Rapport de ZHPDiag v2013.4.21.127 par Nicolas Coolman, Update du 21/04/2013 Run by Wesclei at 22/04/2013 14:28:53 State : Your version is update. WhiteList : Enable High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v7.0.5730.13 MFIE: Mozilla Firefox 12.0 GCIE: Google Chrome v26.0.1410.64 (Defaut) ---\\ Windows Product Information ~ Langage: Anglais Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : KO ---\\ System Protection Avira Free Antivirus v12.1.9.1236 Malwarebytes Anti-Malware versão 1.75.0.1300 ---\\ System Optimizer ---\\ Software Update Adobe Flash Player 10 Plugin Adobe Reader 6.0.1 - Português ---\\ System Information ~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1981 MB (73% free) System Restore: Activé (Enable) System drive C: has 129 GB (86%) free of 149 GB ---\\ Logged in mode ~ Computer Name: WESCLEI ~ User Name: Wesclei ~ All Users Names: Wesclei, SUPPORT_388945a0, IWAM_WESCLEI, IUSR_WESCLEI, HelpAssistant, Convidado, ASPNET, Administrador, ~ Unselected Option: O45,O61,O62,O65,O82 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Wesclei\Dados de aplicativos\ ~ %Desktop% : C:\Documents and Settings\Wesclei\Desktop\ ~ %Favorites% : C:\Documents and Settings\Wesclei\Favoritos\ ~ %LocalAppData% : C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\ ~ %StartMenu% : C:\Documents and Settings\Wesclei\Menu Iniciar\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 129 Go of 149 Go) D:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: Scanned in 00mn 00s ---\\ Search Generic System Files [MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776] [MD5.A4A0FC92358F39538A6494C42EF99FE9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/08/2007 - 18:54:10.) -- C:\WINDOWS\system32\wininet.dll [818688] [MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952] [MD5.7E775010EF291DA96AD17CA4B17137D7] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/08/2008 - 7:04:36.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 9:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.60AE98742484E7AB80C3C1450E708148] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.24/10/2008 - 8:21:09.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [455296] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240] [MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/04/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248] ~ Generic Processes: Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 2/6 ~ Mes Videos (My Videos) : 1/5 ~ Mes Favoris (My Favorites) : 1/16 ~ Mes Documents (My Documents) : 9/253 ~ Mon Bureau (My Desktop) : 0/29 ~ Menu demarrer (Programs) : 1/44 ~ Hidden Files: Scanned in 00mn 00s ---\\ Running Processes [MD5.0A1CC583E8147004E4AD4625D7FBF88C] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [86224] [PID.1796] [MD5.C9A36EF935ACED86AEDF93E97E606911] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [110032] [PID.1892] [MD5.12F51445C5847C77F87C9A6538EEB38F] - (.Microsoft Corporation - Internet Information Services.) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872] [PID.184] [MD5.112325F53AB720CA77825726D427FBDC] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376] [PID.212] [MD5.748D107C3D000529A03C21E182442CFA] - (.Microsoft Corporation - TCP/IP Services Application.) -- C:\WINDOWS\system32\tcpsvcs.exe [19456] [PID.580] [MD5.AC10E67A172D2F64340CEFCDFF80FDFA] - (.Microsoft Corporation - Serviço SNMP.) -- C:\WINDOWS\System32\snmp.exe [33280] [PID.612] [MD5.52233C5D1890811C552068015AFE27DF] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe [80336] [PID.2836] [MD5.F4202F68BB3B9A08822238D9017EC638] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [348664] [PID.3548] [MD5.39AF1CDEAFA4FC9D5185FBD9F4D141C4] - (.Octoshape ApS - Main program for Octoshape client.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800] [PID.3608] [MD5.80557066058569BC5D55856592E20985] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.3376] [MD5.2D9A1A43307EC9BB267BE9F90B4AF0D5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [6936576] [PID.1416] [MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3160] [MD5.C58E0367F951DACF32D801CF5F900EC5] - (.Microsoft Corporation - MS DTC console program.) -- C:\WINDOWS\system32\msdtc.exe [6144] [PID.3660] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\buscape.xml M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\mercadolivre.xml M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\wikipedia-br.xml M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\yahoo-br.xml P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\npdeploytk.dll P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 2.0.0048.0.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\npOGAPlugin.dll P2 - FPN: [HKCU] [@octoshape.com/Octoshape Streaming Services,version=1.0] - (.Octoshape ApS - Octoshape embedded video plugin.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll ~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Octoshape ApS - Octoshape embedded video plugin.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1 ~ IE Browser: 12 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 1 ---\\ Browser Helper Objects (O2) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - hpswp_printenhancer dll.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} . (.Hewlett-Packard Co. - Leo (Framework) - add-on for Internet Explo.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll ~ BHO: 10 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: &Windows Live Toolbar - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (.not file.) O4 - HKCU\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe O4 - HKUS\S-1-5-21-2000478354-1532298954-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-2000478354-1532298954-682003330-1003\..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (.not file.) O4 - HKUS\S-1-5-21-2000478354-1532298954-682003330-1003\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe ~ Application: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Desktop: Adobe Reader 6.0.lnk . (.Adobe Systems Incorporated - Adobe Reader 6.0.) -- C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\AcroRd32.exe O4 - GS\Desktop: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe O4 - GS\Desktop: Avira Control Center.lnk . (.Avira Operations GmbH & Co. KG - Avira Control Center.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avcenter.exe O4 - GS\Desktop: BisonCam.lnk . (...) -- C:\WINDOWS\BisonCam\BisonCap.exe O4 - GS\Desktop: Central de Soluções HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqdirec.exe O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe O4 - GS\Desktop: Nero Express.lnk . (.Nero AG - Nero Burning ROM.) -- C:\Arquivos de programas\Nero\Nero Burning ROM\nero.exe O4 - GS\Desktop: PDFZilla.lnk . (.PDFZilla, Inc. - Convert PDF files to Word, Txt, HTML, Image.) -- C:\PDFZilla\PDFZilla.exe O4 - GS\Desktop: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Arquivos de programas\Google\Picasa3\Picasa3.exe O4 - GS\Desktop: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe O4 - GS\Desktop: Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe ~ Global Startup: Scanned in 00mn 03s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphean Key O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll ~ Winsock: 5 Legitimates Filtered in 00mn 00s ---\\ 'Reset Web Settings' hijack (O14) O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp" O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br" ~ IE Paramètres WEB: Scanned in 00mn 00s ---\\ Site in Trusted Zone (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.sofc2012 ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpDomain = funpec.br O17 - HKLM\System\CS1\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpDomain = funpec.br O17 - HKLM\System\CS3\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpDomain = funpec.br O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Pasta e monitor da bandeja UPNP.) -- C:\WINDOWS\system32\upnpui.dll ~ SSODL: 6 Legitimates Filtered in 00mn 00s ---\\ SharedTaskScheduler (O22) O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Desktop Component 0: Minha página inicial atual - file:About:Home O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Drivers launched at startup (O41) O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\WINDOWS\system32\drivers\360FileOem.sys O41 - Driver: (360SpOEM) . (.360???? - 360???? - SelfProtection.) - C:\WINDOWS\system32\drivers\360SpOEM.sys ~ Drivers: 81 Legitimates Filtered in 00mn 02s ---\\ Software installed (O42) O42 - Logiciel: HotKey_Driver - (...) [HKLM] -- {63F8286A-601D-4B06-BB21-DB863AF17BFA} O42 - Logiciel: PDFZilla V1.0.7 - (.PDFZilla, Inc..) [HKLM] -- PDFZilla_is1 O42 - Logiciel: Update_DealPly - (...) [HKCU] -- DealPly =>PUP.DealPly O42 - Logiciel: XP Codec Pack - (...) [HKLM] -- XP Codec Pack ~ Logic: 134 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN PIP] [HKCU\Software\GbAs] [HKCU\Software\InstallCore] =>PUP.InstallCore [HKCU\Software\PIP] [HKCU\Software\XP Codec Pack] [HKCU\Software\searchya.com] =>Adware.SearchYa [HKLM\Software\360Safe] [HKLM\Software\Absolutist] [HKLM\Software\HotKey_Disp] [HKLM\Software\PSafe] [HKLM\Software\Programas RFB] [HKLM\Software\Trymedia Systems] =>Adware.Trymedia [HKLM\Software\Ushustech] [HKLM\Software\margasoft] ~ Key Software: 202 Legitimates Filtered in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 22/06/2012 - 14:07:22 - [10,253] ----D C:\Arquivos de programas\Claro 3G O43 - CFD: 14/10/2009 - 12:03:28 - [0,000] ----D C:\Arquivos de programas\CNPJ2003 O43 - CFD: 01/06/2009 - 11:07:46 - [3,520] ----D C:\Arquivos de programas\HotKey_Driver O43 - CFD: 22/06/2012 - 14:07:19 - [3,007] ----D C:\Arquivos de programas\InstallAffixationInfo O43 - CFD: 01/03/2013 - 0:57:54 - [0,001] ----D C:\Arquivos de programas\Photo! O43 - CFD: 10/06/2010 - 16:39:32 - [0] ----D C:\Arquivos de programas\Programas RFB O43 - CFD: 13/07/2010 - 17:03:21 - [2,549] ----D C:\Arquivos de programas\REAP O43 - CFD: 01/06/2009 - 10:28:50 - [0,001] ----D C:\Arquivos de programas\Serviços on-line O43 - CFD: 25/10/2011 - 11:53:09 - [0,029] ----D C:\Arquivos de programas\Sistema Simplificado de Caixa O43 - CFD: 01/06/2009 - 11:58:34 - [7,363] ----D C:\Arquivos de programas\XP Codec Pack O43 - CFD: 01/06/2009 - 10:28:08 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços O43 - CFD: 03/08/2009 - 11:23:03 - [0] ----D C:\Documents and Settings\Wesclei\Dados de aplicativos\SView5 O43 - CFD: 24/09/2012 - 23:27:10 - [1,561] ----D C:\Documents and Settings\Wesclei\Dados de aplicativos\WESCLEI O43 - CFD: 11/07/2012 - 11:02:34 - [0,023] ----D C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\Ares O43 - CFD: 20/02/2011 - 15:10:41 - [0,003] ----D C:\Documents and Settings\Wesclei\Configurações locais\Dados de aplicativos\DCTiles O43 - CFD: 29/06/2010 - 11:30:37 - [0,015] R---D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\Acessórios O43 - CFD: 09/06/2009 - 23:50:16 - [0,000] R---D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\Ferramentas administrativas O43 - CFD: 01/06/2009 - 7:20:55 - [0,000] R---D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\Inicializar O43 - CFD: 01/06/2009 - 11:58:34 - [0,013] ----D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\XP Codec Pack 2.4.6 ~ Program Folder: 143 Legitimates Filtered in 00mn 17s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.CE0D2D3397D59FF6A059798A099A059E] - 22/04/2013 - 8:38:50 ---A- . (...) -- C:\WINDOWS\win.ini [1128] O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\MBR.exe [208896] O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\PEV.exe [256000] O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\zip.exe [68096] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 22/04/2013 - 9:06:28 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.72D43BB3BEB66C96BF5DECBDD606DAB7] - 22/04/2013 - 9:08:15 ---A- . (...) -- C:\ComboFix.txt [11802] O44 - LFC:[MD5.EAE88A9F315A85989D45D9E6A479A192] - 22/04/2013 - 11:13:11 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.DAD87D1C3A2ED78E490F30602AC8A84D] - 22/04/2013 - 11:13:08 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49] O44 - LFC:[MD5.8B95671505BA092526E6B4AC628832CC] - 22/04/2013 - 11:11:51 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [372426] O44 - LFC:[MD5.BB8E23B9C112A79F759681703D021C81] - 11/04/2013 - 23:51:47 ---A- . (...) -- C:\WINDOWS\wmsetup.log [49593] ~ Files: 25 Legitimates Filtered in 00mn 58s ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{29f860d6-1f41-11e0-b61d-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) O51 - MPSK:{29f860d9-1f41-11e0-b61d-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) O51 - MPSK:{30aa3a0c-75ff-11e0-b6f0-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) O51 - MPSK:{330e1370-ba64-11de-b52b-0090f5767d9b}\AutoRun\command. (...) -- E:\XnrPLT.exe (.not file.) O51 - MPSK:{3f52a962-68ba-11de-b475-00224359083d}\AutoRun\command - Orphean Key O51 - MPSK:{3fc3080e-7aaa-11de-b491-00224359083d}\AutoRun\command - Orphean Key O51 - MPSK:{4a74d131-249d-11e0-b626-0090f5767d9b}\AutoRun\command. (...) -- E:\thbpr.exe (.not file.) O51 - MPSK:{60d7a538-8f66-11de-b4c3-0090f5767d9b}\AutoRun\command. (...) -- E:\RECYCLERS32\autorun.exe (.not file.) O51 - MPSK:{7836a2da-1508-11e1-b840-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) O51 - MPSK:{850f619e-51bb-11e1-b87d-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) O51 - MPSK:{8ac0cc34-5ecd-11e0-b6ab-00224359083d}\AutoRun\command. (...) -- E:\xcksh.exe (.not file.) O51 - MPSK:{918e40eb-883e-11de-b4b3-00224359083d}\AutoRun\command - Orphean Key O51 - MPSK:{9afeb23a-532c-11e1-b87e-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) O51 - MPSK:{9afeb23b-532c-11e1-b87e-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) O51 - MPSK:{acebe882-9703-11de-b4e1-00224359083d}\AutoRun\command. (...) -- F:\ayvzxy.exe (.not file.) O51 - MPSK:{b6623e24-bc8f-11e1-b8cf-00224359083d}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.) O51 - MPSK:{d197fb7d-bf64-11df-b5d1-00224359083d}\AutoRun\command. (...) -- E:\Windows\Install.exe (.not file.) O51 - MPSK:{e5d94517-678f-11e1-b893-00224359083d}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.) O51 - MPSK:{e5d94518-678f-11e1-b893-00224359083d}\AutoRun\command. (...) -- E:\application\Nokia_Internet_Modem.exe (.not file.) O51 - MPSK:{e872f3c4-a96d-11df-b5b8-00224359083d}\AutoRun\command. (...) -- C:\WINDOWS\system32\svchosts.exe (.not file.) O51 - MPSK:{f3dcd824-8e4d-11de-b4c0-00224359083d}\AutoRun\command. (...) -- F:\RECYCLER32\dmgr.exe (.not file.) O51 - MPSK:{f694ab38-8ae6-11e1-b8b0-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"vidc.ffds"="ffdshow.ax" . (.Unknown owner - DirectShow and VFW video and audio decoding/encoding/processing filter.) -- C:\WINDOWS\system32\ffdshow.ax ~ TDSD: 16 Legitimates Filtered in 00mn 00s ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\BisonHK [Key] . (.mychat - BisonHK.) -- C:\WINDOWS\BisonCam\BisonHK.exe O53 - SMSR:HKLM\...\startupreg\SiSPower [Key] . (.Silicon Integrated Systems Corporation - Dynamic link library for setting Power Sche.) -- C:\WINDOWS\system32\SiSPower.dll O53 - SMSR:HKLM\...\startupreg\SMSERIAL [Key] . (.Motorola Inc. - Application executable file.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe ~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll ~ MSCP: 6 Legitimates Filtered in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.BDECE634F62B3656DE73D51CA8EA32A9] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\WINDOWS\system32\Drivers\360FileOem.sys [146304] O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032] ~ Drivers: Scanned in 00mn 00s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 31/05/2012 - C:\WINDOWS\system32\drivers\360FileOem.sys (360FileOem) .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM O64 - Services: CurCS - 31/05/2012 - C:\WINDOWS\system32\drivers\360HookOEM.sys (360HookOem) .(.360???? - 360HookOem.) - LEGACY_360HOOKOEM O64 - Services: CurCS - 29/08/2012 - C:\WINDOWS\system32\drivers\360SpOEM.sys (360SpOEM) .(.360???? - 360???? - SelfProtection.) - LEGACY_360SPOEM ~ Legacy: 152 Legitimates Filtered in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe ~ FASS Keys: 17 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\google\chrome\application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.C894B3D3F6E80BBD259A0DC692EC9C4C] [SPRF][22/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Wesclei\Desktop\ZHPDiag2.exe [5594898] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608] [MD5.7F1D4C0EB23C942BCEFCDBAB1B75471C] [SPRF][05/03/2005] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\WINDOWS\Downloaded Program Files\IDropENU.dll [113784] [MD5.7BBA5B65F6645D9FD314DDB8D3953A95] [SPRF][19/09/2003] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [299008] ~ Files: Scanned in 00mn 00s ---\\ Additionnal Scan (O88) Database Version : v2.11631 - (21/04/2013) Clés trouvées (Keys found) : 15 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}] =>Adware.AdRotator [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly [HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKCU\Software\APN PIP] =>Toolbar.Ask [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent] =>Adware.IMBooster [HKCU\Software\PIP] =>Toolbar.Ask [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}] =>Adware.SearchYa [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}] =>Adware.SearchYa [HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster [HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR ~ Additionnel Scan: 149987 Items scanned in 00mn 13s ---\\ Product Upgrade Codes (O90) O90 - PUC: "9EC6D81181F59F2459A84176A626F9ED" . (.Iminent.) -- C:\WINDOWS\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}\imbooster.ico =>Adware.IMBooster ~ Update Products: 83 Legitimates Filtered in 00mn 00s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 27/02/2013 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 05/07/2012 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe SR - | Auto 05/07/2012 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Auto 26/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 26/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Demand 13/04/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe SR - | Auto 13/04/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe SR - | Auto 25/07/2009 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe SS - | Demand 26/06/2012 129976 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 19/05/2009 240512 | (SeaPort) . (.Microsoft Corporation.) - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ~ Services: Scanned in 00mn 00s ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Wesclei at 22/04/2013 14:30:54 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 ntkrnlpa!IofCallDriver[0x804EE120] >> \Device\Harddisk0\DR0[0x8A688AB8] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 13 Legitimates Filtered in 00mn 02s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Wesclei at 22/04/2013 14:30:56 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 930 Legitimates filtered by white list End of the scan (565 lines in 02mn 03s)(0)