Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.4.21.127 par Nicolas Coolman, Update du 21/04/2013
Run by Wesclei at 22/04/2013 14:28:53
State : Your version is update.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 12.0
GCIE: Google Chrome v26.0.1410.64 (Defaut)
---\\ Windows Product Information
~ Langage: Anglais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ System Protection
Avira Free Antivirus v12.1.9.1236
Malwarebytes Anti-Malware vers�o 1.75.0.1300
---\\ System Optimizer
---\\ Software Update
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1 - Portugu�s
---\\ System Information
~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1981 MB (73% free)
System Restore: Activ� (Enable)
System drive C: has 129 GB (86%) free of 149 GB
---\\ Logged in mode
~ Computer Name: WESCLEI
~ User Name: Wesclei
~ All Users Names: Wesclei, SUPPORT_388945a0, IWAM_WESCLEI, IUSR_WESCLEI, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: O45,O61,O62,O65,O82
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Wesclei\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Wesclei\Desktop\
~ %Favorites% : C:\Documents and Settings\Wesclei\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Wesclei\Configura��es locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Wesclei\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 129 Go of 149 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: Scanned in 00mn 00s
---\\ Search Generic System Files
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.A4A0FC92358F39538A6494C42EF99FE9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/08/2007 - 18:54:10.) -- C:\WINDOWS\system32\wininet.dll [818688]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.7E775010EF291DA96AD17CA4B17137D7] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/08/2008 - 7:04:36.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 9:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.60AE98742484E7AB80C3C1450E708148] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.24/10/2008 - 8:21:09.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [455296]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de c�pia de sombra de volume.) (.13/04/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/6
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 9/253
~ Mon Bureau (My Desktop) : 0/29
~ Menu demarrer (Programs) : 1/44
~ Hidden Files: Scanned in 00mn 00s
---\\ Running Processes
[MD5.0A1CC583E8147004E4AD4625D7FBF88C] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [86224] [PID.1796]
[MD5.C9A36EF935ACED86AEDF93E97E606911] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [110032] [PID.1892]
[MD5.12F51445C5847C77F87C9A6538EEB38F] - (.Microsoft Corporation - Internet Information Services.) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872] [PID.184]
[MD5.112325F53AB720CA77825726D427FBDC] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376] [PID.212]
[MD5.748D107C3D000529A03C21E182442CFA] - (.Microsoft Corporation - TCP/IP Services Application.) -- C:\WINDOWS\system32\tcpsvcs.exe [19456] [PID.580]
[MD5.AC10E67A172D2F64340CEFCDFF80FDFA] - (.Microsoft Corporation - Servi�o SNMP.) -- C:\WINDOWS\System32\snmp.exe [33280] [PID.612]
[MD5.52233C5D1890811C552068015AFE27DF] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe [80336] [PID.2836]
[MD5.F4202F68BB3B9A08822238D9017EC638] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [348664] [PID.3548]
[MD5.39AF1CDEAFA4FC9D5185FBD9F4D141C4] - (.Octoshape ApS - Main program for Octoshape client.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800] [PID.3608]
[MD5.80557066058569BC5D55856592E20985] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.3376]
[MD5.2D9A1A43307EC9BB267BE9F90B4AF0D5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [6936576] [PID.1416]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3160]
[MD5.C58E0367F951DACF32D801CF5F900EC5] - (.Microsoft Corporation - MS DTC console program.) -- C:\WINDOWS\system32\msdtc.exe [6144] [PID.3660]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\yahoo-br.xml
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\npdeploytk.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 2.0.0048.0.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\npOGAPlugin.dll
P2 - FPN: [HKCU] [@octoshape.com/Octoshape Streaming Services,version=1.0] - (.Octoshape ApS - Octoshape embedded video plugin.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Octoshape ApS - Octoshape embedded video plugin.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1
---\\ Browser Helper Objects (O2)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - hpswp_printenhancer dll.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} . (.Hewlett-Packard Co. - Leo (Framework) - add-on for Internet Explo.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: &Windows Live Toolbar - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (.not file.)
O4 - HKCU\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKUS\S-1-5-21-2000478354-1532298954-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2000478354-1532298954-682003330-1003\..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (.not file.)
O4 - HKUS\S-1-5-21-2000478354-1532298954-682003330-1003\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
~ Application: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop: Adobe Reader 6.0.lnk . (.Adobe Systems Incorporated - Adobe Reader 6.0.) -- C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
O4 - GS\Desktop: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop: Avira Control Center.lnk . (.Avira Operations GmbH & Co. KG - Avira Control Center.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avcenter.exe
O4 - GS\Desktop: BisonCam.lnk . (...) -- C:\WINDOWS\BisonCam\BisonCap.exe
O4 - GS\Desktop: Central de Solu��es HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqdirec.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
O4 - GS\Desktop: Nero Express.lnk . (.Nero AG - Nero Burning ROM.) -- C:\Arquivos de programas\Nero\Nero Burning ROM\nero.exe
O4 - GS\Desktop: PDFZilla.lnk . (.PDFZilla, Inc. - Convert PDF files to Word, Txt, HTML, Image.) -- C:\PDFZilla\PDFZilla.exe
O4 - GS\Desktop: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Arquivos de programas\Google\Picasa3\Picasa3.exe
O4 - GS\Desktop: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe
O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe
O4 - GS\Desktop: Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sele��o HP Smart - {700259D7-1666-479a-93B1-3250410481E8} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphean Key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de servi�os do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de servi�os do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll
~ Winsock: 5 Legitimates Filtered in 00mn 00s
---\\ 'Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Param�tres WEB: Scanned in 00mn 00s
---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.sofc2012
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpDomain = funpec.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpDomain = funpec.br
O17 - HKLM\System\CS3\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpDomain = funpec.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notifica��o do servi�o de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Pasta e monitor da bandeja UPNP.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s
---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Pr�-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usu�rio do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pr�-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usu�rio do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: Minha p�gina inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Wesclei\Configura��es locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Wesclei\Configura��es locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Drivers launched at startup (O41)
O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\WINDOWS\system32\drivers\360FileOem.sys
O41 - Driver: (360SpOEM) . (.360???? - 360???? - SelfProtection.) - C:\WINDOWS\system32\drivers\360SpOEM.sys
~ Drivers: 81 Legitimates Filtered in 00mn 02s
---\\ Software installed (O42)
O42 - Logiciel: HotKey_Driver - (...) [HKLM] -- {63F8286A-601D-4B06-BB21-DB863AF17BFA}
O42 - Logiciel: PDFZilla V1.0.7 - (.PDFZilla, Inc..) [HKLM] -- PDFZilla_is1
O42 - Logiciel: Update_DealPly - (...) [HKCU] -- DealPly =>PUP.DealPly
O42 - Logiciel: XP Codec Pack - (...) [HKLM] -- XP Codec Pack
~ Logic: 134 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\GbAs]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\PIP]
[HKCU\Software\XP Codec Pack]
[HKCU\Software\searchya.com] =>Adware.SearchYa
[HKLM\Software\360Safe]
[HKLM\Software\Absolutist]
[HKLM\Software\HotKey_Disp]
[HKLM\Software\PSafe]
[HKLM\Software\Programas RFB]
[HKLM\Software\Trymedia Systems] =>Adware.Trymedia
[HKLM\Software\Ushustech]
[HKLM\Software\margasoft]
~ Key Software: 202 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 22/06/2012 - 14:07:22 - [10,253] ----D C:\Arquivos de programas\Claro 3G
O43 - CFD: 14/10/2009 - 12:03:28 - [0,000] ----D C:\Arquivos de programas\CNPJ2003
O43 - CFD: 01/06/2009 - 11:07:46 - [3,520] ----D C:\Arquivos de programas\HotKey_Driver
O43 - CFD: 22/06/2012 - 14:07:19 - [3,007] ----D C:\Arquivos de programas\InstallAffixationInfo
O43 - CFD: 01/03/2013 - 0:57:54 - [0,001] ----D C:\Arquivos de programas\Photo!
O43 - CFD: 10/06/2010 - 16:39:32 - [0] ----D C:\Arquivos de programas\Programas RFB
O43 - CFD: 13/07/2010 - 17:03:21 - [2,549] ----D C:\Arquivos de programas\REAP
O43 - CFD: 01/06/2009 - 10:28:50 - [0,001] ----D C:\Arquivos de programas\Servi�os on-line
O43 - CFD: 25/10/2011 - 11:53:09 - [0,029] ----D C:\Arquivos de programas\Sistema Simplificado de Caixa
O43 - CFD: 01/06/2009 - 11:58:34 - [7,363] ----D C:\Arquivos de programas\XP Codec Pack
O43 - CFD: 01/06/2009 - 10:28:08 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Servi�os
O43 - CFD: 03/08/2009 - 11:23:03 - [0] ----D C:\Documents and Settings\Wesclei\Dados de aplicativos\SView5
O43 - CFD: 24/09/2012 - 23:27:10 - [1,561] ----D C:\Documents and Settings\Wesclei\Dados de aplicativos\WESCLEI
O43 - CFD: 11/07/2012 - 11:02:34 - [0,023] ----D C:\Documents and Settings\Wesclei\Configura��es locais\Dados de aplicativos\Ares
O43 - CFD: 20/02/2011 - 15:10:41 - [0,003] ----D C:\Documents and Settings\Wesclei\Configura��es locais\Dados de aplicativos\DCTiles
O43 - CFD: 29/06/2010 - 11:30:37 - [0,015] R---D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\Acess�rios
O43 - CFD: 09/06/2009 - 23:50:16 - [0,000] R---D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\Ferramentas administrativas
O43 - CFD: 01/06/2009 - 7:20:55 - [0,000] R---D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\Inicializar
O43 - CFD: 01/06/2009 - 11:58:34 - [0,013] ----D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\XP Codec Pack 2.4.6
~ Program Folder: 143 Legitimates Filtered in 00mn 17s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.CE0D2D3397D59FF6A059798A099A059E] - 22/04/2013 - 8:38:50 ---A- . (...) -- C:\WINDOWS\win.ini [1128]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\zip.exe [68096]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 22/04/2013 - 9:06:28 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.72D43BB3BEB66C96BF5DECBDD606DAB7] - 22/04/2013 - 9:08:15 ---A- . (...) -- C:\ComboFix.txt [11802]
O44 - LFC:[MD5.EAE88A9F315A85989D45D9E6A479A192] - 22/04/2013 - 11:13:11 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.DAD87D1C3A2ED78E490F30602AC8A84D] - 22/04/2013 - 11:13:08 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.8B95671505BA092526E6B4AC628832CC] - 22/04/2013 - 11:11:51 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [372426]
O44 - LFC:[MD5.BB8E23B9C112A79F759681703D021C81] - 11/04/2013 - 23:51:47 ---A- . (...) -- C:\WINDOWS\wmsetup.log [49593]
~ Files: 25 Legitimates Filtered in 00mn 58s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{29f860d6-1f41-11e0-b61d-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{29f860d9-1f41-11e0-b61d-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{30aa3a0c-75ff-11e0-b6f0-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{330e1370-ba64-11de-b52b-0090f5767d9b}\AutoRun\command. (...) -- E:\XnrPLT.exe (.not file.)
O51 - MPSK:{3f52a962-68ba-11de-b475-00224359083d}\AutoRun\command - Orphean Key
O51 - MPSK:{3fc3080e-7aaa-11de-b491-00224359083d}\AutoRun\command - Orphean Key
O51 - MPSK:{4a74d131-249d-11e0-b626-0090f5767d9b}\AutoRun\command. (...) -- E:\thbpr.exe (.not file.)
O51 - MPSK:{60d7a538-8f66-11de-b4c3-0090f5767d9b}\AutoRun\command. (...) -- E:\RECYCLERS32\autorun.exe (.not file.)
O51 - MPSK:{7836a2da-1508-11e1-b840-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{850f619e-51bb-11e1-b87d-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{8ac0cc34-5ecd-11e0-b6ab-00224359083d}\AutoRun\command. (...) -- E:\xcksh.exe (.not file.)
O51 - MPSK:{918e40eb-883e-11de-b4b3-00224359083d}\AutoRun\command - Orphean Key
O51 - MPSK:{9afeb23a-532c-11e1-b87e-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{9afeb23b-532c-11e1-b87e-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{acebe882-9703-11de-b4e1-00224359083d}\AutoRun\command. (...) -- F:\ayvzxy.exe (.not file.)
O51 - MPSK:{b6623e24-bc8f-11e1-b8cf-00224359083d}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
O51 - MPSK:{d197fb7d-bf64-11df-b5d1-00224359083d}\AutoRun\command. (...) -- E:\Windows\Install.exe (.not file.)
O51 - MPSK:{e5d94517-678f-11e1-b893-00224359083d}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
O51 - MPSK:{e5d94518-678f-11e1-b893-00224359083d}\AutoRun\command. (...) -- E:\application\Nokia_Internet_Modem.exe (.not file.)
O51 - MPSK:{e872f3c4-a96d-11df-b5b8-00224359083d}\AutoRun\command. (...) -- C:\WINDOWS\system32\svchosts.exe (.not file.)
O51 - MPSK:{f3dcd824-8e4d-11de-b4c0-00224359083d}\AutoRun\command. (...) -- F:\RECYCLER32\dmgr.exe (.not file.)
O51 - MPSK:{f694ab38-8ae6-11e1-b8b0-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.ffds"="ffdshow.ax" . (.Unknown owner - DirectShow and VFW video and audio decoding/encoding/processing filter.) -- C:\WINDOWS\system32\ffdshow.ax
~ TDSD: 16 Legitimates Filtered in 00mn 00s
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BisonHK [Key] . (.mychat - BisonHK.) -- C:\WINDOWS\BisonCam\BisonHK.exe
O53 - SMSR:HKLM\...\startupreg\SiSPower [Key] . (.Silicon Integrated Systems Corporation - Dynamic link library for setting Power Sche.) -- C:\WINDOWS\system32\SiSPower.dll
O53 - SMSR:HKLM\...\startupreg\SMSERIAL [Key] . (.Motorola Inc. - Application executable file.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll
~ MSCP: 6 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.BDECE634F62B3656DE73D51CA8EA32A9] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\WINDOWS\system32\Drivers\360FileOem.sys [146304]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
~ Drivers: Scanned in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 31/05/2012 - C:\WINDOWS\system32\drivers\360FileOem.sys (360FileOem) .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
O64 - Services: CurCS - 31/05/2012 - C:\WINDOWS\system32\drivers\360HookOEM.sys (360HookOem) .(.360???? - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 29/08/2012 - C:\WINDOWS\system32\drivers\360SpOEM.sys (360SpOEM) .(.360???? - 360???? - SelfProtection.) - LEGACY_360SPOEM
~ Legacy: 152 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
~ FASS Keys: 17 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.C894B3D3F6E80BBD259A0DC692EC9C4C] [SPRF][22/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Wesclei\Desktop\ZHPDiag2.exe [5594898]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]
[MD5.7F1D4C0EB23C942BCEFCDBAB1B75471C] [SPRF][05/03/2005] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\WINDOWS\Downloaded Program Files\IDropENU.dll [113784]
[MD5.7BBA5B65F6645D9FD314DDB8D3953A95] [SPRF][19/09/2003] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [299008]
~ Files: Scanned in 00mn 00s
---\\ Additionnal Scan (O88)
Database Version : v2.11631 - (21/04/2013)
Cl�s trouv�es (Keys found) : 15
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}] =>Adware.AdRotator
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent] =>Adware.IMBooster
[HKCU\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}] =>Adware.SearchYa
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}] =>Adware.SearchYa
[HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
~ Additionnel Scan: 149987 Items scanned in 00mn 13s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "9EC6D81181F59F2459A84176A626F9ED" . (.Iminent.) -- C:\WINDOWS\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}\imbooster.ico =>Adware.IMBooster
~ Update Products: 83 Legitimates Filtered in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 27/02/2013 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 05/07/2012 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
SR - | Auto 05/07/2012 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 26/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 26/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 13/04/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 13/04/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 25/07/2009 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
SS - | Demand 26/06/2012 129976 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 19/05/2009 240512 | (SeaPort) . (.Microsoft Corporation.) - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
~ Services: Scanned in 00mn 00s
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Wesclei at 22/04/2013 14:30:54
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE120] >> \Device\Harddisk0\DR0[0x8A688AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Wesclei at 22/04/2013 14:30:56
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 930 Legitimates filtered by white list
End of the scan (565 lines in 02mn 03s)(0)
Run by Wesclei at 22/04/2013 14:28:53
State : Your version is update.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 12.0
GCIE: Google Chrome v26.0.1410.64 (Defaut)
---\\ Windows Product Information
~ Langage: Anglais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ System Protection
Avira Free Antivirus v12.1.9.1236
Malwarebytes Anti-Malware vers�o 1.75.0.1300
---\\ System Optimizer
---\\ Software Update
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1 - Portugu�s
---\\ System Information
~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1981 MB (73% free)
System Restore: Activ� (Enable)
System drive C: has 129 GB (86%) free of 149 GB
---\\ Logged in mode
~ Computer Name: WESCLEI
~ User Name: Wesclei
~ All Users Names: Wesclei, SUPPORT_388945a0, IWAM_WESCLEI, IUSR_WESCLEI, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: O45,O61,O62,O65,O82
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Wesclei\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Wesclei\Desktop\
~ %Favorites% : C:\Documents and Settings\Wesclei\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Wesclei\Configura��es locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Wesclei\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 129 Go of 149 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: Scanned in 00mn 00s
---\\ Search Generic System Files
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/04/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.A4A0FC92358F39538A6494C42EF99FE9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/08/2007 - 18:54:10.) -- C:\WINDOWS\system32\wininet.dll [818688]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/04/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.7E775010EF291DA96AD17CA4B17137D7] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/08/2008 - 7:04:36.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 9:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/04/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.60AE98742484E7AB80C3C1450E708148] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.24/10/2008 - 8:21:09.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [455296]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/04/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de c�pia de sombra de volume.) (.13/04/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/6
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 9/253
~ Mon Bureau (My Desktop) : 0/29
~ Menu demarrer (Programs) : 1/44
~ Hidden Files: Scanned in 00mn 00s
---\\ Running Processes
[MD5.0A1CC583E8147004E4AD4625D7FBF88C] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [86224] [PID.1796]
[MD5.C9A36EF935ACED86AEDF93E97E606911] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [110032] [PID.1892]
[MD5.12F51445C5847C77F87C9A6538EEB38F] - (.Microsoft Corporation - Internet Information Services.) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872] [PID.184]
[MD5.112325F53AB720CA77825726D427FBDC] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376] [PID.212]
[MD5.748D107C3D000529A03C21E182442CFA] - (.Microsoft Corporation - TCP/IP Services Application.) -- C:\WINDOWS\system32\tcpsvcs.exe [19456] [PID.580]
[MD5.AC10E67A172D2F64340CEFCDFF80FDFA] - (.Microsoft Corporation - Servi�o SNMP.) -- C:\WINDOWS\System32\snmp.exe [33280] [PID.612]
[MD5.52233C5D1890811C552068015AFE27DF] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe [80336] [PID.2836]
[MD5.F4202F68BB3B9A08822238D9017EC638] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [348664] [PID.3548]
[MD5.39AF1CDEAFA4FC9D5185FBD9F4D141C4] - (.Octoshape ApS - Main program for Octoshape client.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800] [PID.3608]
[MD5.80557066058569BC5D55856592E20985] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.3376]
[MD5.2D9A1A43307EC9BB267BE9F90B4AF0D5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [6936576] [PID.1416]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3160]
[MD5.C58E0367F951DACF32D801CF5F900EC5] - (.Microsoft Corporation - MS DTC console program.) -- C:\WINDOWS\system32\msdtc.exe [6144] [PID.3660]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [Wesclei] -- C:\Arquivos de programas\Mozilla FireFox\searchplugins\yahoo-br.xml
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\npdeploytk.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 2.0.0048.0.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\npOGAPlugin.dll
P2 - FPN: [HKCU] [@octoshape.com/Octoshape Streaming Services,version=1.0] - (.Octoshape ApS - Octoshape embedded video plugin.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Octoshape ApS - Octoshape embedded video plugin.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1
---\\ Browser Helper Objects (O2)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - hpswp_printenhancer dll.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} . (.Hewlett-Packard Co. - Leo (Framework) - add-on for Internet Explo.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: &Windows Live Toolbar - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (.not file.)
O4 - HKCU\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKUS\S-1-5-21-2000478354-1532298954-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2000478354-1532298954-682003330-1003\..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (.not file.)
O4 - HKUS\S-1-5-21-2000478354-1532298954-682003330-1003\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Documents and Settings\Wesclei\Dados de aplicativos\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
~ Application: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop: Adobe Reader 6.0.lnk . (.Adobe Systems Incorporated - Adobe Reader 6.0.) -- C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
O4 - GS\Desktop: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop: Avira Control Center.lnk . (.Avira Operations GmbH & Co. KG - Avira Control Center.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avcenter.exe
O4 - GS\Desktop: BisonCam.lnk . (...) -- C:\WINDOWS\BisonCam\BisonCap.exe
O4 - GS\Desktop: Central de Solu��es HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqdirec.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Arquivos de programas\ZHPDiag\mbrcheck.exe
O4 - GS\Desktop: Nero Express.lnk . (.Nero AG - Nero Burning ROM.) -- C:\Arquivos de programas\Nero\Nero Burning ROM\nero.exe
O4 - GS\Desktop: PDFZilla.lnk . (.PDFZilla, Inc. - Convert PDF files to Word, Txt, HTML, Image.) -- C:\PDFZilla\PDFZilla.exe
O4 - GS\Desktop: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Arquivos de programas\Google\Picasa3\Picasa3.exe
O4 - GS\Desktop: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Arquivos de programas\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPhep.exe
O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Arquivos de programas\ZHPDiag\ZHPFix\ZHPhep.exe
O4 - GS\Desktop: Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sele��o HP Smart - {700259D7-1666-479a-93B1-3250410481E8} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphean Key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de servi�os do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de servi�os do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll
~ Winsock: 5 Legitimates Filtered in 00mn 00s
---\\ 'Reset Web Settings' hijack (O14)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Param�tres WEB: Scanned in 00mn 00s
---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.sofc2012
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpDomain = funpec.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpDomain = funpec.br
O17 - HKLM\System\CS3\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{166B1595-EC5C-4BF4-B4B0-3D695122B97D}: DhcpDomain = funpec.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notifica��o do servi�o de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notifica��es do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Pasta e monitor da bandeja UPNP.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s
---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Pr�-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usu�rio do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pr�-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usu�rio do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: Minha p�gina inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Wesclei\Configura��es locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Wesclei\Configura��es locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Drivers launched at startup (O41)
O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\WINDOWS\system32\drivers\360FileOem.sys
O41 - Driver: (360SpOEM) . (.360???? - 360???? - SelfProtection.) - C:\WINDOWS\system32\drivers\360SpOEM.sys
~ Drivers: 81 Legitimates Filtered in 00mn 02s
---\\ Software installed (O42)
O42 - Logiciel: HotKey_Driver - (...) [HKLM] -- {63F8286A-601D-4B06-BB21-DB863AF17BFA}
O42 - Logiciel: PDFZilla V1.0.7 - (.PDFZilla, Inc..) [HKLM] -- PDFZilla_is1
O42 - Logiciel: Update_DealPly - (...) [HKCU] -- DealPly =>PUP.DealPly
O42 - Logiciel: XP Codec Pack - (...) [HKLM] -- XP Codec Pack
~ Logic: 134 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\GbAs]
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\PIP]
[HKCU\Software\XP Codec Pack]
[HKCU\Software\searchya.com] =>Adware.SearchYa
[HKLM\Software\360Safe]
[HKLM\Software\Absolutist]
[HKLM\Software\HotKey_Disp]
[HKLM\Software\PSafe]
[HKLM\Software\Programas RFB]
[HKLM\Software\Trymedia Systems] =>Adware.Trymedia
[HKLM\Software\Ushustech]
[HKLM\Software\margasoft]
~ Key Software: 202 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 22/06/2012 - 14:07:22 - [10,253] ----D C:\Arquivos de programas\Claro 3G
O43 - CFD: 14/10/2009 - 12:03:28 - [0,000] ----D C:\Arquivos de programas\CNPJ2003
O43 - CFD: 01/06/2009 - 11:07:46 - [3,520] ----D C:\Arquivos de programas\HotKey_Driver
O43 - CFD: 22/06/2012 - 14:07:19 - [3,007] ----D C:\Arquivos de programas\InstallAffixationInfo
O43 - CFD: 01/03/2013 - 0:57:54 - [0,001] ----D C:\Arquivos de programas\Photo!
O43 - CFD: 10/06/2010 - 16:39:32 - [0] ----D C:\Arquivos de programas\Programas RFB
O43 - CFD: 13/07/2010 - 17:03:21 - [2,549] ----D C:\Arquivos de programas\REAP
O43 - CFD: 01/06/2009 - 10:28:50 - [0,001] ----D C:\Arquivos de programas\Servi�os on-line
O43 - CFD: 25/10/2011 - 11:53:09 - [0,029] ----D C:\Arquivos de programas\Sistema Simplificado de Caixa
O43 - CFD: 01/06/2009 - 11:58:34 - [7,363] ----D C:\Arquivos de programas\XP Codec Pack
O43 - CFD: 01/06/2009 - 10:28:08 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Servi�os
O43 - CFD: 03/08/2009 - 11:23:03 - [0] ----D C:\Documents and Settings\Wesclei\Dados de aplicativos\SView5
O43 - CFD: 24/09/2012 - 23:27:10 - [1,561] ----D C:\Documents and Settings\Wesclei\Dados de aplicativos\WESCLEI
O43 - CFD: 11/07/2012 - 11:02:34 - [0,023] ----D C:\Documents and Settings\Wesclei\Configura��es locais\Dados de aplicativos\Ares
O43 - CFD: 20/02/2011 - 15:10:41 - [0,003] ----D C:\Documents and Settings\Wesclei\Configura��es locais\Dados de aplicativos\DCTiles
O43 - CFD: 29/06/2010 - 11:30:37 - [0,015] R---D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\Acess�rios
O43 - CFD: 09/06/2009 - 23:50:16 - [0,000] R---D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\Ferramentas administrativas
O43 - CFD: 01/06/2009 - 7:20:55 - [0,000] R---D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\Inicializar
O43 - CFD: 01/06/2009 - 11:58:34 - [0,013] ----D C:\Documents and Settings\Wesclei\Menu Iniciar\Programas\XP Codec Pack 2.4.6
~ Program Folder: 143 Legitimates Filtered in 00mn 17s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.CE0D2D3397D59FF6A059798A099A059E] - 22/04/2013 - 8:38:50 ---A- . (...) -- C:\WINDOWS\win.ini [1128]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 22/04/2013 - 8:56:56 ---A- . (...) -- C:\WINDOWS\zip.exe [68096]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 22/04/2013 - 9:06:28 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.72D43BB3BEB66C96BF5DECBDD606DAB7] - 22/04/2013 - 9:08:15 ---A- . (...) -- C:\ComboFix.txt [11802]
O44 - LFC:[MD5.EAE88A9F315A85989D45D9E6A479A192] - 22/04/2013 - 11:13:11 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.DAD87D1C3A2ED78E490F30602AC8A84D] - 22/04/2013 - 11:13:08 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.8B95671505BA092526E6B4AC628832CC] - 22/04/2013 - 11:11:51 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [372426]
O44 - LFC:[MD5.BB8E23B9C112A79F759681703D021C81] - 11/04/2013 - 23:51:47 ---A- . (...) -- C:\WINDOWS\wmsetup.log [49593]
~ Files: 25 Legitimates Filtered in 00mn 58s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{29f860d6-1f41-11e0-b61d-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{29f860d9-1f41-11e0-b61d-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{30aa3a0c-75ff-11e0-b6f0-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{330e1370-ba64-11de-b52b-0090f5767d9b}\AutoRun\command. (...) -- E:\XnrPLT.exe (.not file.)
O51 - MPSK:{3f52a962-68ba-11de-b475-00224359083d}\AutoRun\command - Orphean Key
O51 - MPSK:{3fc3080e-7aaa-11de-b491-00224359083d}\AutoRun\command - Orphean Key
O51 - MPSK:{4a74d131-249d-11e0-b626-0090f5767d9b}\AutoRun\command. (...) -- E:\thbpr.exe (.not file.)
O51 - MPSK:{60d7a538-8f66-11de-b4c3-0090f5767d9b}\AutoRun\command. (...) -- E:\RECYCLERS32\autorun.exe (.not file.)
O51 - MPSK:{7836a2da-1508-11e1-b840-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{850f619e-51bb-11e1-b87d-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{8ac0cc34-5ecd-11e0-b6ab-00224359083d}\AutoRun\command. (...) -- E:\xcksh.exe (.not file.)
O51 - MPSK:{918e40eb-883e-11de-b4b3-00224359083d}\AutoRun\command - Orphean Key
O51 - MPSK:{9afeb23a-532c-11e1-b87e-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{9afeb23b-532c-11e1-b87e-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{acebe882-9703-11de-b4e1-00224359083d}\AutoRun\command. (...) -- F:\ayvzxy.exe (.not file.)
O51 - MPSK:{b6623e24-bc8f-11e1-b8cf-00224359083d}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
O51 - MPSK:{d197fb7d-bf64-11df-b5d1-00224359083d}\AutoRun\command. (...) -- E:\Windows\Install.exe (.not file.)
O51 - MPSK:{e5d94517-678f-11e1-b893-00224359083d}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
O51 - MPSK:{e5d94518-678f-11e1-b893-00224359083d}\AutoRun\command. (...) -- E:\application\Nokia_Internet_Modem.exe (.not file.)
O51 - MPSK:{e872f3c4-a96d-11df-b5b8-00224359083d}\AutoRun\command. (...) -- C:\WINDOWS\system32\svchosts.exe (.not file.)
O51 - MPSK:{f3dcd824-8e4d-11de-b4c0-00224359083d}\AutoRun\command. (...) -- F:\RECYCLER32\dmgr.exe (.not file.)
O51 - MPSK:{f694ab38-8ae6-11e1-b8b0-00224359083d}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.ffds"="ffdshow.ax" . (.Unknown owner - DirectShow and VFW video and audio decoding/encoding/processing filter.) -- C:\WINDOWS\system32\ffdshow.ax
~ TDSD: 16 Legitimates Filtered in 00mn 00s
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BisonHK [Key] . (.mychat - BisonHK.) -- C:\WINDOWS\BisonCam\BisonHK.exe
O53 - SMSR:HKLM\...\startupreg\SiSPower [Key] . (.Silicon Integrated Systems Corporation - Dynamic link library for setting Power Sche.) -- C:\WINDOWS\system32\SiSPower.dll
O53 - SMSR:HKLM\...\startupreg\SMSERIAL [Key] . (.Motorola Inc. - Application executable file.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll
~ MSCP: 6 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.BDECE634F62B3656DE73D51CA8EA32A9] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\WINDOWS\system32\Drivers\360FileOem.sys [146304]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
~ Drivers: Scanned in 00mn 00s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 31/05/2012 - C:\WINDOWS\system32\drivers\360FileOem.sys (360FileOem) .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
O64 - Services: CurCS - 31/05/2012 - C:\WINDOWS\system32\drivers\360HookOEM.sys (360HookOem) .(.360???? - 360HookOem.) - LEGACY_360HOOKOEM
O64 - Services: CurCS - 29/08/2012 - C:\WINDOWS\system32\drivers\360SpOEM.sys (360SpOEM) .(.360???? - 360???? - SelfProtection.) - LEGACY_360SPOEM
~ Legacy: 152 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
O67 - Shell Spawning: <.html>
O67 - Shell Spawning: <.html>
~ FASS Keys: 17 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.C894B3D3F6E80BBD259A0DC692EC9C4C] [SPRF][22/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Wesclei\Desktop\ZHPDiag2.exe [5594898]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]
[MD5.7F1D4C0EB23C942BCEFCDBAB1B75471C] [SPRF][05/03/2005] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\WINDOWS\Downloaded Program Files\IDropENU.dll [113784]
[MD5.7BBA5B65F6645D9FD314DDB8D3953A95] [SPRF][19/09/2003] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [299008]
~ Files: Scanned in 00mn 00s
---\\ Additionnal Scan (O88)
Database Version : v2.11631 - (21/04/2013)
Cl�s trouv�es (Keys found) : 15
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}] =>Adware.AdRotator
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent] =>Adware.IMBooster
[HKCU\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}] =>Adware.SearchYa
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}] =>Adware.SearchYa
[HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
~ Additionnel Scan: 149987 Items scanned in 00mn 13s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "9EC6D81181F59F2459A84176A626F9ED" . (.Iminent.) -- C:\WINDOWS\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}\imbooster.ico =>Adware.IMBooster
~ Update Products: 83 Legitimates Filtered in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 27/02/2013 250808 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 05/07/2012 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
SR - | Auto 05/07/2012 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 26/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 26/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 13/04/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 13/04/2008 14336 | C:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 25/07/2009 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
SS - | Demand 26/06/2012 129976 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 19/05/2009 240512 | (SeaPort) . (.Microsoft Corporation.) - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
~ Services: Scanned in 00mn 00s
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Wesclei at 22/04/2013 14:30:54
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE120] >> \Device\Harddisk0\DR0[0x8A688AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Wesclei at 22/04/2013 14:30:56
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 930 Legitimates filtered by white list
End of the scan (565 lines in 02mn 03s)(0)