Rapport de ZHPDiag v2013.6.23.33 par Nicolas Coolman, Update du 23/6/2013 Run by Administrador at 24/6/2013 17:50:28 WebSite: [url=http://nicolascoolman.webs.com]Home - Malicius Software Information[/url] State : Your version is update. WhiteList : Disable High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v7.0.5730.13 MFIE: Mozilla Firefox 21.0 (Defaut) GCIE: Google Chrome v27.0.1453.116 ---\\ Windows Product Information ~ Langage: Anglais Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Protection Avira AntiVir Personal - Free Antivirus v10.2.0.108 Malwarebytes Anti-Malware version 1.75.0.1300 ---\\ System Optimizer CCleaner v3.05 =>Piriform Ltd ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Flash Player 11 Plugin ---\\ System Information ~ Processor: x86 Family 15 Model 2 Stepping 7, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1022 MB (54% free) System Restore: Activé (Enable) System drive C: has 1 GB (1%) free of 38 GB ---\\ Logged in mode ~ Computer Name: COMPUTADOR ~ User Name: Administrador ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Administrador\Dados de aplicativos\ ~ %Desktop% : C:\Documents and Settings\Administrador\Desktop\ ~ %Favorites% : C:\Documents and Settings\Administrador\Favoritos\ ~ %LocalAppData% : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\ ~ %StartMenu% : C:\Documents and Settings\Administrador\Menu Iniciar\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 38 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 49 Go) E:\ CD-ROM drive (Not Inserted) G:\ Hard drive, Flash drive, Thumb drive (Free 10 Go of 191 Go) H:\ Hard drive, Flash drive, Thumb drive (Free 4 Go of 59 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: 37 Scanned in 00mn 00s ---\\ Search Generic System Files [MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\Explorer.exe [1035776] [MD5.856E49DF711819C968811EC5128293E3] - (.Microsoft Corporation - Internet Extensions for Win32.) (.17/5/2013 - 17:30:05.) -- C:\WINDOWS\system32\wininet.dll [841216] [MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.8/5/2008 - 08:46:28.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.8/5/2008 - 04:13:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.8/5/2008 - 01:13:54.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240] [MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 08:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248] ~ Generic Processes: Scanned in 00mn 02s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 2/2029 ~ Mes musiques (My Musics) : 6/328 ~ Mes Videos (My Videos) : 2/25 ~ Mes Favoris (My Favorites) : 1/9 ~ Mes Documents (My Documents) : 8/81140 ~ Mon Bureau (My Desktop) : 3/865 ~ Menu demarrer (Programs) : 1/37 ~ Hidden Files: Scanned in 03mn 00s ---\\ Running Processes [MD5.86E7E80690B22A0BAA59EE07B11DA97C] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [136360] [PID.1520] [MD5.72790DE5018A86C2B6590C28C9868C47] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [269480] [PID.176] [MD5.10247C15D999CC116C87DA36BD0AD64D] - (.Analog Devices, Inc. - SMax4PNP MFC Application.) -- C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe [1404928] [PID.188] [MD5.66A5047DF0C0CEC911B95B5B1E24CEBC] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [118784] [PID.212] [MD5.AD7994EF4243AA5DDE0E187F61DF7231] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [281768] [PID.232] [MD5.FC459741CA02225A2A332B197E5E6780] - (.Firebird Project - Firebird SQL Server.) -- C:\Arquivos de programas\FirebirdSQL22\bin\fbguard.exe [81920] [PID.320] [MD5.D560554BAE63D2A18197B7D2B5DA045B] - (.Eastman Kodak Company - Status Monitor for KODAK AiO Printer (32-Bi.) -- C:\Arquivos de programas\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840] [PID.328] [MD5.69E967F3FF9E3DF41F4228440FBD43AE] - (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe [1015808] [PID.464] [MD5.CEA8F7E45B7B098F5FB085BB6A6A4432] - (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe [155648] [PID.504] [MD5.0E410EDC8D0527801B899CF29E60597C] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153584] [PID.628] [MD5.140692763A50BFFF322CDC076300587E] - (.Eastman Kodak Company - EKAiOHostService Module for Kodak AiO Print.) -- C:\Arquivos de programas\Kodak\AiO\Center\EKAiOHostService.exe [395640] [PID.1032] [MD5.339B2C2DFB344F2896A14BE27401D3F2] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.1160] [MD5.E29F999616D7C08B0E91296908C47CAF] - (.Eastman Kodak Company - Status Monitor SDK for KODAK AiO Printer (3.) -- C:\Arquivos de programas\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152] [PID.1636] [MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.1916] [MD5.76B35CB0F3A4E69D6DFF27F542B9F856] - (.Google Inc. - Google Crash Handler.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.145\GoogleCrashHandler.exe [216968] [PID.1284] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.1540] [MD5.15D04ED9842608D24DACA6A48A267ED6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [7541248] [PID.2528] [MD5.68D0D88F99B4723A2B2B5B8593BB6E13] - (.Firebird Project - Firebird SQL Server.) -- C:\Arquivos de programas\FirebirdSQL22\bin\fbserver.exe [2732032] [PID.3120] [MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3436] ~ Processes Running: Scanned in 00mn 02s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) M3 - MFPP: Plugins - [Administrador] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M3 - MFPP: Plugins - [Administrador] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\portaldosites.xml =>Hijacker.PortaldoSites P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll P2 - FPN: [HKLM] [@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] - (.Foxit Corporation - Foxit Reader Plug-In For Firefox and Netscape.) -- C:\Arquivos de programas\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll P2 - FPN: [HKLM] [@java.com/DTPlugin,version=1.6.0_35] - (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\WINDOWS\system32\npdeployJava1.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_35 for Mozilla browsers.) -- C:\Arquivos de programas\Java\jre6\bin\plugin2\npjp2.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Arquivos de programas\Microsoft Office\Office14\NPAUTHZ.dll P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Arquivos de programas\Microsoft Office\Office14\NPSPWRAP.dll P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Arquivos de programas\Google\Update\1.3.21.145\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.145\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.145\npGoogleUpdate3.dll ~ Firefox Browser: 17 Scanned in 00mn 01s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url=http://search.babylon.com]Babylon Search[/url] =>Toolbar.Babylon R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com]Search Microsoft.com[/url] R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = [url=http://search.babylon.com]Babylon Search[/url] =>Toolbar.Babylon R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url=http://www.plusnetwork.com][url=http://www.plusnetwork.com]http://www.plusnetwork.com[/url][/url] R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://www.google.com]Google[/url] R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com]Search Microsoft.com[/url] R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url=http://ie.search.msn.com]Bing[/url] R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [url=http://ie.search.msn.com]Bing[/url] R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url=http://www.plusnetwork.com][url=http://www.plusnetwork.com]http://www.plusnetwork.com[/url][/url] R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = [url=http://search.babylon.com]Babylon Search[/url] =>Toolbar.Babylon R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ~ IE Browser: 15 Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects (O2) O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} Orphean Key O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Arquivos de programas\Microsoft Office\Office14\GROOVEEX.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype Click to Call for Internet Explorer.) -- C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Arquivos de programas\Microsoft Office\Office14\URLREDIR.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ~ BHO: 9 Scanned in 00mn 00s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: (no name) - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Orphean Key O3 - Toolbar: (no name) - [HKLM]{98889811-442D-49dd-99D7-DC866BE87DBC} Orphean Key ~ Toolbar: Scanned in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP MFC Application.) -- C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [PAC7302_Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [Conime] . (.Microsoft Corporation - Console IME.) -- C:\WINDOWS\system32\conime.exe O4 - HKLM\..\Run: [EKStatusMonitor] . (.Eastman Kodak Company - Status Monitor for KODAK AiO Printer (32-Bi.) -- C:\Arquivos de programas\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe O4 - HKCU\..\Run: [a94] . (...) -- C:\Documents and Settings\Administrador\Dados de aplicativos\bf5d\a94.js O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll O4 - HKUS\S-1-5-21-854245398-2000478354-1417001333-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-854245398-2000478354-1417001333-500\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-854245398-2000478354-1417001333-500\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe O4 - HKUS\S-1-5-21-854245398-2000478354-1417001333-500\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe O4 - HKUS\S-1-5-21-854245398-2000478354-1417001333-500\..\Run: [a94] . (...) -- C:\Documents and Settings\Administrador\Dados de aplicativos\bf5d\a94.js ~ Application: Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe =>Piriform Ltd O4 - GS\Desktop: Conexão de banda larga.lnk - Orphean Key O4 - GS\Desktop: Home Center da Impressora Multifuncional KODAK.lnk . (.Eastman Kodak Company - KODAK AiO Home Center.) -- C:\Arquivos de programas\Kodak\AiO\Center\AiOHomeCenter.exe O4 - GS\Desktop: ImgBurn.lnk . (.LIGHTNING UK! - ImgBurn - The Ultimate Image Burner!.) -- C:\Arquivos de programas\ImgBurn\ImgBurn.exe O4 - GS\Desktop: Linkbr.lnk - Orphean Key O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe O4 - GS\Desktop: polly.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O4 - GS\Desktop: PrintProjects.lnk . (.Visan / RocketLife - PhotoProduct.exe.) -- C:\Arquivos de programas\PrintProjects\PhotoProduct.exe O4 - GS\Desktop: SWiSH Max4.lnk . (.SWiSHzone.com Pty Ltd - SWiSH Max4 Application.) -- C:\Arquivos de programas\SWiSH Max4\swishMax4.exe O4 - GS\Desktop: Wondershare Quiz Management System.lnk . (.SWiSHzone.com Pty Ltd - SWiSH Max4 Application.) -- C:\Arquivos de programas\Wondershare\QuizCreator\QMS.url O4 - GS\Desktop: Wondershare QuizCreator.lnk . (.Wondershare - No comment.) -- C:\Arquivos de programas\Wondershare\QuizCreator\QuizCreator.exe O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe O4 - GS\Desktop: DVDVideoSoft Free Studio.lnk . (.DvdVideoSoft Ltd. - FreeStudioManager.) -- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft\FreeStudioManager.exe O4 - GS\Desktop: mon.lnk . (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe ~ Global Startup: Scanned in 00mn 17s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphean Key ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll ~ Winsock: 3 Scanned in 00mn 00s ---\\ 'Reset Web Settings' hijack (O14) O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp" O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br" ~ IE Paramètres WEB: Scanned in 00mn 00s ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} ((no name)) - [url=http://support.euro.dell.com/systemprofiler/DellSystemLite.CAB][url=http://support.euro.dell.com/systemprofiler/DellSystemLite.CAB]http://support.euro.dell.com/systemprofiler/DellSystemLite.CAB[/url][/url] ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{4B12CB4A-CF02-419D-85D1-957AB73D4CBD}: DhcpNameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{4B12CB4A-CF02-419D-85D1-957AB73D4CBD}: DhcpNameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CS2\Services\Tcpip\..\{4B12CB4A-CF02-419D-85D1-957AB73D4CBD}: DhcpNameServer = 200.204.0.10 200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138 ~ Domain: Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notificações do Programa de Vantagens do Wi.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - AppInit_DLLs: . (...) - c:\docume~1\alluse~1\dadosd~1\browse~1\23787~1.43\{16cdf~1\browse~1.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objeto de serviço do shell de Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll ~ SSODL: 5 Scanned in 00mn 00s ---\\ SharedTaskScheduler (O22) O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Arquivos de programas\FirebirdSQL22\bin\fbguard.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Kodak AiO Network Discovery Service (Kodak AiO Network Discovery Service) . (.Eastman Kodak Company - EKAiOHostService Module for Kodak AiO Print.) - C:\Arquivos de programas\Kodak\AiO\Center\EKAiOHostService.exe O23 - Service: Kodak AiO Status Monitor Service (Kodak AiO Status Monitor Service) . (.Eastman Kodak Company - Status Monitor SDK for KODAK AiO Printer (3.) - C:\Arquivos de programas\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe O23 - Service: Skype C2C Service (Skype C2C Service) . (.Skype Technologies S.A. - Skype C2C Service.) - C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Arquivos de programas\Skype\Updater\Updater.exe ~ Services: 9 Scanned in 00mn 07s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Desktop Component 0: Minha página inicial atual - file:About:Home O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Desktop Component: 4 Scanned in 00mn 00s ---\\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ BEX: 1 Scanned in 00mn 00s ---\\ Task Planned Automatically(039) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [902] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-854245398-2000478354-1417001333-500Core.job [1028] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-854245398-2000478354-1417001333-500UA.job [1050] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [1082] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [1086] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2000478354-1417001333-500Core.job [1148] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-2000478354-1417001333-500UA.job [1200] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Windows Codec Update Service.job [396] [MD5.9915504F602D277EE47FD843A677FD15] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [256904] [MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-854245398-2000478354-1417001333-500Core] (...) -- C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-854245398-2000478354-1417001333-500UA] (...) -- C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe (.not file.) [0] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648] [MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-854245398-2000478354-1417001333-500Core] (...) -- C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-854245398-2000478354-1417001333-500UA] (...) -- C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (.not file.) [0] [MD5.7F7D118854D3D4E0DEBB6D63E3EA098F] [APT] [Windows Codec Update Service] (.MediaCodec.Org.) -- C:\Arquivos de programas\Essentials Codec Pack\WECPUpdate.exe [262144] ~ Scheduled Task: 17 Scanned in 00mn 00s ---\\ ActiveSetup Installed Components (O40) O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} . (.Microsoft Corporation - IE Per User Active Setup Uninstall Utility.) -- C:\WINDOWS\system32\ieudinit.exe O40 - ASIC: Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Utilitário de Instalação do Microsoft Windows Media Player.) -- C:\WINDOWS\inf\unregmp2.exe O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\WINDOWS\system32\iedkcs32.dll O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} . (.Microsoft Corporation - Windows NT User Data Migration Tool.) -- C:\WINDOWS\system32\shmgrate.exe O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\regutils.dll O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} . (.Microsoft Corporation - Mídia DirectX -- DirectAnimation.) -- C:\WINDOWS\system32\danim.dll O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\WINDOWS\system32\themeui.dll O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\WINDOWS\system32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp11.inf O40 - ASIC: Catálogo de endereços 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} . (.Microsoft Corporation - Biblioteca de instalação do Outlook Express.) -- C:\Arquivos de programas\Outlook Express\setup50.exe O40 - ASIC: Atualização da área de trabalho do Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\WINDOWS\system32\mscories.dll O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\WINDOWS\system32\Macromed\Flash\Flash32_11_7_700_224.ocx O40 - ASIC: Installed Component - S-1-5-21-854245398-2000478354-1417001333-500 - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -- Not Hexadécimal CLSID O40 - ASIC: Installed Component - S-1-5-21-854245398-2000478354-1417001333-500 - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -- Not Hexadécimal CLSID ~ Active Setup: 20 Scanned in 00mn 01s ---\\ Drivers launched at startup (O41) O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\WINDOWS\system32\DRIVERS\avipbb.sys O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys O41 - Driver: (i8042prt) . (.Microsoft Corporation - Driver de porta i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys O41 - Driver: (intelppm) . (.Microsoft Corporation - Driver de dispositivo de processador.) - C:\WINDOWS\system32\DRIVERS\intelppm.sys O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Driver de classe teclado.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys O41 - Driver: (kbdhid) . (.Microsoft Corporation - HID Mouse Filter Driver.) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys O41 - Driver: (Mouclass) . (.Microsoft Corporation - Driver de classe modem.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS\netbios.sys O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS\netbt.sys O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERS\rasacd.sys O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERS\rdbss.sys O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys O41 - Driver: (redbook) . (.Microsoft Corporation - Redbook Audio Filter Driver.) - C:\WINDOWS\system32\DRIVERS\redbook.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\WINDOWS\system32\DRIVERS\serial.sys O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS\tcpip.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys ~ Drivers: 69 Scanned in 00mn 00s ---\\ Software installed (O42) O42 - Logiciel: 3ivx MPEG-4 5.0.2 (remove only) - (.3ivx Technologies, Pty. Ltd..) [HKLM] -- 3ivx MPEG-4 5.0.2 O42 - Logiciel: Ableton Live 9 Suite - (.Ableton.) [HKLM] -- {601C066D-9BDF-49D3-BEE3-BB99D8984BB9} O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {A83279FD-CA4B-4206-9535-90974DE76654} O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} O42 - Logiciel: Ares 2.1.7 - (.Ares Development Group.) [HKLM] -- Ares O42 - Logiciel: Arquivo do WinRAR - (...) [HKLM] -- WinRAR archiver O42 - Logiciel: Articulate Studio '09 Pro - (.Articulate.) [HKLM] -- {3E5131E9-1241-4E43-8036-E870C0DEDD97} O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2482017) - (.Microsoft Corporation.) [HKLM] -- KB2482017-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2497640) - (.Microsoft Corporation.) [HKLM] -- KB2497640-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2530548) - (.Microsoft Corporation.) [HKLM] -- KB2530548-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2544521) - (.Microsoft Corporation.) [HKLM] -- KB2544521-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2559049) - (.Microsoft Corporation.) [HKLM] -- KB2559049-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2586448) - (.Microsoft Corporation.) [HKLM] -- KB2586448-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2618444) - (.Microsoft Corporation.) [HKLM] -- KB2618444-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2647516) - (.Microsoft Corporation.) [HKLM] -- KB2647516-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2744842) - (.Microsoft Corporation.) [HKLM] -- KB2744842-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2761465) - (.Microsoft Corporation.) [HKLM] -- KB2761465-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2792100) - (.Microsoft Corporation.) [HKLM] -- KB2792100-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2797052) - (.Microsoft Corporation.) [HKLM] -- KB2797052-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2799329) - (.Microsoft Corporation.) [HKLM] -- KB2799329-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2809289) - (.Microsoft Corporation.) [HKLM] -- KB2809289-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2817183) - (.Microsoft Corporation.) [HKLM] -- KB2817183-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2829530) - (.Microsoft Corporation.) [HKLM] -- KB2829530-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB2838727) - (.Microsoft Corporation.) [HKLM] -- KB2838727-IE7 O42 - Logiciel: Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2) - (.Microsoft Corporation.) [HKLM] -- KB938127-v2-IE7 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2585542) - (.Microsoft Corporation.) [HKLM] -- KB2585542 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2621440) - (.Microsoft Corporation.) [HKLM] -- KB2621440 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2641653) - (.Microsoft Corporation.) [HKLM] -- KB2641653 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2647518) - (.Microsoft Corporation.) [HKLM] -- KB2647518 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2653956) - (.Microsoft Corporation.) [HKLM] -- KB2653956 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2655992) - (.Microsoft Corporation.) [HKLM] -- KB2655992 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2659262) - (.Microsoft Corporation.) [HKLM] -- KB2659262 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2660465) - (.Microsoft Corporation.) [HKLM] -- KB2660465 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2661637) - (.Microsoft Corporation.) [HKLM] -- KB2661637 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2676562) - (.Microsoft Corporation.) [HKLM] -- KB2676562 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2686509) - (.Microsoft Corporation.) [HKLM] -- KB2686509 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2691442) - (.Microsoft Corporation.) [HKLM] -- KB2691442 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2698365) - (.Microsoft Corporation.) [HKLM] -- KB2698365 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2705219) - (.Microsoft Corporation.) [HKLM] -- KB2705219 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2707511) - (.Microsoft Corporation.) [HKLM] -- KB2707511 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2712808) - (.Microsoft Corporation.) [HKLM] -- KB2712808 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2719985) - (.Microsoft Corporation.) [HKLM] -- KB2719985 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2723135) - (.Microsoft Corporation.) [HKLM] -- KB2723135 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2724197) - (.Microsoft Corporation.) [HKLM] -- KB2724197 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2731847) - (.Microsoft Corporation.) [HKLM] -- KB2731847 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2753842) - (.Microsoft Corporation.) [HKLM] -- KB2753842 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2753842-v2) - (.Microsoft Corporation.) [HKLM] -- KB2753842-v2 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2757638) - (.Microsoft Corporation.) [HKLM] -- KB2757638 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2758857) - (.Microsoft Corporation.) [HKLM] -- KB2758857 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2761226) - (.Microsoft Corporation.) [HKLM] -- KB2761226 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2770660) - (.Microsoft Corporation.) [HKLM] -- KB2770660 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2778344) - (.Microsoft Corporation.) [HKLM] -- KB2778344 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2779030) - (.Microsoft Corporation.) [HKLM] -- KB2779030 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2780091) - (.Microsoft Corporation.) [HKLM] -- KB2780091 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2799494) - (.Microsoft Corporation.) [HKLM] -- KB2799494 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2802968) - (.Microsoft Corporation.) [HKLM] -- KB2802968 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2807986) - (.Microsoft Corporation.) [HKLM] -- KB2807986 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2808735) - (.Microsoft Corporation.) [HKLM] -- KB2808735 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2813170) - (.Microsoft Corporation.) [HKLM] -- KB2813170 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2813345) - (.Microsoft Corporation.) [HKLM] -- KB2813345 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2820197) - (.Microsoft Corporation.) [HKLM] -- KB2820197 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2820917) - (.Microsoft Corporation.) [HKLM] -- KB2820917 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2829361) - (.Microsoft Corporation.) [HKLM] -- KB2829361 O42 - Logiciel: Atualização de Segurança para Windows XP (KB2839229) - (.Microsoft Corporation.) [HKLM] -- KB2839229 O42 - Logiciel: Atualização para Windows XP (KB2661254-v2) - (.Microsoft Corporation.) [HKLM] -- KB2661254-v2 O42 - Logiciel: Atualização para Windows XP (KB2718704) - (.Microsoft Corporation.) [HKLM] -- KB2718704 O42 - Logiciel: Atualização para Windows XP (KB2736233) - (.Microsoft Corporation.) [HKLM] -- KB2736233 O42 - Logiciel: Atualização para Windows XP (KB2749655) - (.Microsoft Corporation.) [HKLM] -- KB2749655 O42 - Logiciel: Audacity 1.2.6 - (...) [HKLM] -- Audacity_is1 O42 - Logiciel: Avira AntiVir Personal - Free Antivirus v10.2.0.108 - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner =>Piriform Ltd O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) [HKLM] -- DVD Shrink_is1 O42 - Logiciel: Device Doctor 1.0.0.1 - (.Device Doctor Software Inc..) [HKLM] -- {D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1 O42 - Logiciel: ELM 3 - (.edoceo.) [HKLM] -- elearning maker 3 O42 - Logiciel: EZ Mask - (.Digital Film Tools.) [HKLM] -- EZ Mask O42 - Logiciel: EZ Mask - (.Digital Film Tools.) [HKLM] -- {441BCB52-5CBF-40DC-BE91-301ECF6701B1} O42 - Logiciel: Emissor de Nota Fiscal Eletrônica (NF-e) 2.0 - (.Prodesp.) [HKCU] -- Emissor de Nota Fiscal Eletrônica (NF-e) 2.0 O42 - Logiciel: Facebook Video Calling 1.2.0.287 - (.Skype Limited.) [HKLM] -- {B92C5909-1D37-4C51-8397-A28BB28E5DC3} O42 - Logiciel: FileZilla Client 3.5.3 - (.FileZilla Project.) [HKLM] -- FileZilla Client O42 - Logiciel: Firebird 2.1.2.18118 (Win32) - (.Firebird Project.) [HKLM] -- FBDBServer_2_1_is1 O42 - Logiciel: Foxit Reader - (.Foxit Corporation.) [HKLM] -- Foxit Reader O42 - Logiciel: Free Easy Burner V 5.0 - (.Koyote soft.) [HKLM] -- Free Easy Burner_is1 O42 - Logiciel: Free Studio version 5.9.0.1212 - (.DVDVideoSoft Ltd..) [HKLM] -- Free Studio_is1 O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] -- {EA561FC0-A965-11E2-94D3-B8AC6F98CCE3} O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: HFSLIP Total Slipstream (v1.7.3 build 71226) - (...) [HKLM] -- HFSLIPTotalSlipstream O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: Hotfix para Windows XP (KB2756822) - (.Microsoft Corporation.) [HKLM] -- KB2756822 O42 - Logiciel: Hotfix para Windows XP (KB2779562) - (.Microsoft Corporation.) [HKLM] -- KB2779562 O42 - Logiciel: ImgBurn - (.LIGHTNING UK!.) [HKLM] -- ImgBurn O42 - Logiciel: Intel(R) Extreme Graphics Driver - (...) [HKLM] -- {8A708DD8-A5E6-11D4-A706-000629E95E20} O42 - Logiciel: Java(TM) 6 Update 35 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216035FF} O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619} O42 - Logiciel: Kodak AIO Printer - (.Eastman Kodak Company.) [HKLM] -- {27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E} O42 - Logiciel: LameACM - (...) [HKLM] -- LameACM O42 - Logiciel: MSI to redistribute MS VS2005 CRT libraries - (.The Firebird Project.) [HKLM] -- {A8D93648-9F7F-407D-915C-62044644C3DA} O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} O42 - Logiciel: MSXML 6.0 Parser - (.Microsoft Corporation.) [HKLM] -- {A43BF6A5-D5F0-4AAA-BF41-65995063EC44} O42 - Logiciel: Malwarebytes Anti-Malware version 1.75.0.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570} O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP - (.Microsoft Corporation.) [HKLM] -- MSCompPackV1 O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 - (.Microsoft Corporation.) [HKLM] -- Wdf01007 O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000 O42 - Logiciel: Microsoft WinUsb 1.0 - (.Microsoft Corporation.) [HKLM] -- winusb0100 O42 - Logiciel: Mozilla Firefox 21.0 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 21.0 (x86 pt-BR) O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService O42 - Logiciel: NBT - (...) [HKCU] -- nbt O42 - Logiciel: PDF-XChange 3 - (.Tracker Software.) [HKLM] -- PDF-XChange 3_is1 O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3 O42 - Logiciel: Plus! Image - (.Yuna Software.) [HKLM] -- Plus! Image O42 - Logiciel: PreReq - (.Eastman Kodak Company.) [HKLM] -- {DA5BDB2A-12F0-4343-8351-21AAEB293990} O42 - Logiciel: PrintProjects - (.RocketLife Inc..) [HKLM] -- PrintProjects O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {7BE15435-2D3E-4B58-867F-9C75BED0208C} O42 - Logiciel: QuizCreator - (.Wondershare Software.) [HKLM] -- Wondershare QuizCreator (Build 4.0.1)_is1 O42 - Logiciel: Recuva - (.Piriform.) [HKLM] -- Recuva O42 - Logiciel: SAMSUNG USB Driver for Mobile Phones - (.SAMSUNG Electronics Co., Ltd..) [HKLM] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44} O42 - Logiciel: SWiSH Max4 - (.SWiSHzone.com.) [HKLM] -- SWiSH Max4 O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{758C8301-2696-4855-AF45-534B1200980A} O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM] -- {758C8301-2696-4855-AF45-534B1200980A} O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} O42 - Logiciel: Skype Click to Call - (.Skype Technologies S.A..) [HKLM] -- {B6CF2967-C81E-40C0-9815-C05774FEF120} O42 - Logiciel: Skype™ 6.3 - (.Skype Technologies S.A..) [HKLM] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} O42 - Logiciel: Software da Impressora Multifuncional KODAK - (.Eastman Kodak Company.) [HKLM] -- {E0F274B7-592B-4669-8FB8-8D9825A09858} O42 - Logiciel: Update Service - (..) [HKLM] -- {2C16BD93-892E-4560-AA22-723F874CB8BA} O42 - Logiciel: Windows Essentials Media Codec Pack 3.5 [32-Bit] - (.Media Codec.) [HKLM] -- Windows Essentials Media Codec Pack O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify O42 - Logiciel: Windows Media Format 11 runtime - (...) [HKLM] -- Windows Media Format Runtime O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11 O42 - Logiciel: Windows Media Player 11 - (...) [HKLM] -- Windows Media Player O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11 O42 - Logiciel: aioscnnr - (.Your Company Name.) [HKLM] -- {EF53BFAB-4C10-40DB-A82D-9B07111715C6} O42 - Logiciel: center - (.Eastman Kodak Company.) [HKLM] -- {56BA241F-580C-43D2-8403-947241AAE633} O42 - Logiciel: essentials - (.Eastman Kodak Company.) [HKLM] -- {BE94C681-68E2-4561-8ABC-8D2E799168B4} O42 - Logiciel: ocr - (.Eastman Kodak Company.) [HKLM] -- {BFBCF96F-7361-486A-965C-54B17AC35421} ~ Logic: 210 Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\3ivx] [HKCU\Software\5b68a8ab539eb15] [HKCU\Software\Ableton] [HKCU\Software\AcBar] [HKCU\Software\Adobe] [HKCU\Software\Analog Devices] [HKCU\Software\AppDataLow\Software\NetNucleous] [HKCU\Software\AppDataLow] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Apple Inc.] [HKCU\Software\Ares] [HKCU\Software\Articulate] [HKCU\Software\Audacity] [HKCU\Software\Avira] [HKCU\Software\Bitdefender] [HKCU\Software\BlabbersToolbar] =>PUP.Blabbers [HKCU\Software\Blabbers] =>PUP.Blabbers [HKCU\Software\BrowserCompanion] =>PUP.Blabbers [HKCU\Software\BrowserMngr] [HKCU\Software\Camfrog] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\DVD Shrink] [HKCU\Software\DVDVideoSoft] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\Datastead] [HKCU\Software\Digital Film Tools] [HKCU\Software\Eset] [HKCU\Software\Facebook] [HKCU\Software\Folder Manager] [HKCU\Software\Foxit Software] [HKCU\Software\GNU] [HKCU\Software\Gabest] [HKCU\Software\Google] [HKCU\Software\Haali] [HKCU\Software\IM Providers] [HKCU\Software\ImgBurn] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\Kodak] [HKCU\Software\Lavalys] [HKCU\Software\M-Audio] [HKCU\Software\Macromedia] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\Mindjet] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\NBT] [HKCU\Software\NetNucleous] [HKCU\Software\Netscape] [HKCU\Software\Northcode Inc] [HKCU\Software\ODBC] [HKCU\Software\Piriform] [HKCU\Software\Plusimage] [HKCU\Software\Policies] [HKCU\Software\PowerQuest] [HKCU\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Riva] [HKCU\Software\SWiSHzone.com] [HKCU\Software\Samsung] [HKCU\Software\Screentime Media] [HKCU\Software\Shareaza] [HKCU\Software\SkypeRS] [HKCU\Software\Skype] [HKCU\Software\Softonic] [HKCU\Software\Tracker Software] [HKCU\Software\Trolltech] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\Vagalume] [HKCU\Software\Visan] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Wondershare] [HKCU\Software\XHEO INC] [HKCU\Software\Xenocode] [HKCU\Software\Yahoo] [HKCU\Software\babylontoolbar] =>Toolbar.Babylon [HKCU\Software\bbrs_002.tb] [HKCU\Software\edoceo] [HKCU\Software\fwc] [HKCU\Software\kde.org] [HKLM\Software\3ivx] [HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB] [HKLM\Software\ASIO] [HKLM\Software\Adobe] [HKLM\Software\Analog Devices] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\Articulate Presenter] [HKLM\Software\Articulate] [HKLM\Software\Avira] [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\BrowserMngr] [HKLM\Software\C07ft5Y] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Conduit] [HKLM\Software\DVDVideoSoft] [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\Digital Film Tools] [HKLM\Software\DivXNetworks] [HKLM\Software\Eastman Kodak Company] [HKLM\Software\Eastman Kodak] [HKLM\Software\Essentials Codec Pack] [HKLM\Software\FileZilla 3] [HKLM\Software\Firebird Project] [HKLM\Software\Foxit Software] [HKLM\Software\GNU] [HKLM\Software\Gabest] [HKLM\Software\Gemplus] [HKLM\Software\GlobFX Technologies] [HKLM\Software\Google] [HKLM\Software\HaaliMkx] [HKLM\Software\IM Providers] [HKLM\Software\InstallShield] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\InterVideo] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Kodak] [HKLM\Software\Licenses] [HKLM\Software\M-Audio] [HKLM\Software\Macromedia] [HKLM\Software\Magnet] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\MarkAny] [HKLM\Software\MimarSinan] [HKLM\Software\Morpheus Music] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Plusimage] [HKLM\Software\Policies] [HKLM\Software\PowerQuest] [HKLM\Software\Program Groups] [HKLM\Software\Propellerhead Software] [HKLM\Software\RegisteredApplications] [HKLM\Software\RocketLife] [HKLM\Software\SAMSUNG] [HKLM\Software\SWiSHzone.com] [HKLM\Software\Schlumberger] [HKLM\Software\Secure] [HKLM\Software\Shareaza] [HKLM\Software\Skype] [HKLM\Software\Software] [HKLM\Software\Tracker Software] [HKLM\Software\Trad-FR] [HKLM\Software\Visan] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\Windows] [HKLM\Software\Wondershare] [HKLM\Software\Wow6432Node] [HKLM\Software\X-AVCSD] [HKLM\Software\XHEO INC] [HKLM\Software\babylontoolbar] =>Toolbar.Babylon [HKLM\Software\edoceo] [HKLM\Software\fwc] [HKLM\Software\mozilla.org] ~ Key Software: 237 Scanned in 00mn 01s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 28/5/2011 - 20:17:01 - [3,671] ----D C:\Arquivos de programas\3ivx O43 - CFD: 22/6/2013 - 13:48:27 - [0,045] -SH-D C:\Arquivos de programas\a05 O43 - CFD: 7/4/2011 - 17:26:38 - [1,613] ----D C:\Arquivos de programas\Analog Devices O43 - CFD: 13/1/2012 - 18:17:02 - [2,316] ----D C:\Arquivos de programas\Apple Software Update O43 - CFD: 25/6/2011 - 12:24:25 - [4,783] ----D C:\Arquivos de programas\Ares O43 - CFD: 13/6/2013 - 10:08:07 - [408,864] ----D C:\Arquivos de programas\Arquivos comuns O43 - CFD: 2/5/2011 - 21:03:05 - [131,532] ----D C:\Arquivos de programas\Articulate O43 - CFD: 13/1/2013 - 01:31:51 - [9,146] ----D C:\Arquivos de programas\Audacity O43 - CFD: 8/4/2011 - 00:13:37 - [190,499] ----D C:\Arquivos de programas\Avira O43 - CFD: 3/3/2013 - 11:48:57 - [0,011] ----D C:\Arquivos de programas\BrowserCompanion =>PUP.Blabbers O43 - CFD: 21/4/2011 - 14:27:12 - [3,503] ----D C:\Arquivos de programas\CCleaner =>Piriform Ltd O43 - CFD: 24/9/2012 - 20:52:14 - [0,040] ----D C:\Arquivos de programas\Claro O43 - CFD: 7/4/2011 - 20:31:48 - [0] ----D C:\Arquivos de programas\ComPlus Applications O43 - CFD: 29/3/2013 - 12:53:27 - [0,008] ----D C:\Arquivos de programas\Desk 365 =>Hijacker.22Find O43 - CFD: 7/4/2011 - 22:02:15 - [10,319] ----D C:\Arquivos de programas\Device Doctor O43 - CFD: 15/1/2012 - 12:57:17 - [0,847] ----D C:\Arquivos de programas\DVD Shrink O43 - CFD: 23/1/2013 - 01:19:09 - [405,253] ----D C:\Arquivos de programas\DVDVideoSoft O43 - CFD: 19/1/2013 - 12:33:24 - [281,063] ----D C:\Arquivos de programas\e-doceo O43 - CFD: 8/4/2011 - 08:11:11 - [13,755] ----D C:\Arquivos de programas\ESET O43 - CFD: 26/2/2012 - 10:10:30 - [35,956] ----D C:\Arquivos de programas\Essentials Codec Pack O43 - CFD: 29/3/2013 - 12:52:34 - [3,951] ----D C:\Arquivos de programas\Fake Webcam O43 - CFD: 20/1/2013 - 23:37:17 - [16,306] ----D C:\Arquivos de programas\FileZilla FTP Client O43 - CFD: 13/1/2012 - 09:20:20 - [17,594] ----D C:\Arquivos de programas\FirebirdSQL22 O43 - CFD: 16/4/2011 - 18:55:34 - [11,185] ----D C:\Arquivos de programas\Foxit Software O43 - CFD: 24/8/2011 - 14:43:16 - [5,527] ----D C:\Arquivos de programas\Free Easy CD DVD Burner O43 - CFD: 31/5/2013 - 10:53:06 - [185,960] ----D C:\Arquivos de programas\Google O43 - CFD: 20/5/2013 - 01:58:30 - [0,001] ----D C:\Arquivos de programas\Guitar Pro 5 O43 - CFD: 22/5/2013 - 14:42:01 - [2,913] ----D C:\Arquivos de programas\ImgBurn O43 - CFD: 3/3/2013 - 18:18:33 - [20,022] ----D C:\Arquivos de programas\Installer O43 - CFD: 11/2/2012 - 10:17:50 - [14,007] --H-D C:\Arquivos de programas\InstallShield Installation Information O43 - CFD: 12/6/2013 - 21:13:52 - [3,149] ----D C:\Arquivos de programas\Internet Explorer O43 - CFD: 27/1/2012 - 10:32:07 - [78,522] ----D C:\Arquivos de programas\Java O43 - CFD: 29/5/2013 - 20:18:38 - [198,217] ----D C:\Arquivos de programas\Kodak O43 - CFD: 13/6/2013 - 10:10:28 - [0,073] ----D C:\Arquivos de programas\LameACM O43 - CFD: 24/6/2013 - 16:46:07 - [13,292] ----D C:\Arquivos de programas\Malwarebytes' Anti-Malware O43 - CFD: 11/2/2012 - 10:17:58 - [2,414] ----D C:\Arquivos de programas\MarkAny O43 - CFD: 8/4/2011 - 10:33:49 - [0,216] ----D C:\Arquivos de programas\Microsoft O43 - CFD: 2/5/2011 - 20:41:58 - [38,002] ----D C:\Arquivos de programas\Microsoft Analysis Services O43 - CFD: 2/5/2011 - 20:49:20 - [584,894] ----D C:\Arquivos de programas\Microsoft Office O43 - CFD: 2/5/2011 - 20:49:18 - [3,467] ----D C:\Arquivos de programas\Microsoft SQL Server Compact Edition O43 - CFD: 2/5/2011 - 20:50:04 - [0,312] ----D C:\Arquivos de programas\Microsoft Synchronization Services O43 - CFD: 17/2/2013 - 17:43:32 - [7,797] ----D C:\Arquivos de programas\Microsoft.NET O43 - CFD: 18/6/2011 - 18:02:16 - [15,371] ----D C:\Arquivos de programas\Mindjet O43 - CFD: 20/5/2013 - 01:59:06 - [1,325] ----D C:\Arquivos de programas\Mixed In Key 5 O43 - CFD: 29/5/2013 - 21:00:56 - [50,048] ----D C:\Arquivos de programas\Mozilla Firefox O43 - CFD: 18/5/2013 - 09:00:35 - [0,214] ----D C:\Arquivos de programas\Mozilla Maintenance Service O43 - CFD: 9/4/2011 - 08:15:15 - [0,025] ----D C:\Arquivos de programas\MSBuild O43 - CFD: 29/5/2013 - 20:16:22 - [0,007] ----D C:\Arquivos de programas\MSXML 6.0 O43 - CFD: 8/4/2011 - 23:40:26 - [4,155] ----D C:\Arquivos de programas\Outlook Express O43 - CFD: 21/10/2011 - 11:34:35 - [4,128] ----D C:\Arquivos de programas\Plus! Image O43 - CFD: 29/5/2013 - 20:32:39 - [0,407] ----D C:\Arquivos de programas\PrintProjects O43 - CFD: 13/1/2012 - 18:20:16 - [72,770] ----D C:\Arquivos de programas\QuickTime O43 - CFD: 6/6/2013 - 19:54:56 - [96,428] ----D C:\Arquivos de programas\Rapid Evolution 3 O43 - CFD: 18/5/2011 - 14:34:17 - [1,993] ----D C:\Arquivos de programas\Recuva O43 - CFD: 9/4/2011 - 08:15:07 - [34,730] ----D C:\Arquivos de programas\Reference Assemblies O43 - CFD: 11/2/2012 - 10:21:38 - [240,232] ----D C:\Arquivos de programas\Samsung O43 - CFD: 8/6/2013 - 17:00:45 - [36,504] R---D C:\Arquivos de programas\Skype O43 - CFD: 13/6/2013 - 09:49:10 - [0,095] ----D C:\Arquivos de programas\SWiSH Max O43 - CFD: 13/6/2013 - 10:15:01 - [133,841] ----D C:\Arquivos de programas\SWiSH Max4 O43 - CFD: 20/12/2012 - 08:31:11 - [0,182] ----D C:\Arquivos de programas\TeamViewer O43 - CFD: 7/4/2011 - 21:06:06 - [0] --H-D C:\Arquivos de programas\Uninstall Information O43 - CFD: 20/5/2013 - 02:00:06 - [0] ----D C:\Arquivos de programas\VideoLAN O43 - CFD: 29/3/2013 - 12:52:06 - [69,089] ----D C:\Arquivos de programas\Windows Live O43 - CFD: 2/9/2011 - 13:43:36 - [56,378] ----D C:\Arquivos de programas\Windows Live Safety Center O43 - CFD: 8/4/2011 - 08:44:13 - [0,234] ----D C:\Arquivos de programas\Windows Live SkyDrive O43 - CFD: 21/10/2011 - 11:38:57 - [3,420] ----D C:\Arquivos de programas\Windows Media Connect 2 O43 - CFD: 7/4/2011 - 20:37:41 - [7,885] ----D C:\Arquivos de programas\Windows Media Player O43 - CFD: 7/4/2011 - 20:35:02 - [0] --H-D C:\Arquivos de programas\WindowsUpdate O43 - CFD: 7/4/2011 - 20:38:35 - [4,795] ----D C:\Arquivos de programas\WinRAR O43 - CFD: 10/6/2013 - 12:28:27 - [15,250] ----D C:\Arquivos de programas\Wondershare O43 - CFD: 29/3/2013 - 12:52:34 - [0] ----D C:\Arquivos de programas\Xenocode O43 - CFD: 24/6/2013 - 17:53:37 - [16,924] ----D C:\Arquivos de programas\ZHPDiag O43 - CFD: 28/3/2013 - 11:17:34 - [0,003] ----D C:\Arquivos de programas\Arquivos comuns\337 O43 - CFD: 22/6/2013 - 15:03:27 - [11,074] ----D C:\Arquivos de programas\Arquivos comuns\Adobe O43 - CFD: 13/1/2012 - 18:17:38 - [60,457] ----D C:\Arquivos de programas\Arquivos comuns\Apple O43 - CFD: 18/5/2011 - 14:23:25 - [30,174] ----D C:\Arquivos de programas\Arquivos comuns\Articulate O43 - CFD: 2/5/2011 - 20:50:00 - [0,095] ----D C:\Arquivos de programas\Arquivos comuns\DESIGNER O43 - CFD: 23/1/2013 - 01:09:17 - [88,162] ----D C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft O43 - CFD: 24/8/2011 - 14:52:13 - [1,621] ----D C:\Arquivos de programas\Arquivos comuns\InstallShield O43 - CFD: 8/3/2012 - 18:36:28 - [1,201] ----D C:\Arquivos de programas\Arquivos comuns\Java O43 - CFD: 2/5/2011 - 20:51:40 - [204,678] ----D C:\Arquivos de programas\Arquivos comuns\Microsoft Shared O43 - CFD: 7/4/2011 - 20:34:16 - [0,271] ----D C:\Arquivos de programas\Arquivos comuns\MSSoap O43 - CFD: 7/4/2011 - 17:23:39 - [0] ----D C:\Arquivos de programas\Arquivos comuns\ODBC O43 - CFD: 16/5/2013 - 07:58:13 - [1,628] ----D C:\Arquivos de programas\Arquivos comuns\Propellerhead Software O43 - CFD: 7/4/2011 - 20:34:26 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços O43 - CFD: 8/6/2013 - 17:00:45 - [1,904] ----D C:\Arquivos de programas\Arquivos comuns\Skype O43 - CFD: 20/5/2011 - 10:57:55 - [0,094] ----D C:\Arquivos de programas\Arquivos comuns\SWF Studio O43 - CFD: 13/6/2013 - 10:08:07 - [0,059] ----D C:\Arquivos de programas\Arquivos comuns\SWiSHzone.com O43 - CFD: 7/4/2011 - 20:32:53 - [7,436] ----D C:\Arquivos de programas\Arquivos comuns\System O43 - CFD: 8/4/2011 - 08:19:39 - [0] ----D C:\Arquivos de programas\Arquivos comuns\Windows Live O43 - CFD: 19/6/2013 - 14:41:49 - [1477,325] R-H-D C:\Documents and Settings\All Users\Dados de aplicativos O43 - CFD: 24/6/2013 - 17:35:51 - [0,015] ----D C:\Documents and Settings\All Users\Desktop O43 - CFD: 24/8/2011 - 14:50:35 - [0,001] R---D C:\Documents and Settings\All Users\Documentos O43 - CFD: 6/6/2013 - 19:12:01 - [0,178] -SH-D C:\Documents and Settings\All Users\DRM O43 - CFD: 7/4/2011 - 17:22:59 - [0] ----D C:\Documents and Settings\All Users\Favoritos O43 - CFD: 29/5/2013 - 20:21:40 - [0,001] ----D C:\Documents and Settings\All Users\Kodak O43 - CFD: 24/9/2012 - 20:56:38 - [0,239] R---D C:\Documents and Settings\All Users\Menu Iniciar O43 - CFD: 2/5/2011 - 20:49:18 - [2,379] ----D C:\Documents and Settings\All Users\Microsoft O43 - CFD: 24/9/2012 - 20:56:39 - [0] --H-D C:\Documents and Settings\All Users\Modelos O43 - CFD: 16/5/2013 - 08:00:45 - [490,849] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Ableton O43 - CFD: 19/6/2013 - 13:12:04 - [0,004] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Acoustica Premium Edition O43 - CFD: 19/6/2013 - 21:06:18 - [7,649] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Adobe O43 - CFD: 14/1/2012 - 15:33:00 - [0,018] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer O43 - CFD: 15/4/2011 - 23:06:06 - [9,927] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Articulate O43 - CFD: 11/4/2011 - 07:56:21 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Avira O43 - CFD: 21/10/2011 - 13:29:51 - [0,010] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon =>Toolbar.Babylon O43 - CFD: 22/6/2013 - 13:48:27 - [0,045] -SH-D C:\Documents and Settings\Administrador\Dados de aplicativos\bf5d O43 - CFD: 29/3/2013 - 12:53:25 - [1,089] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Desk 365 =>Hijacker.22Find O43 - CFD: 7/4/2011 - 22:02:20 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\DeviceDoctorSoftware O43 - CFD: 16/9/2011 - 13:56:24 - [4,097] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\DogWidget_WIN O43 - CFD: 10/2/2013 - 15:46:34 - [0,000] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\dvdcss O43 - CFD: 23/1/2013 - 10:14:46 - [57,459] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\DVDVideoSoft O43 - CFD: 23/1/2013 - 01:19:29 - [0,001] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\DVDVideoSoftIEHelpers O43 - CFD: 12/11/2012 - 13:13:13 - [5,286] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\EuroTalk O43 - CFD: 21/1/2013 - 01:26:49 - [0,024] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\FileZilla O43 - CFD: 16/4/2011 - 18:56:46 - [0,024] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Foxit O43 - CFD: 16/4/2011 - 18:56:49 - [0,222] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Foxit Software O43 - CFD: 24/8/2011 - 14:44:00 - [0,000] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\FreeBurner O43 - CFD: 1/6/2013 - 11:50:43 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Google O43 - CFD: 28/5/2011 - 20:18:04 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Help O43 - CFD: 7/4/2011 - 21:06:42 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Identities O43 - CFD: 22/5/2013 - 14:54:33 - [0,461] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\ImgBurn O43 - CFD: 2/5/2011 - 20:58:53 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield O43 - CFD: 2/3/2013 - 10:20:24 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Launcher O43 - CFD: 8/4/2011 - 01:07:03 - [2,746] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia O43 - CFD: 2/3/2013 - 08:56:00 - [0,016] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes O43 - CFD: 24/11/2012 - 12:01:01 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic O43 - CFD: 17/6/2013 - 14:03:57 - [21,193] -S--D C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft O43 - CFD: 20/5/2013 - 01:38:47 - [0,819] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Mixed In Key LLC O43 - CFD: 24/9/2002 - 01:15:40 - [21,722] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla O43 - CFD: 28/5/2011 - 20:19:43 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Nullsoft O43 - CFD: 22/1/2012 - 09:55:30 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Octoshape O43 - CFD: 24/9/2002 - 01:12:16 - [1,875] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong =>Adware.PriceGong O43 - CFD: 24/6/2013 - 17:17:53 - [0,049] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\QuickScan O43 - CFD: 10/6/2013 - 12:30:33 - [0,344] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\QuizCreator O43 - CFD: 11/2/2012 - 10:28:24 - [0,800] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Samsung O43 - CFD: 22/6/2013 - 20:04:27 - [19,871] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Skype O43 - CFD: 26/6/2011 - 09:38:30 - [0,015] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM O43 - CFD: 26/7/2011 - 18:55:21 - [50,803] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Sun O43 - CFD: 10/6/2013 - 12:28:42 - [0,336] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\SurveyCreator O43 - CFD: 15/6/2013 - 14:46:06 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\SWiSH Max4 FRA O43 - CFD: 1/1/2013 - 21:03:00 - [0,010] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\TeamViewer O43 - CFD: 29/5/2013 - 20:14:06 - [0] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Temp O43 - CFD: 13/6/2013 - 10:24:21 - [1,084] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Thinstall O43 - CFD: 22/1/2012 - 00:23:47 - [1,271] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent =>P2P.µTorrent O43 - CFD: 26/4/2011 - 10:38:18 - [0,000] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\Video2Webcam O43 - CFD: 26/2/2012 - 12:20:10 - [0,082] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Adobe O43 - CFD: 13/1/2012 - 18:17:08 - [0] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Apple O43 - CFD: 13/1/2012 - 18:16:46 - [0,010] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Apple Computer O43 - CFD: 15/12/2012 - 21:17:56 - [0,339] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Ares O43 - CFD: 11/6/2011 - 13:40:16 - [0,139] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit O43 - CFD: 11/4/2013 - 20:04:40 - [0] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Deployment O43 - CFD: 11/2/2012 - 10:09:05 - [87,747] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Downloaded Installations O43 - CFD: 29/5/2013 - 20:25:20 - [0,011] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Eastman Kodak Company O43 - CFD: 29/5/2013 - 20:45:02 - [0,003] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Eastman_Kodak_Company O43 - CFD: 10/1/2013 - 11:51:21 - [7,495] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Facebook O43 - CFD: 21/10/2011 - 11:37:32 - [0,006] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\FlickrNet O43 - CFD: 1/6/2013 - 11:50:43 - [597,533] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google O43 - CFD: 28/5/2011 - 20:18:04 - [0] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Help O43 - CFD: 18/7/2011 - 14:25:48 - [0,012] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\HP O43 - CFD: 9/4/2011 - 19:09:42 - [0,295] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Identities O43 - CFD: 8/4/2011 - 01:31:06 - [0,013] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IsolatedStorage O43 - CFD: 28/3/2013 - 09:00:35 - [0,006] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Level Up! O43 - CFD: 29/3/2013 - 12:53:19 - [0,307] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Lollipop =>Adware.Lollipop O43 - CFD: 18/1/2012 - 16:57:26 - [1543,806] -S--D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft O43 - CFD: 8/4/2011 - 00:52:29 - [0] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft Help O43 - CFD: 18/6/2011 - 18:07:11 - [11,465] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mindjet O43 - CFD: 20/5/2013 - 01:42:14 - [0,225] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mixed In Key O43 - CFD: 20/5/2013 - 01:42:26 - [0,000] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mixed_In_Key_LLC O43 - CFD: 8/4/2011 - 03:49:53 - [220,756] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla O43 - CFD: 14/6/2013 - 12:52:30 - [0] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\PackageAware O43 - CFD: 21/10/2011 - 11:36:36 - [1,293] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Plusimage O43 - CFD: 11/2/2012 - 10:29:02 - [0,014] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Samsung O43 - CFD: 27/9/2012 - 15:09:20 - [0,001] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Smartbar =>Hijacker.SmartBar O43 - CFD: 15/1/2012 - 12:42:01 - [0,005] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\TechSmith O43 - CFD: 10/1/2013 - 11:51:09 - [0] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Temp O43 - CFD: 7/2/2012 - 19:26:18 - [0] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Thinstall O43 - CFD: 18/6/2011 - 18:00:33 - [93,829] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{67CB8E18-9DAE-470D-B474-E7CC6E49A5FB} O43 - CFD: 7/4/2011 - 21:07:01 - [0,008] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios O43 - CFD: 25/6/2011 - 12:24:23 - [0,003] ----D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Ares O43 - CFD: 19/1/2013 - 12:38:05 - [0,002] ----D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\e-doceo O43 - CFD: 28/5/2011 - 20:24:33 - [0,005] ----D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Essentials Codec Pack O43 - CFD: 8/10/2011 - 13:04:19 - [0,000] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Ferramentas administrativas O43 - CFD: 13/1/2013 - 01:16:31 - [0,002] ----D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Google Chrome O43 - CFD: 28/6/2011 - 18:47:06 - [0,000] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar O43 - CFD: 9/1/2013 - 17:47:46 - [0,002] ----D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Programas Secretaria da Fazenda O43 - CFD: 7/4/2011 - 20:38:35 - [0,002] ----D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\WinRAR ~ Program Folder: 187 Scanned in 02mn 01s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.A28676340C51C8C4169383E1C26ED745] - 10/6/2013 - 12:29:48 ---A- . (...) -- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT [71248] O44 - LFC:[MD5.EA1DD493B46E175C4BE09DB1CBCA0E9C] - 11/6/2013 - 07:34:34 ---A- . (...) -- C:\WINDOWS\system32\FNTCACHE.DAT [273376] O44 - LFC:[MD5.F4EEFAA7FE643E45A15C678DA0EFB0AB] - 12/6/2013 - 19:29:34 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl [71048] O44 - LFC:[MD5.9229CC932F2F1C5BC384006C969B00A5] - 12/6/2013 - 19:29:35 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerApp.exe [692104] O44 - LFC:[MD5.BF4B063A55537D3510B649939598843A] - 12/6/2013 - 21:07:14 ---A- . (.Microsoft Corporation - Ferramentas de Remoção de Software Mal-Inte.) -- C:\WINDOWS\system32\MRT.exe [73381792] O44 - LFC:[MD5.7AA07ED2493BE43572A803E1C891BAB8] - 12/6/2013 - 21:12:57 ---A- . (...) -- C:\WINDOWS\KB2839229.log [11283] O44 - LFC:[MD5.3C83DE9F96A80E51621A02F10A7FF4D2] - 12/6/2013 - 21:12:57 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374] O44 - LFC:[MD5.9C803CAFB5CA03956BB9B91961AA8196] - 12/6/2013 - 21:13:52 ---A- . (...) -- C:\WINDOWS\updspapi.log [50365] O44 - LFC:[MD5.557E0BA4CF7E9C906C0DEADC3C072C63] - 12/6/2013 - 21:13:58 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [358589] O44 - LFC:[MD5.CFF18EB9C64FE9FF86B2CEA9F3966357] - 12/6/2013 - 21:13:58 ---A- . (...) -- C:\WINDOWS\msmqinst.log [113408] O44 - LFC:[MD5.31C7CFF41C52A31A4378533044C31F02] - 12/6/2013 - 21:13:59 ---A- . (...) -- C:\WINDOWS\KB2838727-IE7.log [115499] O44 - LFC:[MD5.C4780B289A9009AF612F23F99F024A66] - 12/6/2013 - 21:13:59 ---A- . (...) -- C:\WINDOWS\comsetup.log [120755] O44 - LFC:[MD5.613CE3E7E99E3320DBC8F781B84C0B65] - 12/6/2013 - 21:13:59 ---A- . (...) -- C:\WINDOWS\iis6.log [384907] O44 - LFC:[MD5.27E0F293D6D9F33AEF2C2B484DBE3E7F] - 12/6/2013 - 21:13:59 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.3A741789FDC0176CEA510D0D902E2CFF] - 12/6/2013 - 21:13:59 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [72780] O44 - LFC:[MD5.0F664B7BDB5999516C52F5DA8573BE9C] - 12/6/2013 - 21:13:59 ---A- . (...) -- C:\WINDOWS\ocgen.log [131312] O44 - LFC:[MD5.305C16DE5AF4519C4A3595AE4728A11E] - 12/6/2013 - 21:13:59 ---A- . (...) -- C:\WINDOWS\tabletoc.log [18038] O44 - LFC:[MD5.D4DF17B3CB5AC36215106FEC4010B2D6] - 12/6/2013 - 21:13:59 ---A- . (...) -- C:\WINDOWS\tsoc.log [163618] O44 - LFC:[MD5.7560E8A2CD5C3F259FECBDAB36B2C050] - 14/6/2013 - 15:15:50 ---A- . (...) -- C:\WINDOWS\wmsetup.log [39588] O44 - LFC:[MD5.F8779CF2D5A27BBD4E908E203579F2CC] - 24/6/2013 - 17:11:42 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32484] O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 24/6/2013 - 17:13:35 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbamswissarmy.sys [40776] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 24/6/2013 - 17:47:55 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.AA850AC36B009F101C601956B322FD09] - 24/6/2013 - 17:48:23 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49] O44 - LFC:[MD5.339A0A85C7C6089B27C68D13CF40D957] - 24/6/2013 - 17:48:26 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.FC9818069DF7BF38A50EEB94C31A3242] - 24/6/2013 - 17:49:30 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1084653] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/6/2013 - 17:49:59 ---A- . (...) -- C:\WINDOWS\0.log [0] O44 - LFC:[MD5.4FDDADA7D34F5A0508ED4E6BA4C34FF0] - 24/6/2013 - 17:50:00 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [2206] ~ Files: 27 Scanned in 01mn 51s ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\ARQUIV~1\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export authorized application key (O47) O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(...) -- C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation.) -- C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(...) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\BitNami Moodle Stack\mysql\bin\mysqld.exe" [Enabled] .(...) -- C:\Arquivos de programas\BitNami Moodle Stack\mysql\bin\mysqld.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\BitNami Moodle Stack\apache2\bin\httpd.exe" [Enabled] .(...) -- C:\Arquivos de programas\BitNami Moodle Stack\apache2\bin\httpd.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe" [Enabled] .(...) -- C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\ma-config.com\maconfservice.exe" [Enabled] .(...) -- C:\Arquivos de programas\ma-config.com\maconfservice.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Morpheus Music\Morpheus Music.exe" [Enabled] .(...) -- C:\Arquivos de programas\Morpheus Music\Morpheus Music.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Ares\Ares.exe" [Enabled] .(.Ares Development Group.) -- C:\Arquivos de programas\Ares\Ares.exe O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrador\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [Enabled] .(...) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.EXE" [Enabled] .(.Microsoft Corporation.) -- C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\SoftwareX4\Chronos v1\Chronsrv.exe" [Enabled] .(...) -- C:\Arquivos de programas\SoftwareX4\Chronos v1\Chronsrv.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\WebKit2WebProcess.exe" [Enabled] .(.Apple Inc..) -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\WebKit2WebProcess.exe O47 - AAKE:Key Export SP - "C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe" [Enabled] .(...) -- C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe (.not file.) O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\muzapp.exe" [Enabled] .(.Musiccity Co.Ltd..) -- C:\WINDOWS\system32\muzapp.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" [Enabled] .(...) -- C:\Arquivos de programas\VideoLAN\VLC\vlc.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Java\jre6\bin\javaw.exe" [Enabled] .(.Sun Microsystems, Inc..) -- C:\Arquivos de programas\Java\jre6\bin\javaw.exe O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\FacebookVideoCalling.exe" [Enabled] .(.Skype Limited.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\FacebookVideoCalling.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Kodak\AiO\Center\AiOHomeCenter.exe" [Enabled] .(.Eastman Kodak Company.) -- C:\Arquivos de programas\Kodak\AiO\Center\AiOHomeCenter.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Kodak\AiO\Center\Kodak.Statistics.exe" [Enabled] .(.Eastman Kodak Company.) -- C:\Arquivos de programas\Kodak\AiO\Center\Kodak.Statistics.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" [Enabled] .(.Eastman Kodak Company.) -- C:\Arquivos de programas\Kodak\AiO\Center\NetworkPrinterDiscovery.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Kodak\AiO\Firmware\KodakAiOUpdater.exe" [Enabled] .(.Eastman Kodak Company.) -- C:\Arquivos de programas\Kodak\AiO\Firmware\KodakAiOUpdater.exe O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Dados de aplicativos\Kodak\Installer\Setup.exe" [Enabled] .(.Eastman Kodak Company.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Kodak\Installer\Setup.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A..) -- C:\Arquivos de programas\Skype\Phone\Skype.exe O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" [Enabled] .(...) -- C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe (.not file.) O47 - AAKE:Key Export DP - "C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" [Enabled] .(.Microsoft Corporation.) -- C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe O47 - AAKE:Key Export DP - "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(...) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (.not file.) ~ Keys Export: 31 Scanned in 00mn 30s ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\WINDOWS\system32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll ~ LSA: 6 Scanned in 00mn 00s ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Wdf01000.sys . (.Microsoft Corporation - WDF Dynamic.) -- C:\WINDOWS\system32\Drivers\Wdf01000.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Wdf01000.sys . (.Microsoft Corporation - WDF Dynamic.) -- C:\WINDOWS\system32\Drivers\Wdf01000.sys ~ CSB: 23 Scanned in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{72510bac-6819-11e0-a73a-000874b5e294}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.) O51 - MPSK:{cbbfb48a-629b-11e0-a72a-000874b5e294}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.) O51 - MPSK:{cdc8da66-f1be-11e0-a843-000874b5e294}\AutoRun\command. (...) -- D:\ETS_Setup.exe (.not file.) O51 - MPSK:{de9d65d1-6150-11e0-b4cf-806d6172696f}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec de áudio DSP Group TrueSpeech(TM) para MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.3IV2"="3ivxVfWCodec.dll" . (.3ivx Technologies Pty. Ltd. - 3ivx MPEG-4 5.0.2 Video for Windows Codec.) -- C:\WINDOWS\system32\3ivxVfWCodec.dll O52 - TDSD: \Drivers32\"vidc.SEDG"="SamsungVfWCodec.dll" . (...) -- C:\WINDOWS\system32\SamsungVfWCodec.dll O52 - TDSD: \Drivers32\"vidc.DX50"="DivXVfWCodec.dll" . (...) -- C:\WINDOWS\system32\DivXVfWCodec.dll O52 - TDSD: \Drivers32\"msacm.lameacm"="LameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\system32\LameACM.acm O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"SamsungVfWCodec.dll"="Samsung Video Codec (3ivx)" . (...) -- C:\WINDOWS\system32\SamsungVfWCodec.dll O52 - TDSD: \drivers.desc\"DivXVfWCodec.dll"="DivX Video Codec (3ivx)" . (...) -- C:\WINDOWS\system32\DivXVfWCodec.dll O52 - TDSD: \drivers.desc\"LameACM.acm"="LameACM" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\WINDOWS\system32\LameACM.acm ~ TDSD: 13 Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\ActiveCollector [Key] . (...) -- C:\Program Files\NetNucleous\ActiveCollector\ActiveCollector.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Arquivos de programas\Ares\Ares.exe O53 - SMSR:HKLM\...\startupreg\BCSSync [Key] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Arquivos de programas\Microsoft Office\Office14\BCSSync.exe O53 - SMSR:HKLM\...\startupreg\Browser companion helper [Key] . (...) -- C:\Arquivos de programas\BrowserCompanion\BCHelper.exe (.not file.) =>PUP.Blabbers O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (.Google Inc. - Google Installer.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe O53 - SMSR:HKLM\...\startupreg\KiesHelper [Key] . (.Samsung - Kies.) -- C:\Arquivos de programas\Samsung\Kies\KiesHelper.exe O53 - SMSR:HKLM\...\startupreg\KiesPDLR [Key] . (.Unknown owner - KiesPDLR.) -- C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O53 - SMSR:HKLM\...\startupreg\KiesTrayAgent [Key] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Arquivos de programas\Samsung\Kies\KiesTrayAgent.exe O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (...) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\PlusService [Key] . (...) -- C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Arquivos de programas\QuickTime\QTTask.exe O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Arquivos de programas\uTorrent\uTorrent.exe (.not file.) =>P2P.µTorrent ~ SMSR Keys: 14 Scanned in 00mn 01s ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll ~ MSCP: 6 Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 ~ MWPS: 5 Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoControlPanel"= O56 - MWPE:[HKCU\...\policies\Explorer] - "NofolderOptions"= O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"= O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1 ~ MWPE Keys: 5 Scanned in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.5B44C214F9CD9F590BE9125347610380] - 17/6/2010 - 14:29:18 ---A- . (.Avira GmbH - Avira AntiVir File Filter Driver.) -- C:\WINDOWS\system32\Drivers\avgntdd.sys [45416] O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 14/4/2008 - 08:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032] ~ Drivers: Scanned in 00mn 00s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 12/6/2013 - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (AdobeFlashPlayerUpdateSvc) .(.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.7 r7.) - LEGACY_ADOBEFLASHPLAYERUPDATESVC O64 - Services: CurCS - 17/8/2011 - C:\WINDOWS\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\alg.exe (ALG) .(.Microsoft Corporation - Application Layer Gateway Service.) - LEGACY_ALG O64 - Services: CurCS - 27/4/2011 - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (AntiVirSchedulerService) .(.Avira GmbH - Antivirus Scheduler.) - LEGACY_ANTIVIRSCHEDULERSERVICE O64 - Services: CurCS - 1/9/2011 - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (AntiVirService) .(.Avira GmbH - Antivirus On-Access Service.) - LEGACY_ANTIVIRSERVICE O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (AppMgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_APPMGMT O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (AudioSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_AUDIOSRV O64 - Services: CurCS - 17/6/2010 - C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO O64 - Services: CurCS - 1/9/2011 - C:\WINDOWS\system32\DRIVERS\avgntflt.sys (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT O64 - Services: CurCS - 1/9/2011 - C:\WINDOWS\system32\DRIVERS\avipbb.sys (avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (BITS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BITS O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (Browser) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BROWSER O64 - Services: CurCS - 25/7/2008 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (clr_optimization_v2.0.50727_32) .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32 O64 - Services: CurCS - 18/3/2010 - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (clr_optimization_v4.0.30319_32) .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V4.0.30319_32 O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\dllhost.exe (COMSysApp) .(.Microsoft Corporation - COM Surrogate.) - LEGACY_COMSYSAPP O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (CryptSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_CRYPTSVC O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (Dhcp) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DHCP O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\drivers\dmboot.sys (dmboot) .(.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) - LEGACY_DMBOOT O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\drivers\dmload.sys (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (dmserver) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DMSERVER O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (Dnscache) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_DNSCACHE O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (ERSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_ERSVC O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (EventSystem) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_EVENTSYSTEM O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (FastUserSwitchingCompatibility) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_FASTUSERSWITCHINGCOMPATIBILITY O64 - Services: CurCS - 27/2/2009 - C:\Arquivos de programas\FirebirdSQL22\bin\fbguard.exe (FirebirdGuardianDefaultInstance) .(.Firebird Project - Firebird SQL Server.) - LEGACY_FIREBIRDGUARDIANDEFAULTINSTANCE O64 - Services: CurCS - 27/2/2009 - C:\Arquivos de programas\FirebirdSQL22\bin\fbserver.exe (FirebirdServerDefaultInstance) .(.Firebird Project - Firebird SQL Server.) - LEGACY_FIREBIRDSERVERDEFAULTINSTANCE O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\fltMgr.sys (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR O64 - Services: CurCS - 29/7/2008 - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (FontCache3.0.0.0) .(.Microsoft Corporation - PresentationFontCache.exe.) - LEGACY_FONTCACHE3.0.0.0 O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\msgpc.sys (Gpc) .(.Microsoft Corporation - MS General Packet Classifier.) - LEGACY_GPC O64 - Services: CurCS - 31/5/2013 - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (gupdate) .(.Google Inc. - Google Installer.) - LEGACY_GUPDATE O64 - Services: CurCS - 7/2/2011 - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc) .(.Google - gusvc.) - LEGACY_GUSVC O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (helpsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HELPSVC O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (HidServ) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HIDSERV O64 - Services: CurCS - 20/10/2009 - C:\WINDOWS\system32\Drivers\HTTP.sys (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (HTTPFilter) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_HTTPFILTER O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\imapi.exe (ImapiService) .(.Microsoft Corporation - IMAPI.) - LEGACY_IMAPISERVICE O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\ipnat.sys (IpNat) .(.Microsoft Corporation - IP Network Address Translator.) - LEGACY_IPNAT O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec) .(.Microsoft Corporation - IPSec Driver.) - LEGACY_IPSEC O64 - Services: CurCS - 2/10/2012 - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - 15/3/2013 - C:\Arquivos de programas\Kodak\AiO\Center\EKAiOHostService.exe (Kodak AiO Network Discovery Service) .(.Eastman Kodak Company - EKAiOHostService Module for Kodak AiO Print.) - LEGACY_KODAK_AIO_NETWORK_DISCOVERY_SERVICE O64 - Services: CurCS - 15/1/2013 - C:\Arquivos de programas\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Kodak AiO Status Monitor Service) .(.Eastman Kodak Company - Status Monitor SDK for KODAK AiO Printer (3.) - LEGACY_KODAK_AIO_STATUS_MONITOR_SERVICE O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (LanmanServer) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANSERVER O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (LanmanWorkstation) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LANMANWORKSTATION O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (LmHosts) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_LMHOSTS O64 - Services: CurCS - 24/6/2013 - C:\WINDOWS\system32\drivers\mbamswissarmy.sys (MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSWISSARMY O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\mrxdav.sys (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV O64 - Services: CurCS - 15/7/2011 - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (MRxSmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\msdtc.exe (MSDTC) .(.Microsoft Corporation - MS DTC console program.) - LEGACY_MSDTC O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\msiexec.exe (MSIServer) .(.Microsoft Corporation - Windows® installer.) - LEGACY_MSISERVER O64 - Services: CurCS - 21/4/2011 - C:\WINDOWS\system32\Drivers\Mup.sys (Mup) .(.Microsoft Corporation - Multiple UNC Provider driver.) - LEGACY_MUP O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\Drivers\NDIS.sys (NDIS) .(.Microsoft Corporation - NDIS 5.1 wrapper driver.) - LEGACY_NDIS O64 - Services: CurCS - 8/7/2011 - C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NdisTapi) .(.Microsoft Corporation - NDIS 3.0 connection wrapper driver.) - LEGACY_NDISTAPI O64 - Services: CurCS - 8/5/2008 - C:\WINDOWS\system32\DRIVERS\ndisuio.sys (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O Driver.) - LEGACY_NDISUIO O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\netbt.sys (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (Netman) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NETMAN O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (Nla) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NLA O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (NtmsSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_NTMSSVC O64 - Services: CurCS - 9/1/2010 - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.exe (ose) .(.Microsoft Corporation - Office Source Engine.) - LEGACY_OSE O64 - Services: CurCS - 9/1/2010 - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.exe (osppsvc) .(.Microsoft Corporation - Microsoft Office Software Protection Platfo.) - LEGACY_OSPPSVC O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\lsass.exe (PolicyAgent) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_POLICYAGENT O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\lsass.exe (ProtectedStorage) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_PROTECTEDSTORAGE O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\rasacd.sys (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (RasMan) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_RASMAN O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\rdbss.sys (Rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (RemoteRegistry) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_REMOTEREGISTRY O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\rsvp.exe (RSVP) .(.Microsoft Corporation - Microsoft RSVP.) - LEGACY_RSVP O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\lsass.exe (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (Schedule) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SCHEDULE O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (seclogon) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SECLOGON O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (SENS) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SENS O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (SharedAccess) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHAREDACCESS O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (ShellHWDetection) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SHELLHWDETECTION O64 - Services: CurCS - 19/4/2013 - C:\Arquivos de programas\Skype\Updater\Updater.exe (SkypeUpdate) .(.Skype Technologies - Skype Updater Service.) - LEGACY_SKYPEUPDATE O64 - Services: CurCS - 2/10/2012 - C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype C2C Service) .(.Skype Technologies S.A. - Skype C2C Service.) - LEGACY_SKYPE_C2C_SERVICE O64 - Services: CurCS - 17/8/2010 - C:\WINDOWS\system32\spoolsv.exe (Spooler) .(.Microsoft Corporation - Spooler SubSystem App.) - LEGACY_SPOOLER O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\sr.sys (sr) .(.Microsoft Corporation - Driver de filtro do sistema de arquivos da.) - LEGACY_SR O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (srservice) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SRSERVICE O64 - Services: CurCS - 17/2/2011 - C:\WINDOWS\system32\DRIVERS\srv.sys (Srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (SSDPSRV) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_SSDPSRV O64 - Services: CurCS - 17/6/2010 - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (stisvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_STISVC O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\dllhost.exe (SwPrv) .(.Microsoft Corporation - COM Surrogate.) - LEGACY_SWPRV O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (TapiSrv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TAPISRV O64 - Services: CurCS - 20/6/2008 - C:\WINDOWS\system32\DRIVERS\tcpip.sys (Tcpip) .(.Microsoft Corporation - TCP/IP Protocol Driver.) - LEGACY_TCPIP O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (Themes) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_THEMES O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (TrkWks) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_TRKWKS O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (upnphost) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_UPNPHOST O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\drivers\vga.sys (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\vssvc.exe (VSS) .(.Microsoft Corporation - Serviço de cópias de sombra de volume da Mi.) - LEGACY_VSS O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (W32Time) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_W32TIME O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\DRIVERS\wanarp.sys (Wanarp) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARP O64 - Services: CurCS - 27/3/2008 - C:\WINDOWS\system32\Drivers\wdf01000.sys (Wdf01000) .(.Microsoft Corporation - WDF Dynamic.) - LEGACY_WDF01000 O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (WebClient) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WEBCLIENT O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (winmgmt) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WINMGMT O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\wbem\wmiapsrv.exe (WmiApSrv) .(.Microsoft Corporation - Serviço de adaptador de desempenho WMI.) - LEGACY_WMIAPSRV O64 - Services: CurCS - 18/3/2010 - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (WPFFontCache_v0400) .(.Microsoft Corporation - wpffontcache_v0400.exe.) - LEGACY_WPFFONTCACHE_V0400 O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\drivers\ws2ifsl.sys (WS2IFSL) .(.Microsoft Corporation - Winsock2 IFS Layer.) - LEGACY_WS2IFSL O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (wscsvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WSCSVC O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (wuauserv) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUAUSERV O64 - Services: CurCS - 28/9/2006 - C:\WINDOWS\system32\DRIVERS\WudfPf.sys (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (WudfSvc) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WUDFSVC O64 - Services: CurCS - 14/4/2008 - C:\WINDOWS\system32\svchost.exe (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC ~ Legacy: 133 Scanned in 00mn 01s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe ~ FASS Keys: 19 Scanned in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Messenger Plus Smartbar Search) - [url=http://www.plusnetwork.com][url=http://www.plusnetwork.com]http://www.plusnetwork.com[/url][/url] =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - [url=http://search.live.com]Bing[/url] O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - [url=http://search.babylon.com]Babylon Search[/url] =>Adware.IMBooster O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - [url=http://websearch.ask.com][url=http://websearch.ask.com]http://websearch.ask.com[/url][/url] O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - [url=http://www.google.com]Google[/url] O69 - SBI: SearchScopes [HKCU] {744EF25D-3B09-4690-BE4A-65C57266683B} - (Google) - [url=http://www.google.com]Google[/url] ~ Keys: Scanned in 00mn 00s ---\\ Search Svchost Services (SSS) (O83) O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\WINDOWS\system32\appmgmts.dll [172032] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496] O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [78336] O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464] O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Dll do serviço do Gerenciador de discos lógicos.) -- C:\WINDOWS\system32\dmserver.dll [23552] O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Serviço do Cliente DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll [126976] O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040] O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - No comment.) -- C:\WINDOWS\system32\es.dll [253952] O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation - HID Audio Service.) -- C:\WINDOWS\system32\hidserv.dll [21504] O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [99840] O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [132096] O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792] O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gerenciador de conexões de rede.) -- C:\WINDOWS\system32\netman.dll [198144] O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll [247808] O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gerenciador de armazenamento removível.) -- C:\WINDOWS\system32\ntmssvc.dll [437248] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248] O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Mecanismo do 'Agendador de tarefas'.) -- C:\WINDOWS\system32\schedsvc.dll [193536] O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\WINDOWS\system32\seclogon.dll [18944] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\WINDOWS\system32\ipnathlp.dll [331264] O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Serviço de restauração do sistema.) -- C:\WINDOWS\system32\srsvc.dll [171520] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft(R) Windows(TM).) -- C:\WINDOWS\system32\tapisrv.dll [249856] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112] O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\WINDOWS\system32\w32time.dll [176128] O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Serviço de configuração zero sem fio.) -- C:\WINDOWS\system32\wzcsvc.dll [483840] O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API de base do Windows 32 avançada.) -- C:\WINDOWS\system32\advapi32.dll [683520] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408] O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896] O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024] O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Tempo de Execução de Serviço de Agente de Quarentena.) -- C:\WINDOWS\system32\qagentrt.dll [292864] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\WINDOWS\system32\kmsvc.dll [61440] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\WINDOWS\system32\qmgr.dll [409088] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [135168] O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400] O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\MsPMSNSv.dll [27136] ~ Services: 40 Scanned in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.92D1142C4BD725303A0CD58A59A3F8E3] [SPRF][11/2/2012] (.Samsung Electronics Co., Ltd. - Samsung Kies Installer 2.0.) -- C:\Documents and Settings\Administrador\Desktop\Kies_2.1.1.11124_17_6.exe [92945152] [MD5.05A64FCAF37100DE317A54ECDCC0A37F] [SPRF][16/5/2013] (.Indigo Rose Corporation [url=http://www.indigoro][url=http://www.indigoro]http://www.indigoro[/url][/url] - Setup Factory 6.0 Setup Launcher.) -- C:\Documents and Settings\Administrador\Desktop\Quattro_2002_web.exe [1133776] ~ Files: Scanned in 00mn 10s ---\\ Additionnal Scan (O88) Database Version : v2.12552 - (23/6/2013) Clés trouvées (Keys found) : 43 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 10 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}] =>Hijacker.SmartBar [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke [HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR [HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Toolbar.Avira [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion] =>PUP.Blabbers [HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit [HKLM\Software\Classes\LinkurySmartBar.DockingPanel] =>Hijacker.SmartBar [HKLM\Software\Classes\LinkurySmartBar.LinkurySmartBar] =>Hijacker.SmartBar [HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>Hijacker.Eazel [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\Blabbers] =>PUP.Blabbers [HKCU\Software\BlabbersToolbar] =>PUP.Blabbers [HKCU\Software\BrowserMngr] =>Toolbar.Babylon [HKLM\Software\BrowserMngr] =>Toolbar.Babylon [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>Toolbar.Babylon [HKCU\Software\bbrs_002.tb] =>PUP.Blabbers [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKLM\Software\Classes\AppID\secman.DLL] =>Toolbar.Babylon [HKLM\Software\Classes\Toolbar.CT2851643] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar.CT2905346] =>Toolbar.Conduit [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.Avira C:\Arquivos de programas\BrowserCompanion =>PUP.Blabbers C:\Arquivos de programas\Installer =>Adware.InstallPedia C:\Arquivos de programas\Desk 365 =>Hijacker.22find C:\Arquivos de programas\Arquivos comuns\337 =>Hijacker.22find C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon =>Toolbar.Babylon C:\Documents and Settings\Administrador\Dados de aplicativos\PriceGong =>Adware.PriceGong C:\Documents and Settings\Administrador\Dados de aplicativos\Desk 365 =>Hijacker.22find C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit =>Toolbar.Conduit C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\lollipop =>Adware.Lollipop C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Smartbar =>Hijacker.SmartBar ~ Additionnel Scan: 263025 Items scanned in 00mn 31s ---\\ Product Upgrade Codes (O90) O90 - PUC: "00004109DB0061400000000000F01FEC" . (.Microsoft Office ScreenTip Language 2010 - Português.) -- C:\WINDOWS\Installer\{90140000-00BD-0416-0000-0000000FF1CE}\UICaptionsIcon O90 - PUC: "0CF165AE569A2E11493D8BCAF689CC3E" . (.Google Earth Plug-in.) -- C:\WINDOWS\Installer\{EA561FC0-A965-11E2-94D3-B8AC6F98CCE3}\ARPPRODUCTICON.exe O90 - PUC: "0E512FD2C3DB89C46861FAFE90472758" . (.Windows Live Sync.) -- C:\WINDOWS\Installer\{2DF215E0-BD3C-4C98-8616-AFEF09747285}\FolderShare48x48.ico O90 - PUC: "1038C85769625584FA5435B4210089A0" . (.Samsung Kies.) -- C:\WINDOWS\Installer\{758C8301-2696-4855-AF45-534B1200980A}\ARPPRODUCTICON.exe O90 - PUC: "186C49EB2E861654A8CBD8E29719864B" . (.essentials.) -- C:\WINDOWS\Installer\{BE94C681-68E2-4561-8ABC-8D2E799168B4}\ARPPRODUCTICON.exe O90 - PUC: "1D034B0FAA6BD374B960AAD30DF10D8B" . (.Microsoft SQL Server 2005 Compact Edition [ENU].) -- C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\ProductIcon O90 - PUC: "46B5A9879DD95AB419A50FCFA0B1B7EF" . (.Apple Software Update.) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\Installer.ico O90 - PUC: "510C9A78AB2CEE44C902E6A167B4E832" . (.Windows Live Galeria de Fotos.) -- C:\WINDOWS\Installer\{87A9C015-C2BA-44EE-9C20-6E1A764B8E23}\WLXPhotoGalleryIcon.exe O90 - PUC: "53451EB7E3D285B468F7C957EB0D02C8" . (.QuickTime.) -- C:\WINDOWS\Installer\{7BE15435-2D3E-4B58-867F-9C75BED0208C}\Installer.ico O90 - PUC: "5A6FB34A0F5DAAA4FB1456990536CE44" . (.MSXML 6.0 Parser.) -- C:\WINDOWS\Installer\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}\ARPIco O90 - PUC: "6481DA4701021BF4E8426B2F8B17052C" . (.Windows Live Mail.) -- C:\WINDOWS\Installer\{74AD1846-2010-4FB1-8E24-B6F2B87150C2}\wlmail.exe O90 - PUC: "7692FC6BE18C0C0489510C7547EF1F02" . (.Skype Click to Call.) -- C:\WINDOWS\Installer\{B6CF2967-C81E-40C0-9815-C05774FEF120}\IconUninstallIco O90 - PUC: "BAFB35FE01C4BD048AD2B9701171516C" . (.aioscnnr.) -- C:\WINDOWS\Installer\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}\ARPPRODUCTICON.exe O90 - PUC: "DD3E9A158B73BB74E876B5673BFECB84" . (.Assistente de Conexão do Windows Live.) -- C:\WINDOWS\Installer\{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}\prodicon.ico O90 - PUC: "DDB6C50237B7ED245850A990F3532A83" . (.Windows Live Upload Tool.) -- C:\WINDOWS\Installer\{205C6BDD-7B73-42DE-8505-9A093F35A238}\RichUpload.ico O90 - PUC: "DF97238AB4AC602459530979D47E6645" . (.Apple Application Support.) -- C:\WINDOWS\Installer\{A83279FD-CA4B-4206-9535-90974DE76654}\WinInstall.ico O90 - PUC: "E7FF67E4ABEA78C47B88DC745E24B5D9" . (.Skype™ 6.3.) -- C:\WINDOWS\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe O90 - PUC: "F142AB65C0852D344830492714AA6E33" . (.center.) -- C:\WINDOWS\Installer\{56BA241F-580C-43D2-8403-947241AAE633}\ARPPRODUCTICON.exe O90 - PUC: "F4E3CDA9AD43DC847872BB629D2075DB" . (.Windows Live Messenger.) -- C:\WINDOWS\Installer\{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}\MsblIco.Exe O90 - PUC: "F69FCBFB1637A68469C5451BA73C4512" . (.ocr.) -- C:\WINDOWS\Installer\{BFBCF96F-7361-486A-965C-54B17AC35421}\ARPPRODUCTICON.exe O90 - PUC: "F7E8FE721D885ce4DA2EE744F7FD11E4" . (.Kodak AIO Printer.) -- C:\WINDOWS\Installer\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}\ARPPRODUCTICON.exe ~ Update Products: 74 Scanned in 00mn 00s ---\\ Random Export Key (O91) [HKCU\Software\5b68a8ab539eb15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.2.643.41]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" [HKCU\Software\5b68a8ab539eb15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.2.643.41]:version="2.2.643.41" [HKCU\Software\5b68a8ab539eb15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.787.43]:guid="{16cdff19-861d-48e3-a751-d99a27784753}" [HKCU\Software\5b68a8ab539eb15\history\{16cdff19-861d-48e3-a751-d99a27784753}2.3.787.43]:version="2.3.787.43" [HKCU\Software\5b68a8ab539eb15] =>Toolbar.Babylon^ ~ Export Key Software: Scanned in 00mn 00s ---\\ MyComputer Name Space (O92) O92 - MNS: Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} ~ MNS: 1 Scanned in 00mn 00s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 12/6/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 27/4/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe SR - | Auto 1/9/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 27/2/2009 81920 | (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Arquivos de programas\FirebirdSQL22\bin\fbguard.exe SR - | Demand 27/2/2009 2732032 | (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Arquivos de programas\FirebirdSQL22\bin\fbserver.exe SS - | Auto 31/5/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 31/5/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SS - | Demand 7/2/2011 136120 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 2/10/2012 153584 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe SR - | Auto 15/3/2013 395640 | (Kodak AiO Network Discovery Service) . (.Eastman Kodak Company.) - C:\Arquivos de programas\Kodak\AiO\Center\EKAiOHostService.exe SR - | Auto 15/1/2013 780152 | (Kodak AiO Status Monitor Service) . (.Eastman Kodak Company.) - C:\Arquivos de programas\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe SS - | Demand 17/5/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 2/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\Documents and Settings\All Users\Dados de aplicativos\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Auto 19/4/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe ~ Services: Scanned in 00mn 02s End of the scan (1499 lines in 08mn 57s)(0)