cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.1.5 par Nicolas Coolman, Update du 1/4/2013
Run by PC at 3/4/2013 09:13:58
State : Your version is update.
High Elevated Privileges : OK
UAC : Not Found


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 20.0 v20.0

---\\ Windows Product Information
~ Langage: Anglais
Windows XP Professional Service Pack 2 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (77% free)
System Restore: Activ� (Enable)
System drive C: has 292 GB (97%) free of 298 GB

---\\ Logged in mode
~ Computer Name: PC-739E25725EA5
~ User Name: PC
~ All Users Names: SUPPORT_388945a0, PC, HelpAssistant, Convidado, Administrador,
~ Unselected Option: O44,O45,O61,O62,O65,O82
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\PC\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\PC\Desktop\
~ %Favorites% : C:\Documents and Settings\PC\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\PC\Configura��es locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\PC\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 292 Go of 298 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 1860 Go of 1863 Go)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ CD-ROM drive (Free 0 Go of 0 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
~ Security Center: Scanned in 00mn 00s



---\\ Search Generic System Files
[MD5.FA61A19050AE14BEC1A26DE82390DD65] - (.Microsoft Corporation - Windows Explorer.) (.4/8/2004 - 00:45:34.) -- C:\WINDOWS\Explorer.exe [1034240]
[MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.8/3/2009 - 04:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944]
[MD5.6F7BDE7A1126DEBF0CC359A54953EFC1] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.4/8/2004 - 00:45:46.) -- C:\WINDOWS\system32\Winlogon.exe [504320]
[MD5.5AC495F4CB807B2B98AD2AD591E6D92E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.3/8/2004 - 23:14:16.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.3/8/2004 - 22:59:44.) -- C:\WINDOWS\system32\Drivers\atapi.sys [95360]
[MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.3/8/2004 - 23:14:12.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.3/8/2004 - 22:59:54.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [49536]
[MD5.8EC0D923CD6128DE73DDA0DF082BB985] - (.Microsoft Corporation - FIPS Crypto Driver.) (.28/10/2001 - 12:06:32.) -- C:\WINDOWS\system32\Drivers\Fips.sys [35072]
[MD5.3FCC124B6E08EE0E9351F717DD136939] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.7/1/2005 - 17:07:18.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [138752]
[MD5.FCAD1D4A4724B6FA6F05A5DB7F89443C] - (.Microsoft Corporation - Driver de porta i8042.) (.4/8/2004 - 00:37:16.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53760]
[MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.3/8/2004 - 23:00:16.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [41856]
[MD5.B5A8E215AC29D24D60B4D1250EF05ACE] - (.Microsoft Corporation - IP Network Address Translator.) (.3/8/2004 - 23:04:52.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [134912]
[MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.3/8/2004 - 23:14:30.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [74752]
[MD5.1FD607FC67F7F7C633C3DA65BFC53D18] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.3/8/2004 - 23:15:18.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [451456]
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.3/8/2004 - 23:14:38.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.3/8/2004 - 23:15:10.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574592]
[MD5.8B225D87CBE08A5CB090BBF9F7DE1D30] - (.Microsoft Corporation - Driver de porta paralela.) (.4/8/2004 - 00:55:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.3/8/2004 - 23:14:24.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.3/8/2004 - 23:01:16.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196864]
[MD5.DDD1A19CD2EDA2D6AE5AB61BAAEB4278] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.3/8/2004 - 21:36:32.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57984]
[MD5.EB2F82AAEADCC9BAAC66CBA4D714E338] - (.Microsoft Corporation - Driver de c�pia de sombra de volume.) (.4/8/2004 - 00:37:30.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/11
~ Mon Bureau (My Desktop) : 0/12
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 00s



---\\ Running Processes
[MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe [45248] [PID.1372]
[MD5.D02A70E6CBD3EC8AB66E6C3E1ECC820C] - (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe [41134712] [PID.1976]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe [4767304] [PID.1992]
[MD5.AB5A9852B4B6B4B288329212A3AA528B] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Partition Master Home Edition Applic.) -- C:\Arquivos de programas\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe [2086984] [PID.2020]
[MD5.8794F7576B922C21C527593C1EC7619B] - (.VIA Technologies, Inc. - Service binary.) -- C:\WINDOWS\system32\KaraokeSer.exe [88696] [PID.1172]
[MD5.77ECDF9E3D43D4E86E85B73886992625] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 181.2.) -- C:\WINDOWS\system32\nvsvc32.exe [163908] [PID.1224]
[MD5.6B1B2F8D62D606B200C2072564090104] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe [3560288] [PID.1452]
[MD5.58C27029A6BD35FD26B5949080FC8708] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Arquivos de programas\TeamViewer\Version8\TeamViewer.exe [10220896] [PID.2380]
[MD5.3346201D0BA2E631C6D6D43ED8CB7E08] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Arquivos de programas\TeamViewer\Version8\tv_w32.exe [185696] [PID.2496]
[MD5.C16217A25103D14119E85DB98EFAA24B] - (.TeamViewer GmbH - TeamViewer 8.) -- c:\arquivos de programas\teamviewer\version8\TeamViewer_Desktop.exe [4161888] [PID.3948]
[MD5.F5F0146580E7023ADB963879840777F8] - (.Microsoft Corporation - Windows� installer.) -- C:\WINDOWS\system32\msiexec.exe [78848] [PID.272]
[MD5.32F68A4A3CEA6F7A3644E4DC00BFD7F2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [6340608] [PID.1760]
[MD5.379C7AC3EBCB636ECDB704E188A96A13] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2932]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [PC] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [PC] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [PC] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [PC] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\twitter.xml
M3 - MFPP: Plugins - [PC] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [PC] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\yahoo-br.xml
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) (No version) -- (.not file.)
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Browser Helper Objects (O2)
~ BHO: 2 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [HDAudDeck] . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Orphean Key
O4 - HKLM\..\Run: [EaseUS EPM tray] . (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Partition Master Home Edition Applic.) -- C:\Arquivos de programas\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1078081533-2077806209-839522115-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Desktop: avast! Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe
O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe
O4 - GS\Desktop: EaseUS Partition Master 9.2.1 Home Edition.lnk . (...) -- C:\Arquivos de programas\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EPMStartLoader.exe
O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O4 - GS\Desktop: MV RegClean 6.9.lnk . (...) -- C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 6.9\MVREGCLEAN.exe
O4 - GS\Desktop: TeamViewer 8.lnk . (.TeamViewer GmbH - TeamViewer 8.) -- C:\Arquivos de programas\TeamViewer\Version8\TeamViewer.exe
O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe
O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de servi�os do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de servi�os do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll
~ Winsock: 3 Legitimates Scanned in 00mn 00s



---\\ 'Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Param�tres WEB: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E89B595-81FC-46EF-B978-3CFC139A615A}: DhcpNameServer = 189.124.128.33 189.124.128.32
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E89B595-81FC-46EF-B978-3CFC139A615A}: DhcpDomain = cable.cabotelecom.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E89B595-81FC-46EF-B978-3CFC139A615A}: DhcpNameServer = 189.124.128.33 189.124.128.32
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E89B595-81FC-46EF-B978-3CFC139A615A}: DhcpDomain = cable.cabotelecom.com.br
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E89B595-81FC-46EF-B978-3CFC139A615A}: DhcpNameServer = 189.124.128.33 189.124.128.32
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E89B595-81FC-46EF-B978-3CFC139A615A}: DhcpDomain = cable.cabotelecom.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.124.128.33 189.124.128.32
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notifica��o do servi�o de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ ShellServiceObjectDelayLoad (O21)
~ SSODL: 4 Legitimates Scanned in 00mn 00s



---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Pr�-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usu�rio do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) . (.VIA Technologies, Inc. - Service binary.) - C:\WINDOWS\system32\KaraokeSer.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 181.2.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TeamViewer 8 (TeamViewer8) . (.TeamViewer GmbH - TeamViewer 8.) - C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe
~ Services: 4 Legitimates Scanned in 00mn 02s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: Minha p�gina inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\avast! Emergency Update.job [324]
~ Scheduled Task: 5 Legitimates Scanned in 00mn 00s



---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilit�rio de Inicializa��o por Usu�rio do Internet Explorer.) -- C:\WINDOWS\system32\ie4uinit.exe.mui
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Biblioteca de instala��o do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extens�o shell da pasta FTP do Microsoft Internet Explorer.) -- C:\WINDOWS\system32\msieftp.dll
O40 - ASIC: Cat�logo de endere�os 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} . (.Microsoft Corporation - Biblioteca de instala��o do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe
O40 - ASIC: Atualiza��o da �rea de trabalho do Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilit�rio de Inicializa��o por Usu�rio do Internet Explorer.) -- C:\WINDOWS\system32\ie4uinit.exe.mui
~ Active Setup: 19 Legitimates Scanned in 00mn 00s



---\\ Drivers launched at startup (O41)
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Driver de porta i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: (intelppm) . (.Microsoft Corporation - Driver de dispositivo de processador.) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Driver de classe teclado.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Driver de classe modem.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\WINDOWS\system32\DRIVERS\serial.sys
~ Drivers: 57 Legitimates Scanned in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: AVer Teletext - (...) [HKLM] -- AVer Teletext
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader XI (11.0.02) - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-AB0000000001}
O42 - Logiciel: Atualiza��o para Windows XP (KB932823-v3) - (.Microsoft Corporation.) [HKLM] -- KB932823-v3
O42 - Logiciel: GeoVision Codec_mp2 - (...) [HKLM] -- Codec_mp2
O42 - Logiciel: GeoVision GV-800 System - (...) [HKLM] -- GeoVision GV-800 System
O42 - Logiciel: Geovision Codec - (...) [HKLM] -- GEOXCodec
O42 - Logiciel: MV RegClean 6.9 - (...) [HKLM] -- MV RegClean 6.9_is1
O42 - Logiciel: avast! Free Antivirus v8.0.1483.0 - (.AVAST Software.) [HKLM] -- avast
~ Logic: 57 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baixaki]
[HKCU\Software\GeoVision]
[HKCU\Software\Install]
[HKLM\Software\Foxconn]
[HKLM\Software\GeoVision]
~ Key Software: 99 Legitimates Scanned in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 1/3/2013 - 14:21:55 - [63,069] ----D C:\Arquivos de programas\Arquivos comuns
O43 - CFD: 26/2/2013 - 17:47:05 - [1,799] ----D C:\Arquivos de programas\AVer Teletext
O43 - CFD: 1/4/2013 - 20:10:54 - [2,550] ----D C:\Arquivos de programas\Marcos Velasco Security
O43 - CFD: 26/2/2013 - 16:34:43 - [0,001] ----D C:\Arquivos de programas\Servi�os on-line
O43 - CFD: 26/2/2013 - 16:34:04 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Servi�os
O43 - CFD: 2/4/2013 - 15:38:12 - [0,099] R---D C:\Documents and Settings\All Users\Menu Iniciar
O43 - CFD: 26/2/2013 - 13:27:23 - [0] --H-D C:\Documents and Settings\All Users\Modelos
O43 - CFD: 26/2/2013 - 17:37:42 - [0,015] R---D C:\Documents and Settings\PC\Menu Iniciar\Programas\Acess�rios
O43 - CFD: 2/4/2013 - 17:10:03 - [0,004] ----D C:\Documents and Settings\PC\Menu Iniciar\Programas\GV800
O43 - CFD: 1/4/2013 - 19:39:26 - [0,000] R---D C:\Documents and Settings\PC\Menu Iniciar\Programas\Inicializar
~ Program Folder: 74 Legitimates Scanned in 00mn 00s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TeamViewer\Version8\TeamViewer.exe" [Enabled] .(.TeamViewer GmbH.) -- C:\Arquivos de programas\TeamViewer\Version8\TeamViewer.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe" [Enabled] .(.TeamViewer GmbH.) -- C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe
O47 - AAKE:Key Export SP - "C:\GV800\WebCamServer.exe" [Enabled] .(...) -- C:\GV800\WebCamServer.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\GV800\AudioServer.exe" [Enabled] .(...) -- C:\GV800\AudioServer.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\GV800\DMWebCam.exe" [Enabled] .(...) -- C:\GV800\DMWebCam.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\GV800\CMSvr.exe" [Enabled] .(...) -- C:\GV800\CMSvr.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\GV800\GV800.exe" [Enabled] .(...) -- C:\GV800\GV800.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\GV800\DMMcast.exe" [Enabled] .(...) -- C:\GV800\DMMcast.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\GV800\TCPsvr.exe" [Enabled] .(...) -- C:\GV800\TCPsvr.exe (.not file.)
~ Keys Export: 11 Legitimates Scanned in 00mn 00s



---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configura��o de seguran�a Windows'.) -- C:\WINDOWS\system32\scecli.dll
~ LSA: 6 Legitimates Scanned in 00mn 00s



---\\ Safe Boot Control (O49)
~ CBS: 21 Legitimates Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{30c7454d-8030-11e2-ba5e-806d6172696f}\AutoRun\command. (.GeoVision Inc. - Upgrade current system to newlest system.) -- G:\Setup.exe
~ Keys: Scanned in 00mn 04s



---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.GM20"="GXGM20.dll" . (.Unknown owner - GeoMpeg2 Dynamic Link Library.) -- C:\WINDOWS\system32\GXGM20.dll
O52 - TDSD: \Drivers32\"vidc.GEOX"="GeoCodec.dll" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodec.dll
O52 - TDSD: \drivers.desc\"GXGM20.dll"="GeoVision MPEG-2 Video Codec" . (.Unknown owner - GeoMpeg2 Dynamic Link Library.) -- C:\WINDOWS\system32\GXGM20.dll
O52 - TDSD: \drivers.desc\"GeoCodec.dll"="Geovision MPEG-4 Video Codec" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodec.dll
~ TDSD: 16 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\CTFMON.EXE [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O53 - SMSR:HKLM\...\startupreg\DM_Update [Key] . (...) -- C:\WINDOWS\system32\DM_Update.exe
O53 - SMSR:HKLM\...\startupreg\nwiz [Key] . (...) -- C:\WINDOWS\system32\nwiz.exe
~ SMSR Keys: 9 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll
~ MSCP: 6 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
~ MWPS: 5 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
~ Keys: Scanned in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.4B39324406A8D5BE25640F21960F7DEA] - 5/10/2007 - 10:17:50 R--A- . (.GeoVision Inc. - Audio card driver.) -- C:\WINDOWS\system32\Drivers\AGV.sys [183465]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
~ Drivers: Scanned in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 31/12/1999 - C:\WINDOWS\system32\KaraokeSer.exe (KaraokeService) .(.VIA Technologies, Inc. - Service binary.) - LEGACY_KARAOKESERVICE
O64 - Services: CurCS - 26/2/2013 - C:\WINDOWS\system32\DRIVERS\SWDUMon.sys - SWDUMon (SWDUMon) .(...) - LEGACY_SWDUMON
~ Legacy: 117 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (r) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (r) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Search Svchost Services (SSS) (O83)
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Dll do servi�o do Gerenciador de discos l�gicos.) -- C:\WINDOWS\system32\dmserver.dll [23552]
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Servi�o do Cliente DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll [111104]
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - DLL de servi�os do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [134656]
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gerenciador de conex�es de rede.) -- C:\WINDOWS\system32\netman.dll [198144]
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fornecedor de servi�os do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll [247808]
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gerenciador de armazenamento remov�vel.) -- C:\WINDOWS\system32\ntmssvc.dll [437248]
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Mecanismo do 'Agendador de tarefas'.) -- C:\WINDOWS\system32\schedsvc.dll [192000]
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de servi�o de logon secund�rio.) -- C:\WINDOWS\system32\seclogon.dll [18944]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\WINDOWS\system32\ipnathlp.dll [331264]
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Servi�o de restaura��o do sistema.) -- C:\WINDOWS\system32\srsvc.dll [171008]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\WINDOWS\system32\tapisrv.dll [246272]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL de servi�os do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [134656]
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Servi�o de configura��o zero sem fio.) -- C:\WINDOWS\system32\wzcsvc.dll [359936]
O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API de base do Windows 32 avan�ada.) -- C:\WINDOWS\system32\advapi32.dll [683008]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Servi�o de transfer�ncia inteligente de plano de fundo.) -- C:\WINDOWS\system32\qmgr.dll [382464]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de servi�os do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [134656]
~ Services: 37 Legitimates Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.7C990F7592B2FCEFCF59B03CE15BA776] [SPRF][1/4/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\PC\Desktop\ZHPDiag2.exe [5507220]
~ Files: Scanned in 00mn 00s



---\\ Additionnal Scan (O88)
Database Version : v2.11360 - (1/4/2013)
Cl�s trouv�es (Keys found) : 2
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
~ Additionnel: Scanned in 00mn 07s



---\\ Product Upgrade Codes (O90)
~ Update Products: 32 Legitimates Scanned in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/3/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 6/3/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 4/8/2004 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Demand 4/8/2004 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SS - | Auto 4/8/2004 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 31/12/1999 88696 | (KaraokeService) . (.VIA Technologies, Inc..) - C:\WINDOWS\system32\KaraokeSer.exe
SS - | Demand 2/4/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 4/8/2004 14336 | C:\WINDOWS\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 25/12/2008 163908 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 4/8/2004 14336 | C:\WINDOWS\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 6/3/2013 3560288 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe
~ Services: Scanned in 00mn 00s



---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by PC at 3/4/2013 09:14:28

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E19BC] => \Device\Harddisk0\DR0[0x89B89AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Scanned in 00mn 02s



---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by PC at 3/4/2013 09:14:30

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



End of the scan (586 lines in 00mn 32s)(0)

Publicité


Signaler le contenu de ce document

Publicité