.00.7600.16385&FN=SearchIndexer.exe&Created=3aedbcf3&Size=593408&MD5=ad31942bdf3d594c404874613bc2fe4d&SKIMP=cc35f8a5d75880bc42cd9e43d356922d&&CT=6001&EV=1&SUB=1&SEV=3&ARG1=C%3A%5CWindows%5Csystem32%5CSearchProtocolHost.exe

OSFW,2012/11/23,19:48:40 -2:00 GMT,ALLOWED,Microsoft Windows Search Indexer,C:\Windows\System32\SearchIndexer.exe,PROCESS,OPENPROCESS,,C:\Windows\system32\SearchProtocolHost.exe,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Microsoft+Windows+Search+Indexer&VER=7.00.7600.16385&FN=SearchIndexer.exe&Created=3aedbcf3&Size=593408&MD5=ad31942bdf3d594c404874613bc2fe4d&SKIMP=cc35f8a5d75880bc42cd9e43d356922d&&CT=6001&EV=1&SUB=1&SEV=3&ARG1=C%3A%5CWindows%5Csystem32%5CSearchProtocolHost.exe

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54152,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk04gAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQK7ZlAAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

OSFW,2012/11/23,19:48:56 -2:00 GMT,UNKNOWN(0),wow_helper.exe,C:\Users\Windows\AppData\Local\Google\Chrome\Application\wow_helper.exe,PROCESS,OPENPROCESS,,C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=wow_helper.exe&VER=28%2F04%2F2012+00%3A07%3A04&FN=wow_helper.exe&Created=409c00e2&Size=72688&MD5=454d9f6b2750a8a435f4b86d4f9218d1&SKIMP=d1e9221c49c3dadba546f22f800cc9f4&&CT=6001&EV=1&SUB=1&SEV=3&ARG1=C%3A%5CUsers%5CWindows%5CAppData%5CLocal%5CGoogle%5CChrome%5CApplication%5Cchrome.exe

OSFW,2012/11/23,19:48:56 -2:00 GMT,ALLOWED,wow_helper.exe,C:\Users\Windows\AppData\Local\Google\Chrome\Application\wow_helper.exe,PROCESS,OPENPROCESS,,C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=wow_helper.exe&VER=28%2F04%2F2012+00%3A07%3A04&FN=wow_helper.exe&Created=409c00e2&Size=72688&MD5=454d9f6b2750a8a435f4b86d4f9218d1&SKIMP=d1e9221c49c3dadba546f22f800cc9f4&&CT=6001&EV=1&SUB=1&SEV=3&ARG1=C%3A%5CUsers%5CWindows%5CAppData%5CLocal%5CGoogle%5CChrome%5CApplication%5Cchrome.exe

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54223,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk088AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQIPuVAAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54224,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk09AAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQIfC1EAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54228,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk09QAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJiXVEAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54230,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk09YAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJsr1EAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54231,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk09cAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQIBd1IAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54232,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk09gAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQIOyVIAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54233,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk09kAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJPG1MAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54235,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk09sAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJibVMAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54236,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk09wAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQLIv1MAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54250,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0+oAAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQLfEVQAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54253,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0+0AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQIzZFQAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

FWOUT,2012/11/23,18:21:04 -2:00 GMT,192.168.1.101:54255,192.168.1.100:139,TCP (flags:S),http://fwalerts.zonealarm.com/fwalerts/fwanalyze.jsp?V103=AcCoAWXAqAFk0+8AAACLAAABAAAAAQAAAAIAAAABAAAAoYYBADAxMDIWBAIAAQANAQJBtlQAAAAAAAABQAAA//8B+ZLN29778333669860-1001,,,,Windows+7+x64-6.1.7601-Service+Pack+1-SMP,11.0.000.020,ExtBlockAll2,j5hvqhisiu3s4he7bhx644bu4g0,2,,&CL=en&OEM=1001&SKU=0&Mode=6&Product=ZoneAlarm

OSFW,2012/11/23,19:54:36 -2:00 GMT,UNKNOWN(0),Au_.exe,C:\Users\Windows\AppData\Local\Temp\~nsu.tmp\Au_.exe,PROCESS,SPAWNPROCESS,,C:\Program Files\BitComet\tools\BitCometService.exe,80000487,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Au_.exe&VER=05%2F05%2F2012+22%3A54%3A42&FN=Au_.exe&Created=40a5b6d5&Size=464889&MD5=2ceb37086c3e98b84398d0e995c231d8&SKIMP=46554f6535fa4a3b7e633859c09055a1&&CT=6003&EV=1&SUB=3&SEV=3&ARG1=C%3A%5CProgram+Files%5CBitComet%5Ctools%5CBitCometService.exe&ARG2=80000487

OSFW,2012/11/23,19:54:36 -2:00 GMT,ALLOWED,Au_.exe,C:\Users\Windows\AppData\Local\Temp\~nsu.tmp\Au_.exe,PROCESS,SPAWNPROCESS,,C:\Program Files\BitComet\tools\BitCometService.exe,80000487,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Au_.exe&VER=05%2F05%2F2012+22%3A54%3A42&FN=Au_.exe&Created=40a5b6d5&Size=464889&MD5=2ceb37086c3e98b84398d0e995c231d8&SKIMP=46554f6535fa4a3b7e633859c09055a1&&CT=6003&EV=1&SUB=3&SEV=3&ARG1=C%3A%5CProgram+Files%5CBitComet%5Ctools%5CBitCometService.exe&ARG2=80000487

OSFW,2012/11/23,19:54:36 -2:00 GMT,UNKNOWN(0),Au_.exe,C:\Users\Windows\AppData\Local\Temp\~nsu.tmp\Au_.exe,PROCESS,OPENPROCESS,,C:\Program Files\BitComet\tools\BitCometService.exe,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Au_.exe&VER=05%2F05%2F2012+22%3A54%3A42&FN=Au_.exe&Created=40a5b6d5&Size=464889&MD5=2ceb37086c3e98b84398d0e995c231d8&SKIMP=46554f6535fa4a3b7e633859c09055a1&&CT=6001&EV=1&SUB=1&SEV=3&ARG1=C%3A%5CProgram+Files%5CBitComet%5Ctools%5CBitCometService.exe

OSFW,2012/11/23,19:54:36 -2:00 GMT,ALLOWED,Au_.exe,C:\Users\Windows\AppData\Local\Temp\~nsu.tmp\Au_.exe,PROCESS,OPENPROCESS,,C:\Program Files\BitComet\tools\BitCometService.exe,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Au_.exe&VER=05%2F05%2F2012+22%3A54%3A42&FN=Au_.exe&Created=40a5b6d5&Size=464889&MD5=2ceb37086c3e98b84398d0e995c231d8&SKIMP=46554f6535fa4a3b7e633859c09055a1&&CT=6001&EV=1&SUB=1&SEV=3&ARG1=C%3A%5CProgram+Files%5CBitComet%5Ctools%5CBitCometService.exe

OSFW,2012/11/23,19:54:38 -2:00 GMT,UNKNOWN(0),Au_.exe,C:\Users\Windows\AppData\Local\Temp\~nsu.tmp\Au_.exe,REGISTRY,DELVALUE,,HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN,BitComet,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Au_.exe&VER=05%2F05%2F2012+22%3A54%3A42&FN=Au_.exe&Created=40a5b6d5&Size=464889&MD5=2ceb37086c3e98b84398d0e995c231d8&SKIMP=46554f6535fa4a3b7e633859c09055a1&&CT=4004&EV=4&SUB=11&SEV=2&ARG1=HKLM%5CSOFTWARE%5CMICROSOFT%5CWINDOWS%5CCURRENTVERSION%5CRUN&ARG2=BitComet

OSFW,2012/11/23,19:54:38 -2:00 GMT,ALLOWED,Au_.exe,C:\Users\Windows\AppData\Local\Temp\~nsu.tmp\Au_.exe,REGISTRY,DELVALUE,,HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN,BitComet,http://osalerts.zonealarm.com/osanalyze.jsp?Product=ZoneAlarm&ProductVersion=11.0.000.020&HU100=ZLN29778333669860-1001&CL=en&OEM=1001&SKU=0&Mode=6&QSRC=2&OS=Windows+7+x64-6.1.7601-Service+Pack+1-SMP&LANG=1046&PN=Au_.exe&VER=05%2F05%2F2012+22%3A54%3A42&FN=Au_.exe&Created=40a5b6d5&Size=464889&MD5=2ceb37086c3e98b84398d0e995c231d8&SKIMP=46554f6535fa4a3b7e633859c09055a1&&CT=4004&EV=4&SUB=11&SEV=2&ARG1=HKLM%5CSOFTWARE%5CMICROSOFT%5CWINDOWS%5CCURRENTVERSION%5CRUN&ARG2=BitComet

--------------------------

Rapport de ZHPDiag v1.31.31 par Nicolas Coolman, Update du 19/10/2012

Run by Windows at 26/11/2012 23:23:07

Web site : http://nicolascoolman.skyrock.com/

State :

UAC : Not Found or deactivate by user

 

 

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421

 

---\\ Windows Product Information

~ Langage: Anglais

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

 

---\\ System Information

~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 8119 MB (45% free)

System Restore: Activé (Enable)

System drive C: has 252 GB (54%) free of 466 GB

 

---\\ Logged in mode

~ Computer Name: VANDRE-PC

~ User Name: Windows

~ All Users Names: Windows, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: O45,O61,O62,O65,O82

Logged in as Administrator

 

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\Windows\AppData\Roaming\

~ %Desktop% : C:\Users\Windows\Desktop\

~ %Favorites% : C:\Users\Windows\Favorites\

~ %LocalAppData% : C:\Users\Windows\AppData\Local\

~ %StartMenu% : C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 252 Go of 466 Go)

D:\ CD-ROM drive (Not Inserted)

 

 

 

---\\ Security Center & Tools Informations

~ UAC deactivate by user

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date

~ Scan Security Center in 00mn 00s

 

 

 

---\\ Search Generic System Files

[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 00:24:11.) -- C:\Windows\Explorer.exe [2872320]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.B1AC85B6ADC005CF3F9EB4E28DFDCCE6] - (.Microsoft Corporation - Internet Extensions para Win32.) (.20/04/2012 - 09:38:02.) -- C:\Windows\System32\wininet.dll [1390080]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/11/2010 - 00:24:08.) -- C:\Windows\system32\Drivers\AFD.sys [499712]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.FAF015B07E3A2874A790A39B7D2C579F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.21/11/2010 - 00:24:03.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.21/11/2010 - 00:23:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Scan Generic Processes in 00mn 00s

 

 

 

---\\ Hidden files state (Hidden/Total)

~ Mes images (My Pictures) : 1/3319

~ Mes musiques (My Musics) : 6/11983

~ Mes Videos (My Videos) : 2/290

~ Mes Favoris (My Favorites) : 1/22

~ Mes Documents (My Documents) : 0/83

~ Mon Bureau (My Desktop) : 1/9

~ Menu demarrer (Programs) : 1/32

~ Scan Hidden Files in 00mn 20s

 

 

 

---\\ Running Processes

[MD5.12E33DD823D74680DE6F33BFA359EFB3] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [766536] [PID.2964]

[MD5.91B2BA1CD2C81E8E80D8E4811A7CD699] - (.Check Point Software Technologies LTD - ZoneAlarm.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392] [PID.3928]

[MD5.D8510C2D48496B6C336E816FD67AA0F7] - (.Google Inc. - Google Chrome.) -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe [1242136] [PID.4408]

[MD5.E897110EE5E67FABB83B154DF9C68D6A] - (...) -- C:\Users\Windows\Desktop\ZHPDiag_silent.exe [794216] [PID.5756]

[MD5.56873D899C0707AA017AA2D74EC190AE] - (...) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [3770368] [PID.3360]

[MD5.336DC743F3E6EECA74A48719D323E5A5] - (.Check Point Software Technologies LTD - TrueVector Service.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447440] [PID.]

[MD5.85B16A92B117A5A800032ECD904B86DB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432] [PID.]

[MD5.20E2469DB709FC675E655CEAA11BE312] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936] [PID.]

~ Scan Processes Running in 00mn 00s

 

 

 

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)

C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Preferences

G0 - GCSP: Preference [user Data\Default][HomePage] http://www.ask.com

G0 - GCSP: Preference [user Data\Default] http://www.google.com

G1 - GCS: Preference [user Data\Default] None

~ Scan Google Browser in 00mn 00s

 

 

 

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

M0 - MFSP: prefs.js [Windows - 1s3eej8r.default] http://www.google.com

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll

P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll

P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\Windows\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\Windows\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

~ Scan Firefox Browser in 00mn 00s

 

 

 

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tibia.com

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com

R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0

R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0

~ Scan IE Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

 

 

 

---\\ Changed inifile Value, Mapped to Registry (F2)

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 21

 

 

 

---\\ Browser Helper Objects (O2)

O2 - BHO: (no name) [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key

O2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Orphean Key

O2 - BHO: (no name) [64Bits] - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} Orphean Key

O2 - BHO: (no name) [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key

O2 - BHO: (no name) [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} Orphean Key

O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} Orphean Key

~ Scan BHO in 00mn 00s

 

 

 

---\\ Internet Explorer toolbars (O3)

O3 - Toolbar: (no name) [64Bits] - [HKLM]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} . (...) -- (.not file.)

~ Scan Toolbar in 00mn 00s

 

 

 

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O4 - HKLM\..\Run: [iSW] . (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe

O4 - HKCU\..\Run: [Windows Authenticator] . (.Unknown owner - Windows Authenticator.) -- C:\Users\Windows\Documents\WinAuth-2.0.7.BETA\WinAuth.exe

O4 - HKLM\..\Wow6432Node\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\Cmd.exe

O4 - HKLM\..\Wow6432Node\Run: [ZoneAlarm] . (.Check Point Software Technologies LTD - ZoneAlarm.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-21-1011278427-2382130799-4077090395-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe

O4 - HKUS\S-1-5-21-1011278427-2382130799-4077090395-1000\..\Run: [Windows Authenticator] . (.Unknown owner - Windows Authenticator.) -- C:\Users\Windows\Documents\WinAuth-2.0.7.BETA\WinAuth.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

~ Scan Application in 00mn 00s

 

 

 

---\\ Other User Links (O4)

O4 - Global Startup: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Windows\Desktop\MBRCheck.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe

O4 - Global Startup: C:\Users\Windows\Desktop\ZHPDiag.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\ZHPDiags.exe

O4 - Global Startup: C:\Users\Windows\Desktop\ZHPFix.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\ZHPFix.exe

O4 - Global Startup: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Windows\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk . (.Mozilla Messaging.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

~ Scan Global Startup in 00mn 00s

 

 

 

---\\ IE Options icon not visible in Control Panel (O5)

O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no

~ Scan IE Control Panel in 00mn 00s

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll

O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll

O10 - WLSP:\000000000009\Winsock LSP File . (.Unknown owner - Proxifier Namespace Service Provider.) -- C:\Windows\system32\PrxerNsp.dll

~ Scan Winsock in 00mn 00s

 

 

 

---\\ ActiveX Objects (Downloaded Program Files) (O16)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

~ Scan Objets ActiveX in 00mn 00s

 

 

 

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{C5F07A72-6D0A-46FD-824D-015BA12B85B3}: DhcpNameServer = 192.168.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{C5F07A72-6D0A-46FD-824D-015BA12B85B3}: DhcpNameServer = 192.168.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{C5F07A72-6D0A-46FD-824D-015BA12B85B3}: DhcpNameServer = 192.168.1.2

~ Scan Domain in 00mn 00s

 

 

 

---\\ Extra protocols (O18)

O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\msvidctl.dll

O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll

O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensões OLE32 para Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: skype4com [64Bits] - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para streaming de vídeo.) -- C:\Windows\System32\msvidctl.dll

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll

~ Scan Protocole Additionnel in 00mn 00s

 

 

 

---\\ ShellServiceObjectDelayLoad (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

~ Scan SSODL in 00mn 00s

 

 

 

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)

O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe

O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) . (.Check Point Software Technologies - ZoneAlarm Browser Security.) - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: (MBAMScheduler) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: TrueVector Internet Monitor (vsmon) . (.Check Point Software Technologies LTD - TrueVector Service.) - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

O23 - Service: Power Control [2012/04/20 09:52:57] ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) . (.CyberLink Corp. - No comment.) - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl

~ Scan Services in 00mn 00s

 

 

 

---\\ Windows Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Scan Desktop Component in 00mn 00s

 

 

 

---\\

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

~ Scan Keys in 00mn 00s

 

 

 

---\\ Task Planned Automatically(039)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011278427-2382130799-4077090395-1000Core.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1011278427-2382130799-4077090395-1000UA.job

[MD5.0CB0AA071C7B86A64F361DCFDF357329] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[MD5.A5062EA164067050F2DFA9DCA98CA63A] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-1011278427-2382130799-4077090395-1000Core] (.Google Inc..) -- C:\Users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-1011278427-2382130799-4077090395-1000UA] (.Google Inc..) -- C:\Users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe

[MD5.00000000000000000000000000000000] [APT] [{2BA58D89-9E66-4023-8095-302C14C380FB}] (...) -- C:\Program Files\AVAST Software\Avast\aswRundll.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{6829E691-B85A-4044-8A0C-022A5589181A}] (...) -- C:\Users\Windows\AppData\Local\Temp\VSDB5A8.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe (.not file.)

[MD5.986979E8FF16CD0A8D1943411E1073EA] [APT] [{D9D67513-D931-4EC6-BA0E-7935A9A039EC}] (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

~ Scan Scheduled Task in 00mn 03s

 

 

 

---\\ ActiveSetup Installed Components (O40)

O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll

O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll

O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll

O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll

O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe

O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll

O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll

O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll

O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll

~ Scan Active Setup in 00mn 00s

 

 

 

---\\ Drivers launched at startup (O41)

O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys

O41 - Driver: (KLIF) . (.Kaspersky Lab - Klif Mini-Filter [fre_wlh_x64_noagava].) - C:\Windows\System32\DRIVERS\klif.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys

O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: (Vsdatant) . (.Check Point Software Technologies LTD - ZoneAlarm Firewalling Driver.) - C:\Windows\System32\DRIVERS\vsdatant.sys

O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys

~ Scan Drivers in 00mn 00s

 

 

 

---\\ Software installed (O42)

O42 - Logiciel: AMD APP SDK Runtime - (.Advanced Micro Devices Inc..) [HKLM][64Bits] -- {503F672D-6C84-448A-8F8F-4BC35AC83441}

O42 - Logiciel: AMD Accelerated Video Transcoding - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {1B7C624C-4EEE-4A1A-7CE9-CBE76DD23FF2}

O42 - Logiciel: AMD Catalyst Install Manager - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {47F9B7C3-F172-940F-D0C4-203C7914E5D2}

O42 - Logiciel: AMD Drag and Drop Transcoding - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {2D445001-F852-CFF5-8056-F629A0AA2C55}

O42 - Logiciel: AMD Media Foundation Decoders - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {6A1D3B4D-A746-26DD-DB3C-FA9B6CED6FDB}

O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Reader X (10.1.3) - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AA1000000001}

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner

O42 - Logiciel: Catalyst Control Center - Branding - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}

O42 - Logiciel: Curse Client - (.Curse.) [HKCU][64Bits] -- 090215de958f1060

O42 - Logiciel: CyberLink PowerDVD 11 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}

O42 - Logiciel: CyberLink PowerDVD 11 - (.CyberLink Corp..) [HKLM][64Bits] -- {F232C87C-6E92-4775-8210-DFE90B7777D9}

O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}

O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM][64Bits] -- DVD Shrink_is1

O42 - Logiciel: ESET Online Scanner v3 - (.Unknown owner.) [HKLM][64Bits] -- ESET Online Scanner

O42 - Logiciel: FLAC 1.2.1b (remove only) - (.Xiph.org.) [HKLM][64Bits] -- FLAC

O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU][64Bits] -- Google Chrome

O42 - Logiciel: HydraVision - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {7779F680-1E60-A6FD-5C47-5D427EA07806}

O42 - Logiciel: Java 7 Update 9 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217007FF}

O42 - Logiciel: JavaFX 2.1.1 - (.Oracle Corporation.) [HKLM][64Bits] -- {1111706F-666A-4037-7777-211328764D10}

O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM][64Bits] -- {92606477-9366-4D3B-8AE3-6BE4B29727AB}

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

O42 - Logiciel: MSXML 4.0 SP2 and SOAP Toolkit 3.0 - (.Webroot Software, Inc..) [HKLM][64Bits] -- {32343DB6-9A52-40C9-87E4-5E7C79791C87}

O42 - Logiciel: Malwarebytes Anti-Malware versão 1.65.1.1000 - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-0015-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-0016-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-00BA-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-0044-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Office 64-bit Components 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-002A-0000-1000-0000000FF1CE}

O42 - Logiciel: Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-00A1-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001A-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-0018-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Professional Plus 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- Office14.PROPLUS

O42 - Logiciel: Microsoft Office Professional Plus 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-0011-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (English) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001F-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Spanish) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001F-0C0A-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-002C-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-0019-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-002A-0416-1000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-006E-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word MUI (Portuguese (Brazil)) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001B-0416-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {7299052b-02a4-4627-81f2-1818da5d550d}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM][64Bits] -- {8220EEFE-38CD-377E-8595-13398D740ACE}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM][64Bits] -- {DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}

O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService

O42 - Logiciel: MpcStar 5.4 - (.www.mpcstar.com.) [HKLM][64Bits] -- MpcStar

O42 - Logiciel: Nero 8 Lite 8.1.1.4 - (.Updatepack.nl.) [HKLM][64Bits] -- Nero8Lite_is1

O42 - Logiciel: OpenSSL 1.0.1c Light (32-bit) - (.OpenSSL Win32 Installer Team.) [HKLM][64Bits] -- OpenSSL Light (32-bit)_is1

O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}

O42 - Logiciel: Proxifier version 3.0 - (.Initex.) [HKLM][64Bits] -- Proxifier_is1

O42 - Logiciel: QuickTime Alternative 1.47 - (.Unknown owner.) [HKLM][64Bits] -- QuicktimeAlt_is1

O42 - Logiciel: Raidcall - (.raidcall.com.) [HKLM][64Bits] -- Raidcall

O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

O42 - Logiciel: Skype™ 5.10 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}

O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM][64Bits] -- TeamSpeak 3 Client

O42 - Logiciel: Tibia - (.CipSoft GmbH.) [HKLM][64Bits] -- Tibia_is1

O42 - Logiciel: WinAVI Video Converter 9.0 - (.WinAVI Video Converter 9.0.) [HKLM][64Bits] -- WinAVI Video Converter 9.09.0

O42 - Logiciel: WinRAR 4.11 (64-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM][64Bits] -- {43B43577-2514-4CE0-B14A-7E85C17C0453}

O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM][64Bits] -- {1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}

O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}

O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM][64Bits] -- {027E5FAB-1476-4C59-AAB4-32EF28520399}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {C9E1343D-E21E-4508-A1BE-04A089EC137D}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {E5B21F11-6933-4E0B-A25C-7963E3C07D11}

O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {83C292B7-38A5-440B-A731-07070E81A64F}

O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {B33B61FE-701F-425F-98AB-2B85725CBF68}

O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}

O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}

O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {DF71ABBB-B834-41C0-BB58-80B0545D754C}

O42 - Logiciel: World of Warcraft - (.Blizzard Entertainment.) [HKLM][64Bits] -- World of Warcraft

O42 - Logiciel: Xiph.Org Open Codecs 0.85.17777 - (.Xiph.Org.) [HKLM][64Bits] -- Open Codecs

O42 - Logiciel: ZoneAlarm Antivirus - (.Check Point Software Technologies Ltd..) [HKLM][64Bits] -- {DA15069B-7DD3-445B-8488-E46A38CCF939}

O42 - Logiciel: ZoneAlarm Firewall - (.Check Point Software Technologies Ltd..) [HKLM][64Bits] -- {10D4BC5F-F73E-4CD1-A7C2-DF215307A811}

O42 - Logiciel: ZoneAlarm Free Antivirus + Firewall - (.Check Point.) [HKLM][64Bits] -- ZoneAlarm Free Antivirus + Firewall

O42 - Logiciel: ZoneAlarm Security - (.Check Point Software Technologies Ltd..) [HKLM][64Bits] -- {2756F572-C383-4A2E-B1F6-7315E6DA308A}

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\9bis.com]

[HKCU\Software\AMD]

[HKCU\Software\ASProtect]

[HKCU\Software\ATI]

[HKCU\Software\Adobe]

[HKCU\Software\AppDataLow\ISWVolatile]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Avast Software]

[HKCU\Software\Baixaki]

[HKCU\Software\BitComet]

[HKCU\Software\Blizzard Entertainment]

[HKCU\Software\BugSplat]

[HKCU\Software\CheckPoint]

[HKCU\Software\ClassesB]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\Cyberlink]

[HKCU\Software\DVD Shrink]

[HKCU\Software\ESET]

[HKCU\Software\GNU]

[HKCU\Software\Gabest]

[HKCU\Software\GbPlugin]

[HKCU\Software\Google]

[HKCU\Software\Hewlett-Packard]

[HKCU\Software\IM Providers]

[HKCU\Software\Initex]

[HKCU\Software\InstallCore]

[HKCU\Software\JavaSoft]

[HKCU\Software\Lake]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\MpcStar]

[HKCU\Software\Nero]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\Opera Software]

[HKCU\Software\PWRD]

[HKCU\Software\Pando Networks]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\RealNetworks]

[HKCU\Software\Realtek]

[HKCU\Software\Skype]

[HKCU\Software\Spyrix]

[HKCU\Software\TechSmith]

[HKCU\Software\TigerPlayer]

[HKCU\Software\Trolltech]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\Webroot]

[HKCU\Software\WinAuth]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\Wow6432Node]

[HKCU\Software\ZjSoft]

[HKCU\Software\Zone Labs]

[HKCU\Software\drpsu]

[HKLM\Software\AMD]

[HKLM\Software\ATI Technologies]

[HKLM\Software\ATI]

[HKLM\Software\Blizzard Entertainment]

[HKLM\Software\CBSTEST]

[HKLM\Software\CheckPoint]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Creative Tech]

[HKLM\Software\Cyberlink]

[HKLM\Software\ESET]

[HKLM\Software\Intel]

[HKLM\Software\Khronos]

[HKLM\Software\Macromedia]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\ODBC]

[HKLM\Software\Opera Software]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\SRS Labs]

[HKLM\Software\Sonic]

[HKLM\Software\Waves Audio]

[HKLM\Software\WinRAR]

[HKLM\Software\Wow6432Node\360Safe]

[HKLM\Software\Wow6432Node\AMD]

[HKLM\Software\Wow6432Node\ATI Technologies]

[HKLM\Software\Wow6432Node\ATI]

[HKLM\Software\Wow6432Node\AVAST Software]

[HKLM\Software\Wow6432Node\Adobe]

[HKLM\Software\Wow6432Node\Ahead]

[HKLM\Software\Wow6432Node\Aimersoft]

[HKLM\Software\Wow6432Node\Apple Computer, Inc.]

[HKLM\Software\Wow6432Node\Babylon]

[HKLM\Software\Wow6432Node\Blizzard Entertainment]

[HKLM\Software\Wow6432Node\CheckPoint]

[HKLM\Software\Wow6432Node\Classes]

[HKLM\Software\Wow6432Node\Clients]

[HKLM\Software\Wow6432Node\CyberLink]

[HKLM\Software\Wow6432Node\ESET]

[HKLM\Software\Wow6432Node\GNU]

[HKLM\Software\Wow6432Node\GPL Ghostscript]

[HKLM\Software\Wow6432Node\Google]

[HKLM\Software\Wow6432Node\Intel]

[HKLM\Software\Wow6432Node\JavaSoft]

[HKLM\Software\Wow6432Node\JreMetrics]

[HKLM\Software\Wow6432Node\KasperskyLab]

[HKLM\Software\Wow6432Node\Khronos]

[HKLM\Software\Wow6432Node\Lake]

[HKLM\Software\Wow6432Node\Macromedia]

[HKLM\Software\Wow6432Node\Malwarebytes' Anti-Malware (Trial)]

[HKLM\Software\Wow6432Node\Malwarebytes' Anti-Malware]

[HKLM\Software\Wow6432Node\MozillaPlugins]

[HKLM\Software\Wow6432Node\Mozilla]

[HKLM\Software\Wow6432Node\Nero]

[HKLM\Software\Wow6432Node\ODBC]

[HKLM\Software\Wow6432Node\Oracle]

[HKLM\Software\Wow6432Node\Pando Networks]

[HKLM\Software\Wow6432Node\Policies]

[HKLM\Software\Wow6432Node\QTAlternative]

[HKLM\Software\Wow6432Node\RegisteredApplications]

[HKLM\Software\Wow6432Node\Riot Games]

[HKLM\Software\Wow6432Node\Skype]

[HKLM\Software\Wow6432Node\Spyrix]

[HKLM\Software\Wow6432Node\TrendMicro]

[HKLM\Software\Wow6432Node\Xiph.Org]

[HKLM\Software\Wow6432Node\Zone Labs]

[HKLM\Software\Wow6432Node\mozilla.org]

[HKLM\Software\Wow6432Node\raidcall]

[HKLM\Software\Wow6432Node]

[HKLM\Software\Xiph.Org]

~ Scan Softwares in 00mn 00s

 

 

 

---\\ Contents of the Common Files folders (O43)

O43 - CFD: 20/04/2012 - 10:41:45 - [110,793] ----D C:\Program Files (x86)\Adobe

O43 - CFD: 26/11/2012 - 07:29:49 - [0,510] ----D C:\Program Files (x86)\Aimersoft

O43 - CFD: 09/08/2012 - 06:11:13 - [2,145] ----D C:\Program Files (x86)\AMD APP

O43 - CFD: 09/08/2012 - 06:11:15 - [0,389] ----D C:\Program Files (x86)\AMD AVT

O43 - CFD: 09/08/2012 - 06:12:02 - [68,010] ----D C:\Program Files (x86)\ATI Technologies

O43 - CFD: 23/11/2012 - 19:23:09 - [77,043] ----D C:\Program Files (x86)\CheckPoint

O43 - CFD: 24/11/2012 - 06:53:23 - [278,251] ----D C:\Program Files (x86)\Common Files

O43 - CFD: 20/04/2012 - 10:51:59 - [215,634] ----D C:\Program Files (x86)\CyberLink

O43 - CFD: 02/08/2012 - 07:17:30 - [0] ----D C:\Program Files (x86)\DsNET Corp

O43 - CFD: 20/04/2012 - 10:50:24 - [0,926] ----D C:\Program Files (x86)\DVD Shrink

O43 - CFD: 26/11/2012 - 13:51:00 - [146,010] ----D C:\Program Files (x86)\ESET

O43 - CFD: 21/06/2012 - 07:21:28 - [3,019] ----D C:\Program Files (x86)\FLAC

O43 - CFD: 01/05/2012 - 21:35:13 - [7,701] ----D C:\Program Files (x86)\GPLGS

O43 - CFD: 22/08/2012 - 06:22:06 - [13,326] --H-D C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD: 20/04/2012 - 10:39:21 - [4,906] ----D C:\Program Files (x86)\Internet Explorer

O43 - CFD: 16/10/2012 - 22:33:14 - [121,165] ----D C:\Program Files (x86)\Java

O43 - CFD: 22/08/2012 - 06:20:21 - [20,136] ----D C:\Program Files (x86)\League of Legends

O43 - CFD: 18/10/2012 - 21:50:12 - [12,666] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware

O43 - CFD: 16/06/2012 - 17:43:57 - [4,640] ----D C:\Program Files (x86)\Media Player Classic

O43 - CFD: 21/06/2012 - 18:56:53 - [0] ----D C:\Program Files (x86)\Microsoft

O43 - CFD: 20/04/2012 - 10:45:36 - [37,956] ----D C:\Program Files (x86)\Microsoft Analysis Services

O43 - CFD: 20/04/2012 - 10:46:59 - [381,733] ----D C:\Program Files (x86)\Microsoft Office

O43 - CFD: 21/08/2012 - 14:30:19 - [40,838] ----D C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD: 20/04/2012 - 10:46:58 - [1,722] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

O43 - CFD: 20/04/2012 - 10:47:06 - [0,312] ----D C:\Program Files (x86)\Microsoft Synchronization Services

O43 - CFD: 20/04/2012 - 10:46:58 - [7,774] ----D C:\Program Files (x86)\Microsoft.NET

O43 - CFD: 23/11/2012 - 19:24:45 - [36,216] ----D C:\Program Files (x86)\Mozilla Firefox

O43 - CFD: 28/09/2012 - 00:30:48 - [0,195] ----D C:\Program Files (x86)\Mozilla Maintenance Service

O43 - CFD: 28/09/2012 - 00:30:49 - [37,521] ----D C:\Program Files (x86)\Mozilla Thunderbird

O43 - CFD: 03/05/2012 - 22:51:35 - [55,734] ----D C:\Program Files (x86)\MpcStar

O43 - CFD: 14/07/2009 - 03:32:38 - [0,025] ----D C:\Program Files (x86)\MSBuild

O43 - CFD: 24/11/2012 - 06:53:23 - [0,011] ----D C:\Program Files (x86)\MSSOAP

O43 - CFD: 26/05/2012 - 23:06:02 - [0] ----D C:\Program Files (x86)\NCSoft

O43 - CFD: 20/04/2012 - 11:13:49 - [56,849] ----D C:\Program Files (x86)\Nero

O43 - CFD: 06/08/2012 - 23:55:37 - [33,207] ----D C:\Program Files (x86)\Oracle

O43 - CFD: 22/08/2012 - 06:17:48 - [7,186] ----D C:\Program Files (x86)\Pando Networks

O43 - CFD: 18/07/2012 - 07:15:27 - [7,585] ----D C:\Program Files (x86)\Proxifier

O43 - CFD: 16/06/2012 - 17:44:00 - [1,233] ----D C:\Program Files (x86)\QuickTime Alternative

O43 - CFD: 25/06/2012 - 22:35:29 - [12,918] ----D C:\Program Files (x86)\RaidCall

O43 - CFD: 14/07/2009 - 03:32:38 - [37,258] ----D C:\Program Files (x86)\Reference Assemblies

O43 - CFD: 16/06/2012 - 19:40:05 - [852,540] ----D C:\Program Files (x86)\Riot Games Teste

O43 - CFD: 18/07/2012 - 23:08:37 - [16,855] R---D C:\Program Files (x86)\Skype

O43 - CFD: 17/10/2012 - 20:38:01 - [73,648] ----D C:\Program Files (x86)\Tibia

O43 - CFD: 14/07/2009 - 02:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information

O43 - CFD: 24/11/2012 - 06:53:10 - [0] ----D C:\Program Files (x86)\Webroot

O43 - CFD: 16/06/2012 - 17:42:41 - [10,769] ----D C:\Program Files (x86)\WinAVI Video Converter 9.0

O43 - CFD: 21/04/2012 - 01:50:17 - [0,493] ----D C:\Program Files (x86)\Windows Defender

O43 - CFD: 21/06/2012 - 18:24:52 - [59,447] ----D C:\Program Files (x86)\Windows Live

O43 - CFD: 21/04/2012 - 01:50:17 - [5,870] ----D C:\Program Files (x86)\Windows Mail

O43 - CFD: 27/01/2011 - 21:47:04 - [4,783] ----D C:\Program Files (x86)\Windows Media Player

O43 - CFD: 14/07/2009 - 03:32:38 - [11,630] ----D C:\Program Files (x86)\Windows NT

O43 - CFD: 27/01/2011 - 21:47:04 - [4,210] ----D C:\Program Files (x86)\Windows Photo Viewer

O43 - CFD: 21/11/2010 - 01:31:38 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices

O43 - CFD: 27/01/2011 - 21:47:04 - [5,716] ----D C:\Program Files (x86)\Windows Sidebar

O43 - CFD: 23/11/2012 - 19:14:53 - [-284,309] ----D C:\Program Files (x86)\World of Warcraft

O43 - CFD: 21/06/2012 - 07:24:10 - [13,337] ----D C:\Program Files (x86)\Xiph.Org

O43 - CFD: 26/11/2012 - 23:23:46 - [10,362] ----D C:\Program Files (x86)\ZHPDiag

O43 - CFD: 27/04/2012 - 21:27:05 - [3,066] ----D C:\Program Files (x86)\Common Files\Adobe

O43 - CFD: 09/08/2012 - 06:11:07 - [2,696] ----D C:\Program Files (x86)\Common Files\ATI Technologies

O43 - CFD: 24/11/2012 - 06:37:49 - [5,506] ----D C:\Program Files (x86)\Common Files\Blizzard Entertainment

O43 - CFD: 20/04/2012 - 10:47:05 - [0,095] ----D C:\Program Files (x86)\Common Files\DESIGNER

O43 - CFD: 03/09/2012 - 20:47:04 - [1,184] ----D C:\Program Files (x86)\Common Files\Java

O43 - CFD: 21/06/2012 - 18:23:41 - [181,404] ----D C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD: 24/11/2012 - 06:53:23 - [0,675] ----D C:\Program Files (x86)\Common Files\MSSoap

O43 - CFD: 20/04/2012 - 11:13:25 - [32,073] ----D C:\Program Files (x86)\Common Files\Nero

O43 - CFD: 14/07/2009 - 01:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services

O43 - CFD: 20/04/2012 - 21:17:12 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype

O43 - CFD: 14/07/2009 - 01:20:08 - [39,200] ----D C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD: 27/01/2011 - 21:47:04 - [10,295] ----D C:\Program Files (x86)\Common Files\System

O43 - CFD: 20/04/2012 - 11:15:16 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live

O43 - CFD: 20/11/2012 - 07:15:09 - [133,438] ----D C:\ProgramData\Adobe

O43 - CFD: 26/11/2012 - 07:29:49 - [0,000] ----D C:\ProgramData\Aimersoft DVD Ripper

O43 - CFD: 09/08/2012 - 06:11:15 - [0,108] ----D C:\ProgramData\AMD

O43 - CFD: 14/07/2009 - 03:08:56 - [0] --H-D C:\ProgramData\Application Data

O43 - CFD: 01/08/2012 - 22:03:52 - [0] ----D C:\ProgramData\Ask

O43 - CFD: 09/08/2012 - 06:11:16 - [0,000] ----D C:\ProgramData\ATI

O43 - CFD: 23/11/2012 - 22:19:51 - [0] ----D C:\ProgramData\AVAST Software

O43 - CFD: 01/05/2012 - 21:34:35 - [0] ----D C:\ProgramData\Babylon

O43 - CFD: 16/08/2012 - 08:28:25 - [113,601] ----D C:\ProgramData\Battle.net

O43 - CFD: 20/04/2012 - 22:54:20 - [7,420] ----D C:\ProgramData\Blizzard Entertainment

O43 - CFD: 23/11/2012 - 14:02:04 - [0] ----D C:\ProgramData\boost_interprocess

O43 - CFD: 23/11/2012 - 19:13:01 - [406,898] ----D C:\ProgramData\CheckPoint

O43 - CFD: 12/06/2012 - 22:23:11 - [1,430] ----D C:\ProgramData\CyberLink

O43 - CFD: 20/04/2012 - 09:09:59 - [0] --H-D C:\ProgramData\Dados de aplicativos

O43 - CFD: 14/07/2009 - 03:08:56 - [0] --H-D C:\ProgramData\Desktop

O43 - CFD: 20/04/2012 - 09:09:59 - [0] --H-D C:\ProgramData\Documentos

O43 - CFD: 14/07/2009 - 03:08:56 - [0] --H-D C:\ProgramData\Documents

O43 - CFD: 20/04/2012 - 10:50:24 - [0,000] ----D C:\ProgramData\DVD Shrink

O43 - CFD: 14/07/2009 - 03:08:56 - [0] --H-D C:\ProgramData\Favorites

O43 - CFD: 20/04/2012 - 09:09:59 - [0] --H-D C:\ProgramData\Favoritos

O43 - CFD: 20/04/2012 - 10:51:27 - [0,059] ----D C:\ProgramData\install_clap

O43 - CFD: 29/08/2012 - 14:49:38 - [16,783] ----D C:\ProgramData\Malwarebytes

O43 - CFD: 20/04/2012 - 09:09:59 - [0] --H-D C:\ProgramData\Menu Iniciar

O43 - CFD: 21/06/2012 - 18:56:53 - [441,211] -S--D C:\ProgramData\Microsoft

O43 - CFD: 20/04/2012 - 10:48:32 - [0,053] ----D C:\ProgramData\Microsoft Help

O43 - CFD: 20/04/2012 - 09:09:59 - [0] --H-D C:\ProgramData\Modelos

O43 - CFD: 09/08/2012 - 22:36:39 - [0,000] ----D C:\ProgramData\Mozilla

O43 - CFD: 20/04/2012 - 11:13:07 - [8,889] ----D C:\ProgramData\Nero

O43 - CFD: 20/04/2012 - 10:52:58 - [0,000] ----D C:\ProgramData\PDVD

O43 - CFD: 09/11/2012 - 18:21:17 - [0,002] ----D C:\ProgramData\PMB Files

O43 - CFD: 18/07/2012 - 23:08:44 - [18,914] ----D C:\ProgramData\Skype

O43 - CFD: 23/11/2012 - 22:24:57 - [7,293] ----D C:\ProgramData\Spyrix Free Keylogger

O43 - CFD: 14/07/2009 - 03:08:56 - [0] --H-D C:\ProgramData\Start Menu

O43 - CFD: 19/05/2012 - 21:08:59 - [0,000] ----D C:\ProgramData\Sun

O43 - CFD: 20/04/2012 - 10:51:59 - [0,342] ----D C:\ProgramData\Temp

O43 - CFD: 14/07/2009 - 03:08:56 - [0] --H-D C:\ProgramData\Templates

O43 - CFD: 22/04/2012 - 05:28:45 - [3,090] ----D C:\Users\Windows\AppData\Roaming\Adobe

O43 - CFD: 20/04/2012 - 11:29:29 - [0] ----D C:\Users\Windows\AppData\Roaming\ATI

O43 - CFD: 01/05/2012 - 21:34:35 - [0,006] ----D C:\Users\Windows\AppData\Roaming\Babylon

O43 - CFD: 19/11/2012 - 01:45:55 - [7,088] ----D C:\Users\Windows\AppData\Roaming\BitComet

O43 - CFD: 23/11/2012 - 19:25:23 - [0,028] ----D C:\Users\Windows\AppData\Roaming\CheckPoint

O43 - CFD: 06/05/2012 - 00:46:36 - [0,476] ----D C:\Users\Windows\AppData\Roaming\CometPlayer

O43 - CFD: 12/06/2012 - 22:23:04 - [0,006] ----D C:\Users\Windows\AppData\Roaming\CyberLink

O43 - CFD: 20/04/2012 - 09:10:26 - [0] ----D C:\Users\Windows\AppData\Roaming\Identities

O43 - CFD: 17/06/2012 - 10:48:39 - [0,000] ----D C:\Users\Windows\AppData\Roaming\LolClient

O43 - CFD: 16/06/2012 - 20:27:11 - [0,000] ----D C:\Users\Windows\AppData\Roaming\LolClient2

O43 - CFD: 20/04/2012 - 11:19:08 - [0,003] ----D C:\Users\Windows\AppData\Roaming\Macromedia

O43 - CFD: 29/08/2012 - 14:49:49 - [0,007] ----D C:\Users\Windows\AppData\Roaming\Malwarebytes

O43 - CFD: 21/11/2010 - 05:16:41 - [0] ----D C:\Users\Windows\AppData\Roaming\Media Center Programs

O43 - CFD: 11/08/2012 - 21:04:50 - [6,013] -S--D C:\Users\Windows\AppData\Roaming\Microsoft

O43 - CFD: 27/09/2012 - 20:18:12 - [12,511] ----D C:\Users\Windows\AppData\Roaming\Mozilla

O43 - CFD: 06/07/2012 - 07:55:59 - [0] ----D C:\Users\Windows\AppData\Roaming\Need for Speed World

O43 - CFD: 16/06/2012 - 17:38:38 - [0,122] ----D C:\Users\Windows\AppData\Roaming\Nero

O43 - CFD: 28/09/2012 - 00:30:52 - [0,100] ----D C:\Users\Windows\AppData\Roaming\Opera

O43 - CFD: 18/07/2012 - 07:16:19 - [0,009] ----D C:\Users\Windows\AppData\Roaming\Proxifier

O43 - CFD: 15/11/2012 - 23:34:03 - [6,239] ----D C:\Users\Windows\AppData\Roaming\Skype

O43 - CFD: 03/05/2012 - 22:49:09 - [698,574] ----D C:\Users\Windows\AppData\Roaming\Thunderbird

O43 - CFD: 17/10/2012 - 20:42:01 - [220,267] ----D C:\Users\Windows\AppData\Roaming\Tibia

O43 - CFD: 11/08/2012 - 01:08:43 - [0,003] ----D C:\Users\Windows\AppData\Roaming\Tibiacast

O43 - CFD: 03/05/2012 - 22:52:24 - [0,287] ----D C:\Users\Windows\AppData\Roaming\tigerplayer

O43 - CFD: 26/11/2012 - 19:03:42 - [2,517] ----D C:\Users\Windows\AppData\Roaming\TS3Client

O43 - CFD: 24/11/2012 - 15:24:08 - [0] ----D C:\Users\Windows\AppData\Roaming\Windows Authenticator

O43 - CFD: 20/04/2012 - 11:35:06 - [0,000] ----D C:\Users\Windows\AppData\Roaming\WinRAR

O43 - CFD: 22/04/2012 - 05:28:45 - [0,258] ----D C:\Users\Windows\AppData\Local\Adobe

O43 - CFD: 01/08/2012 - 22:04:43 - [0,165] ----D C:\Users\Windows\AppData\Local\APN

O43 - CFD: 22/04/2012 - 10:38:38 - [17,660] ----D C:\Users\Windows\AppData\Local\Apps

O43 - CFD: 08/05/2012 - 13:02:31 - [10,279] ----D C:\Users\Windows\AppData\Local\assembly

O43 - CFD: 20/04/2012 - 11:29:29 - [0,062] ----D C:\Users\Windows\AppData\Local\ATI

O43 - CFD: 01/05/2012 - 21:34:35 - [4,186] ----D C:\Users\Windows\AppData\Local\Babylon

O43 - CFD: 12/06/2012 - 22:23:32 - [0,002] ----D C:\Users\Windows\AppData\Local\CyberLink

O43 - CFD: 20/04/2012 - 09:10:06 - [0] ----D C:\Users\Windows\AppData\Local\Dados de aplicativos

O43 - CFD: 26/11/2012 - 22:59:14 - [0] ----D C:\Users\Windows\AppData\Local\Deployment

O43 - CFD: 05/07/2012 - 21:07:56 - [0,004] ----D C:\Users\Windows\AppData\Local\Electronic_Arts_Inc

O43 - CFD: 17/06/2012 - 02:13:15 - [0] ----D C:\Users\Windows\AppData\Local\ElevatedDiagnostics

O43 - CFD: 20/04/2012 - 11:14:28 - [886,627] ----D C:\Users\Windows\AppData\Local\Google

O43 - CFD: 20/04/2012 - 09:10:06 - [0] ----D C:\Users\Windows\AppData\Local\Histórico

O43 - CFD: 09/08/2012 - 22:40:33 - [0] ----D C:\Users\Windows\AppData\Local\Macromedia

O43 - CFD: 20/04/2012 - 10:52:44 - [0] ----D C:\Users\Windows\AppData\Local\MediaServer

O43 - CFD: 29/08/2012 - 22:39:14 - [1615,629] ----D C:\Users\Windows\AppData\Local\Microsoft

O43 - CFD: 20/04/2012 - 10:45:21 - [0] ----D C:\Users\Windows\AppData\Local\Microsoft Help

O43 - CFD: 28/09/2012 - 00:30:27 - [37,825] ----D C:\Users\Windows\AppData\Local\Mozilla

O43 - CFD: 28/09/2012 - 00:30:52 - [0,001] ----D C:\Users\Windows\AppData\Local\Opera

O43 - CFD: 09/11/2012 - 18:21:18 - [0,198] ----D C:\Users\Windows\AppData\Local\PMB Files

O43 - CFD: 21/07/2012 - 19:09:45 - [0,000] ----D C:\Users\Windows\AppData\Local\PointBlank

O43 - CFD: 26/11/2012 - 23:22:26 - [6,602] ----D C:\Users\Windows\AppData\Local\Temp

O43 - CFD: 20/04/2012 - 09:10:06 - [0] ----D C:\Users\Windows\AppData\Local\Temporary Internet Files

O43 - CFD: 24/09/2012 - 02:08:35 - [6,658] ----D C:\Users\Windows\AppData\Local\Thunderbird

O43 - CFD: 20/04/2012 - 12:38:57 - [0,208] ----D C:\Users\Windows\AppData\Local\VirtualStore

O43 - CFD: 26/11/2012 - 07:20:36 - [0,001] ----D C:\Users\Windows\AppData\Local\WinAVI

O43 - CFD: 18/08/2012 - 16:32:31 - [0,066] ----D C:\Users\Windows\AppData\Local\Windows Live

O43 - CFD: 25/07/2012 - 22:02:21 - [0] ----D C:\Users\Windows\AppData\Local\{0131E2C4-E0EE-4940-887E-8597CE7767DB}

O43 - CFD: 25/06/2012 - 15:22:53 - [0] ----D C:\Users\Windows\AppData\Local\{091E2BDC-2359-452D-AD18-42B595458277}

O43 - CFD: 09/09/2012 - 17:02:50 - [0] ----D C:\Users\Windows\AppData\Local\{0B585E32-E7AE-4AC9-9C2B-BBD2B88996F9}

O43 - CFD: 19/08/2012 - 04:32:44 - [0] ----D C:\Users\Windows\AppData\Local\{0F96A9DE-C886-4F49-87C2-1E636C17C01E}

O43 - CFD: 18/07/2012 - 23:08:52 - [0] ----D C:\Users\Windows\AppData\Local\{15D878DB-6A55-464D-9A79-EDC2817ED993}

O43 - CFD: 30/06/2012 - 00:58:41 - [0] ----D C:\Users\Windows\AppData\Local\{1D91E037-C655-4EFA-8B87-8131EC1888EE}

O43 - CFD: 21/06/2012 - 19:00:52 - [0] ----D C:\Users\Windows\AppData\Local\{1E736A81-E356-4400-A372-48F13422DD04}

O43 - CFD: 19/07/2012 - 20:50:15 - [0] ----D C:\Users\Windows\AppData\Local\{2AD7AB40-1403-481E-BC17-6E4245D7A3B2}

O43 - CFD: 21/06/2012 - 19:00:10 - [0] ----D C:\Users\Windows\AppData\Local\{34129302-57A4-46AF-89C9-71089337907C}

O43 - CFD: 17/07/2012 - 20:56:36 - [0] ----D C:\Users\Windows\AppData\Local\{3B863FDE-668C-4E34-A8C3-905E26CC9467}

O43 - CFD: 05/08/2012 - 18:05:54 - [0] ----D C:\Users\Windows\AppData\Local\{4409E629-3962-4FC2-A9DC-E61639BFA7B8}

O43 - CFD: 26/08/2012 - 21:54:36 - [0] ----D C:\Users\Windows\AppData\Local\{4962CA7B-5060-4F6C-8EDE-A5F34BF5549F}

O43 - CFD: 29/06/2012 - 12:58:04 - [0] ----D C:\Users\Windows\AppData\Local\{49E1BB4B-F348-4A3F-BC8B-A40817AEA1E3}

O43 - CFD: 28/06/2012 - 17:51:15 - [0] ----D C:\Users\Windows\AppData\Local\{4F17A9DA-5AAB-4F56-91E9-623940FBF698}

O43 - CFD: 03/08/2012 - 04:00:39 - [0] ----D C:\Users\Windows\AppData\Local\{506F49ED-1B6C-44A8-B465-0A346F700BAF}

O43 - CFD: 20/07/2012 - 21:22:48 - [0] ----D C:\Users\Windows\AppData\Local\{53439C79-5759-4C3B-8136-8BCA44432222}

O43 - CFD: 01/08/2012 - 23:26:14 - [0] ----D C:\Users\Windows\AppData\Local\{53584E6B-15B2-49F1-9955-D565AF0C590C}

O43 - CFD: 27/06/2012 - 17:50:14 - [0] ----D C:\Users\Windows\AppData\Local\{57440929-47A7-4751-B34E-1139999D9EF8}

O43 - CFD: 14/07/2012 - 15:11:00 - [0] ----D C:\Users\Windows\AppData\Local\{5A89F307-C0F4-4A41-90B4-40081D7EF7EA}

O43 - CFD: 30/06/2012 - 18:50:15 - [0] ----D C:\Users\Windows\AppData\Local\{5C7FB798-CF0E-4ACD-90DA-498ADBF7A5C0}

O43 - CFD: 15/07/2012 - 03:11:26 - [0] ----D C:\Users\Windows\AppData\Local\{5DF273EB-8B88-4732-B72B-E604FC6CF1B3}

O43 - CFD: 17/07/2012 - 20:56:47 - [0] ----D C:\Users\Windows\AppData\Local\{61C94AC9-8FC4-4A19-A63B-9546FD54703A}

O43 - CFD: 15/07/2012 - 15:11:39 - [0] ----D C:\Users\Windows\AppData\Local\{64273AFD-66DD-4DD0-ABA9-596A14966934}

O43 - CFD: 22/06/2012 - 09:29:34 - [0] ----D C:\Users\Windows\AppData\Local\{68F5AA50-E016-4019-88E2-2AA9DCA8FF81}

O43 - CFD: 26/08/2012 - 09:54:24 - [0] ----D C:\Users\Windows\AppData\Local\{694AA0B8-3429-4168-95B1-96B6A95BFB85}

O43 - CFD: 30/06/2012 - 18:50:03 - [0] ----D C:\Users\Windows\AppData\Local\{6AF0B1C6-A2D4-40A2-9C99-AD913E65329C}

O43 - CFD: 28/06/2012 - 17:51:03 - [0] ----D C:\Users\Windows\AppData\Local\{6D614B1A-B6A2-495C-A488-F4FC5301CD89}

O43 - CFD: 18/07/2012 - 23:09:04 - [0] ----D C:\Users\Windows\AppData\Local\{76A82915-5537-47EF-B843-2ECAB613B142}

O43 - CFD: 25/08/2012 - 16:24:16 - [0] ----D C:\Users\Windows\AppData\Local\{774C2195-B224-4103-A6D0-9CAAB6BFB255}

O43 - CFD: 23/08/2012 - 20:01:24 - [0] ----D C:\Users\Windows\AppData\Local\{840CA59C-4072-4601-88B2-3B5D1A052093}

O43 - CFD: 01/08/2012 - 23:26:02 - [0] ----D C:\Users\Windows\AppData\Local\{866C28B7-3419-4DB5-BEC7-436423514531}

O43 - CFD: 25/06/2012 - 15:23:04 - [0] ----D C:\Users\Windows\AppData\Local\{8D192558-D277-45F1-8CD3-207152C95461}

O43 - CFD: 10/07/2012 - 17:12:39 - [0] ----D C:\Users\Windows\AppData\Local\{962586D3-C4B9-4C00-B797-DF8A4C2A9C00}

O43 - CFD: 27/06/2012 - 17:50:02 - [0] ----D C:\Users\Windows\AppData\Local\{9ADA127F-7658-4736-8F8C-E3E9A328D16A}

O43 - CFD: 15/07/2012 - 15:11:50 - [0] ----D C:\Users\Windows\AppData\Local\{9F4E2BBD-FE77-487A-A2E4-7EF513DBE724}

O43 - CFD: 30/06/2012 - 00:58:52 - [0] ----D C:\Users\Windows\AppData\Local\{A1A88FB4-F0E2-4DFF-9F13-6C2B8D3A92AE}

O43 - CFD: 13/09/2012 - 23:25:34 - [0] ----D C:\Users\Windows\AppData\Local\{A3A87DE0-F26C-4376-8FC6-6F8C435F7FB7}

O43 - CFD: 22/06/2012 - 09:29:23 - [0] ----D C:\Users\Windows\AppData\Local\{A67A88D0-E359-4D66-B042-5807119BDE8C}

O43 - CFD: 05/08/2012 - 18:06:06 - [0] ----D C:\Users\Windows\AppData\Local\{AC902679-F6C9-44EB-A6D8-534CA0604844}

O43 - CFD: 03/09/2012 - 20:44:38 - [0] ----D C:\Users\Windows\AppData\Local\{AE45C716-42D0-4481-9B44-99602123B047}

O43 - CFD: 15/09/2012 - 17:14:33 - [0] ----D C:\Users\Windows\AppData\Local\{AF02025F-0604-49ED-A82B-A0132DA6BA04}

O43 - CFD: 01/07/2012 - 09:22:59 - [0] ----D C:\Users\Windows\AppData\Local\{AF832300-0B68-4257-B212-712426768924}

O43 - CFD: 21/08/2012 - 21:17:15 - [0] ----D C:\Users\Windows\AppData\Local\{B1C65527-8C3C-4359-9545-B575B3807AD2}

O43 - CFD: 18/08/2012 - 16:32:30 - [0] ----D C:\Users\Windows\AppData\Local\{B74AE8E9-7092-4A7E-9D70-2F24EA670433}

O43 - CFD: 18/08/2012 - 16:32:18 - [0] ----D C:\Users\Windows\AppData\Local\{B8378ED3-7E93-4098-8091-38AA88B6BA5B}

O43 - CFD: 14/07/2012 - 01:01:43 - [0] ----D C:\Users\Windows\AppData\Local\{C05BB145-F376-4CAC-B76B-4F64E7B10136}

O43 - CFD: 29/06/2012 - 12:58:15 - [0] ----D C:\Users\Windows\AppData\Local\{C1E04AF9-8929-473C-B40F-5EE1C134DEC1}

O43 - CFD: 01/07/2012 - 09:23:19 - [0] ----D C:\Users\Windows\AppData\Local\{C466B230-F586-4B86-90BD-F17C407A857D}

O43 - CFD: 19/07/2012 - 20:50:03 - [0] ----D C:\Users\Windows\AppData\Local\{C5CB2E5C-A7E6-4563-BBFA-AB71E3D15D7E}

O43 - CFD: 20/07/2012 - 21:22:59 - [0] ----D C:\Users\Windows\AppData\Local\{D4FE0D36-C19F-491B-992B-D05F17286B89}

O43 - CFD: 10/07/2012 - 17:12:51 - [0] ----D C:\Users\Windows\AppData\Local\{D7C923D9-7EFB-4264-9DF2-C42CBBDE55F3}

O43 - CFD: 19/09/2012 - 14:36:31 - [0] ----D C:\Users\Windows\AppData\Local\{DB99E628-1190-463F-B94E-71805A53332D}

O43 - CFD: 02/08/2012 - 16:00:13 - [0] ----D C:\Users\Windows\AppData\Local\{E5385FC5-8FE6-4BB3-9E50-522E02BD9463}

O43 - CFD: 10/09/2012 - 05:03:03 - [0] ----D C:\Users\Windows\AppData\Local\{E89BDFE8-53E2-4D1E-A14C-A72EE1137E26}

O43 - CFD: 02/08/2012 - 16:00:01 - [0] ----D C:\Users\Windows\AppData\Local\{EB435AB3-CBC9-4A84-A1EC-C0838A025C50}

O43 - CFD: 14/07/2012 - 01:01:32 - [0] ----D C:\Users\Windows\AppData\Local\{EE1B57A8-2038-47D3-B92A-D95CEE01DFA2}

O43 - CFD: 24/10/2012 - 21:32:42 - [0] ----D C:\Users\Windows\AppData\Local\{F00A42A5-6CC7-49A1-B271-4B9E834E4B9E}

O43 - CFD: 03/08/2012 - 04:00:51 - [0] ----D C:\Users\Windows\AppData\Local\{F260F1D9-3239-4D5C-9718-AE51E977666C}

O43 - CFD: 25/07/2012 - 22:02:32 - [0] ----D C:\Users\Windows\AppData\Local\{F2A9CF6E-2DFD-4871-B3E3-67D3C9208777}

O43 - CFD: 28/06/2012 - 05:50:51 - [0] ----D C:\Users\Windows\AppData\Local\{F9239DD3-740B-48E3-A765-47E94DFD91F2}

O43 - CFD: 14/07/2009 - 02:54:32 - [0,014] R---D C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 20/04/2012 - 09:10:39 - [0,000] R---D C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 22/04/2012 - 10:42:14 - [0,000] ----D C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse

O43 - CFD: 20/04/2012 - 11:14:34 - [0,005] ----D C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

O43 - CFD: 14/07/2009 - 02:49:38 - [0,001] R---D C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 22/04/2012 - 15:14:14 - [0] ----D C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall

O43 - CFD: 24/11/2012 - 15:19:56 - [0,000] R---D C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 16/06/2012 - 17:42:41 - [0] ----D C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter 9.0

O43 - CFD: 20/04/2012 - 11:09:14 - [0,003] ----D C:\Users\Windows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

O43 - CFD: 20/04/2012 - 10:41:45 - [110,793] ----D C:\Program Files (x86)\Adobe

O43 - CFD: 26/11/2012 - 07:29:49 - [0,510] ----D C:\Program Files (x86)\Aimersoft

O43 - CFD: 09/08/2012 - 06:11:13 - [2,145] ----D C:\Program Files (x86)\AMD APP

O43 - CFD: 09/08/2012 - 06:11:15 - [0,389] ----D C:\Program Files (x86)\AMD AVT

O43 - CFD: 09/08/2012 - 06:12:02 - [68,010] ----D C:\Program Files (x86)\ATI Technologies

O43 - CFD: 23/11/2012 - 19:23:09 - [77,043] ----D C:\Program Files (x86)\CheckPoint

O43 - CFD: 24/11/2012 - 06:53:23 - [278,251] ----D C:\Program Files (x86)\Common Files

O43 - CFD: 20/04/2012 - 10:51:59 - [215,634] ----D C:\Program Files (x86)\CyberLink

O43 - CFD: 02/08/2012 - 07:17:30 - [0] ----D C:\Program Files (x86)\DsNET Corp

O43 - CFD: 20/04/2012 - 10:50:24 - [0,926] ----D C:\Program Files (x86)\DVD Shrink

O43 - CFD: 26/11/2012 - 13:51:00 - [146,010] ----D C:\Program Files (x86)\ESET

O43 - CFD: 21/06/2012 - 07:21:28 - [3,019] ----D C:\Program Files (x86)\FLAC

O43 - CFD: 01/05/2012 - 21:35:13 - [7,701] ----D C:\Program Files (x86)\GPLGS

O43 - CFD: 22/08/2012 - 06:22:06 - [13,326] --H-D C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD: 20/04/2012 - 10:39:21 - [4,906] ----D C:\Program Files (x86)\Internet Explorer

O43 - CFD: 16/10/2012 - 22:33:14 - [121,165] ----D C:\Program Files (x86)\Java

O43 - CFD: 22/08/2012 - 06:20:21 - [20,136] ----D C:\Program Files (x86)\League of Legends

O43 - CFD: 18/10/2012 - 21:50:12 - [12,666] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware

O43 - CFD: 16/06/2012 - 17:43:57 - [4,640] ----D C:\Program Files (x86)\Media Player Classic

O43 - CFD: 21/06/2012 - 18:56:53 - [0] ----D C:\Program Files (x86)\Microsoft

O43 - CFD: 20/04/2012 - 10:45:36 - [37,956] ----D C:\Program Files (x86)\Microsoft Analysis Services

O43 - CFD: 20/04/2012 - 10:46:59 - [381,733] ----D C:\Program Files (x86)\Microsoft Office

O43 - CFD: 21/08/2012 - 14:30:19 - [40,838] ----D C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD: 20/04/2012 - 10:46:58 - [1,722] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

O43 - CFD: 20/04/2012 - 10:47:06 - [0,312] ----D C:\Program Files (x86)\Microsoft Synchronization Services

O43 - CFD: 20/04/2012 - 10:46:58 - [7,774] ----D C:\Program Files (x86)\Microsoft.NET

O43 - CFD: 23/11/2012 - 19:24:45 - [36,216] ----D C:\Program Files (x86)\Mozilla Firefox

O43 - CFD: 28/09/2012 - 00:30:48 - [0,195] ----D C:\Program Files (x86)\Mozilla Maintenance Service

O43 - CFD: 28/09/2012 - 00:30:49 - [37,521] ----D C:\Program Files (x86)\Mozilla Thunderbird

O43 - CFD: 03/05/2012 - 22:51:35 - [55,734] ----D C:\Program Files (x86)\MpcStar

O43 - CFD: 14/07/2009 - 03:32:38 - [0,025] ----D C:\Program Files (x86)\MSBuild

O43 - CFD: 24/11/2012 - 06:53:23 - [0,011] ----D C:\Program Files (x86)\MSSOAP

O43 - CFD: 26/05/2012 - 23:06:02 - [0] ----D C:\Program Files (x86)\NCSoft

O43 - CFD: 20/04/2012 - 11:13:49 - [56,849] ----D C:\Program Files (x86)\Nero

O43 - CFD: 06/08/2012 - 23:55:37 - [33,207] ----D C:\Program Files (x86)\Oracle

O43 - CFD: 22/08/2012 - 06:17:48 - [7,186] ----D C:\Program Files (x86)\Pando Networks

O43 - CFD: 18/07/2012 - 07:15:27 - [7,585] ----D C:\Program Files (x86)\Proxifier

O43 - CFD: 16/06/2012 - 17:44:00 - [1,233] ----D C:\Program Files (x86)\QuickTime Alternative

O43 - CFD: 25/06/2012 - 22:35:29 - [12,918] ----D C:\Program Files (x86)\RaidCall

O43 - CFD: 14/07/2009 - 03:32:38 - [37,258] ----D C:\Program Files (x86)\Reference Assemblies

O43 - CFD: 16/06/2012 - 19:40:05 - [852,540] ----D C:\Program Files (x86)\Riot Games Teste

O43 - CFD: 18/07/2012 - 23:08:37 - [16,855] R---D C:\Program Files (x86)\Skype

O43 - CFD: 17/10/2012 - 20:38:01 - [73,648] ----D C:\Program Files (x86)\Tibia

O43 - CFD: 14/07/2009 - 02:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information

O43 - CFD: 24/11/2012 - 06:53:10 - [0] ----D C:\Program Files (x86)\Webroot

O43 - CFD: 16/06/2012 - 17:42:41 - [10,769] ----D C:\Program Files (x86)\WinAVI Video Converter 9.0

O43 - CFD: 21/04/2012 - 01:50:17 - [0,493] ----D C:\Program Files (x86)\Windows Defender

O43 - CFD: 21/06/2012 - 18:24:52 - [59,447] ----D C:\Program Files (x86)\Windows Live

O43 - CFD: 21/04/2012 - 01:50:17 - [5,870] ----D C:\Program Files (x86)\Windows Mail

O43 - CFD: 27/01/2011 - 21:47:04 - [4,783] ----D C:\Program Files (x86)\Windows Media Player

O43 - CFD: 14/07/2009 - 03:32:38 - [11,630] ----D C:\Program Files (x86)\Windows NT

O43 - CFD: 27/01/2011 - 21:47:04 - [4,210] ----D C:\Program Files (x86)\Windows Photo Viewer

O43 - CFD: 21/11/2010 - 01:31:38 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices

O43 - CFD: 27/01/2011 - 21:47:04 - [5,716] ----D C:\Program Files (x86)\Windows Sidebar

O43 - CFD: 23/11/2012 - 19:14:53 - [-284,309] ----D C:\Program Files (x86)\World of Warcraft

O43 - CFD: 21/06/2012 - 07:24:10 - [13,337] ----D C:\Program Files (x86)\Xiph.Org

O43 - CFD: 26/11/2012 - 23:23:46 - [10,362] ----D C:\Program Files (x86)\ZHPDiag

O43 - CFD: 27/04/2012 - 21:27:05 - [3,066] ----D C:\Program Files (x86)\Common Files\Adobe

O43 - CFD: 09/08/2012 - 06:11:07 - [2,696] ----D C:\Program Files (x86)\Common Files\ATI Technologies

O43 - CFD: 24/11/2012 - 06:37:49 - [5,506] ----D C:\Program Files (x86)\Common Files\Blizzard Entertainment

O43 - CFD: 20/04/2012 - 10:47:05 - [0,095] ----D C:\Program Files (x86)\Common Files\DESIGNER

O43 - CFD: 03/09/2012 - 20:47:04 - [1,184] ----D C:\Program Files (x86)\Common Files\Java

O43 - CFD: 21/06/2012 - 18:23:41 - [181,404] ----D C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD: 24/11/2012 - 06:53:23 - [0,675] ----D C:\Program Files (x86)\Common Files\MSSoap

O43 - CFD: 20/04/2012 - 11:13:25 - [32,073] ----D C:\Program Files (x86)\Common Files\Nero

O43 - CFD: 14/07/2009 - 01:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services

O43 - CFD: 20/04/2012 - 21:17:12 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype

O43 - CFD: 14/07/2009 - 01:20:08 - [39,200] ----D C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD: 27/01/2011 - 21:47:04 - [10,295] ----D C:\Program Files (x86)\Common Files\System

O43 - CFD: 20/04/2012 - 11:15:16 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live

~ Scan Program Folder in 00mn 13s

 

 

 

---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.40AC5234431B78BB3157C1BA973B868C] - 26/11/2012 - 18:52:42 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1691100]

O44 - LFC:[MD5.38113F67259F05F7B10757DFC565FE39] - 26/11/2012 - 13:35:38 ---A- . (...) -- C:\scu.dat [2120]

O44 - LFC:[MD5.90635ABBE060D029E9BB4EA839EF60E5] - 26/11/2012 - 12:52:11 . (...) -- C:\Windows\System32\perfc009.dat []]

O44 - LFC:[MD5.557A6711D334E9EDB444E838BD9C0546] - 26/11/2012 - 12:52:11 . (...) -- C:\Windows\System32\perfh009.dat []]]

O44 - LFC:[MD5.A59EADF779B6A47406822BA3B34F95CE] - 26/11/2012 - 12:52:11 . (...) -- C:\Windows\System32\prfc0416.dat [1491932]]

O44 - LFC:[MD5.967CE48F00265A3000B013BB3BDB2ADD] - 26/11/2012 - 12:52:11 . (...) -- C:\Windows\System32\prfh0416.dat [1491932]]]

O44 - LFC:[MD5.50D615FDACA20C83760D9D6CA46212CC] - 26/11/2012 - 12:52:11 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1491932]

O44 - LFC:[MD5.90635ABBE060D029E9BB4EA839EF60E5] - 26/11/2012 - 12:52:11 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [103370]

O44 - LFC:[MD5.557A6711D334E9EDB444E838BD9C0546] - 26/11/2012 - 12:52:11 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [606992]

O44 - LFC:[MD5.A59EADF779B6A47406822BA3B34F95CE] - 26/11/2012 - 12:52:11 ---A- . (...) -- C:\Windows\SysNative\prfc0416.dat [124724]

O44 - LFC:[MD5.967CE48F00265A3000B013BB3BDB2ADD] - 26/11/2012 - 12:52:11 ---A- . (...) -- C:\Windows\SysNative\prfh0416.dat [654272]

O44 - LFC:[MD5.50D615FDACA20C83760D9D6CA46212CC] - 26/11/2012 - 12:52:11 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1491932]

O44 - LFC:[MD5.EF5247F9093BF77BE11F16F8763C5711] - 26/11/2012 - 12:37:38 ---A- . (...) -- C:\Windows\setupact.log [2696]

O44 - LFC:[MD5.2126CF2B2942BBA3C99602225B0B50A0] - 26/11/2012 - 12:37:30 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.3696483D97DCB5A6C9B3A5CB8F477B3A] - 26/11/2012 - 05:55:56 ---A- . (...) -- C:\Windows\PFRO.log [6856]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/11/2012 - 15:02:35 -SHA- . (...) -- C:\ProgramData.LOG1 [0]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/11/2012 - 15:02:35 -SHA- . (...) -- C:\ProgramData.LOG2 [0]

O44 - LFC:[MD5.1092223471D562CA0B2FAA41A12AB85C] - 24/11/2012 - 05:53:42 ---A- . (...) -- C:\Windows\win.ini [515]

O44 - LFC:[MD5.D47417ADA67344519881AC147F48CC4D] - 24/11/2012 - 05:51:46 ---A- . (...) -- C:\Windows\install.dat [164]

O44 - LFC:[MD5.E185BDA84E5F03F4E1D8DCA30E209277] - 23/11/2012 - 18:56:24 ---A- . (...) -- C:\Windows\epplauncher.mif [1912]

O44 - LFC:[MD5.6B2DBEE8B237AD91F75F5C17D24AF956] - 23/11/2012 - 18:29:34 . (...) -- C:\Windows\System32\Drivers\vsconfig.xml []]]

O44 - LFC:[MD5.17666764A09C8E32F6DD363ED5EAC355] - 15/11/2012 - 20:06:08 . (...) -- C:\Windows\System32\Drivers\klflt.sys []

O44 - LFC:[MD5.BDCDA87DD466867A8A7C405D52DD9260] - 15/11/2012 - 20:06:08 . (...) -- C:\Windows\System32\Drivers\klif.sys []]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/11/2012 - 11:39:43 ---A- . (...) -- C:\Windows\setuperr.log [0]

O44 - LFC:[MD5.DBB357B5C3D97039CDD010E01D165870] - 01/11/2012 - 14:31:48 . (...) -- C:\Windows\System32\Drivers\vsdatant.sys []]]]

O44 - LFC:[MD5.B764F0F8B0D7FF2FFC3FB4C063F5F52A] - 30/10/2012 - 19:50:30 . (...) -- C:\Windows\System32\aswBoot.exe []

O44 - LFC:[MD5.B764F0F8B0D7FF2FFC3FB4C063F5F52A] - 30/10/2012 - 19:50:30 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\SysNative\aswBoot.exe [285328]

~ Scan Files in 00mn 02s

 

 

 

---\\ Local Security Authority-LSA Deny (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Safe Boot Control (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

~ Scan CSB in 00mn 00s

 

 

 

---\\ MountPoints2 Shell Key (MPKS) (O51) (None)

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

~ Scan Keys in 00mn 00s

 

 

 

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

O53 - SMSR:HKLM\...\startupreg\AMD AVT [Key] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\Cmd.exe

O53 - SMSR:HKLM\...\startupreg\BCSSync [Key] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (.Google Inc. - Google Installer.) -- C:\Users\Windows\AppData\Local\Google\Update\GoogleUpdate.exe

O53 - SMSR:HKLM\...\startupreg\RemoteControl11 [Key] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

O53 - SMSR:HKLM\...\startupreg\Sidebar [Key] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe

O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

~ Scan SMSR Keys in 00mn 00s

 

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.BC647F1F9DCE55B05B54683260ECE4FB] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]

~ Scan Drivers in 00mn 00s

 

 

 

---\\ List all legacy services(LALS) (O64)

O64 - Services: CurCS - 04/07/2012 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG

O64 - Services: CurCS - 02/11/2012 - C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (ISWKL) .(.Check Point Software Technologies - ZoneAlarm Browser Security.) - LEGACY_ISWKL

O64 - Services: CurCS - 15/11/2012 - C:\Windows\System32\DRIVERS\klif.sys (KLIF) .(.Kaspersky Lab - Klif Mini-Filter [fre_wlh_x64_noagava].) - LEGACY_KLIF

O64 - Services: CurCS - 29/09/2012 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR

O64 - Services: CurCS - 20/04/2011 - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (ntk_PowerDVD) .(.Cyberlink Corp. - NTIPPKernel Driver.) - LEGACY_NTK_POWERDVD

O64 - Services: CurCS - ??\??\???? - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV

O64 - Services: CurCS - 01/11/2012 - C:\Windows\System32\DRIVERS\vsdatant.sys (Vsdatant) .(.Check Point Software Technologies LTD - ZoneAlarm Firewalling Driver.) - LEGACY_VSDATANT

O64 - Services: CurCS - ??\??\???? - (X6va009) .(. - .) - LEGACY_X6VA009

O64 - Services: CurCS - 12/04/2011 - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) .(.CyberLink Corp. - No comment.) - LEGACY_{329F96B6-DF1E-4328-BFDA-39EA953C1312}

~ Scan Services in 00mn 00s

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera Next x64\Opera.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files\Opera Next x64\Opera.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files\Opera Next x64\Opera.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Users\Windows\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files\Opera Next x64\Opera.exe (.not file.)

~ Scan Keys in 00mn 00s

 

 

 

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com

O69 - SBI: SearchScopes [HKCU] {A02147C3-46F0-4B9C-AB5A-F51ECF9963BE} - (Google) - http://www.google.com

~ Scan Keys in 00mn 00s

 

 

 

---\\ Search Svchost Services (SSS) (O83)

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [72192]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [80384]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [80384]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236032]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [777728]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [853504]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [679424]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [99328]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [344064]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [97792]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [64512]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [359424]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [316928]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [680960]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2420736]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\Windows\System32\qmgr.dll [849920]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [370688]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [569344]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [30720]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [70656]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [67584]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [121856]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [136192]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [111104]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [1110016]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\kmsvc.dll [90624]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [84480]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [44544]

O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [100864]

~ Scan Services in 00mn 00s

 

 

 

---\\ Search Particular Root Folder (SPRF) (O84)

[MD5.6D9E5361414A404F62DC249F2AADC327] [sPRF][31/01/2008] (.Unknown owner - 7-zip32.) -- C:\Users\Windows\AppData\Local\Temp\7-zip32.dll [506880]

[MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [sPRF][23/08/2012] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\Windows\AppData\Local\Temp\AskSLib.dll [248008]

[MD5.E897110EE5E67FABB83B154DF9C68D6A] [sPRF][26/11/2012] (...) -- C:\Users\Windows\Desktop\ZHPDiag_silent.exe [794216]

[MD5.AE326A97F634217CAC29739D376DF934] [sPRF][15/08/2011] (...) -- C:\Users\Windows\Desktop\ZHP_uninstall.exe [344187]

~ Scan Files in 00mn 00s

 

 

 

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "WMPNSS-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-Out-UDP" |Out - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-In-UDP" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-Out-UDP-NoScope" |Out - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-In-UDP-NoScope" |In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "TCP Query User{F55ADBED-50FB-4B84-BD9D-D500594E4760}C:\windows\kmsemulator.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)

O87 - FAEL: "UDP Query User{C0E17F15-84D4-4DEA-9046-A2A2358BB6F6}C:\windows\kmsemulator.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)

O87 - FAEL: "{6A2CE7DA-F48D-4BA0-9FC6-F405D3E3AB62}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD 11.0.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11.exe

O87 - FAEL: "{32EC225F-80E4-4ED8-9435-7FB23ADEB7BF}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

O87 - FAEL: "{49C785AC-40DE-4BE4-AA7E-1BA9EDE9E07B}" | In - None - P17 - TRUE | .(.CyberLink - CyberLink Spark Media Server Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe

O87 - FAEL: "{1293509E-74A6-423E-8FDF-4B180CDAB45A}" | In - None - P17 - TRUE | .(.CyberLink Corp. - CyberLink PowerDVD Cinema 11 Main Program.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\PowerDVDCinema11.exe

O87 - FAEL: "{7322A453-22A8-432D-91BC-7EB425B284E0}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "{50F9241A-25F5-4FD2-931D-0B807FDA6125}" |Out - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "{A81544D3-09B4-47CF-B2A2-6B91FFDFF0C3}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "{72FC98BC-9DE4-4CAB-8869-52AAF2B7720E}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "{4B1F4B10-5580-43DD-9064-C9B25D429222}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe

O87 - FAEL: "{B6E0EC34-EA5B-48DC-B06A-DA869CF308C7}" |In - None - P6 - TRUE | .(...) -- C:\Program Files\BitComet\BitComet.exe (.not file.)

O87 - FAEL: "{E9EA2571-E524-41A5-AF96-D0A13B60B243}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\BitComet\BitComet.exe (.not file.)

O87 - FAEL: "TCP Query User{69CF0870-997F-4B86-A898-0414F7850EE7}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" |In - Private - P6 - TRUE | .(...) -- C:\programdata\electronic arts\need for speed world\data\nfsw.exe (.not file.)

O87 - FAEL: "UDP Query User{EF779BBE-08C7-422D-B3E1-88754A1FF0E1}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" |In - Private - P17 - TRUE | .(...) -- C:\programdata\electronic arts\need for speed world\data\nfsw.exe (.not file.)

O87 - FAEL: "{35634E49-70D0-413E-9655-CEADFB67E97A}" |In - Private - P6 - TRUE | .(...) -- C:\ongame\Pointblank\PointBlank.exe (.not file.)

O87 - FAEL: "{EA4241A9-88A1-4293-8CD7-5408D35A0A2C}" |In - Private - P17 - TRUE | .(...) -- C:\ongame\Pointblank\PointBlank.exe (.not file.)

O87 - FAEL: "{E94886E2-EBCA-4EA9-99F0-ADB3BDF5332C}" | In - Private - P6 - TRUE | .(.Curse - Curse Client.) -- C:\Users\Windows\AppData\Local\Apps\2.0\PKTOQNQE.QMT\KYM8OC9G.L4T\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe

O87 - FAEL: "{44C80DAC-C4D8-4B8C-B62C-1B90599B4EEE}" | In - Private - P17 - TRUE | .(.Curse - Curse Client.) -- C:\Users\Windows\AppData\Local\Apps\2.0\PKTOQNQE.QMT\KYM8OC9G.L4T\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe

O87 - FAEL: "TCP Query User{48049EF5-15ED-4953-8C8B-DA4E6B97367B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" |In - Public - P6 - TRUE | .(...) -- C:\programdata\electronic arts\need for speed world\data\nfsw.exe (.not file.)

O87 - FAEL: "UDP Query User{2674F26E-639A-4EE4-AAE1-F2249333409F}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" |In - Public - P17 - TRUE | .(...) -- C:\programdata\electronic arts\need for speed world\data\nfsw.exe (.not file.)

O87 - FAEL: "{B10692E7-B8B5-4C34-B5ED-98828320B091}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Diablo III\Diablo III.exe (.not file.)

O87 - FAEL: "{EF9DCC88-EA2A-4B4C-86E6-C837D7067E32}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Diablo III\Diablo III.exe (.not file.)

O87 - FAEL: "{376321FE-DB1B-4CEB-A115-5D5E0011DC62}" | In - Domain - P6 - TRUE | .(.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O87 - FAEL: "{E9235AE9-B9D0-49B4-AB8C-CEC2E067F2BF}" | In - Domain - P17 - TRUE | .(.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O87 - FAEL: "{7652C510-3FE4-4F46-8D1D-17772C25D1FB}" | In - Private - P6 - TRUE | .(.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O87 - FAEL: "{6084C9AE-923B-42F4-A887-37682D5594E4}" | In - Private - P17 - TRUE | .(.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O87 - FAEL: "{4CF240BC-11D1-4496-A687-515707CBD35F}" | In - None - P17 - TRUE | .(.Unknown owner - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O87 - FAEL: "{BEC684F5-F7CB-4082-9BCD-1FE8338986F3}" | In - Public - P6 - TRUE | .(.Blizzard Entertainment - Battle.net Update Agent.) -- C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe

O87 - FAEL: "{AA9B12B3-90D5-4DC1-9D02-308E76878909}" | In - Public - P17 - TRUE | .(.Blizzard Entertainment - Battle.net Update Agent.) -- C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe

O87 - FAEL: "{753F7AB9-8CF5-48C5-A3EA-5693B544BD04}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next x64\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{A5B10FA9-116E-497D-A8ED-CAF9815EE97C}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next x64\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{6DD407D9-6738-409C-A292-174365E065B3}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next x64\pluginwrapper\opera_plugin_wrapper_32.exe (.not file.)

O87 - FAEL: "{237528EC-79E3-4655-9D96-6B5465AF19E7}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next x64\pluginwrapper\opera_plugin_wrapper_32.exe (.not file.)

O87 - FAEL: "{BDB0C989-BA53-4C23-A59B-FD1E50597E19}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next x64\opera.exe (.not file.)

O87 - FAEL: "{1297A7ED-97BC-49A5-B60E-0CFFB949CC35}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next x64\opera.exe (.not file.)

O87 - FAEL: "{BBBEA773-5E1D-4724-A5C1-FFE8F3C933C7}" | In - Public - P6 - TRUE | .(.Blizzard Entertainment - Battle.net Update Agent.) -- C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe

O87 - FAEL: "{8771BFDE-975B-42A1-B039-022629054A8B}" | In - Public - P17 - TRUE | .(.Blizzard Entertainment - Battle.net Update Agent.) -- C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe

O87 - FAEL: "{EC52DA38-8AAE-4CFF-A844-76182653DF01}" | In - Public - P6 - TRUE | .(.Curse - Curse Client.) -- C:\Users\Windows\AppData\Local\Apps\2.0\PKTOQNQE.QMT\KYM8OC9G.L4T\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe

O87 - FAEL: "{3A3934C4-5907-431E-92EE-7BF6EACAE343}" | In - Public - P17 - TRUE | .(.Curse - Curse Client.) -- C:\Users\Windows\AppData\Local\Apps\2.0\PKTOQNQE.QMT\KYM8OC9G.L4T\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe

~ Scan Firewall in 00mn 00s

 

 

 

---\\ Additionnal Scan (O88)

Database Version : 9204 - (19/10/2012)

Clés trouvées (Keys found) : 7

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 3

Fichiers trouvés (Files found) : 0

 

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Adware.Agent

[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Adware.Agent

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon

[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper

[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon

C:\ProgramData\Babylon =>Toolbar.Babylon

C:\Users\Windows\AppData\Roaming\Babylon =>Toolbar.Babylon

C:\Users\Windows\AppData\Local\Babylon =>Toolbar.Babylon

~ Scan Additionnel in 00mn 05s

 

 

 

---\\ Router Hijack DNS (O89) (None)

 

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Disabled 03/01/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SS - | Disabled 20/11/2012 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SR - | Auto 04/07/2012 238080 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe

SS - | Disabled 83240 | (CLHNServiceForPowerDVD) . (...) - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

SS - | Disabled 31/03/2011 70952 | (CyberLink PowerDVD 11.0 Monitor Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

SS - | Disabled 31/03/2011 312616 | (CyberLink PowerDVD 11.0 Service) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe

SR - | Auto 02/11/2012 827560 | (IswSvc) . (.Check Point Software Technologies.) - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

SR - | Auto 29/09/2012 399432 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

SR - | Auto 29/09/2012 676936 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

SS - | Demand 13/07/2012 113120 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SS - | Auto 03/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 19/11/2012 2447440 | (vsmon) . (.Check Point Software Technologies LTD.) - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SS - | Disabled 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe

SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 12/04/2011 148976 | ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) . (.CyberLink Corp..) - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl

~ Scan Services in 00mn 03s

 

 

 

---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Run by Windows at 26/11/2012 23:24:23

 

device: opened successfully

user: error reading MBR

 

Disk trace:

error: Read Identificador inválido.

kernel: error reading MBR

~ Scan MBR in 00mn 02s

 

 

 

---\\ Search Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Windows at 26/11/2012 23:24:25

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ Scan MBR in 00mn 04s

 

 

 

End of the scan (1265 lines in 01mn 18s)(0)

-------------------------------------------------

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20121127_t5b11h9b710

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia.

 

 

:seta: Envie o arquivo C:\PhysicalDisk0_MBR.bin para análise em http://www.virustotal.com/

 

*Cole o link do resultado

 

 

:seta: Selecione e copie (Ctrl+c) as linhas em azul:

[HKLM\Software\Wow6432Node\360Safe]

[HKLM\Software\Wow6432Node\Babylon]

O43 - CFD: 01/05/2012 - 21:34:35 - [0] ----D C:\ProgramData\Babylon

O43 - CFD: 01/05/2012 - 21:34:35 - [0,006] ----D C:\Users\Windows\AppData\Roaming\Babylon

O43 - CFD: 01/05/2012 - 21:34:35 - [4,186] ----D C:\Users\Windows\AppData\Local\Babylon

O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com

O87 - FAEL: "TCP Query User{F55ADBED-50FB-4B84-BD9D-D500594E4760}C:\windows\kmsemulator.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)

O87 - FAEL: "UDP Query User{C0E17F15-84D4-4DEA-9046-A2A2358BB6F6}C:\windows\kmsemulator.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)

[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]

[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}]

[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]

[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]

C:\ProgramData\Babylon

C:\Users\Windows\AppData\Roaming\Babylon

C:\Users\Windows\AppData\Local\Babylon

O43 - CFD: 23/11/2012 - 22:24:57 - [7,293] ----D C:\ProgramData\Spyrix Free Keylogger

[MD5.00000000000000000000000000000000] [APT] [{6829E691-B85A-4044-8A0C-022A5589181A}] (...) -- C:\Users\Windows\AppData\Local\Temp\VSDB5A8.tmp\DotNetFx35Client\DotNetFx35ClientSetup.exe (.not file.)

O43 - CFD: 23/11/2012 - 14:02:04 - [0] ----D C:\ProgramData\boost_interprocess

O43 - CFD: 20/04/2012 - 09:10:06 - [0] ----D C:\Users\Windows\AppData\Local\Dados de aplicativos

O43 - CFD: 20/04/2012 - 09:10:06 - [0] ----D C:\Users\Windows\AppData\Local\Histórico

O43 - CFD: 25/07/2012 - 22:02:21 - [0] ----D C:\Users\Windows\AppData\Local\{0131E2C4-E0EE-4940-887E-8597CE7767DB}

O43 - CFD: 25/06/2012 - 15:22:53 - [0] ----D C:\Users\Windows\AppData\Local\{091E2BDC-2359-452D-AD18-42B595458277}

O43 - CFD: 09/09/2012 - 17:02:50 - [0] ----D C:\Users\Windows\AppData\Local\{0B585E32-E7AE-4AC9-9C2B-BBD2B88996F9}

O43 - CFD: 19/08/2012 - 04:32:44 - [0] ----D C:\Users\Windows\AppData\Local\{0F96A9DE-C886-4F49-87C2-1E636C17C01E}

O43 - CFD: 18/07/2012 - 23:08:52 - [0] ----D C:\Users\Windows\AppData\Local\{15D878DB-6A55-464D-9A79-EDC2817ED993}

O43 - CFD: 30/06/2012 - 00:58:41 - [0] ----D C:\Users\Windows\AppData\Local\{1D91E037-C655-4EFA-8B87-8131EC1888EE}

O43 - CFD: 21/06/2012 - 19:00:52 - [0] ----D C:\Users\Windows\AppData\Local\{1E736A81-E356-4400-A372-48F13422DD04}

O43 - CFD: 19/07/2012 - 20:50:15 - [0] ----D C:\Users\Windows\AppData\Local\{2AD7AB40-1403-481E-BC17-6E4245D7A3B2}

O43 - CFD: 21/06/2012 - 19:00:10 - [0] ----D C:\Users\Windows\AppData\Local\{34129302-57A4-46AF-89C9-71089337907C}

O43 - CFD: 17/07/2012 - 20:56:36 - [0] ----D C:\Users\Windows\AppData\Local\{3B863FDE-668C-4E34-A8C3-905E26CC9467}

O43 - CFD: 05/08/2012 - 18:05:54 - [0] ----D C:\Users\Windows\AppData\Local\{4409E629-3962-4FC2-A9DC-E61639BFA7B8}

O43 - CFD: 26/08/2012 - 21:54:36 - [0] ----D C:\Users\Windows\AppData\Local\{4962CA7B-5060-4F6C-8EDE-A5F34BF5549F}

O43 - CFD: 29/06/2012 - 12:58:04 - [0] ----D C:\Users\Windows\AppData\Local\{49E1BB4B-F348-4A3F-BC8B-A40817AEA1E3}

O43 - CFD: 28/06/2012 - 17:51:15 - [0] ----D C:\Users\Windows\AppData\Local\{4F17A9DA-5AAB-4F56-91E9-623940FBF698}

O43 - CFD: 03/08/2012 - 04:00:39 - [0] ----D C:\Users\Windows\AppData\Local\{506F49ED-1B6C-44A8-B465-0A346F700BAF}

O43 - CFD: 20/07/2012 - 21:22:48 - [0] ----D C:\Users\Windows\AppData\Local\{53439C79-5759-4C3B-8136-8BCA44432222}

O43 - CFD: 01/08/2012 - 23:26:14 - [0] ----D C:\Users\Windows\AppData\Local\{53584E6B-15B2-49F1-9955-D565AF0C590C}

O43 - CFD: 27/06/2012 - 17:50:14 - [0] ----D C:\Users\Windows\AppData\Local\{57440929-47A7-4751-B34E-1139999D9EF8}

O43 - CFD: 14/07/2012 - 15:11:00 - [0] ----D C:\Users\Windows\AppData\Local\{5A89F307-C0F4-4A41-90B4-40081D7EF7EA}

O43 - CFD: 30/06/2012 - 18:50:15 - [0] ----D C:\Users\Windows\AppData\Local\{5C7FB798-CF0E-4ACD-90DA-498ADBF7A5C0}

O43 - CFD: 15/07/2012 - 03:11:26 - [0] ----D C:\Users\Windows\AppData\Local\{5DF273EB-8B88-4732-B72B-E604FC6CF1B3}

O43 - CFD: 17/07/2012 - 20:56:47 - [0] ----D C:\Users\Windows\AppData\Local\{61C94AC9-8FC4-4A19-A63B-9546FD54703A}

O43 - CFD: 15/07/2012 - 15:11:39 - [0] ----D C:\Users\Windows\AppData\Local\{64273AFD-66DD-4DD0-ABA9-596A14966934}

O43 - CFD: 22/06/2012 - 09:29:34 - [0] ----D C:\Users\Windows\AppData\Local\{68F5AA50-E016-4019-88E2-2AA9DCA8FF81}

O43 - CFD: 26/08/2012 - 09:54:24 - [0] ----D C:\Users\Windows\AppData\Local\{694AA0B8-3429-4168-95B1-96B6A95BFB85}

O43 - CFD: 30/06/2012 - 18:50:03 - [0] ----D C:\Users\Windows\AppData\Local\{6AF0B1C6-A2D4-40A2-9C99-AD913E65329C}

O43 - CFD: 28/06/2012 - 17:51:03 - [0] ----D C:\Users\Windows\AppData\Local\{6D614B1A-B6A2-495C-A488-F4FC5301CD89}

O43 - CFD: 18/07/2012 - 23:09:04 - [0] ----D C:\Users\Windows\AppData\Local\{76A82915-5537-47EF-B843-2ECAB613B142}

O43 - CFD: 25/08/2012 - 16:24:16 - [0] ----D C:\Users\Windows\AppData\Local\{774C2195-B224-4103-A6D0-9CAAB6BFB255}

O43 - CFD: 23/08/2012 - 20:01:24 - [0] ----D C:\Users\Windows\AppData\Local\{840CA59C-4072-4601-88B2-3B5D1A052093}

O43 - CFD: 01/08/2012 - 23:26:02 - [0] ----D C:\Users\Windows\AppData\Local\{866C28B7-3419-4DB5-BEC7-436423514531}

O43 - CFD: 25/06/2012 - 15:23:04 - [0] ----D C:\Users\Windows\AppData\Local\{8D192558-D277-45F1-8CD3-207152C95461}

O43 - CFD: 10/07/2012 - 17:12:39 - [0] ----D C:\Users\Windows\AppData\Local\{962586D3-C4B9-4C00-B797-DF8A4C2A9C00}

O43 - CFD: 27/06/2012 - 17:50:02 - [0] ----D C:\Users\Windows\AppData\Local\{9ADA127F-7658-4736-8F8C-E3E9A328D16A}

O43 - CFD: 15/07/2012 - 15:11:50 - [0] ----D C:\Users\Windows\AppData\Local\{9F4E2BBD-FE77-487A-A2E4-7EF513DBE724}

O43 - CFD: 30/06/2012 - 00:58:52 - [0] ----D C:\Users\Windows\AppData\Local\{A1A88FB4-F0E2-4DFF-9F13-6C2B8D3A92AE}

O43 - CFD: 13/09/2012 - 23:25:34 - [0] ----D C:\Users\Windows\AppData\Local\{A3A87DE0-F26C-4376-8FC6-6F8C435F7FB7}

O43 - CFD: 22/06/2012 - 09:29:23 - [0] ----D C:\Users\Windows\AppData\Local\{A67A88D0-E359-4D66-B042-5807119BDE8C}

O43 - CFD: 05/08/2012 - 18:06:06 - [0] ----D C:\Users\Windows\AppData\Local\{AC902679-F6C9-44EB-A6D8-534CA0604844}

O43 - CFD: 03/09/2012 - 20:44:38 - [0] ----D C:\Users\Windows\AppData\Local\{AE45C716-42D0-4481-9B44-99602123B047}

O43 - CFD: 15/09/2012 - 17:14:33 - [0] ----D C:\Users\Windows\AppData\Local\{AF02025F-0604-49ED-A82B-A0132DA6BA04}

O43 - CFD: 01/07/2012 - 09:22:59 - [0] ----D C:\Users\Windows\AppData\Local\{AF832300-0B68-4257-B212-712426768924}

O43 - CFD: 21/08/2012 - 21:17:15 - [0] ----D C:\Users\Windows\AppData\Local\{B1C65527-8C3C-4359-9545-B575B3807AD2}

O43 - CFD: 18/08/2012 - 16:32:30 - [0] ----D C:\Users\Windows\AppData\Local\{B74AE8E9-7092-4A7E-9D70-2F24EA670433}

O43 - CFD: 18/08/2012 - 16:32:18 - [0] ----D C:\Users\Windows\AppData\Local\{B8378ED3-7E93-4098-8091-38AA88B6BA5B}

O43 - CFD: 14/07/2012 - 01:01:43 - [0] ----D C:\Users\Windows\AppData\Local\{C05BB145-F376-4CAC-B76B-4F64E7B10136}

O43 - CFD: 29/06/2012 - 12:58:15 - [0] ----D C:\Users\Windows\AppData\Local\{C1E04AF9-8929-473C-B40F-5EE1C134DEC1}

O43 - CFD: 01/07/2012 - 09:23:19 - [0] ----D C:\Users\Windows\AppData\Local\{C466B230-F586-4B86-90BD-F17C407A857D}

O43 - CFD: 19/07/2012 - 20:50:03 - [0] ----D C:\Users\Windows\AppData\Local\{C5CB2E5C-A7E6-4563-BBFA-AB71E3D15D7E}

O43 - CFD: 20/07/2012 - 21:22:59 - [0] ----D C:\Users\Windows\AppData\Local\{D4FE0D36-C19F-491B-992B-D05F17286B89}

O43 - CFD: 10/07/2012 - 17:12:51 - [0] ----D C:\Users\Windows\AppData\Local\{D7C923D9-7EFB-4264-9DF2-C42CBBDE55F3}

O43 - CFD: 19/09/2012 - 14:36:31 - [0] ----D C:\Users\Windows\AppData\Local\{DB99E628-1190-463F-B94E-71805A53332D}

O43 - CFD: 02/08/2012 - 16:00:13 - [0] ----D C:\Users\Windows\AppData\Local\{E5385FC5-8FE6-4BB3-9E50-522E02BD9463}

O43 - CFD: 10/09/2012 - 05:03:03 - [0] ----D C:\Users\Windows\AppData\Local\{E89BDFE8-53E2-4D1E-A14C-A72EE1137E26}

O43 - CFD: 02/08/2012 - 16:00:01 - [0] ----D C:\Users\Windows\AppData\Local\{EB435AB3-CBC9-4A84-A1EC-C0838A025C50}

O43 - CFD: 14/07/2012 - 01:01:32 - [0] ----D C:\Users\Windows\AppData\Local\{EE1B57A8-2038-47D3-B92A-D95CEE01DFA2}

O43 - CFD: 24/10/2012 - 21:32:42 - [0] ----D C:\Users\Windows\AppData\Local\{F00A42A5-6CC7-49A1-B271-4B9E834E4B9E}

O43 - CFD: 03/08/2012 - 04:00:51 - [0] ----D C:\Users\Windows\AppData\Local\{F260F1D9-3239-4D5C-9718-AE51E977666C}

O43 - CFD: 25/07/2012 - 22:02:32 - [0] ----D C:\Users\Windows\AppData\Local\{F2A9CF6E-2DFD-4871-B3E3-67D3C9208777}

O43 - CFD: 28/06/2012 - 05:50:51 - [0] ----D C:\Users\Windows\AppData\Local\{F9239DD3-740B-48E3-A765-47E94DFD91F2}

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera Next x64\Opera.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files\Opera Next x64\Opera.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files\Opera Next x64\Opera.exe (.not file.)

O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files\Opera Next x64\Opera.exe (.not file.)

O87 - FAEL: "{35634E49-70D0-413E-9655-CEADFB67E97A}" |In - Private - P6 - TRUE | .(...) -- C:\ongame\Pointblank\PointBlank.exe (.not file.)

O87 - FAEL: "{EA4241A9-88A1-4293-8CD7-5408D35A0A2C}" |In - Private - P17 - TRUE | .(...) -- C:\ongame\Pointblank\PointBlank.exe (.not file.)

O87 - FAEL: "{B10692E7-B8B5-4C34-B5ED-98828320B091}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Diablo III\Diablo III.exe (.not file.)

O87 - FAEL: "{EF9DCC88-EA2A-4B4C-86E6-C837D7067E32}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Diablo III\Diablo III.exe (.not file.)

O87 - FAEL: "{753F7AB9-8CF5-48C5-A3EA-5693B544BD04}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next x64\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{A5B10FA9-116E-497D-A8ED-CAF9815EE97C}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next x64\pluginwrapper\opera_plugin_wrapper.exe (.not file.)

O87 - FAEL: "{6DD407D9-6738-409C-A292-174365E065B3}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next x64\pluginwrapper\opera_plugin_wrapper_32.exe (.not file.)

O87 - FAEL: "{237528EC-79E3-4655-9D96-6B5465AF19E7}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next x64\pluginwrapper\opera_plugin_wrapper_32.exe (.not file.)

O87 - FAEL: "{BDB0C989-BA53-4C23-A59B-FD1E50597E19}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Opera Next x64\opera.exe (.not file.)

O87 - FAEL: "{1297A7ED-97BC-49A5-B60E-0CFFB949CC35}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Opera Next x64\opera.exe (.not file.)

G0 - GCSP: Preference [user Data\Default][HomePage] http://www.ask.com

O43 - CFD: 01/08/2012 - 22:03:52 - [0] ----D C:\ProgramData\Ask

O43 - CFD: 01/08/2012 - 22:04:43 - [0,165] ----D C:\Users\Windows\AppData\Local\APN

[MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [sPRF][23/08/2012] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\Windows\AppData\Local\Temp\AskSLib.dll [248008]

 

EmptyTemp

 

*Execute o ZHPFix através do seu ícone localizado no desktop. 29w655d.jpg..Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

 

aaefTSe3.jpg

 

 

 

*Clique b81i8h.jpg

 

 

*Clique ogzk8.jpg

 

 

*Clique [Oui]

 

1vrwp.jpg

 

*Cole o relatório ZHPFixReport.txt criado no desktop

Compartilhar este post


Link para o post
Compartilhar em outros sites

https://www.virustotal.com/file/5964249e4d0972fadd3fd041e100bee7188bad08c92876b6eaa0bc3f86a4e1f3/analysis/1354008617/

 

--------------------------------------------------------------

 

Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012

Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-27-11-2012-07-26-08.txt

Run by Windows at 27/11/2012 07:26:08

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Web site : http://nicolascoolman.skyrock.com/

 

 

 

========== Memory Module ==========

DELETED Memory Module: C:\Users\Windows\AppData\Local\Temp\AskSLib.dll

 

========== Registry Key ==========

DELETED Key: HKLM\Software\Wow6432Node\360Safe

DELETED Key: HKLM\Software\Wow6432Node\Babylon

DELETED Key: SearchScopes :{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

DELETED Key: HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

NOT FOUND Key: HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

NOT FOUND Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

DELETED Key: HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

NOT FOUND Key: HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

NOT FOUND Key: HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

 

========== Registry Value ==========

NOT FOUND TCP Query User{F55ADBED-50FB-4B84-BD9D-D500594E4760}C:/windows/kmsemulator.exe

NOT FOUND UDP Query User{C0E17F15-84D4-4DEA-9046-A2A2358BB6F6}C:/windows/kmsemulator.exe

DELETED {35634E49-70D0-413E-9655-CEADFB67E97A}

DELETED {EA4241A9-88A1-4293-8CD7-5408D35A0A2C}

DELETED {B10692E7-B8B5-4C34-B5ED-98828320B091}

DELETED {EF9DCC88-EA2A-4B4C-86E6-C837D7067E32}

DELETED {753F7AB9-8CF5-48C5-A3EA-5693B544BD04}

DELETED {A5B10FA9-116E-497D-A8ED-CAF9815EE97C}

DELETED {6DD407D9-6738-409C-A292-174365E065B3}

DELETED {237528EC-79E3-4655-9D96-6B5465AF19E7}

DELETED {BDB0C989-BA53-4C23-A59B-FD1E50597E19}

DELETED {1297A7ED-97BC-49A5-B60E-0CFFB949CC35}

 

========== Registry Data Items ==========

REMOVED StartMenuInternet: C:\Program Files\Opera Next x64\Opera.exe

 

========== Browser Profiles ==========

FOUND Chrome File: C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Preferences

DELETED Chrome Site: http://www.ask.com

DELETED Chrome Site: http://www.ask.com

 

========== Repertory ==========

DELETED Folder: C:\ProgramData\Babylon

DELETED Folder: C:\Users\Windows\AppData\Roaming\Babylon

DELETED Folder: C:\Users\Windows\AppData\Local\Babylon

DELETED Folder: C:\ProgramData\Spyrix Free Keylogger

DELETED Folder: C:\ProgramData\boost_interprocess

NOT FOUND C:\Users\Windows\AppData\Local\Dados de aplicativos

NOT FOUND C:\Users\Windows\AppData\Local\Histórico

DELETED Folder: C:\Users\Windows\AppData\Local\{0131E2C4-E0EE-4940-887E-8597CE7767DB}

DELETED Folder: C:\Users\Windows\AppData\Local\{091E2BDC-2359-452D-AD18-42B595458277}

DELETED Folder: C:\Users\Windows\AppData\Local\{0B585E32-E7AE-4AC9-9C2B-BBD2B88996F9}

DELETED Folder: C:\Users\Windows\AppData\Local\{0F96A9DE-C886-4F49-87C2-1E636C17C01E}

DELETED Folder: C:\Users\Windows\AppData\Local\{15D878DB-6A55-464D-9A79-EDC2817ED993}

DELETED Folder: C:\Users\Windows\AppData\Local\{1D91E037-C655-4EFA-8B87-8131EC1888EE}

DELETED Folder: C:\Users\Windows\AppData\Local\{1E736A81-E356-4400-A372-48F13422DD04}

DELETED Folder: C:\Users\Windows\AppData\Local\{2AD7AB40-1403-481E-BC17-6E4245D7A3B2}

DELETED Folder: C:\Users\Windows\AppData\Local\{34129302-57A4-46AF-89C9-71089337907C}

DELETED Folder: C:\Users\Windows\AppData\Local\{3B863FDE-668C-4E34-A8C3-905E26CC9467}

DELETED Folder: C:\Users\Windows\AppData\Local\{4409E629-3962-4FC2-A9DC-E61639BFA7B8}

DELETED Folder: C:\Users\Windows\AppData\Local\{4962CA7B-5060-4F6C-8EDE-A5F34BF5549F}

DELETED Folder: C:\Users\Windows\AppData\Local\{49E1BB4B-F348-4A3F-BC8B-A40817AEA1E3}

DELETED Folder: C:\Users\Windows\AppData\Local\{4F17A9DA-5AAB-4F56-91E9-623940FBF698}

DELETED Folder: C:\Users\Windows\AppData\Local\{506F49ED-1B6C-44A8-B465-0A346F700BAF}

DELETED Folder: C:\Users\Windows\AppData\Local\{53439C79-5759-4C3B-8136-8BCA44432222}

DELETED Folder: C:\Users\Windows\AppData\Local\{53584E6B-15B2-49F1-9955-D565AF0C590C}

DELETED Folder: C:\Users\Windows\AppData\Local\{57440929-47A7-4751-B34E-1139999D9EF8}

DELETED Folder: C:\Users\Windows\AppData\Local\{5A89F307-C0F4-4A41-90B4-40081D7EF7EA}

DELETED Folder: C:\Users\Windows\AppData\Local\{5C7FB798-CF0E-4ACD-90DA-498ADBF7A5C0}

DELETED Folder: C:\Users\Windows\AppData\Local\{5DF273EB-8B88-4732-B72B-E604FC6CF1B3}

DELETED Folder: C:\Users\Windows\AppData\Local\{61C94AC9-8FC4-4A19-A63B-9546FD54703A}

DELETED Folder: C:\Users\Windows\AppData\Local\{64273AFD-66DD-4DD0-ABA9-596A14966934}

DELETED Folder: C:\Users\Windows\AppData\Local\{68F5AA50-E016-4019-88E2-2AA9DCA8FF81}

DELETED Folder: C:\Users\Windows\AppData\Local\{694AA0B8-3429-4168-95B1-96B6A95BFB85}

DELETED Folder: C:\Users\Windows\AppData\Local\{6AF0B1C6-A2D4-40A2-9C99-AD913E65329C}

DELETED Folder: C:\Users\Windows\AppData\Local\{6D614B1A-B6A2-495C-A488-F4FC5301CD89}

DELETED Folder: C:\Users\Windows\AppData\Local\{76A82915-5537-47EF-B843-2ECAB613B142}

DELETED Folder: C:\Users\Windows\AppData\Local\{774C2195-B224-4103-A6D0-9CAAB6BFB255}

DELETED Folder: C:\Users\Windows\AppData\Local\{840CA59C-4072-4601-88B2-3B5D1A052093}

DELETED Folder: C:\Users\Windows\AppData\Local\{866C28B7-3419-4DB5-BEC7-436423514531}

DELETED Folder: C:\Users\Windows\AppData\Local\{8D192558-D277-45F1-8CD3-207152C95461}

DELETED Folder: C:\Users\Windows\AppData\Local\{962586D3-C4B9-4C00-B797-DF8A4C2A9C00}

DELETED Folder: C:\Users\Windows\AppData\Local\{9ADA127F-7658-4736-8F8C-E3E9A328D16A}

DELETED Folder: C:\Users\Windows\AppData\Local\{9F4E2BBD-FE77-487A-A2E4-7EF513DBE724}

DELETED Folder: C:\Users\Windows\AppData\Local\{A1A88FB4-F0E2-4DFF-9F13-6C2B8D3A92AE}

DELETED Folder: C:\Users\Windows\AppData\Local\{A3A87DE0-F26C-4376-8FC6-6F8C435F7FB7}

DELETED Folder: C:\Users\Windows\AppData\Local\{A67A88D0-E359-4D66-B042-5807119BDE8C}

DELETED Folder: C:\Users\Windows\AppData\Local\{AC902679-F6C9-44EB-A6D8-534CA0604844}

DELETED Folder: C:\Users\Windows\AppData\Local\{AE45C716-42D0-4481-9B44-99602123B047}

DELETED Folder: C:\Users\Windows\AppData\Local\{AF02025F-0604-49ED-A82B-A0132DA6BA04}

DELETED Folder: C:\Users\Windows\AppData\Local\{AF832300-0B68-4257-B212-712426768924}

DELETED Folder: C:\Users\Windows\AppData\Local\{B1C65527-8C3C-4359-9545-B575B3807AD2}

DELETED Folder: C:\Users\Windows\AppData\Local\{B74AE8E9-7092-4A7E-9D70-2F24EA670433}

DELETED Folder: C:\Users\Windows\AppData\Local\{B8378ED3-7E93-4098-8091-38AA88B6BA5B}

DELETED Folder: C:\Users\Windows\AppData\Local\{C05BB145-F376-4CAC-B76B-4F64E7B10136}

DELETED Folder: C:\Users\Windows\AppData\Local\{C1E04AF9-8929-473C-B40F-5EE1C134DEC1}

DELETED Folder: C:\Users\Windows\AppData\Local\{C466B230-F586-4B86-90BD-F17C407A857D}

DELETED Folder: C:\Users\Windows\AppData\Local\{C5CB2E5C-A7E6-4563-BBFA-AB71E3D15D7E}

DELETED Folder: C:\Users\Windows\AppData\Local\{D4FE0D36-C19F-491B-992B-D05F17286B89}

DELETED Folder: C:\Users\Windows\AppData\Local\{D7C923D9-7EFB-4264-9DF2-C42CBBDE55F3}

DELETED Folder: C:\Users\Windows\AppData\Local\{DB99E628-1190-463F-B94E-71805A53332D}

DELETED Folder: C:\Users\Windows\AppData\Local\{E5385FC5-8FE6-4BB3-9E50-522E02BD9463}

DELETED Folder: C:\Users\Windows\AppData\Local\{E89BDFE8-53E2-4D1E-A14C-A72EE1137E26}

DELETED Folder: C:\Users\Windows\AppData\Local\{EB435AB3-CBC9-4A84-A1EC-C0838A025C50}

DELETED Folder: C:\Users\Windows\AppData\Local\{EE1B57A8-2038-47D3-B92A-D95CEE01DFA2}

DELETED Folder: C:\Users\Windows\AppData\Local\{F00A42A5-6CC7-49A1-B271-4B9E834E4B9E}

DELETED Folder: C:\Users\Windows\AppData\Local\{F260F1D9-3239-4D5C-9718-AE51E977666C}

DELETED Folder: C:\Users\Windows\AppData\Local\{F2A9CF6E-2DFD-4871-B3E3-67D3C9208777}

DELETED Folder: C:\Users\Windows\AppData\Local\{F9239DD3-740B-48E3-A765-47E94DFD91F2}

DELETED Folder: C:\ProgramData\Ask

DELETED Folder: C:\Users\Windows\AppData\Local\APN

DELETED Window Temporary:

 

========== File ==========

NOT FOUND Folder/File: c:\programdata\babylon

NOT FOUND Folder/File: c:\users\windows\appdata\roaming\babylon

NOT FOUND Folder/File: c:\users\windows\appdata\local\babylon

DELETED File*: c:\users\windows\appdata\local\temp\askslib.dll

DELETED Window Temporary:

 

========== Task ==========

DELETED Task: {6829E691-B85A-4044-8A0C-022A5589181A}

 

 

========== Summary ==========

1 : Memory Module

9 : Registry Key

12 : Registry Value

1 : Registry Data Items

70 : Repertory

5 : File

3 : Browser Profiles

1 : Task

 

 

End of clean in 00mn 21s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 27/11/2012 07:26:08 [8515]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Os popups do ZoneAlarm não mostram sinais de keylogger. Quando eu usava o ZoneAlarm, marcava uma caixinha para não mostrar mais aquele alerta.

 

Havia uma pasta para um chamado Spyrix Free Keylogger que foi removida.

 

Vamos fazer outro scan para encerrar.

 

 

:seta: Execute o arquivo C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

 

 

:seta: Baixe o Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop

 

*Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador

 

*Aguarde a instalação, aceite o contrato e clique [start]

 

aagswzb7.jpg

 

 

*Clique 1z3vtjt.jpg

 

 

*Acrescente na pesquisa Meu computador

 

aaeRdxxr.jpg

 

 

*Clique 2lpcn7.jpg

 

 

*Clique [start scanning]

 

*Durante o scan, janelas surgirão.

 

*Caso encontre algo, selecione Apply to all objects e clique [skip]

 

 

2r6zax1.jpg

 

 

2ijixeh.jpg

 

 

*Ao término, clique 2r41o4x.jpg

 

 

*Clique Detected threats > [save] e salve no desktop como log.txt

 

*Cole o relatório log.txt salvo no desktop

Compartilhar este post


Link para o post
Compartilhar em outros sites

Wings. Boa Noite.

 

Fiz o scan como solicitado e nada foi encontrado. A minha desconfiança em relação a algum keylogger neste pc foi por causa que tomei Hack na minha conta do "WOW", que foi provavelmente algum chines(devido a troca de idioma padrao no site).

Eu tinha realizado o download de um addon por torrent que estava compactado em .rar , que é o meu melhor chute para isto ter acontecido. Tal pasta ja tinha sido deletada antes de executarmos os scans.

Muito obrigado pela atenção e tempo dado a resolver meu problema.

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

O PC está limpo...:)

 

 

:seta: Delete os programas ZHPDiag_silent, ZHPDiag, ZHPFix, MBRCheck e o arquivo ZHPDiag.txt localizados no Desktop (Área de Trabalho)

 

*Delete a pasta C:\ZHP e o arquivo C:\PhysicalDisk0_MBR.bin

 

 

:seta: Delete o Kaspersky Virus Removal Tool e seu relatório.

 

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.