thiagodiniz

Member
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About thiagodiniz

  • Rank
    New Member
  1. Hi, this ComboFix tool helped me a lot, i think the worst virus has been deleted, because when i turn on my pc, the "advanced virus remover (virus)" dont keep showing messages, i can now open my musics and a lot of programs i couldn't. Here are the new logs: ComboFix 09-10-01.05 - Administrador 03/10/2009 16:17:25.5.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.665 [GMT -3:00] Executando de: C:\Documents and Settings\Administrador\Desktop\VIRUS\ComboFix.exe . [i] ADS - drivers: deleted 204 bytes in 1 streams. [/i] (((((((((((((((( Arquivos/Ficheiros criados de 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))) . 2009-10-03 17:31:55 . 2009-10-03 19:17:28 6736 ----a-w- C:\WINDOWS\system32\drivers\PROCEXP90.SYS 2009-10-03 12:38:09 . 2008-10-16 17:06:48 268648 ----a-w- C:\WINDOWS\system32\mucltui.dll 2009-10-03 12:38:09 . 2008-10-16 17:06:48 208744 ----a-w- C:\WINDOWS\system32\muweb.dll 2009-10-02 22:16:29 . 2005-01-14 05:41:48 11254 ----a-w- C:\WINDOWS\system32\locate.com 2009-10-02 20:30:54 . 2009-10-03 14:05:26 0 d-----w- C:\WINDOWS\system32\CatRoot_bak 2009-10-02 20:29:54 . 2009-10-02 20:29:55 0 d-----w- C:\ISeeYouXP 2009-10-02 20:29:42 . 2009-10-02 20:29:42 0 d-----w- C:\Arquivos de programas\ExplorerXP 2009-10-02 20:25:11 . 2009-10-02 22:13:06 0 d-----w- C:\Arquivos de programas\a-squared Free 2009-10-02 20:14:07 . 2009-10-02 20:36:43 0 d-----w- C:\Arquivos de programas\a-squared HiJackFree 2009-10-02 01:15:02 . 2008-03-21 16:38:42 91328 ----a-w- C:\WINDOWS\system32\drivers\msfwdrv.sys 2009-10-02 01:15:01 . 2008-03-21 16:38:44 116416 ----a-w- C:\WINDOWS\system32\drivers\msfwhlpr.sys 2009-10-02 01:14:11 . 2009-10-02 01:15:02 0 dc----w- C:\WINDOWS\system32\DRVSTORE 2009-10-02 01:14:11 . 2008-05-15 19:15:16 53168 ----a-w- C:\WINDOWS\system32\drivers\MpFilter.sys 2009-10-02 01:13:43 . 2009-10-02 01:13:43 0 d-----w- C:\WINDOWS\system32\bits 2009-10-02 01:13:31 . 2007-05-24 13:23:16 8192 ------w- C:\WINDOWS\system32\dllcache\bitsprx2.dll 2009-10-02 01:13:31 . 2007-05-24 13:23:16 7168 ------w- C:\WINDOWS\system32\dllcache\bitsprx4.dll 2009-10-02 01:13:31 . 2007-05-24 13:23:16 7168 ------w- C:\WINDOWS\system32\dllcache\bitsprx3.dll 2009-10-02 01:13:31 . 2007-05-24 13:23:16 7168 ------w- C:\WINDOWS\system32\bitsprx4.dll 2009-10-02 01:13:31 . 2007-05-24 13:23:16 408064 ------w- C:\WINDOWS\system32\dllcache\qmgr.dll 2009-10-02 01:13:31 . 2007-05-24 13:23:16 18944 ------w- C:\WINDOWS\system32\dllcache\qmgrprxy.dll 2009-10-02 01:01:03 . 2009-10-03 12:41:15 0 d-----w- C:\Arquivos de programas\Microsoft Windows OneCare Live 2009-10-01 23:59:38 . 2009-10-02 16:48:57 0 d-----w- C:\Arquivos de programas\Windows Live Safety Center 2009-10-01 22:50:52 . 2009-10-01 22:50:52 0 d--h--w- C:\WINDOWS\system32\GroupPolicy 2009-09-25 16:50:40 . 2009-09-25 16:53:18 0 d-----w- C:\Arquivos de programas\NCSoft 2009-09-25 16:50:17 . 2009-09-25 16:50:17 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield 2009-09-25 16:38:29 . 2009-09-25 16:50:34 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\GetRightToGo 2009-09-24 20:38:55 . 2009-09-26 17:47:19 0 d-----w- C:\Arquivos de programas\cspiratao 2009-09-23 20:40:30 . 2009-09-23 21:56:33 0 d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP 2009-09-22 20:49:19 . 2009-09-29 20:21:36 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\codeblocks 2009-09-22 20:48:52 . 2009-09-22 20:49:11 0 d-----w- C:\Arquivos de programas\CodeBlocks 2009-09-21 22:43:16 . 2009-09-22 20:07:03 0 d-----w- C:\GoogleAppEngine 2009-09-21 20:50:53 . 2009-09-21 20:51:50 0 d-----w- C:\Documents and Settings\Administrador\.idlerc 2009-09-20 15:14:56 . 2009-09-21 00:30:13 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files 2009-09-20 15:13:25 . 2009-09-20 15:13:25 0 d-----w- C:\Arquivos de programas\Pando Networks 2009-09-18 16:47:12 . 2005-01-01 09:43:08 4682 ----a-w- C:\WINDOWS\system32\npptNT2.sys 2009-09-16 20:49:45 . 2009-09-16 20:49:45 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite 2009-09-16 20:49:13 . 2009-09-16 20:49:29 0 d-----w- C:\Arquivos de programas\DAEMON Tools Lite 2009-09-16 20:28:35 . 2009-09-16 20:28:35 721904 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys 2009-09-16 20:28:29 . 2009-09-16 20:52:23 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools Lite 2009-09-16 20:24:59 . 2009-09-16 20:24:59 0 d--h--w- C:\WINDOWS\PIF 2009-09-16 16:08:26 . 2009-09-16 16:19:55 0 d-----w- C:\Arquivos de programas\SystemRequirementsLab 2009-09-16 16:08:21 . 2009-09-16 16:22:40 0 d-----w- C:\Documents and Settings\Administrador\SystemRequirementsLab 2009-09-15 21:44:51 . 2000-08-19 23:29:32 268048 ----a-w- C:\WINDOWS\system32\dxtmeta2.dll 2009-09-14 18:57:30 . 2009-09-20 16:30:34 0 d-----w- C:\Arquivos de programas\PokerStars 2009-09-14 17:04:17 . 2009-09-14 17:04:17 0 d-sh--w- C:\Documents and Settings\Administrador\IECompatCache 2009-09-11 12:58:55 . 2009-10-01 00:10:44 0 d-----w- C:\Arquivos de programas\Garena 2009-09-10 23:54:26 . 2009-09-12 18:12:59 94209 ----a-w- C:\WINDOWS\system32\Paint.exe 2009-09-10 23:09:10 . 2009-09-10 23:09:10 0 d-----w- C:\Arquivos de programas\LigasOnline 2009-09-05 12:21:25 . 2009-09-05 12:21:29 0 d-----w- C:\Arquivos de programas\VeryPDF PDF2Word v3.0 2009-09-05 11:45:18 . 2009-09-05 11:45:18 0 d-----w- C:\tmp 2009-09-05 11:45:18 . 2009-09-05 11:45:18 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\YCanPDF 2009-09-04 19:00:17 . 2009-09-04 19:00:17 0 d-----w- C:\Arquivos de programas\Gabest . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-03 17:46:05 . 2009-08-17 23:46:01 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Skype 2009-10-03 17:45:56 . 2009-07-06 16:45:13 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent 2009-10-03 17:45:05 . 2009-10-03 17:45:05 0 d-----w- C:\Arquivos de programas\microsoft frontpage 2009-10-03 12:35:57 . 2009-08-17 23:46:44 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM 2009-10-02 19:26:21 . 2009-08-04 16:12:32 0 d-----w- C:\Arquivos de programas\Java 2009-10-01 22:18:59 . 2009-08-08 14:12:56 0 d-----w- C:\Arquivos de programas\Steam 2009-09-29 17:55:59 . 2009-07-06 16:49:04 0 d-----w- C:\Arquivos de programas\Warcraft III 2009-09-26 23:42:33 . 2009-07-18 12:41:04 0 d-----w- C:\Arquivos de programas\Heroes of Newerth 2009-09-25 16:50:40 . 2009-07-06 16:24:59 0 d--h--w- C:\Arquivos de programas\InstallShield Installation Information 2009-09-24 20:19:42 . 2009-08-04 16:21:52 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2009-09-24 20:19:36 . 2009-08-04 16:21:52 0 d-----w- C:\Arquivos de programas\GbPlugin 2009-09-20 16:30:34 . 2009-08-31 20:02:28 0 d-----w- C:\Arquivos de programas\Real Alternative 2009-09-17 19:33:52 . 2009-08-04 16:22:03 30344 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys 2009-09-11 00:12:27 . 2009-07-13 19:53:36 4096 ----a-w- C:\WINDOWS\system32\detoured.dll 2009-09-10 13:48:01 . 2009-09-10 13:47:57 0 d-----w- C:\Arquivos de programas\Free Audio Pack 2009-09-06 11:03:02 . 2009-08-06 22:53:14 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\teamspeak2 2009-09-04 18:51:32 . 2009-07-06 18:58:37 0 d-----w- C:\Arquivos de programas\K-Lite Codec Pack 2009-08-31 20:03:41 . 2009-08-31 20:03:07 0 d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic 2009-08-17 23:46:44 . 2009-08-17 23:46:44 56 ---ha-w- C:\WINDOWS\system32\ezsidmv.dat 2009-08-17 23:45:49 . 2009-08-17 23:43:58 0 d-----r- C:\Arquivos de programas\Skype 2009-08-17 23:44:01 . 2009-08-17 23:44:01 0 d-----w- C:\Arquivos de programas\Arquivos comuns\Skype 2009-08-17 23:43:57 . 2009-08-17 23:43:54 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Skype 2009-08-09 22:53:09 . 2009-08-09 22:53:09 0 d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA 2009-08-06 22:53:14 . 2009-07-28 16:59:25 0 d-----w- C:\Arquivos de programas\Teamspeak2_RC2 2009-08-06 15:43:33 . 2009-08-06 15:43:28 0 d-----w- C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft 2009-08-06 15:43:28 . 2009-08-06 15:43:28 0 d-----w- C:\Arquivos de programas\DVDVideoSoft 2009-07-31 18:23:10 . 2009-08-04 16:12:46 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll 2009-07-30 14:50:39 . 2001-10-28 14:07:18 73440 ----a-w- C:\WINDOWS\system32\perfc016.dat 2009-07-30 14:50:39 . 2001-10-28 14:07:18 457508 ----a-w- C:\WINDOWS\system32\perfh016.dat 2009-07-29 06:35:54 . 2009-09-04 18:50:56 2378752 ----a-w- C:\WINDOWS\system32\x264vfw.dll 2009-07-14 00:15:52 . 2009-09-04 18:50:55 90112 ----a-w- C:\WINDOWS\system32\dpl100.dll 2009-07-14 00:15:48 . 2003-04-30 19:34:46 685056 ----a-w- C:\WINDOWS\system32\divx.dll 2009-07-06 19:42:21 . 2009-07-06 16:56:52 86157 ----a-w- C:\WINDOWS\War3Unin.dat 2009-07-06 19:39:09 . 2009-07-06 16:56:52 2829 ----a-w- C:\WINDOWS\War3Unin.pif 2009-07-06 19:39:09 . 2009-07-06 16:56:52 139264 ----a-w- C:\WINDOWS\War3Unin.exe 2009-07-06 16:39:43 . 2009-07-06 16:39:43 0 ----a-w- C:\WINDOWS\nsreg.dat 2009-07-06 16:02:22 . 2009-07-06 16:02:22 21844 ----a-w- C:\WINDOWS\system32\emptyregdb.dat . ------- Sigcheck ------- [-] 2008-06-20 11:59:02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3qfe\tcpip.sys [-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys [-] 2008-06-20 10:45:13 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] . . C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp2gdr\tcpip.sys [-] 2008-06-20 10:44:42 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] . . C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp2qfe\tcpip.sys [-] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys [-] 2007-03-11 13:18:31 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\drivers\tcpip.sys [-] 2008-04-14 02:21:24 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\wscntfy.exe [-] 2008-04-14 02:20:40 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll [-] 2007-03-11 02:21:13 . B23D1FC94C037AE5F0E05A78B52596A4 . 1548288 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\sfcfiles.dll C:\WINDOWS\system32\wscntfy.exe ... está faltando !! . ((((((((((((((((((((((((((((( [email protected]_17.38.56 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-03 19:17:54 . 2009-10-03 19:17:54 16384 C:\WINDOWS\Temp\Perflib_Perfdata_798.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2009-07-06 16:45:40 288048] "Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2009-07-16 16:20:16 25604904] "DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2009-04-23 13:51:38 691656] "NCsoft Launcher"="C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe" [2009-09-25 16:51:23 38184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11:06 925696] "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 20:10:28 35696] "mspaint"="C:\WINDOWS\system32\paint.exe" [2009-09-12 18:12:59 94209] "OneCareUI"="C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 15:15:38 65240] "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-31 18:23:21 149280] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-25 06:31:10 7618560] "nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2006-07-25 06:31:16 1519616] "NvMediaCenter"="NvMCTray.dll" - C:\WINDOWS\system32\nvmctray.dll [2006-07-25 06:31:12 86016] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" - C:\WINDOWS\system32\HdAShCut.exe [2004-10-27 18:21:30 61952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GbPluginBb"="C:\ARQUIV~1\GBPLUGIN\gbieh.dll" [2009-09-17 19:32:38 313224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:45:32 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - C:\WINDOWS\system32\advpack.dll [2009-03-08 07:32:48 128512] C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\ My_AutoWarkey_Script.lnk - C:\Arquivos de programas\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-5-3 244736] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2009-09-17 19:32:38 313224 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Arquivos de programas\\Garena\\Garena.exe"= "C:\\Arquivos de programas\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"= "C:\\Arquivos de programas\\Steam\\steamapps\\ashtar_sheran\\counter-strike\\hl.exe"= "C:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"= "C:\\Arquivos de programas\\cspiratao\\hl.exe"= "C:\\Arquivos de programas\\cspiratao\\HLServer\\hlds.exe"= "C:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"= "C:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"= "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57943:TCP"= 57943:TCP:Pando Media Booster "57943:UDP"= 57943:UDP:Pando Media Booster R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [4/8/2009 13:22:03 30344] R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [4/8/2009 13:22:02 53640] R2 OcHealthMon;Windows Live OneCare Health Monitor;C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe [9/7/2009 12:15:32 26104] S3 GarenaPEngine;GarenaPEngine;\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\APED.tmp --> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\APED.tmp [?] S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service --> C:\WINDOWS\system32\GameMon.des -service [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Scan Suplementar ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://baixaki.com.br/ IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: com.br\www2.bancobrasil FF - ProfilePath - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mo0gflgs.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: keyword.URL - FF - component: C:\Arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mo0gflgs.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - plugin: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll ---- FIREFOX POLICIES ---- C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . a-squared Free - Versão 4.5 Última atualização 4/10/2009 09:21:30 Configurações da análise: Scan type: deep Objetos: Memória, Rastros, Cookies, C:\ Análise de arquivos: Ligado Heurística: Desligado Análise de ADS: Ligado Início da análise: 4/10/2009 10:08:23 C:\Documents and Settings\Administrador\Meus documentos\Downloads\Sony Vegas Pro 8.0c Build 260+Keygen[H33T]-MasterUploader\Keygen\Keygen.exe detectado: Riskware.MultiKeygenPatch!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001849.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001912.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001945.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0002948.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002960.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002967.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002995.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0004073.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004097.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004109.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004146.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004159.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004202.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP19\A0004302.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004310.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004314.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004343.exe detectado: MonitoringTool!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004418.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004427.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004464.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004474.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004503.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004525.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004726.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004775.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004778.exe detectado: MonitoringTool!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004866.exe detectado: BehavesLike!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004898.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004926.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004928.exe detectado: Trojan-Downloader.Win32.Banload!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004930.exe detectado: MonitoringTool!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0005018.exe detectado: BehavesLike!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP33\A0005225.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP57\A0008649.exe detectado: Trojan-Spy.Win32.PcGhost!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011022.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011038.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011054.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011068.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011297.exe detectado: Riskware.Client-IRC.Win32.mIRC!IK Analisado Arquivos: 98902 Objetos: 611780 Cookies: 4 Processos: 26 Encontrado Arquivos: 40 Objetos: 0 Cookies: 0 Processos: 0 Chaves do registro: 0 Fim da análise: 4/10/2009 11:20:55 Duração da análise: 1:12:32 ************************************************************************************ ISeeYouXP v2.0 Beta 14 ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan ------------------------------------------------------------------------------------ **** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! **** **** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. **** ************************************************************************************ Windows/Browser/Java Versions: Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Microsoft Windows XP Professional Version: 5.1.2600 Service Pack: 2.0 Windows Directory: C:\WINDOWS Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Internet Explorer Version: 8.0.6001.18702 Build: 86001 Language: Inglˆs (Estados Unidos) Path: C:\Arquivos de programas\Internet Explorer Sun Microsystems Java Runtime Version: 1.6.0_16 Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Boot State: Normal boot Scan done at 11:23:26,76, dom 04/10/2009 ------------------------------------------------------------------------------------ ISeeYouXP installation folder and files "C:\ISeeYouXP\" bootst~1.vbs 28 May 2007 359 "bootstate.vbs" change.log 8 Jun 2008 5012 "change.log" chodefix.bat 18 Apr 2007 5387 "chodefix.bat" fixchode.reg 18 Apr 2007 528 "fixChode.reg" fixexp~1.bat 24 Feb 2007 487 "FixExplorerPolicies.bat" getunk~1.bat 12 Aug 2006 1478 "GetUnKeys.bat" grep.exe 24 Dec 2004 160768 "grep.exe" hideit.bat 17 Oct 2007 1072 "HideIT.bat" ieinfo.vbs 28 May 2007 514 "ieinfo.vbs" iesecu~1.bat 28 Oct 2007 72 "IESecurityZones.bat" iesecu~1.vbs 8 Nov 2007 2399 "IESecurityZones.vbs" iseeyo~1.bat 8 Jun 2008 211377 "ISeeYouXP.bat" libico~1.dll 16 Mar 2004 898048 "libiconv2.dll" libintl3.dll 9 Oct 2004 101888 "libintl3.dll" locate.com 14 Jan 2005 11254 "locate.com" md5sum.exe 5 Aug 2007 49152 "md5sum.exe" msconf~1.bat 24 Feb 2007 578 "MSConfigFix.bat" osinfo.vbs 28 May 2007 598 "osinfo.vbs" pcbutts.txt 25 Mar 2007 5167 "PCBUTTS.TXT" pcre.dll 14 Nov 2004 183313 "pcre.dll" pv.exe 3 Mar 2006 73728 "pv.exe" regedi~1.bat 30 Mar 2007 650 "RegEditFix.bat" regfix.bat 18 Apr 2007 145 "Regfix.bat" servic~1.vbs 28 May 2007 672 "servicesinfo.vbs" showit.bat 17 Oct 2007 1013 "ShowIT.bat" swreg.exe 5 Apr 2007 139776 "swreg.exe" system~1.bat 28 Feb 2007 369 "SystemRestoreFix.bat" taskmg~1.bat 24 Feb 2007 288 "TaskMgrFix.bat" 28 items found: 28 files, 0 directories. Total of file sizes: 1.856.092 bytes 1,77 M ------------------------------------------------------------------------------------ System Environment Variables ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrador\Dados de aplicativos CLIENTNAME=Console CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns COMPUTERNAME=LITE ComSpec=C:\WINDOWS\system32\cmd.exe errcode=0 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrador LOGONSERVER=\\LITE NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0409 ProgramFiles=C:\Arquivos de programas PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp TMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp USERDOMAIN=LITE USERNAME=Administrador USERPROFILE=C:\Documents and Settings\Administrador windir=C:\WINDOWS ------------------------------------------------------------------------------------ Showing any Pocket Killbox backup files No matches found. ------------------------------------------------------------------------------------ Displaying BOOT.INI: [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect ------------------------------------------------------------------------------------ Displaying SYSTEM.INI: ; for 16-bit app support [drivers] wave=mmdrv.dll timer=timer.drv [mci] [driver32] [386enh] woafont=app850.FON EGA80WOA.FON=EGA80850.FON EGA40WOA.FON=EGA40850.FON CGA80WOA.FON=CGA80850.FON CGA40WOA.FON=CGA40850.FON ------------------------------------------------------------------------------------ Displaying WIN.INI: ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMC=1 CMCDLLNAME=mapi.dll CMCDLLNAME32=mapi32.dll MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 [MCI Extensions.BAK] aif=MPEGVideo aifc=MPEGVideo aiff=MPEGVideo asf=MPEGVideo asx=MPEGVideo au=MPEGVideo m1v=MPEGVideo m3u=MPEGVideo mp2=MPEGVideo mp2v=MPEGVideo mp3=MPEGVideo mpa=MPEGVideo mpe=MPEGVideo mpeg=MPEGVideo mpg=MPEGVideo mpv2=MPEGVideo snd=MPEGVideo wax=MPEGVideo wm=MPEGVideo wma=MPEGVideo wmv=MPEGVideo wmx=MPEGVideo wvx=MPEGVideo m2v=MPEGVideo mod=MPEGVideo wpl=MPEGVideo ------------------------------------------------------------------------------------ Displaying AUTOEXEC.BAT: ------------------------------------------------------------------------------------ Displaying CONFIG.SYS: ------------------------------------------------------------------------------------ Displaying Running Processes: PROCESS PID PRIO PATH smss.exe 580 Normal C:\WINDOWS\System32\smss.exe csrss.exe 632 Normal C:\WINDOWS\system32\csrss.exe winlogon.exe 672 High C:\WINDOWS\system32\winlogon.exe services.exe 716 Normal C:\WINDOWS\system32\services.exe lsass.exe 728 Normal C:\WINDOWS\system32\lsass.exe GbpSv.exe 896 Normal C:\ARQUIV~1\GbPlugin\GbpSv.exe svchost.exe 932 Normal C:\WINDOWS\system32\svchost.exe svchost.exe 996 Normal C:\WINDOWS\system32\svchost.exe MsMpEng.exe 1088 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe svchost.exe 1136 Normal C:\WINDOWS\System32\svchost.exe svchost.exe 1276 Normal C:\WINDOWS\system32\svchost.exe svchost.exe 1452 Normal C:\WINDOWS\system32\svchost.exe spoolsv.exe 1604 Normal C:\WINDOWS\system32\spoolsv.exe smax4pnp.exe 1848 Normal C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe winssnotify.exe 1924 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe jusched.exe 1932 Normal C:\Arquivos de programas\Java\jre6\bin\jusched.exe ctfmon.exe 464 Normal C:\WINDOWS\system32\ctfmon.exe a2service.exe 240 Normal C:\Arquivos de programas\a-squared Free\a2service.exe jqs.exe 336 Idle C:\Arquivos de programas\Java\jre6\bin\jqs.exe nvsvc32.exe 408 Normal C:\WINDOWS\system32\nvsvc32.exe OcHealthMon.exe 1332 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe msfwsvc.exe 1620 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe winss.exe 2340 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe alg.exe 2908 Normal C:\WINDOWS\System32\alg.exe explorer.exe 3108 Normal C:\WINDOWS\explorer.exe cmd.exe 3880 Normal C:\WINDOWS\system32\cmd.exe ntvdm.exe 444 Normal C:\WINDOWS\system32\ntvdm.exe wmiprvse.exe 532 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe pv.exe 3120 Normal C:\ISEEYO~1\pv.exe ------------------------------------------------------------------------------------ Displaying Windows Services: Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Name: a2free Display Name: a-squared Free Service Description: Scans the PC for unwanted software and provides protection from malicious code Path Name: "C:\Arquivos de programas\a-squared Free\a2service.exe" Start Mode: Auto State: Running Name: ALG Display Name: Servi‡o 'Gateway de camada de aplicativo' Description: Fornece suporte a plug-ins de protocolos de terceiros para o Compartilhamento de ConexÆo com a Internet e o Firewall do Windows. Path Name: C:\WINDOWS\System32\alg.exe Start Mode: Manual State: Running Name: AppMgmt Display Name: Gerenciamento de aplicativo Description: Fornece servi‡os de instala‡Æo de software como 'Atribuir', 'Publicar' e 'Remover'. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: aspnet_state Display Name: ASP.NET State Service Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Start Mode: Manual State: Stopped Name: AudioSrv Display Name: µudio do Windows Description: Gerencia dispositivos de udio para programas baseados em Windows. Se este servi‡o for interrompido, os dispositivos de udio e efeitos nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: BITS Display Name: Servi‡o de transferˆncia inteligente de plano de fundo Description: Transfere dados entre clientes e servidores em segundo plano. Se o BITS estiver desabilitado, recursos como o Windows Update nÆo funcionarÆo corretamente. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Browser Display Name: Localizador de computadores Description: Mant‚m uma lista atualizada de computadores na rede e fornece a computadores designados navegadores. Se este servi‡o for interrompido, esta lista nÆo ser atualizada ou mantida. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: CiSvc Display Name: CiSvc Description: Path Name: C:\WINDOWS\system32\cisvc.exe Start Mode: Manual State: Stopped Name: ClipSrv Display Name: µrea de armazenamento Description: Permite que o 'Visualizador da rea de armazenamento' armazene informa‡äes e compartilhe-as com computadores remotos. Se o servi‡o for parado, o 'Visualizador da rea de armazenamento' nÆo poder compartilhar informa‡äes com computadores remotos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\clipsrv.exe Start Mode: Manual State: Stopped Name: clr_optimization_v2.0.50727_32 Display Name: .NET Runtime Optimization Service v2.0.50727_X86 Description: Microsoft .NET Framework NGEN Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Start Mode: Manual State: Stopped Name: COMSysApp Display Name: Aplicativo de sistema COM+ Description: Gerencia a configura‡Æo e o controle dos componentes baseados no modelo de objeto componente (COM)+. Se o servi‡o parar, a maioria dos componentes baseados no COM+ nÆo funcionar adequadamente. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele falhar ao ser iniciado. Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Start Mode: Manual State: Stopped Name: CryptSvc Display Name: CryptSvc Description: Fornece trˆs servi‡os de gerenciamento: servi‡o de banco de dados de cat logo, que confirma as assinaturas dos arquivos do Windows; servi‡o de raiz protegida, que adiciona e remove certificados de autoridades de certifica‡Æo raiz deste computador, e o servi‡o de chave, que ajuda a registrar este computador para certificados. Se este servi‡o for interrompido, esses servi‡os de gerenciamento nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente deixarÆo de ser iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: DcomLaunch Display Name: Inicializador de Processo de Servidor DCOM Description: Fornece funcionalidade de inicializa‡Æo para servi‡os DCOM. Path Name: C:\WINDOWS\system32\svchost -k DcomLaunch Start Mode: Auto State: Running Name: Dhcp Display Name: Cliente DHCP Description: Gerencia a configura‡Æo de rede registrando e atualizando endere‡os IP e nomes DNS. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: dmadmin Display Name: Servi‡o administrativo do gerenciador de disco l¢gico Description: Configura volumes e unidades de disco r¡gido. O servi‡o ‚ executado apenas para processos de configura‡Æo e depois p ra. Path Name: C:\WINDOWS\System32\dmadmin.exe /com Start Mode: Manual State: Stopped Name: dmserver Display Name: Gerenciador de discos l¢gicos Description: Detecta e monitora novas unidades de disco r¡gido e envia as informa‡äes de volume de disco para o servi‡o administrativo de gerenciador de discos l¢gicos para configura‡Æo. Se este servi‡o for parado, o status de disco dinƒmico e as informa‡äes de configura‡Æo podem se tornar obsoletos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicittamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Dnscache Display Name: Cliente DNS Description: Resolve e armazena em cache nomes Domain Name System (DNS) para este computador. Se este servi‡o for parado, o computador nÆo poder resolver nomes DNS nem localizador controladores de dom¡nio do Active Directory. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k NetworkService Start Mode: Auto State: Running Name: ERSvc Display Name: Erro ao informar o servi‡o Description: Permite informar erros de servi‡os e aplicativos executados em ambientes nÆo padrÆo. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Eventlog Display Name: Log de eventos Description: Registra mensagens de eventos emitidas por Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Path Name: C:\WINDOWS\system32\services.exe Start Mode: Auto State: Running Name: EventSystem Display Name: Sistema de eventos COM+ Description: D suporte para o servi‡o de notifica‡Æo de eventos do sistema (SENS), o qual fornece distribui‡Æo autom tica dos eventos para inscrever componentes do modelo de objeto componente (COM). Se o servi‡o for interrompido, o SENS ser fechado e nÆo poder fornecer notifica‡äes de logon e logoff. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele ir falhar ao ser iniciado. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: FastUserSwitchingCompatibility Display Name: Compatibilidade com 'Troca r pida de usu rio' Description: Fornece gerenciamento de aplicativos que exigem assistˆncia em um ambiente de v rios usu rios. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: FontCache3.0.0.0 Display Name: Windows Presentation Foundation Font Cache 3.0.0.0 Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications. Path Name: c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe Start Mode: Manual State: Stopped Name: GbpSv Display Name: Gbp Service Description: Service for G-Buster Browser Defense Path Name: C:\ARQUIV~1\GbPlugin\GbpSv.exe Start Mode: Auto State: Running Name: helpsvc Display Name: Ajuda e suporte Description: Permite que o 'Centro de ajuda e suporte' seja executado neste computador. Se esse servi‡o for interrompido, o 'Centro de ajuda e suporte' nÆo estar dispon¡vel. Se esse servi‡o for desativado, haver falha na inicializa‡Æo de todos os servi‡os que dependem dele de forma expl¡cita. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: HidServ Display Name: HID Input Service Description: Permite acesso de entrada gen‚rica a dispositivos de interface humana (Human Interface Devices, HID), que ativam e mantˆm o uso de botäes ativados predefinidos em teclados, controles remotos e outros dispositivos de multim¡dia. Se este servi‡o for parado, os botäes ativados controlados pelo servi‡o deixarÆo de funcionar. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: HTTPFilter Display Name: HTTP SSL Description: Este servi‡o implementa o protocolo de transferˆncia segura de hipertexto (HTTPS) para o servi‡o HTTP, usando a camada de soquete seguro (SSL). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k HTTPFilter Start Mode: Manual State: Stopped Name: idsvc Display Name: Windows CardSpace Description: Securely enables the creation, management, and disclosure of digital identities. Path Name: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" Start Mode: Manual State: Stopped Name: JavaQuickStarterService Display Name: Java Quick Starter Description: Prefetches JRE files for faster startup of Java applets and applications Path Name: "C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf" Start Mode: Auto State: Running Name: lanmanserver Display Name: Servidor Description: Oferece suporte a compartilhamento na rede de arquivo, impressÆo e pipes nomeados para este computador. Se este servi‡o for interrompido, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: lanmanworkstation Display Name: Esta‡Æo de trabalho Description: Cria e mant‚m conexäes de rede de cliente com servidores remotos. Se este servi‡o for interrompido, essas conexäes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam nÆo serÆo inicializados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: LmHosts Display Name: Auxiliar NetBIOS TCP/IP Description: Ativa o suporte a NetBIOS atrav‚s do servi‡o TCP/IP (NetBT) e da resolu‡Æo de nomes NetBIOS. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: MSDTC Display Name: Coordenador de transa‡äes distribu¡das Description: Coordena transa‡äes que abrangem m£ltiplos gerenciadores de recursos, tais como bancos de dados, filas de mensagens e sistemas de arquivos. Se este servi‡o for interrompido, essas transa‡äes nÆo ocorrerÆo. Se este servi‡o for desativado, os servi‡os que dependem explicitamente dele falharÆo ao serem iniciados. Path Name: C:\WINDOWS\system32\msdtc.exe Start Mode: Manual State: Stopped Name: msfwsvc Display Name: OneCare Firewall Description: OneCare Firewall Path Name: "C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe" Start Mode: Auto State: Running Name: MSIServer Display Name: Windows Installer Description: Adiciona, modifica e remove aplicativos fornecidos como um pacote do Windows Installer (*.msi). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\msiexec.exe /V Start Mode: Manual State: Stopped Name: NetDDE Display Name: DDE de rede Description: Fornece transporte e seguran‡a de rede para Dynamic Data Exchange (DDE) para programas executados no mesmo computador ou em computadores diferentes. Se este servi‡o for parado, o transporte e seguran‡a DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\netdde.exe Start Mode: Disabled State: Stopped Name: NetDDEdsdm Display Name: DSDM de DDE de rede Description: Gerencia compartilhamentos de rede do tipo DDE (Dynamic Data Exchange). Se este servi‡o for parado, os compartilhamentos de rede DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\netdde.exe Start Mode: Disabled State: Stopped Name: Netlogon Display Name: Logon de rede Description: D suporte … autentica‡Æo de passagem de eventos de logon de contas para os computadores de um dom¡nio. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Manual State: Stopped Name: Netman Display Name: Conexäes de rede Description: Gerencia objetos da pasta de conexäes de rede e Dial-Up, na qual vocˆ pode exibir conexäes remotas e de rede local. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: NetTcpPortSharing Display Name: Net.Tcp Port Sharing Service Description: Provides ability to share TCP ports over the net.tcp protocol. Path Name: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" Start Mode: Disabled State: Stopped Name: Nla Display Name: Reconhecimento de local da rede (NLA) Description: Re£ne e armazena informa‡äes sobre configura‡äes e locais da rede, bem como notifica os aplicativos quando essas informa‡äes sÆo alteradas. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: npggsvc Display Name: nProtect GameGuard Service Description: nProtect GameGuard Service Path Name: C:\WINDOWS\system32\GameMon.des -service Start Mode: Manual State: Stopped Name: NtLmSsp Display Name: Fornecedor de suporte de seguran‡a NT LM Description: Fornece seguran‡a a programas de chamada de procedimento remoto (remote procedure call, RPC) que usam transportes que nÆo pipes nomeados. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Manual State: Stopped Name: NtmsSvc Display Name: Armazenamento remov¡vel Description: Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: NVSvc Display Name: NVIDIA Display Driver Service Description: Provides system and desktop level support to the NVIDIA display driver Path Name: C:\WINDOWS\system32\nvsvc32.exe Start Mode: Auto State: Running Name: OcHealthMon Display Name: Windows Live OneCare Health Monitor Description: Helps recover the Windows Live OneCare service and improve service health. This services provides a backup mechanism to the Windows Live OneCare service and will attempt to recover it, if it is detected to be stopped. Path Name: "C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe" Start Mode: Auto State: Running Name: OneCareMP Display Name: OneCare AntiSpyware and AntiVirus Description: Helps protect users from spyware and other potentially unwanted software Path Name: "C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe" Start Mode: Auto State: Running Name: PlugPlay Display Name: Plug and Play Description: Permite que um computador reconhe‡a e se adapte a altera‡äes de hardware com pouca ou nenhuma interven‡Æo do usu rio. Se este servi‡o for parado ou desativado, o sistema se tornar inst vel. Path Name: C:\WINDOWS\system32\services.exe Start Mode: Auto State: Running Name: PolicyAgent Display Name: Servi‡os IPSEC Description: Gerencia a diretiva de seguran‡a IP e inicia o ISAKMP/Oakley (IKE) e o driver de seguran‡a IP. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: ProtectedStorage Display Name: Armazenamento protegido Description: Fornece o armazenamento protegido para dados sens¡veis, como chaves privadas, para evitar o acesso de servi‡os, processos ou usu rios sem autoriza‡Æo. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: RasAuto Display Name: Gerenciador de conexÆo de acesso remoto autom tico Description: Cria uma conexÆo a uma rede remota sempre que um programa faz referˆncia a um nome ou endere‡o remoto DNS ou NetBios. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: RasMan Display Name: Gerenciador de conexÆo de acesso remoto Description: Cria uma conexÆo de rede. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: RDSessMgr Display Name: Gerenciador de sessÆo de ajuda de rea de trabalho remota Description: Gerencia e controla a 'Assistˆncia remota'. Se esse servi‡o for interrompido, a 'Assistˆncia remota' ficar indispon¡vel. Antes de interromper esse servi‡o, consulte a guia 'Dependˆncias' da caixa de di logo 'Propriedades'. Path Name: C:\WINDOWS\system32\sessmgr.exe Start Mode: Manual State: Stopped Name: RemoteAccess Display Name: Roteamento e acesso remoto Description: Oferece servi‡os de roteamento a empresas em ambientes de rede local e de longa distƒncia. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: RemoteRegistry Display Name: Registro remoto Description: Permite que usu rios remotos modifiquem configura‡äes do Registro neste computador. Se este servi‡o for parado, o Registro s¢ poder ser modificado por usu rios deste computador. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: RpcLocator Display Name: Alocador Remote Procedure Call (RPC) Description: Gerencia o banco de dados do servi‡o de nomes RPC. Path Name: C:\WINDOWS\system32\locator.exe Start Mode: Manual State: Stopped Name: RpcSs Display Name: Chamada de procedimento remoto (RPC) Description: Fornece o mapeador de ponto de extremidade e outros servi‡os RPC variados. Path Name: C:\WINDOWS\system32\svchost -k rpcss Start Mode: Auto State: Running Name: RSVP Display Name: QoS RSVP Description: Fornece a funcionalidade de sinaliza‡Æo de rede e configura‡Æo do controle do tr fego local para programas compat¡veis com QoS e miniaplicativos de controle. Path Name: C:\WINDOWS\system32\rsvp.exe Start Mode: Manual State: Stopped Name: SamSs Display Name: Gerenciador de contas de seguran‡a Description: Armazena informa‡äes sobre seguran‡a para contas de usu rio local. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: SCardSvr Display Name: CartÆo inteligente Description: Gerencia o acesso a leitores de cartÆo inteligente por este computador. Se este servi‡o for parado, o computador nÆo poder ler cartäes inteligentes. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\SCardSvr.exe Start Mode: Manual State: Stopped Name: Schedule Display Name: Agendador de tarefas Description: Permite que um usu rio configure e agende tarefas automatizadas no computador. Se este servi‡o for interrompido, essas tarefas nÆo serÆo executadas nos hor rios agendados. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: seclogon Display Name: Secondary Logon Description: Ativa a inicializa‡Æo de processos sob credenciais alternadas. Se este servi‡o for interrompido, este tipo de acesso por logon nÆo estar dispon¡vel. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SENS Display Name: Notifica‡Æo de eventos de sistema Description: Rastreia eventos do sistema como eventos de logon do Windows, rede e energia. Notifica assinantes do Sistema de evento COM+ destes eventos. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SharedAccess Display Name: Firewall do Windows/Compartilhamento de ConexÆo com a Internet (ICS) Description: Fornece servi‡os de conversÆo de endere‡os de rede, endere‡amento e resolu‡Æo de nomes e/ou preven‡Æo de invasÆo para uma rede dom‚stica ou de pequena empresa. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: ShellHWDetection Display Name: Detec‡Æo do hardware do shell Description: Fornece notifica‡äes de eventos de hardware 'Reprodu‡Æo autom tica'. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Spooler Display Name: Spooler de impressÆo Description: Carrega arquivos na mem¢ria para impressÆo posterior. Path Name: C:\WINDOWS\system32\spoolsv.exe Start Mode: Auto State: Running Name: srservice Display Name: Servi‡o de restaura‡Æo do sistema Description: Executa fun‡äes de restaura‡Æo do sistema. Para interromper o servi‡o, desative a 'Restaura‡Æo do sistema' na guia 'Restaura‡Æo do sistema' em 'Meu computador' -> 'Propriedades' Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SSDPSRV Display Name: Servi‡o de descoberta SSDP Description: Ativa a descoberta de dispositivos UPnP na rede dom‚stica. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Manual State: Running Name: stisvc Display Name: Assistente de aquisi‡Æo de imagens do Windows (WIA) Description: Fornece servi‡os de aquisi‡Æo de imagens para scanners e cƒmeras Path Name: C:\WINDOWS\system32\svchost.exe -k imgsvc Start Mode: Manual State: Stopped Name: SwPrv Display Name: MS Software Shadow Copy Provider Description: Gerencia c¢pias de sombra de volume baseadas em software obtidas pelo servi‡o de c¢pias de sombra de volume. Se o servi‡o for interrompido, as c¢pias de sombra baseadas em software nÆo poderÆo ser gerenciadas. Se o servi‡o for desativado, os servi‡os que dependerem dele diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{CC818B09-A739-4424-9B8F-27A052D7B1C4} Start Mode: Manual State: Stopped Name: SysmonLog Display Name: Logs e alertas de desempenho Description: Coleta dados de desempenho de computadores locais ou remotos com base em parƒmetros de agendamento pr‚-configurados; em seguida, grava os dados em um log ou dispara um alerta. Se este servi‡o for parado, as informa‡äes de desempenho nÆo serÆo coletadas. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\smlogsvc.exe Start Mode: Manual State: Stopped Name: TapiSrv Display Name: Telefonia Description: Fornece suporte … telefonia API (TAPI) para programas que controlam dispositivos de telefonia e conexäes de voz baseadas em IP no computador local e, atrav‚s da rede local, em servidores que tamb‚m estÆo executando o servi‡o. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: TermService Display Name: Servi‡os de terminal Description: Permite que v rios usu rios sejam conectados interativamente a um computador e que as reas de trabalho e os aplicativos sejam exibidos a computadores remotos. A base da rea de trabalho remota (inclusive a rea de trabalho remota para administradores), da op‡Æo de alternar-se rapidamente entre usu rios, da assistˆncia remota e do Terminal Server. Path Name: C:\WINDOWS\System32\svchost -k DComLaunch Start Mode: Manual State: Running Name: Themes Display Name: Temas Description: Fornece gerenciamento de temas para experiˆncia do usu rio. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: TlntSvr Display Name: Telnet Description: Permite que um usu rio remoto fa‡a logon neste computador e execute programas. Fornece suporte a v rios clientes Telnet TCP/IP, inclusive computadores baseados em UNIX e Windows. Se este servi‡o for parado, o acesso de usu rios remotos a programas poder nÆo estar dispon¡vel. Se este servi‡o for desativado, os servi‡os que dependem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\tlntsvr.exe Start Mode: Disabled State: Stopped Name: TrkWks Display Name: Cliente de rastreamento de link distribu¡do Description: Mant‚m v¡nculos entre arquivos NTFS em um computador ou entre computadores em um dom¡nio de rede. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: upnphost Display Name: Host de dispositivo Plug and Play universal Description: Oferece suporte para hospedar dispositivos Plug and Play universais. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Manual State: Running Name: UPS Display Name: Sistema de alimenta‡Æo ininterrupta Description: Gerencia o sistema de alimenta‡Æo ininterrupto (no-break) conectado ao computador. Path Name: C:\WINDOWS\System32\ups.exe Start Mode: Manual State: Stopped Name: VSS Display Name: C¢pia de volume em mem¢ria Description: Gerencia e implementa c¢pias de volume em mem¢ria usados para o backup e outros prop¢sitos. Se este servi‡o for interrompido, as c¢pias em mem¢ria nÆo estarÆo dispon¡veis para backup e o backup pode falhar. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\vssvc.exe Start Mode: Manual State: Stopped Name: W32Time Display Name: Hor rio do Windows Description: Mant‚m sincroniza‡Æo de data e hora em todos os clientes e servidores da rede. Se este servi‡o for interrompido, a sincroniza‡Æo nÆo ficar dispon¡vel. Se este servi‡o for desativado, os servi‡os que dele dependem explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WebClient Display Name: Cliente da Web Description: Permite que programas baseados em Windows criem, acessem e modifiquem arquivos baseados na Internet. Se este servi‡o for interrompido, essas fun‡äes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: winmgmt Display Name: Testador de instrumenta‡Æo de gerenciam. do Windows Description: Fornece uma interface comum e um modelo de objeto para o acesso a informa‡äes de gerenciamento sobre o sistema operacional, dispositivos, aplicativos e servi‡os. Se esse servi‡o for parado, a maioria dos itens de software baseados no Windows nÆo funcionar corretamente. Se este servi‡o for desativado, os servi‡os que dependerem explicitamente dele nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: winss Display Name: Windows Live OneCare Description: Helps manage PC security and overall health by providing virus and spyware monitoring, firewall, backup, and other services. If this service is stopped, this computer might be at risk from viruses and other threats. Path Name: C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe Start Mode: Auto State: Running Name: WmdmPmSN Display Name: Portable Media Serial Number Service Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: Wmi Display Name: Extensäes de driver de instrum. gerenc. do Windows Description: Fornece informa‡äes sobre gerenciamento de sistemas para drivers e de drivers. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: WmiApSrv Display Name: Adaptador de desempenho WMI Description: Fornece informa‡äes da biblioteca de desempenho dos provedores HiPerf WMI. Path Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe Start Mode: Manual State: Stopped Name: WMPNetworkSvc Display Name: Servi‡o de Compartilhamento de Rede do Windows Media Player Description: Compartilha bibliotecas do Windows Media Player com outros players e dispositivos de m¡dia da rede por meio de Universal Plug and Play Path Name: "C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe" Start Mode: Manual State: Stopped Name: wscsvc Display Name: wscsvc Description: Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Stopped Name: wuauserv Display Name: Atualiza‡äes Autom ticas Description: Ativa o download e instala‡Æo das atualiza‡äes do Windows. Se este servi‡o for desabilitado, o computador nÆo ser capaz de usar o recurso de Atualiza‡äes Autom ticas nem o site do Windows Update na web. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WudfSvc Display Name: Windows Driver Foundation - User-mode Driver Framework Description: Manages user-mode driver host processes Path Name: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup Start Mode: Manual State: Stopped Name: WZCSVC Display Name: Configura‡Æo zero sem fio Description: Fornece configura‡Æo autom tica para os adaptadores 802.11 Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: xmlprov Display Name: Servi‡o de Configura‡Æo de Rede Description: Gerencia arquivos de configura‡Æo XML por dom¡nio para configura‡Æo autom tica de rede. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped ------------------------------------------------------------------------------------ Displaying LOG for Microsoft Windows Malicious Software Removal Tool: --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.14, September 2009 Started On Fri Oct 02 13:51:38 2009 Extended Scan Results ---------------- ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32)) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.14, September 2009 Started On Fri Oct 02 15:19:56 2009 Extended Scan Results ---------------- Found potential malware: TrojanDownloader:Win32/Renos in process://pid:184 ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32)) -> Sysclean ERROR: Internal error, code = 8050800C Results Summary: ---------------- Found TrojanDownloader:Win32/Renos (detected generically) Return code: 6 Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 02 16:43:36 2009 Removal Tool Finished On Fri Oct 02 16:32:45 2009 ---------------------------------------------------------------------------- Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys if Hidden = 0 then Hidden Files and Folders are not shown if SuperHidden = 1 is the desired default value. if ShowSuperHidden = 0 then System Files are not shown if HideFileExt = 1 then File Extension are not shown We want their values to be (from top to bottom) 1,1,1,0 ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced Hidden REG_DWORD 1 (0x1) SuperHidden REG_DWORD 1 (0x1) ShowSuperHidden REG_DWORD 1 (0x1) HideFileExt REG_DWORD 0 (0x0) ************************************************************************************ Examining Select Windows Registry Keys ------------------------------------------------------------------------------------ -------------------------------------------------------------------------- Items Found in ZoneMap\Domains: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com ---------------------------------------------------------------------------- Current User ZoneMap ProtocolDefaults ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults <NO NAME> REG_SZ http REG_DWORD 3 (0x3) https REG_DWORD 3 (0x3) ftp REG_DWORD 3 (0x3) file REG_DWORD 3 (0x3) @ivt REG_DWORD 1 (0x1) shell REG_DWORD 0 (0x0) ---------------------------------------------------------------------------- Default URL Prefix Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix <NO NAME> REG_SZ http:// HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes ftp REG_SZ ftp:// gopher REG_SZ gopher:// home REG_SZ http:// mosaic REG_SZ http:// www REG_SZ http:// -------------------------------------------------------------------------- Startup Items Disabled via MSCONFIG: -------------------------------------------------------------------------- -------------------------------------------------------------------------- Select AutoRun Registry Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run uTorrent REG_SZ "C:\Arquivos de programas\uTorrent\uTorrent.exe" Skype REG_SZ "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized DAEMON Tools Lite REG_SZ "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun NCsoft Launcher REG_SZ C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe /Minimized ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run nwiz REG_SZ nwiz.exe /install NvMediaCenter REG_SZ RunDLL32.exe NvMCTray.dll,NvTaskbarInit High Definition Audio Property Page Shortcut REG_SZ HDAShCut.exe SoundMAXPnP REG_SZ C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe Adobe Reader Speed Launcher REG_SZ "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" mspaint REG_SZ "C:\WINDOWS\system32\paint.exe" -autocheck OneCareUI REG_SZ "C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe" SunJavaUpdateSched REG_SZ "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce HKEY_USERS\.default\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce nltide_3 REG_EXPAND_SZ rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce nltide_3 REG_EXPAND_SZ rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N Error: Key: s-1-5-19\software\microsoft\windows\currentversion\run does not exist! -------------------------------------------------------------------------- WinLogon Notify Registry Key: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) MaxWait REG_DWORD 258 (0x102) DllName REG_SZ C:\Arquivos de programas\GbPlugin\gbieh.dll Startup REG_SZ GbPluginEventStartup HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ crypt32.dll Logoff REG_SZ ChainWlxLogoffEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ cryptnet.dll Logoff REG_SZ CryptnetWlxLogoffEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll DLLName REG_SZ cscdll.dll Logon REG_SZ WinlogonLogonEvent Logoff REG_SZ WinlogonLogoffEvent ScreenSaver REG_SZ WinlogonScreenSaverEvent Startup REG_SZ WinlogonStartupEvent Shutdown REG_SZ WinlogonShutdownEvent StartShell REG_SZ WinlogonStartShellEvent Impersonate REG_DWORD 0 (0x0) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp DLLName REG_SZ wlnotify.dll Logon REG_SZ SCardStartCertProp Logoff REG_SZ SCardStopCertProp Lock REG_SZ SCardSuspendCertProp Unlock REG_SZ SCardResumeCertProp Enabled REG_DWORD 1 (0x1) Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule Asynchronous REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0 (0x0) StartShell REG_SZ SchedStartShell Logoff REG_SZ SchedEventLogOff HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy Logoff REG_SZ WLEventLogoff Impersonate REG_DWORD 0 (0x0) Asynchronous REG_DWORD 1 (0x1) DllName REG_EXPAND_SZ sclgntfy.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn DLLName REG_SZ WlNotify.dll Lock REG_SZ SensLockEvent Logon REG_SZ SensLogonEvent Logoff REG_SZ SensLogoffEvent Safe REG_DWORD 1 (0x1) MaxWait REG_DWORD 600 (0x258) StartScreenSaver REG_SZ SensStartScreenSaverEvent StopScreenSaver REG_SZ SensStopScreenSaverEvent Startup REG_SZ SensStartupEvent Shutdown REG_SZ SensShutdownEvent StartShell REG_SZ SensStartShellEvent PostShell REG_SZ SensPostShellEvent Disconnect REG_SZ SensDisconnectEvent Reconnect REG_SZ SensReconnectEvent Unlock REG_SZ SensUnlockEvent Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv Asynchronous REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0 (0x0) Logoff REG_SZ TSEventLogoff Logon REG_SZ TSEventLogon PostShell REG_SZ TSEventPostShell Shutdown REG_SZ TSEventShutdown StartShell REG_SZ TSEventStartShell Startup REG_SZ TSEventStartup MaxWait REG_DWORD 600 (0x258) Reconnect REG_SZ TSEventReconnect Disconnect REG_SZ TSEventDisconnect HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon DLLName REG_SZ wlnotify.dll Logon REG_SZ RegisterTicketExpiredNotificationEvent Logoff REG_SZ UnregisterTicketExpiredNotificationEvent Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) -------------------------------------------------------------------------- Shared Task Scheduler Registry Items: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Pré-carregador Browseui {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Daemon de cache de categorias de componente -------------------------------------------------------------------------- Scheduled Tasks: -------------------------------------------------------------------------- O volume na unidade C não tem nome. O número de série do volume é 50E8-DE77 Pasta de C:\WINDOWS\tasks 05/09/2009 08:48 <DIR> . 05/09/2009 08:48 <DIR> .. 28/10/2001 11:07 65 desktop.ini 04/10/2009 09:10 6 SA.DAT 2 arquivo(s) 71 bytes Total de arquivos na lista: 2 arquivo(s) 71 bytes 2 pasta(s) 114.102.489.088 bytes disponíveis HR C:\WINDOWS\tasks\desktop.ini A H C:\WINDOWS\tasks\SA.DAT ---------------------------------------------------------------------------- ShellExecuteHooks Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ {E37CB5F0-51F5-4395-A808-5FA49E399F83} REG_SZ GbPlugin ShlObj ---------------------------------------------------------------------------- ShellServiceObjectDelayLoad Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9} CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9} WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED} SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153} WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5} ---------------------------------------------------------------------------- ModuleUsage Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll .Owner REG_SZ {5ED80217-570B-4DA9-BF44-BE107C0EC166} {5ED80217-570B-4DA9-BF44-BE107C0EC166} REG_SZ ---------------------------------------------------------------------------- BHO Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <NO NAME> REG_SZ AcroIEHelperStub NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB} <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000} <NO NAME> REG_SZ G-Buster Browser Defense HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} <NO NAME> REG_SZ JQSIEStartDetectorImpl NoExplorer REG_DWORD 1 (0x1) -------------------------------------------------------------------------- Select Policy Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 323 (0x143) ForceClassicControlPanel REG_DWORD 1 (0x1) NoStartBanner REG_DWORD 1 (0x1) NoLowDiskSpaceChecks REG_DWORD 1 (0x1) NoRecentDocsMenu REG_DWORD 1 (0x1) NoRecentDocsHistory REG_DWORD 1 (0x1) NoResolveTrack REG_DWORD 1 (0x1) LinkResolveIgnoreLinkInfo REG_DWORD 1 (0x1) NoResolveSearch REG_DWORD 1 (0x1) NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff) NoDrives REG_DWORD 0 (0x0) HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system HKEY_CURRENT_USER\software\policies\microsoft\internet explorer HKEY_CURRENT_USER\software\policies\microsoft\internet explorer\Control Panel HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer NoDesktopCleanupWizard REG_DWORD 1 (0x1) NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff) NoDriveTypeAutoRun REG_DWORD 323 (0x143) NoDrives REG_DWORD 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system dontdisplaylastusername REG_DWORD 0 (0x0) legalnoticecaption REG_SZ legalnoticetext REG_SZ shutdownwithoutlogon REG_DWORD 1 (0x1) undockwithoutlogon REG_DWORD 1 (0x1) DisableRegistryTools REG_DWORD 0 (0x0) HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 323 (0x143) ForceClassicControlPanel REG_DWORD 1 (0x1) NoStartBanner REG_DWORD 1 (0x1) NoLowDiskSpaceChecks REG_DWORD 1 (0x1) NoRecentDocsMenu REG_DWORD 1 (0x1) NoRecentDocsHistory REG_DWORD 1 (0x1) NoResolveTrack REG_DWORD 1 (0x1) LinkResolveIgnoreLinkInfo REG_DWORD 1 (0x1) NoResolveSearch REG_DWORD 1 (0x1) NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff) HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run HKEY_USERS\.default\software\microsoft\windows\currentversion\policies HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 323 (0x143) ForceClassicControlPanel REG_DWORD 1 (0x1) NoStartBanner REG_DWORD 1 (0x1) NoLowDiskSpaceChecks REG_DWORD 1 (0x1) NoRecentDocsMenu REG_DWORD 1 (0x1) NoRecentDocsHistory REG_DWORD 1 (0x1) NoResolveTrack REG_DWORD 1 (0x1) LinkResolveIgnoreLinkInfo REG_DWORD 1 (0x1) NoResolveSearch REG_DWORD 1 (0x1) NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff) HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system ************************************************************************************ Checking File System for suspicious Files -------------------------------------------------------------------------- Items in the Root Directory: -------------------------------------------------------------------------- Locating all files created in C:\ "C:\" ARQUIV~1 6 Jul 2009 "Arquivos de programas" autoexec.bat 6 Jul 2009 0 "AUTOEXEC.BAT" boot.bak 6 Jul 2009 211 "Boot.bak" boot.ini 3 Oct 2009 281 "boot.ini" bootfont.bin 28 Oct 2001 4952 "Bootfont.bin" CMDCONS 3 Oct 2009 "cmdcons" cmldr 3 Aug 2004 261856 "cmldr" COMBOFIX 3 Oct 2009 "ComboFix" config.sys 6 Jul 2009 0 "CONFIG.SYS" DOCUME~1 6 Jul 2009 "Documents and Settings" FRAPS 30 Jul 2009 "Fraps" GOOGLE~1 21 Sep 2009 "GoogleAppEngine" io.sys 6 Jul 2009 0 "IO.SYS" ISEEYO~1 2 Oct 2009 "ISeeYouXP" msdos.sys 6 Jul 2009 0 "MSDOS.SYS" ntdetect.com 3 Aug 2004 47564 "NTDETECT.COM" ntldr 3 Aug 2004 251168 "ntldr" pagefile.sys 4 Oct 2009 1610612736 "pagefile.sys" PROGRA~1 14 Jul 2009 "Program Files" QOOBOX 3 Oct 2009 "Qoobox" RECYCLER 3 Oct 2009 "RECYCLER" SYSTEM~1 6 Jul 2009 "System Volume Information" TMP 5 Sep 2009 "tmp" WINDOWS 6 Jul 2009 "WINDOWS" 24 items found: 11 files (7 H/S), 13 directories (3 H/S). Total of file sizes: 1.611.178.768 bytes 1,50 G -------------------------------------------------------------------------- Locating all Backup files on C: -------------------------------------------------------------------------- Locating all *.BAK* files "C:\" boot.bak 6 Jul 2009 211 "Boot.bak" "C:\Arquivos de programas\Analog Devices\SoundMAX\" smaxlo~1.bak 6 Jul 2009 3322 "SMax.log.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\" sfconf~1.bak 10 Sep 2008 408832 "sfconfigmgr.dll.bak" sfmark~1.bak 10 Sep 2008 1535232 "sfmarket2.dll.bak" sfs4rw~1.bak 10 Sep 2008 1188096 "sfs4rw.dll.bak" vegas8~1.bak 10 Sep 2008 11515136 "vegas80.exe.bak" "C:\WINDOWS\Debug\UserMode\" userenv.bak 18 Sep 2009 309204 "userenv.bak" "C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\" mchamm~1.bak 6 Aug 2008 1317888 "mchammer.dll.bak" sffrgp~1.bak 10 Sep 2008 1298688 "sffrgpnv.dll.bak" sfppac~1.bak 10 Sep 2008 1665280 "sfppack1.dll.bak" sfppac~2.bak 10 Sep 2008 1845504 "sfppack2.dll.bak" sfppac~3.bak 10 Sep 2008 1561856 "sfppack3.dll.bak" sfresf~1.bak 6 Aug 2008 1282048 "sfresfilter.dll.bak" sftrkf~1.bak 10 Sep 2008 1531648 "sftrkfx1.dll.bak" sfxpfx~1.bak 10 Sep 2008 1287936 "sfxpfx1.dll.bak" sfxpfx~2.bak 10 Sep 2008 1291520 "sfxpfx2.dll.bak" sfxpfx~3.bak 10 Sep 2008 1425664 "sfxpfx3.dll.bak" xpviny~1.bak 6 Aug 2008 1340928 "xpvinyl.dll.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\External Control Drivers\" spcons~1.bak 10 Sep 2008 1981952 "spconsoleopt.dll.bak" spgenc~1.bak 10 Sep 2008 1696256 "spgenctrlopt.dll.bak" spmack~1.bak 10 Sep 2008 1759744 "spmackiectrlopt.dll.bak" tranzp~1.bak 10 Sep 2008 855552 "tranzport.dll.bak" "C:\WINDOWS\Debug\Setup\Backup\" hdaudi~1.bak 3 Oct 2009 0 "HDAUDIO_Backup.bak" intppm~1.bak 3 Oct 2009 4 "INTPPM_Backup.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\" ac3plu~1.bak 10 Sep 2008 2015488 "ac3plug.dll.bak" ac3plu~2.bak 10 Sep 2008 1188096 "ac3plugrw.dll.bak" "C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\" brndlog.bak 6 Jul 2009 141 "brndlog.bak" "C:\Documents and Settings\Default User\Dados de aplicativos\Microsoft\Internet Explorer\" brndlog.bak 6 Jul 2009 113 "brndlog.bak" "C:\WINDOWS\pchealth\helpctr\Config\Cache\" profes~1.bak 31 Jul 2009 181272 "Professional_32_1046.dat.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\ac3market\" sfconf~1.bak 10 Sep 2008 408832 "sfconfigmgr.dll.bak" sfmark~1.bak 10 Sep 2008 1535232 "sfmarket2.dll.bak" "C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Office\Data\" data.bak 10 Feb 2001 1106 "DATA.BAK" "C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mo0gflgs.default\" prefsj~1.bak 3 Oct 2009 3470 "prefs.js.BAK" "C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos\Microsoft\Internet Explorer\" brndlog.bak 6 Jul 2009 113 "brndlog.bak" 34 items found: 34 files, 0 directories. Total of file sizes: 42.436.364 bytes 40,47 M -------------------------------------------------------------------------- Locating all copies of Internet Explorer on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\ComboFix\" iexplore.exe 20 Apr 2009 31232 "iexplore.exe" "C:\Arquivos de programas\Internet Explorer\" iexplore.exe 8 Mar 2009 638816 "iexplore.exe" "C:\WINDOWS\ie8\" iexplore.exe 3 Aug 2004 93184 "iexplore.exe" "C:\WINDOWS\system32\dllcache\" iexplore.exe 8 Mar 2009 638816 "iexplore.exe" "C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\" iexplore.exe 13 Apr 2008 93184 "iexplore.exe" "C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\" iexplore.exe 3 Aug 2004 93184 "iexplore.exe" 6 items found: 6 files, 0 directories. Total of file sizes: 1.588.416 bytes 1,51 M -------------------------------------------------------------------------- Locating all copies of beep.sy_ on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer No matches found. -------------------------------------------------------------------------- Locating all copies of beep.sys on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\WINDOWS\ERDNT\cache\" beep.sys 28 Oct 2001 4224 "beep.sys" "C:\WINDOWS\system32\drivers\" beep.sys 28 Oct 2001 4224 "beep.sys" 2 items found: 2 files, 0 directories. Total of file sizes: 8.448 bytes 8,25 K -------------------------------------------------------------------------- Locating all copies of Windows Explorer on C: -------------------------------------------------------------------------- Locating all copies of Windows Explorer "C:\WINDOWS\" explorer.exe 3 Aug 2004 1034240 "explorer.exe" "C:\WINDOWS\ERDNT\cache\" explorer.exe 3 Aug 2004 1034240 "explorer.exe" "C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\" explorer.exe 13 Apr 2008 1035776 "explorer.exe" "C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\" explorer.exe 3 Aug 2004 1034240 "explorer.exe" 4 items found: 4 files, 0 directories. Total of file sizes: 4.138.496 bytes 3,95 M -------------------------------------------------------------------------- Items in Document and Settings: -------------------------------------------------------------------------- Listing contents of C:\Documents and Settings OŠ÷‹h¡ÿh¡¸¨žè‚ ÇG ‰Oˆw‹6죉76Nž+÷‰w‹6p¤‰w ‹÷‹>ì£ùÿk¢} - 1252, "C:\Documents and Settings\" ADMINI~1 6 Jul 2009 "Administrador" ALLUSE~1 6 Jul 2009 "All Users" DEFAUL~1 6 Jul 2009 "Default User" LOCALS~1 6 Jul 2009 "LocalService" NETWOR~1 6 Jul 2009 "NetworkService" 5 items found: 0 files, 5 directories (3 H/S). -------------------------------------------------------------------------- Desktop Items: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Desktop within the last 90 days. "C:\Documents and Settings\Administrador\Desktop\" amplif~1.pdf 14 Sep 2009 118950 "Amplificador em Cascata.pdf" cnpq.doc 19 Sep 2009 41472 "CNPQ.doc" counte~1.lnk 24 Sep 2009 1683 "Counter Strike 1.6 Non Steam.lnk" c__exe~1.lnk 23 Sep 2009 762 "c++.exe.lnk" garena.lnk 11 Sep 2009 710 "Garena.lnk" heroes~1.lnk 18 Jul 2009 1660 "Heroes of Newerth.lnk" LOGS 2 Oct 2009 "LOGS" MANOEL 3 Sep 2009 "manoel" orquidea.mht 26 Aug 2009 1305854 "ORQUIDEA.mht" VIRUS 2 Oct 2009 "VIRUS" window~1.lnk 6 Jul 2009 1871 "Windows Live Messenger .lnk" 11 items found: 8 files, 3 directories. Total of file sizes: 1.472.962 bytes 1,40 M Locating all files created in C:\Documents and Settings\All Users\Desktop\ within the last 90 days. "C:\Documents and Settings\All Users\Desktop\" mozill~1.lnk 6 Jul 2009 1674 "Mozilla Firefox.lnk" pokers~1.lnk 14 Sep 2009 792 "PokerStars.lnk" steam.lnk 1 Oct 2009 2255 "Steam.lnk" trucol~1.lnk 10 Sep 2009 802 "Truco LigasOnline.lnk" 4 items found: 4 files, 0 directories. Total of file sizes: 5.523 bytes 5,39 K -------------------------------------------------------------------------- Start Menu Items: -------------------------------------------------------------------------- Locating all files created inC:\Documents and Settings\Administrador\Start Menu within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\Administrador\Start Menu\Programs\Startup within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days. No matches found. -------------------------------------------------------------------------- Application Data Items: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Application Data\ within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\Administrador\Local Settings\Application Data\ within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\Documents and Settings\Administrador\Local Settings\TEMP: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Local Settings\TEMP within the last 90 days. -------------------------------------------------------------------------- Items in Templates Folder: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Templates No matches found. -------------------------------------------------------------------------- Items in Program Files: -------------------------------------------------------------------------- Locating all files created in C:\Arquivos de programas\ within the last 90 days. "C:\Arquivos de programas\" A-SQUA~1 2 Oct 2009 "a-squared HiJackFree" A-SQUA~2 2 Oct 2009 "a-squared Free" ADOBE 6 Jul 2009 "Adobe" ANALOG~1 6 Jul 2009 "Analog Devices" ARQUIV~1 6 Jul 2009 "Arquivos comuns" CODEBL~1 22 Sep 2009 "CodeBlocks" CSPIRA~1 24 Sep 2009 "cspiratao" DAEMON~1 16 Sep 2009 "DAEMON Tools Lite" DVDVID~1 6 Aug 2009 "DVDVideoSoft" EXPLOR~1 2 Oct 2009 "ExplorerXP" FREEAU~1 10 Sep 2009 "Free Audio Pack" GABEST 4 Sep 2009 "Gabest" GARENA 11 Sep 2009 "Garena" GBPLUGIN 4 Aug 2009 "GbPlugin" HEROES~1 18 Jul 2009 "Heroes of Newerth" INSTAL~1 6 Jul 2009 "InstallShield Installation Information" INTERN~1 6 Jul 2009 "Internet Explorer" JAVA 4 Aug 2009 "Java" K-LITE~1 6 Jul 2009 "K-Lite Codec Pack" LIGASO~1 10 Sep 2009 "LigasOnline" MICROS~1 6 Jul 2009 "Microsoft" MICROS~2 6 Jul 2009 "Microsoft Office" MICROS~3 1 Oct 2009 "Microsoft Windows OneCare Live" MICROS~4 3 Oct 2009 "microsoft frontpage" MOVIEM~1 3 Oct 2009 "movie maker" MOZILL~1 6 Jul 2009 "Mozilla Firefox" MSBUILD 30 Jul 2009 "MSBuild" MSNGAM~1 3 Oct 2009 "msn gaming zone" NCSOFT 25 Sep 2009 "NCSoft" NETMEE~1 3 Oct 2009 "netmeeting" NOTEPA~1 6 Jul 2009 "Notepad++" OUTLOO~1 6 Jul 2009 "Outlook Express" PANDON~1 20 Sep 2009 "Pando Networks" POKERS~1 14 Sep 2009 "PokerStars" REALAL~1 31 Aug 2009 "Real Alternative" REFERE~1 30 Jul 2009 "Reference Assemblies" REPLAY~1 30 Jul 2009 "ReplaySeeker" SKYPE 17 Aug 2009 "Skype" SONY 30 Jul 2009 "Sony" SONYSE~1 30 Jul 2009 "Sony Setup" STEAM 8 Aug 2009 "Steam" SYSTEM~1 16 Sep 2009 "SystemRequirementsLab" TEAMSP~1 28 Jul 2009 "Teamspeak2_RC2" UTORRENT 6 Jul 2009 "uTorrent" VDOWNL~1 2 Aug 2009 "VDOWNLOADER" VERYPD~1.0 5 Sep 2009 "VeryPDF PDF2Word v3.0" VIA 6 Jul 2009 "VIA" WARCRA~1 6 Jul 2009 "Warcraft III" WARKEYS 1 Aug 2009 "Warkeys" WI4290~1 3 Oct 2009 "windows nt" WI4DF6~1 6 Jul 2009 "Windows Media Connect 2" WINDOW~1 6 Jul 2009 "Windows Media Player" WINDOW~2 1 Oct 2009 "Windows Live Safety Center" WINDOW~3 6 Jul 2009 "Windows Live" WINDOW~4 6 Jul 2009 "Windows Live SkyDrive" WINRAR 6 Jul 2009 "WinRAR" XEROX 3 Oct 2009 "xerox" 57 items found: 0 files, 57 directories (1 H/S). Locating all files created in C:\Arquivos de programas\Arquivos comuns\ within the last 90 days. "C:\Arquivos de programas\Arquivos comuns\" ADOBE 6 Jul 2009 "Adobe" DESIGNER 6 Jul 2009 "Designer" DVDVID~1 6 Aug 2009 "DVDVideoSoft" ESELLE~1 31 Jul 2009 "eSellerate" INSTAL~1 6 Jul 2009 "InstallShield" MICROS~1 6 Jul 2009 "Microsoft Shared" MSSOAP 6 Jul 2009 "MSSoap" SERVI€OS 6 Jul 2009 "Servi‡os" SKYPE 17 Aug 2009 "Skype" SPEECH~1 3 Oct 2009 "speechengines" SYSTEM 6 Jul 2009 "System" WINDOW~1 6 Jul 2009 "Windows Live" 12 items found: 0 files, 12 directories. Locating all files created in C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders within the last 90 days. "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\" 1033 6 Jul 2009 "1033" 1046 6 Jul 2009 "1046" "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\" WEBVIEW 6 Jul 2009 "WebView" "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\WebView\" IMAGES 6 Jul 2009 "Images" 4 items found: 0 files, 4 directories. -------------------------------------------------------------------------- Items in the Windows Directory: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\ within the last 90 days. "C:\WINDOWS\" $HF_MIG$ 20 Aug 2009 "$hf_mig$" $N18DC~1 20 Aug 2009 "$NtUninstallKB932823-v3$" $N4AE6~1 2 Oct 2009 "$NtUninstallKB898461$" $N4CEE~1 1 Oct 2009 "$NtUninstallKB914882$" $N4EC9~1 30 Jul 2009 "$NtUninstallWIC$" $N68C8~1 1 Oct 2009 "$NtUninstallKB923845$" $N6CC0~1 6 Jul 2009 "$NtUninstallKB926239$" $N89D7~1 6 Jul 2009 "$NtUninstallMSCompPackV1$" $NTUNI~1 6 Jul 2009 "$NtUninstallKB888111WXPSP2$" $NTUNI~2 6 Jul 2009 "$NtUninstallWudf01000$" $NTUNI~3 6 Jul 2009 "$NtUninstallWMFDist11$" $NTUNI~4 6 Jul 2009 "$NtUninstallwmp11$" 0.log 4 Oct 2009 0 "0.log" ADDINS 6 Jul 2009 "addins" APPPATCH 6 Jul 2009 "AppPatch" ascd_tmp.ini 6 Jul 2009 13327 "Ascd_tmp.ini" ASSEMBLY 30 Jul 2009 "assembly" ASUSIN~1 6 Jul 2009 "ASUSInstAll" as_debug.txt 6 Jul 2009 0 "AS_Debug.txt" bitsse~1.log 6 Jul 2009 1880 "bitssetup.log" bootstat.dat 4 Oct 2009 2048 "bootstat.dat" cmsetacl.log 6 Jul 2009 200 "cmsetacl.log" comsetup.log 2 Oct 2009 40389 "comsetup.log" CONFIG 6 Jul 2009 "Config" CONNEC~1 6 Jul 2009 "Connection Wizard" control.ini 6 Jul 2009 0 "control.ini" CSC 6 Jul 2009 "CSC" CURSORS 6 Jul 2009 "Cursors" DEBUG 6 Jul 2009 "Debug" directx.log 6 Jul 2009 32896 "Directx.log" DOWNLO~1 6 Jul 2009 "Downloaded Program Files" DRIVER~1 6 Jul 2009 "Driver Cache" dtcins~1.log 6 Jul 2009 133 "DtcInstall.log" entpack.ini 17 Sep 2009 34 "entpack.ini" ERDNT 3 Oct 2009 "ERDNT" FONTS 6 Jul 2009 "Fonts" HELP 6 Jul 2009 "Help" IE8 20 Aug 2009 "ie8" ie8.log 20 Aug 2009 56162 "ie8.log" ie8_main.log 20 Aug 2009 95329 "ie8_main.log" IME 6 Jul 2009 "ime" INF 6 Jul 2009 "inf" INSTAL~1 6 Jul 2009 "Installer" JAVA 6 Jul 2009 "java" kb888111.log 6 Jul 2009 4936 "KB888111.log" kb898461.log 2 Oct 2009 7722 "KB898461.log" kb926239.log 6 Jul 2009 9921 "KB926239.log" kb9328~1.log 20 Aug 2009 8365 "KB932823-v3.log" kb950974.log 3 Oct 2009 9541 "KB950974.log" kb951748.log 3 Oct 2009 8731 "KB951748.log" kb952004.log 3 Oct 2009 9001 "KB952004.log" kb952954.log 3 Oct 2009 9995 "KB952954.log" kb956802.log 3 Oct 2009 8165 "KB956802.log" kb959426.log 3 Oct 2009 9917 "KB959426.log" kb960225.log 3 Oct 2009 9265 "KB960225.log" kb960803.log 3 Oct 2009 8624 "KB960803.log" kb960859.log 3 Oct 2009 9814 "KB960859.log" kb9613~1.log 3 Oct 2009 9764 "KB961371-v2.log" kb961501.log 3 Oct 2009 9178 "KB961501.log" kb961503.log 3 Oct 2009 9720 "KB961503.log" kb967715.log 3 Oct 2009 8822 "KB967715.log" kb968389.log 3 Oct 2009 8446 "KB968389.log" kb968537.log 3 Oct 2009 8600 "KB968537.log" kb970238.log 3 Oct 2009 11942 "KB970238.log" kb971032.log 3 Oct 2009 7777 "KB971032.log" kb971557.log 3 Oct 2009 9351 "KB971557.log" kb971633.log 3 Oct 2009 9088 "KB971633.log" kb971657.log 3 Oct 2009 9446 "KB971657.log" kb973507.log 3 Oct 2009 8891 "KB973507.log" kb973815.log 3 Oct 2009 8523 "KB973815.log" LOGS 18 Jul 2009 "Logs" MEDIA 6 Jul 2009 "Media" MICROS~1.NET 30 Jul 2009 "Microsoft.NET" MSAGENT 6 Jul 2009 "Msagent" MSAPPS 6 Jul 2009 "msapps" mscomp~1.log 6 Jul 2009 7399 "MSCompPackV1.log" msmqinst.log 2 Oct 2009 33722 "msmqinst.log" MUI 6 Jul 2009 "mui" netfxocm.log 2 Oct 2009 15157 "netfxocm.log" nsreg.dat 6 Jul 2009 0 "nsreg.dat" ntdtcs~1.log 2 Oct 2009 22877 "ntdtcsetup.log" NVIEW 6 Jul 2009 "nview" ocgen.log 2 Oct 2009 27526 "ocgen.log" odbc.ini 6 Jul 2009 421 "ODBC.INI" odbcinst.ini 6 Jul 2009 4205 "ODBCINST.INI" oewablog.txt 6 Jul 2009 841 "OEWABLog.txt" OFFLIN~1 6 Jul 2009 "Offline Web Pages" PCHEALTH 6 Jul 2009 "pchealth" pdf2word.ini 5 Sep 2009 358 "pdf2word.INI" PEERNET 6 Jul 2009 "PeerNet" pev.exe 14 Sep 2009 229888 "PEV.exe" PIF 16 Sep 2009 "PIF" PREFETCH 6 Jul 2009 "Prefetch" PROVIS~1 6 Jul 2009 "Provisioning" REGIST~1 6 Jul 2009 "Registration" regopt.log 6 Jul 2009 1182 "regopt.log" REPAIR 6 Jul 2009 "repair" RESOUR~1 6 Jul 2009 "Resources" schedlgu.txt 3 Oct 2009 32514 "SchedLgU.Txt" SECURITY 6 Jul 2009 "security" sessmg~1.log 6 Jul 2009 1022 "sessmgr.setup.log" setupact.log 2 Oct 2009 96141 "setupact.log" setupapi.log 4 Oct 2009 505120 "setupapi.log" setuperr.log 6 Jul 2009 0 "setuperr.log" setuplog.txt 6 Jul 2009 542893 "setuplog.txt" SHELLNEW 6 Jul 2009 "ShellNew" sminst~1.log 6 Jul 2009 10436 "SMinstall.log" SOFTWA~1 6 Jul 2009 "SoftwareDistribution" spupdsvc.log 20 Aug 2009 8473 "spupdsvc.log" SRCHASST 3 Oct 2009 "srchasst" sti_tr~1.log 6 Jul 2009 0 "Sti_Trace.log" SUN 4 Aug 2009 "Sun" svcpack.log 3 Oct 2009 48448 "svcpack.log" SYSTEM 6 Jul 2009 "system" system.ini 3 Oct 2009 227 "system.ini" SYSTEM32 6 Jul 2009 "system32" TASKS 6 Jul 2009 "Tasks" TEMP 6 Jul 2009 "Temp" tsoc.log 2 Oct 2009 39386 "tsoc.log" TWAIN_32 6 Jul 2009 "twain_32" updspapi.log 1 Oct 2009 17986 "updspapi.log" vb.ini 6 Jul 2009 36 "vb.ini" vbaddin.ini 6 Jul 2009 37 "vbaddin.ini" war3unin.dat 6 Jul 2009 86157 "War3Unin.dat" war3unin.exe 6 Jul 2009 139264 "War3Unin.exe" war3unin.pif 6 Jul 2009 2829 "War3Unin.pif" WBEM 20 Aug 2009 "WBEM" WEB 6 Jul 2009 "Web" wiadebug.log 3 Oct 2009 216 "wiadebug.log" wiaservc.log 3 Oct 2009 49 "wiaservc.log" win.ini 6 Jul 2009 603 "win.ini" window~1.log 4 Oct 2009 1742237 "WindowsUpdate.log" window~1.man 6 Jul 2009 749 "WindowsShell.Manifest" WINSXS 6 Jul 2009 "WinSxS" wmfdis~1.log 6 Jul 2009 30201 "WMFDist11.log" wmp11.log 6 Jul 2009 22035 "wmp11.log" wmsetup.log 3 Oct 2009 56333 "wmsetup.log" wmsetu~1.log 6 Jul 2009 2096 "wmsetup10.log" wmsyspr9.prx 6 Jul 2009 316640 "WMSysPr9.prx" wudf01~1.log 6 Jul 2009 8381 "Wudf01000Inst.log" 140 items found: 80 files (2 H/S), 60 directories (21 H/S). Total of file sizes: 4.530.028 bytes 4,32 M -------------------------------------------------------------------------- C:\WINDOWS\Downloaded Program Files: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days. "C:\WINDOWS\Downloaded Program Files\" desktop.ini 6 Jul 2009 65 "desktop.ini" wlscbase.dll 9 Sep 2009 452488 "wlscBase.dll" wlscbase.inf 9 Sep 2009 321 "wlscBase.inf" 3 items found: 3 files (1 H/S), 0 directories. Total of file sizes: 452.874 bytes 442,26 K -------------------------------------------------------------------------- C:\WINDOWS\PCHealth\HelpCtr\Binaries: -------------------------------------------------------------------------- Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries "C:\WINDOWS\pchealth\helpctr\binaries\" brpinfo.dll 28 Oct 2001 21504 "brpinfo.dll" hcappres.dll 28 Oct 2001 7168 "HCAppRes.dll" helpctr.exe 3 Aug 2004 768512 "HelpCtr.exe" helphost.exe 28 Oct 2001 99840 "HelpHost.exe" helpsvc.exe 3 Aug 2004 743936 "HelpSvc.exe" hscsp_w3.cab 17 Jul 2004 324700 "hscsp_w3.cab" hscupd.exe 3 Aug 2004 18944 "HscUpd.exe" msconfig.exe 3 Aug 2004 159744 "msconfig.exe" msinfo.dll 3 Aug 2004 380928 "msinfo.dll" notiflag.exe 28 Oct 2001 35328 "notiflag.exe" pchdt_w3.cab 3 Aug 2004 2768982 "pchdt_w3.cab" pchshell.dll 3 Aug 2004 102400 "pchshell.dll" pchsvc.dll 3 Aug 2004 38912 "pchsvc.dll" 13 items found: 13 files, 0 directories. Total of file sizes: 5.470.898 bytes 5,21 M -------------------------------------------------------------------------- C:\WINDOWS\system: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system within the last 90 days. "C:\WINDOWS\system\" tapi.tlb 25 Sep 2009 1 "tapi.tlb" 1 item found: 1 file, 0 directories. Total of file sizes: 1 byte 0,00 K -------------------------------------------------------------------------- C:\WINDOWS\system32: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32 within the last 90 days. "C:\WINDOWS\system32\" $winnt$.inf 6 Jul 2009 987 "$winnt$.inf" 1025 6 Jul 2009 "1025" 1028 6 Jul 2009 "1028" 1031 6 Jul 2009 "1031" 1033 6 Jul 2009 "1033" 1037 6 Jul 2009 "1037" 1041 6 Jul 2009 "1041" 1042 6 Jul 2009 "1042" 1046 6 Jul 2009 "1046" 1054 6 Jul 2009 "1054" 2052 6 Jul 2009 "2052" 3076 6 Jul 2009 "3076" 3COM_DMI 6 Jul 2009 "3com_dmi" ADOBE 10 Aug 2009 "Adobe" amcompat.tlb 6 Jul 2009 16832 "amcompat.tlb" APPMGMT 5 Sep 2009 "appmgmt" BITS 1 Oct 2009 "bits" CATROOT 6 Jul 2009 "CatRoot" CATROOT2 6 Jul 2009 "CatRoot2" CATROO~1 2 Oct 2009 "CatRoot_bak" cdplay~1.man 6 Jul 2009 749 "cdplayer.exe.manifest" cf12367.exe 3 Oct 2009 400384 "CF12367.exe" COM 6 Jul 2009 "Com" CONFIG 6 Jul 2009 "config" config.nt 6 Jul 2009 2969 "CONFIG.NT" deploytk.dll 31 Jul 2009 411368 "deploytk.dll" detoured.dll 10 Sep 2009 4096 "detoured.dll" DHCP 6 Jul 2009 "dhcp" DIRECTX 6 Jul 2009 "DirectX" divx.dll 13 Jul 2009 685056 "divx.dll" DLLCACHE 6 Jul 2009 "dllcache" dpl100.dll 13 Jul 2009 90112 "dpl100.dll" DRIVERS 6 Jul 2009 "drivers" DRVSTORE 1 Oct 2009 "DRVSTORE" emptyr~1.dat 6 Jul 2009 21844 "emptyregdb.dat" EN-US 30 Jul 2009 "en-us" EXPORT 6 Jul 2009 "export" ezsidmv.dat 17 Aug 2009 56 "ezsidmv.dat" fntcache.dat 2 Oct 2009 112584 "FNTCACHE.DAT" gamemon.des 15 Sep 2009 3363184 "GameMon.des" GROUPP~1 1 Oct 2009 "GroupPolicy" h323log.txt 6 Jul 2009 0 "h323log.txt" IAS 6 Jul 2009 "ias" ICSXML 6 Jul 2009 "icsxml" IME 3 Oct 2009 "ime" INETSRV 3 Oct 2009 "inetsrv" java.exe 31 Jul 2009 145184 "java.exe" javacpl.cpl 31 Jul 2009 73728 "javacpl.cpl" javaw.exe 31 Jul 2009 145184 "javaw.exe" javaws.exe 31 Jul 2009 149280 "javaws.exe" jupdat~1.log 2 Oct 2009 3973 "jupdate-1.6.0_16-b01.log" lhacm.acm 28 Jul 2009 34064 "lhacm.acm" LOGFILES 6 Jul 2009 "LogFiles" logonu~1.man 6 Jul 2009 488 "logonui.exe.manifest" MACROMED 6 Jul 2009 "Macromed" MICROS~1 6 Jul 2009 "Microsoft" mrt.exe 28 Aug 2009 24689600 "MRT.exe" MSDTC 6 Jul 2009 "MsDtc" MUI 6 Jul 2009 "mui" ncpacp~1.man 6 Jul 2009 749 "ncpa.cpl.manifest" NPP 6 Jul 2009 "npp" nscompat.tlb 6 Jul 2009 23392 "nscompat.tlb" nvapps.xml 4 Oct 2009 63804 "nvapps.xml" nwccpl~1.man 6 Jul 2009 749 "nwc.cpl.manifest" OOBE 3 Oct 2009 "oobe" paint.exe 12 Sep 2009 94209 "Paint.exe" perfc009.dat 30 Jul 2009 65106 "perfc009.dat" perfc016.dat 30 Jul 2009 73440 "perfc016.dat" perfh009.dat 30 Jul 2009 425082 "perfh009.dat" perfh016.dat 30 Jul 2009 457508 "perfh016.dat" perfst~1.ini 30 Jul 2009 1028686 "PerfStringBackup.INI" PREINS~1 2 Oct 2009 "PreInstall" PT-BR 20 Aug 2009 "pt-BR" RAS 6 Jul 2009 "ras" REINST~1 6 Jul 2009 "ReinstallBackups" RESTORE 6 Jul 2009 "Restore" sapicp~1.man 6 Jul 2009 749 "sapi.cpl.manifest" SETUP 6 Jul 2009 "Setup" SHELLEXT 6 Jul 2009 "ShellExt" SOFTWA~1 1 Oct 2009 "SoftwareDistribution" SPOOL 6 Jul 2009 "spool" USMT 6 Jul 2009 "usmt" WBEM 6 Jul 2009 "wbem" window~1.man 6 Jul 2009 488 "WindowsLogon.manifest" WINS 6 Jul 2009 "wins" wpa.dbl 30 Sep 2009 2206 "wpa.dbl" wuaucp~1.man 6 Jul 2009 749 "wuaucpl.cpl.manifest" x264vfw.dll 29 Jul 2009 2378752 "x264vfw.dll" XIRCOM 3 Oct 2009 "xircom" XPSVIE~1 30 Jul 2009 "XPSViewer" 90 items found: 37 files (8 H/S), 53 directories (2 H/S). Total of file sizes: 34.967.391 bytes 33,34 M -------------------------------------------------------------------------- C:\WINDOWS\system32\com: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\com within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32\components: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\components within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32\drivers: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days. "C:\WINDOWS\system32\drivers\" DISDN 6 Jul 2009 "disdn" ETC 6 Jul 2009 "etc" gbpkm.sys 17 Sep 2009 30344 "gbpkm.sys" procex~1.sys 3 Oct 2009 6736 "PROCEXP90.SYS" sptd.sys 16 Sep 2009 721904 "sptd.sys" UMDF 6 Jul 2009 "UMDF" 6 items found: 3 files, 3 directories. Total of file sizes: 758.984 bytes 741,20 K -------------------------------------------------------------------------- C:\WINDOWS\system32\drivers\etc: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\TEMP: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\TEMP within the last 90 days. "C:\WINDOWS\Temp\" gdql_o~1.log 4 Oct 2009 270 "gdql_oc_OcHealthMon.log" peacd4~1.dat 4 Oct 2009 16384 "Perflib_Perfdata_150.dat" pec0d4~1.dat 4 Oct 2009 16384 "Perflib_Perfdata_924.dat" qdiago~1.log 4 Oct 2009 270 "qdiagoc_OcHealthMon.log" 4 items found: 4 files, 0 directories. Total of file sizes: 33.308 bytes 32,53 K ************************************************************************************ Checking for .COM files to Delete. They will only print if deleted! Locating .COM files in the C:\WINDOWS\System32 folder "C:\WINDOWS\system32\" chcp.com 28 Oct 2001 7680 "chcp.com" command.com 28 Oct 2001 52472 "command.com" diskcomp.com 28 Oct 2001 9216 "diskcomp.com" diskcopy.com 28 Oct 2001 7168 "diskcopy.com" edit.com 28 Oct 2001 70750 "edit.com" format.com 28 Oct 2001 25600 "format.com" graftabl.com 28 Oct 2001 26112 "graftabl.com" graphics.com 28 Oct 2001 19918 "graphics.com" kb16.com 28 Oct 2001 14950 "kb16.com" loadfix.com 28 Oct 2001 1153 "loadfix.com" locate.com 14 Jan 2005 11254 "locate.com" mode.com 28 Oct 2001 19456 "mode.com" more.com 28 Oct 2001 15872 "more.com" tree.com 28 Oct 2001 11264 "tree.com" win.com 28 Oct 2001 18432 "win.com" 15 items found: 15 files, 0 directories. Total of file sizes: 311.297 bytes 304,00 K ************************************************************************************ Miscellaneous Malware Detections: ------------------------------------------------------------------------------------ **** Delfin Media {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! **** **** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! **** **** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! **** **** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! **** **** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! **** **** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! **** **** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! **** **** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! **** **** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! **** **** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! **** **** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! **** **** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! **** **** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! **** **** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! **** **** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! **** **** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! **** **** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! **** **** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! **** **** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! **** **** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! **** **** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! **** **** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! **** **** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! **** **** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! **** **** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! **** **** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! **** **** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! **** **** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! **** **** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! **** **** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! **** **** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! **** **** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! **** **** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! **** **** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! **** **** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! **** **** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! **** **** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! **** **** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! **** **** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! **** **** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! **** **** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! **** **** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! **** **** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! **** **** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! **** **** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! **** **** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! **** **** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! **** **** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! **** **** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! **** **** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! **** **** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! **** **** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! **** **** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! **** **** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! **** **** Troj/Crafted-A {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! **** **** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! **** **** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! **** **** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! **** **** W32/Almanahe.a Worm NOT FOUND by this tool! **** **** msctl32.dll SpamBot NOT FOUND by this tool! **** **** KeyLogger NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR BOT-TYPE WORMS: -------------------------------------------------------------------------- **** W32/Sdbot Worm NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS: -------------------------------------------------------------------------- **** i386p.* Stealthing Agent NOT FOUND by this tool! **** **** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! **** **** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! **** **** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS: -------------------------------------------------------------------------- **** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! **** **** CmdService adware NOT FOUND by this tool! **** **** Network_Monitor adware NOT FOUND by this tool! **** **** Trojan.Peacomm NOT FOUND by this tool! **** **** Trojan.Peacomm windev NOT FOUND by this tool! **** **** AVPE Haxdoor NOT FOUND by this tool! **** **** MEMLOW Haxdoor NOT FOUND by this tool! **** **** VDMT Haxdoor NOT FOUND by this tool! **** **** YCSVGA Haxdoor NOT FOUND by this tool! **** **** PPTP Haxdoor FOUND by this tool! **** CAREFULL HERE THIS WILL ALSO FIND WinLanMiniport DisplayName REG_SZ Miniporta de rede remota (PPTP) Description REG_SZ Miniporta de rede remota (PPTP) DisplayName REG_SZ Miniporta de rede remota (PPTP) Description REG_SZ Miniporta de rede remota (PPTP) DisplayName REG_SZ Miniporta de rede remota (PPTP) Description REG_SZ Miniporta de rede remota (PPTP) **** DVB Haxdoor NOT FOUND by this tool! **** **** YVBB Haxdoor NOT FOUND by this tool! **** **** YVPP Haxdoor NOT FOUND by this tool! **** **** NKGFS Haxdoor NOT FOUND by this tool! **** **** XMSK Haxdoor NOT FOUND by this tool! **** **** AVPX Haxdoor NOT FOUND by this tool! **** **** MMXF Haxdoor NOT FOUND by this tool! **** **** DP1112 Vundo Rootkit NOT FOUND by this tool! **** **** SYSBUS32 Rootkit Driver NOT FOUND by this tool! **** **** I386P Rootkit Driver NOT FOUND by this tool! **** **** ERSSDD Rootkit NOT FOUND by this tool! **** **** GencTurK RootKit NOT FOUND by this tool! **** **** Troj/NTRootK-BP RootKit NOT FOUND by this tool! **** **** W32/Almanahe.sys NOT FOUND by this tool! **** ************************************************************************************ Dumping HKLM Uninstall Programs list DisplayName REG_SZ a-squared Free 4.5 DisplayName REG_SZ Adobe Flash Player 10 ActiveX DisplayName REG_SZ Adobe Flash Player 10 Plugin DisplayName REG_SZ Adobe Reader 9.1.2 - Português DisplayName REG_SZ Adobe Shockwave Player 11.5 DisplayName REG_SZ Arquivo do WinRAR DisplayName REG_SZ Assistente de Conexão do Windows Live DisplayName REG_SZ Atualização para Windows XP (KB898461) DisplayName REG_SZ Atualização para Windows XP (KB914882) DisplayName REG_SZ Atualização para Windows XP (KB923845) DisplayName REG_SZ Atualização para Windows XP (KB932823-v3) DisplayName REG_SZ Choice Guard DisplayName REG_SZ CircuitMaker 2000 (Professional Edition) DisplayName REG_SZ Counter-Strike DisplayName REG_SZ Counter-Strike CP DisplayName REG_SZ ExplorerXP (remove only) DisplayName REG_SZ Ferramenta de Carregamento do Windows Live DisplayName REG_SZ Fraps (remove only) DisplayName REG_SZ Free Mp3 Wma Converter V 1.81 DisplayName REG_SZ Free YouTube to Mp3 Converter version 3.1 DisplayName REG_SZ Garena DisplayName REG_SZ GTOneCare DisplayName REG_SZ Heroes of Newerth DisplayName REG_SZ High Definition Audio Driver Package - KB888111 DisplayName REG_SZ Hotfix for Windows XP (KB926239) DisplayName REG_SZ Java(TM) 6 Update 16 DisplayName REG_SZ K-Lite Mega Codec Pack 5.1.0 DisplayName REG_SZ Microsoft .NET Framework 2.0 DisplayName REG_SZ Microsoft .NET Framework 2.0 DisplayName REG_SZ Microsoft .NET Framework 3.0 DisplayName REG_SZ Microsoft .NET Framework 3.0 DisplayName REG_SZ Microsoft Application Error Reporting DisplayName REG_SZ Microsoft Compression Client Pack 1.0 for Windows XP DisplayName REG_SZ Microsoft Office XP Professional com FrontPage DisplayName REG_SZ Microsoft Protection Service DisplayName REG_SZ Microsoft User-Mode Driver Framework Feature Pack 1.0 DisplayName REG_SZ Microsoft Visual C++ 2005 Redistributable DisplayName REG_SZ Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 DisplayName REG_SZ Microsoft Windows Live OneCare Resources v2.5.2900.28 DisplayName REG_SZ Microsoft Windows OneCare Live AntiSpyware and AntiVirus DisplayName REG_SZ Microsoft Windows OneCare Live v2.5.2900.28 DisplayName REG_SZ Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install DisplayName REG_SZ Mozilla Firefox (3.5.3) DisplayName REG_SZ MSVCRT DisplayName REG_SZ MSXML 6.0 Parser (KB925673) DisplayName REG_SZ NCsoft Launcher DisplayName REG_SZ NotePad++ 3.6 DisplayName REG_SZ NVIDIA Drivers DisplayName REG_SZ Pando Media Booster DisplayName REG_SZ PokerStars DisplayName REG_SZ PX Engine DisplayName REG_SZ Real Alternative 1.9.0 DisplayName REG_SZ Segoe UI DisplayName REG_SZ Skype web features DisplayName REG_SZ Skype™ 4.1 DisplayName REG_SZ Sony Vegas Pro 8.0 DisplayName REG_SZ SoundMAX DisplayName REG_SZ Steam DisplayName REG_SZ sXe Injected DisplayName REG_SZ System Requirements Lab DisplayName REG_SZ TeamSpeak 2 RC2 DisplayName REG_SZ Truco LigasOnline 1.1 DisplayName REG_SZ Uninstall 1.0.0.1 DisplayName REG_SZ VDownloader 0.83 DisplayName REG_SZ VeryPDF PDF2Word v3.0 DisplayName REG_SZ VobSub v2.23 (Remove Only) DisplayName REG_SZ Warkeys 1.14.1.0b DisplayName REG_SZ WebFldrs XP DisplayName REG_SZ Windows Communication Foundation DisplayName REG_SZ Windows Imaging Component DisplayName REG_SZ Windows Internet Explorer 8 DisplayName REG_SZ Windows Live Call DisplayName REG_SZ Windows Live Communications Platform DisplayName REG_SZ Windows Live Essentials DisplayName REG_SZ Windows Live Essentials DisplayName REG_SZ Windows Live Messenger DisplayName REG_SZ Windows Live OneCare DisplayName REG_SZ Windows Live OneCare safety scanner DisplayName REG_SZ Windows Media Format 11 runtime DisplayName REG_SZ Windows Media Format 11 runtime DisplayName REG_SZ Windows Media Player 11 DisplayName REG_SZ Windows Media Player 11 DisplayName REG_SZ Windows Presentation Foundation DisplayName REG_SZ Windows Workflow Foundation DisplayName REG_SZ XML Paper Specification Shared Components Pack 1.0 ParentDisplayName REG_SZ ParentDisplayName REG_SZ ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Software Updates ##################################################################################################### -- All DONE! ~ ShadowPuterDude ~
  2. i have deleted all of my garena hacks, and here is the new logs; a-squared Free - Versão 4.5 Última atualização 2/10/2009 18:08:35 Configurações da análise: Scan type: deep Objetos: Memória, Rastros, Cookies, C:\ Análise de arquivos: Ligado Heurística: Desligado Análise de ADS: Ligado Início da análise: 3/10/2009 10:23:51 Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\Bifrost --> klg detectado: Trace.Registry.Bifrost!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost --> nck detectado: Trace.Registry.Bifrost!A2 c:\documents and settings\administrador\dados de aplicativos\microsoft\internet explorer\quick launch\advanced virus remover.lnk detectado: Trace.File.Advanced Virus Remover 2009!A2 c:\documents and settings\administrador\menu iniciar\advanced virus remover.lnk detectado: Trace.File.Advanced Virus Remover 2009!A2 Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastD detectado: Trace.Registry.Advanced Virus Remover 2009!A2 Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastScan detectado: Trace.Registry.Advanced Virus Remover 2009!A2 Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastVFC detectado: Trace.Registry.Advanced Virus Remover 2009!A2 Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> VirList detectado: Trace.Registry.Advanced Virus Remover 2009!A2 c:\windows\system32\bifrost detectado: Trace.Directory.maxx.d.free.fr!A2 c:\windows\system32\bifrost\klog.dat detectado: Trace.File.maxx.d.free.fr!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> winupdate.exe detectado: Trace.Registry.trucount3001.com!A2 c:\windows\system32\winupdate.exe detectado: Trace.File.AdvancedVirusRemover!A2 Key: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\software\AVR detectado: Trace.Registry.AdvancedVirusRemover!A2 C:\Documents and Settings\Administrador\Meus documentos\Downloads\Sony Vegas Pro 8.0c Build 260+Keygen[H33T]-MasterUploader\Keygen\Keygen.exe detectado: Riskware.MultiKeygenPatch!IK C:\Program Files\AdvancedVirusRemover\PAVRM.exe detectado: Gen.Trojan!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001849.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001912.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001945.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0002948.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002960.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002967.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002995.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0004073.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004097.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004109.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004146.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004159.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004202.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP19\A0004302.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004310.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004314.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004343.exe detectado: MonitoringTool!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004418.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004427.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004464.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004474.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004503.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004525.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004726.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004775.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004778.exe detectado: MonitoringTool!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004866.exe detectado: BehavesLike!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004898.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004926.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004928.exe detectado: Trojan-Downloader.Win32.Banload!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004930.exe detectado: MonitoringTool!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0005018.exe detectado: BehavesLike!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP33\A0005225.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP57\A0008649.exe detectado: Trojan-Spy.Win32.PcGhost!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP76\A0010957.exe detectado: Gen.Trojan!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011022.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011038.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011054.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011068.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011297.exe detectado: Riskware.Client-IRC.Win32.mIRC!IK C:\WINDOWS\system32\winupdate.exe detectado: Trojan-Downloader.Win32.FraudLoad!IK Analisado Arquivos: 96631 Objetos: 610667 Cookies: 5 Processos: 28 Encontrado Arquivos: 43 Objetos: 13 Cookies: 0 Processos: 0 Chaves do registro: 0 Fim da análise: 3/10/2009 11:34:22 Duração da análise: 1:10:31 ************************************************************************************ ISeeYouXP v2.0 Beta 14 ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan ------------------------------------------------------------------------------------ **** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! **** **** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. **** ************************************************************************************ Windows/Browser/Java Versions: Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Microsoft Windows XP Professional Version: 5.1.2600 Service Pack: 2.0 Windows Directory: C:\WINDOWS Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Internet Explorer Version: 8.0.6001.18702 Build: 86001 Language: Inglˆs (Estados Unidos) Path: C:\Arquivos de programas\Internet Explorer Sun Microsystems Java Runtime Version: 1.6.0_16 Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Boot State: Normal boot Scan done at 11:37:22,54, s b 03/10/2009 ------------------------------------------------------------------------------------ ISeeYouXP installation folder and files "C:\ISeeYouXP\" bootst~1.vbs 28 May 2007 359 "bootstate.vbs" change.log 8 Jun 2008 5012 "change.log" chodefix.bat 18 Apr 2007 5387 "chodefix.bat" fixchode.reg 18 Apr 2007 528 "fixChode.reg" fixexp~1.bat 24 Feb 2007 487 "FixExplorerPolicies.bat" getunk~1.bat 12 Aug 2006 1478 "GetUnKeys.bat" grep.exe 24 Dec 2004 160768 "grep.exe" hideit.bat 17 Oct 2007 1072 "HideIT.bat" ieinfo.vbs 28 May 2007 514 "ieinfo.vbs" iesecu~1.bat 28 Oct 2007 72 "IESecurityZones.bat" iesecu~1.vbs 8 Nov 2007 2399 "IESecurityZones.vbs" iseeyo~1.bat 8 Jun 2008 211377 "ISeeYouXP.bat" libico~1.dll 16 Mar 2004 898048 "libiconv2.dll" libintl3.dll 9 Oct 2004 101888 "libintl3.dll" locate.com 14 Jan 2005 11254 "locate.com" md5sum.exe 5 Aug 2007 49152 "md5sum.exe" msconf~1.bat 24 Feb 2007 578 "MSConfigFix.bat" osinfo.vbs 28 May 2007 598 "osinfo.vbs" pcbutts.txt 25 Mar 2007 5167 "PCBUTTS.TXT" pcre.dll 14 Nov 2004 183313 "pcre.dll" pv.exe 3 Mar 2006 73728 "pv.exe" regedi~1.bat 30 Mar 2007 650 "RegEditFix.bat" regfix.bat 18 Apr 2007 145 "Regfix.bat" servic~1.vbs 28 May 2007 672 "servicesinfo.vbs" showit.bat 17 Oct 2007 1013 "ShowIT.bat" swreg.exe 5 Apr 2007 139776 "swreg.exe" system~1.bat 28 Feb 2007 369 "SystemRestoreFix.bat" taskmg~1.bat 24 Feb 2007 288 "TaskMgrFix.bat" 28 items found: 28 files, 0 directories. Total of file sizes: 1.856.092 bytes 1,77 M ------------------------------------------------------------------------------------ System Environment Variables ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrador\Dados de aplicativos CLIENTNAME=Console CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns COMPUTERNAME=LITE ComSpec=C:\WINDOWS\system32\cmd.exe errcode=0 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrador LOGONSERVER=\\LITE NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0409 ProgramFiles=C:\Arquivos de programas PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp TMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp USERDOMAIN=LITE USERNAME=Administrador USERPROFILE=C:\Documents and Settings\Administrador windir=C:\WINDOWS ------------------------------------------------------------------------------------ Showing any Pocket Killbox backup files No matches found. ------------------------------------------------------------------------------------ Displaying BOOT.INI: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect ------------------------------------------------------------------------------------ Displaying SYSTEM.INI: ; for 16-bit app support [drivers] wave=mmdrv.dll timer=timer.drv [mci] [driver32] [386enh] woafont=app850.FON EGA80WOA.FON=EGA80850.FON EGA40WOA.FON=EGA40850.FON CGA80WOA.FON=CGA80850.FON CGA40WOA.FON=CGA40850.FON ------------------------------------------------------------------------------------ Displaying WIN.INI: ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMC=1 CMCDLLNAME=mapi.dll CMCDLLNAME32=mapi32.dll MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 [MCI Extensions.BAK] aif=MPEGVideo aifc=MPEGVideo aiff=MPEGVideo asf=MPEGVideo asx=MPEGVideo au=MPEGVideo m1v=MPEGVideo m3u=MPEGVideo mp2=MPEGVideo mp2v=MPEGVideo mp3=MPEGVideo mpa=MPEGVideo mpe=MPEGVideo mpeg=MPEGVideo mpg=MPEGVideo mpv2=MPEGVideo snd=MPEGVideo wax=MPEGVideo wm=MPEGVideo wma=MPEGVideo wmv=MPEGVideo wmx=MPEGVideo wvx=MPEGVideo m2v=MPEGVideo mod=MPEGVideo wpl=MPEGVideo ------------------------------------------------------------------------------------ Displaying AUTOEXEC.BAT: ------------------------------------------------------------------------------------ Displaying CONFIG.SYS: ------------------------------------------------------------------------------------ Displaying Running Processes: PROCESS PID PRIO PATH smss.exe 580 Normal C:\WINDOWS\System32\smss.exe csrss.exe 628 Normal C:\WINDOWS\system32\csrss.exe winlogon.exe 668 High C:\WINDOWS\system32\winlogon.exe services.exe 712 Normal C:\WINDOWS\system32\services.exe lsass.exe 724 Normal C:\WINDOWS\system32\lsass.exe GbpSv.exe 880 Normal C:\ARQUIV~1\GbPlugin\GbpSv.exe svchost.exe 912 Normal C:\WINDOWS\system32\svchost.exe svchost.exe 980 Normal C:\WINDOWS\system32\svchost.exe MsMpEng.exe 1072 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe svchost.exe 1116 Normal C:\WINDOWS\System32\svchost.exe svchost.exe 1272 Normal C:\WINDOWS\system32\svchost.exe svchost.exe 1440 Normal C:\WINDOWS\system32\svchost.exe Explorer.EXE 1468 Normal C:\WINDOWS\Explorer.EXE spoolsv.exe 1604 Normal C:\WINDOWS\system32\spoolsv.exe smax4pnp.exe 1756 Normal C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe Smax4.exe 1768 Normal C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe winssnotify.exe 1828 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe jusched.exe 1836 Normal C:\Arquivos de programas\Java\jre6\bin\jusched.exe ctfmon.exe 1936 Normal C:\WINDOWS\system32\ctfmon.exe a2service.exe 1352 Normal C:\Arquivos de programas\a-squared Free\a2service.exe jqs.exe 1464 Idle C:\Arquivos de programas\Java\jre6\bin\jqs.exe nvsvc32.exe 1740 Normal C:\WINDOWS\system32\nvsvc32.exe OcHealthMon.exe 404 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe msfwsvc.exe 1088 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe winss.exe 1316 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe alg.exe 2928 Normal C:\WINDOWS\System32\alg.exe msnmsgr.exe 248 Normal C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe wlcomm.exe 2664 Normal C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe cmd.exe 2980 Normal C:\WINDOWS\system32\cmd.exe ntvdm.exe 2228 Normal C:\WINDOWS\system32\ntvdm.exe wmiprvse.exe 1944 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe pv.exe 1844 Normal C:\ISEEYO~1\pv.exe ------------------------------------------------------------------------------------ Displaying Windows Services: Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Name: a2free Display Name: a-squared Free Service Description: Scans the PC for unwanted software and provides protection from malicious code Path Name: "C:\Arquivos de programas\a-squared Free\a2service.exe" Start Mode: Auto State: Running Name: ALG Display Name: Servi‡o 'Gateway de camada de aplicativo' Description: Fornece suporte a plug-ins de protocolos de terceiros para o Compartilhamento de ConexÆo com a Internet e o Firewall do Windows. Path Name: C:\WINDOWS\System32\alg.exe Start Mode: Manual State: Running Name: AppMgmt Display Name: Gerenciamento de aplicativo Description: Fornece servi‡os de instala‡Æo de software como 'Atribuir', 'Publicar' e 'Remover'. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: aspnet_state Display Name: ASP.NET State Service Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Start Mode: Manual State: Stopped Name: AudioSrv Display Name: µudio do Windows Description: Gerencia dispositivos de udio para programas baseados em Windows. Se este servi‡o for interrompido, os dispositivos de udio e efeitos nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: BITS Display Name: Servi‡o de transferˆncia inteligente de plano de fundo Description: Transfere dados entre clientes e servidores em segundo plano. Se o BITS estiver desabilitado, recursos como o Windows Update nÆo funcionarÆo corretamente. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Browser Display Name: Localizador de computadores Description: Mant‚m uma lista atualizada de computadores na rede e fornece a computadores designados navegadores. Se este servi‡o for interrompido, esta lista nÆo ser atualizada ou mantida. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: ClipSrv Display Name: µrea de armazenamento Description: Permite que o 'Visualizador da rea de armazenamento' armazene informa‡äes e compartilhe-as com computadores remotos. Se o servi‡o for parado, o 'Visualizador da rea de armazenamento' nÆo poder compartilhar informa‡äes com computadores remotos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\clipsrv.exe Start Mode: Disabled State: Stopped Name: clr_optimization_v2.0.50727_32 Display Name: .NET Runtime Optimization Service v2.0.50727_X86 Description: Microsoft .NET Framework NGEN Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Start Mode: Manual State: Stopped Name: COMSysApp Display Name: Aplicativo de sistema COM+ Description: Gerencia a configura‡Æo e o controle dos componentes baseados no modelo de objeto componente (COM)+. Se o servi‡o parar, a maioria dos componentes baseados no COM+ nÆo funcionar adequadamente. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele falhar ao ser iniciado. Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Start Mode: Manual State: Stopped Name: CryptSvc Display Name: Servi‡os de criptografia Description: Fornece trˆs servi‡os de gerenciamento: servi‡o de banco de dados de cat logo, que confirma as assinaturas dos arquivos do Windows; servi‡o de raiz protegida, que adiciona e remove certificados de autoridades de certifica‡Æo raiz deste computador, e o servi‡o de chave, que ajuda a registrar este computador para certificados. Se este servi‡o for interrompido, esses servi‡os de gerenciamento nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente deixarÆo de ser iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: DcomLaunch Display Name: Inicializador de Processo de Servidor DCOM Description: Fornece funcionalidade de inicializa‡Æo para servi‡os DCOM. Path Name: C:\WINDOWS\system32\svchost -k DcomLaunch Start Mode: Auto State: Running Name: Dhcp Display Name: Cliente DHCP Description: Gerencia a configura‡Æo de rede registrando e atualizando endere‡os IP e nomes DNS. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: dmadmin Display Name: Servi‡o administrativo do gerenciador de disco l¢gico Description: Configura volumes e unidades de disco r¡gido. O servi‡o ‚ executado apenas para processos de configura‡Æo e depois p ra. Path Name: C:\WINDOWS\System32\dmadmin.exe /com Start Mode: Manual State: Stopped Name: dmserver Display Name: Gerenciador de discos l¢gicos Description: Detecta e monitora novas unidades de disco r¡gido e envia as informa‡äes de volume de disco para o servi‡o administrativo de gerenciador de discos l¢gicos para configura‡Æo. Se este servi‡o for parado, o status de disco dinƒmico e as informa‡äes de configura‡Æo podem se tornar obsoletos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicittamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Dnscache Display Name: Cliente DNS Description: Resolve e armazena em cache nomes Domain Name System (DNS) para este computador. Se este servi‡o for parado, o computador nÆo poder resolver nomes DNS nem localizador controladores de dom¡nio do Active Directory. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k NetworkService Start Mode: Auto State: Running Name: ERSvc Display Name: Erro ao informar o servi‡o Description: Permite informar erros de servi‡os e aplicativos executados em ambientes nÆo padrÆo. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Eventlog Display Name: Log de eventos Description: Registra mensagens de eventos emitidas por Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Path Name: C:\WINDOWS\system32\services.exe Start Mode: Auto State: Running Name: EventSystem Display Name: Sistema de eventos COM+ Description: D suporte para o servi‡o de notifica‡Æo de eventos do sistema (SENS), o qual fornece distribui‡Æo autom tica dos eventos para inscrever componentes do modelo de objeto componente (COM). Se o servi‡o for interrompido, o SENS ser fechado e nÆo poder fornecer notifica‡äes de logon e logoff. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele ir falhar ao ser iniciado. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: FastUserSwitchingCompatibility Display Name: Compatibilidade com 'Troca r pida de usu rio' Description: Fornece gerenciamento de aplicativos que exigem assistˆncia em um ambiente de v rios usu rios. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: FontCache3.0.0.0 Display Name: Windows Presentation Foundation Font Cache 3.0.0.0 Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications. Path Name: c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe Start Mode: Manual State: Stopped Name: GbpSv Display Name: Gbp Service Description: Service for G-Buster Browser Defense Path Name: C:\ARQUIV~1\GbPlugin\GbpSv.exe Start Mode: Auto State: Running Name: helpsvc Display Name: Ajuda e suporte Description: Permite que o 'Centro de ajuda e suporte' seja executado neste computador. Se esse servi‡o for interrompido, o 'Centro de ajuda e suporte' nÆo estar dispon¡vel. Se esse servi‡o for desativado, haver falha na inicializa‡Æo de todos os servi‡os que dependem dele de forma expl¡cita. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: HidServ Display Name: HID Input Service Description: Permite acesso de entrada gen‚rica a dispositivos de interface humana (Human Interface Devices, HID), que ativam e mantˆm o uso de botäes ativados predefinidos em teclados, controles remotos e outros dispositivos de multim¡dia. Se este servi‡o for parado, os botäes ativados controlados pelo servi‡o deixarÆo de funcionar. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: HTTPFilter Display Name: HTTP SSL Description: Este servi‡o implementa o protocolo de transferˆncia segura de hipertexto (HTTPS) para o servi‡o HTTP, usando a camada de soquete seguro (SSL). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k HTTPFilter Start Mode: Manual State: Stopped Name: idsvc Display Name: Windows CardSpace Description: Securely enables the creation, management, and disclosure of digital identities. Path Name: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" Start Mode: Manual State: Stopped Name: JavaQuickStarterService Display Name: Java Quick Starter Description: Prefetches JRE files for faster startup of Java applets and applications Path Name: "C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf" Start Mode: Auto State: Running Name: lanmanserver Display Name: Servidor Description: Oferece suporte a compartilhamento na rede de arquivo, impressÆo e pipes nomeados para este computador. Se este servi‡o for interrompido, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: lanmanworkstation Display Name: Esta‡Æo de trabalho Description: Cria e mant‚m conexäes de rede de cliente com servidores remotos. Se este servi‡o for interrompido, essas conexäes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam nÆo serÆo inicializados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: LmHosts Display Name: Auxiliar NetBIOS TCP/IP Description: Ativa o suporte a NetBIOS atrav‚s do servi‡o TCP/IP (NetBT) e da resolu‡Æo de nomes NetBIOS. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: MSDTC Display Name: Coordenador de transa‡äes distribu¡das Description: Coordena transa‡äes que abrangem m£ltiplos gerenciadores de recursos, tais como bancos de dados, filas de mensagens e sistemas de arquivos. Se este servi‡o for interrompido, essas transa‡äes nÆo ocorrerÆo. Se este servi‡o for desativado, os servi‡os que dependem explicitamente dele falharÆo ao serem iniciados. Path Name: C:\WINDOWS\system32\msdtc.exe Start Mode: Manual State: Stopped Name: msfwsvc Display Name: OneCare Firewall Description: OneCare Firewall Path Name: "C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe" Start Mode: Auto State: Running Name: MSIServer Display Name: Windows Installer Description: Adiciona, modifica e remove aplicativos fornecidos como um pacote do Windows Installer (*.msi). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\msiexec.exe /V Start Mode: Manual State: Stopped Name: NetDDE Display Name: DDE de rede Description: Fornece transporte e seguran‡a de rede para Dynamic Data Exchange (DDE) para programas executados no mesmo computador ou em computadores diferentes. Se este servi‡o for parado, o transporte e seguran‡a DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\netdde.exe Start Mode: Disabled State: Stopped Name: NetDDEdsdm Display Name: DSDM de DDE de rede Description: Gerencia compartilhamentos de rede do tipo DDE (Dynamic Data Exchange). Se este servi‡o for parado, os compartilhamentos de rede DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\netdde.exe Start Mode: Disabled State: Stopped Name: Netlogon Display Name: Logon de rede Description: D suporte … autentica‡Æo de passagem de eventos de logon de contas para os computadores de um dom¡nio. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Manual State: Stopped Name: Netman Display Name: Conexäes de rede Description: Gerencia objetos da pasta de conexäes de rede e Dial-Up, na qual vocˆ pode exibir conexäes remotas e de rede local. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: NetTcpPortSharing Display Name: Net.Tcp Port Sharing Service Description: Provides ability to share TCP ports over the net.tcp protocol. Path Name: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" Start Mode: Disabled State: Stopped Name: Nla Display Name: Reconhecimento de local da rede (NLA) Description: Re£ne e armazena informa‡äes sobre configura‡äes e locais da rede, bem como notifica os aplicativos quando essas informa‡äes sÆo alteradas. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: npggsvc Display Name: nProtect GameGuard Service Description: nProtect GameGuard Service Path Name: C:\WINDOWS\system32\GameMon.des -service Start Mode: Manual State: Stopped Name: NtLmSsp Display Name: Fornecedor de suporte de seguran‡a NT LM Description: Fornece seguran‡a a programas de chamada de procedimento remoto (remote procedure call, RPC) que usam transportes que nÆo pipes nomeados. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Manual State: Stopped Name: NtmsSvc Display Name: Armazenamento remov¡vel Description: Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: NVSvc Display Name: NVIDIA Display Driver Service Description: Provides system and desktop level support to the NVIDIA display driver Path Name: C:\WINDOWS\system32\nvsvc32.exe Start Mode: Auto State: Running Name: OcHealthMon Display Name: Windows Live OneCare Health Monitor Description: Helps recover the Windows Live OneCare service and improve service health. This services provides a backup mechanism to the Windows Live OneCare service and will attempt to recover it, if it is detected to be stopped. Path Name: "C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe" Start Mode: Auto State: Running Name: OneCareMP Display Name: OneCare AntiSpyware and AntiVirus Description: Helps protect users from spyware and other potentially unwanted software Path Name: "C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe" Start Mode: Auto State: Running Name: PlugPlay Display Name: Plug and Play Description: Permite que um computador reconhe‡a e se adapte a altera‡äes de hardware com pouca ou nenhuma interven‡Æo do usu rio. Se este servi‡o for parado ou desativado, o sistema se tornar inst vel. Path Name: C:\WINDOWS\system32\services.exe Start Mode: Auto State: Running Name: PolicyAgent Display Name: Servi‡os IPSEC Description: Gerencia a diretiva de seguran‡a IP e inicia o ISAKMP/Oakley (IKE) e o driver de seguran‡a IP. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: ProtectedStorage Display Name: Armazenamento protegido Description: Fornece o armazenamento protegido para dados sens¡veis, como chaves privadas, para evitar o acesso de servi‡os, processos ou usu rios sem autoriza‡Æo. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: RasAuto Display Name: Gerenciador de conexÆo de acesso remoto autom tico Description: Cria uma conexÆo a uma rede remota sempre que um programa faz referˆncia a um nome ou endere‡o remoto DNS ou NetBios. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: RasMan Display Name: Gerenciador de conexÆo de acesso remoto Description: Cria uma conexÆo de rede. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: RDSessMgr Display Name: Gerenciador de sessÆo de ajuda de rea de trabalho remota Description: Gerencia e controla a 'Assistˆncia remota'. Se esse servi‡o for interrompido, a 'Assistˆncia remota' ficar indispon¡vel. Antes de interromper esse servi‡o, consulte a guia 'Dependˆncias' da caixa de di logo 'Propriedades'. Path Name: C:\WINDOWS\system32\sessmgr.exe Start Mode: Manual State: Stopped Name: RemoteAccess Display Name: Roteamento e acesso remoto Description: Oferece servi‡os de roteamento a empresas em ambientes de rede local e de longa distƒncia. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: RemoteRegistry Display Name: Registro remoto Description: Permite que usu rios remotos modifiquem configura‡äes do Registro neste computador. Se este servi‡o for parado, o Registro s¢ poder ser modificado por usu rios deste computador. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: RpcLocator Display Name: Alocador Remote Procedure Call (RPC) Description: Gerencia o banco de dados do servi‡o de nomes RPC. Path Name: C:\WINDOWS\system32\locator.exe Start Mode: Manual State: Stopped Name: RpcSs Display Name: Chamada de procedimento remoto (RPC) Description: Fornece o mapeador de ponto de extremidade e outros servi‡os RPC variados. Path Name: C:\WINDOWS\system32\svchost -k rpcss Start Mode: Auto State: Running Name: RSVP Display Name: QoS RSVP Description: Fornece a funcionalidade de sinaliza‡Æo de rede e configura‡Æo do controle do tr fego local para programas compat¡veis com QoS e miniaplicativos de controle. Path Name: C:\WINDOWS\system32\rsvp.exe Start Mode: Manual State: Stopped Name: SamSs Display Name: Gerenciador de contas de seguran‡a Description: Armazena informa‡äes sobre seguran‡a para contas de usu rio local. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: SCardSvr Display Name: CartÆo inteligente Description: Gerencia o acesso a leitores de cartÆo inteligente por este computador. Se este servi‡o for parado, o computador nÆo poder ler cartäes inteligentes. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\SCardSvr.exe Start Mode: Manual State: Stopped Name: Schedule Display Name: Agendador de tarefas Description: Permite que um usu rio configure e agende tarefas automatizadas no computador. Se este servi‡o for interrompido, essas tarefas nÆo serÆo executadas nos hor rios agendados. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: seclogon Display Name: Logon secund rio Description: Ativa a inicializa‡Æo de processos sob credenciais alternadas. Se este servi‡o for interrompido, este tipo de acesso por logon nÆo estar dispon¡vel. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SENS Display Name: Notifica‡Æo de eventos de sistema Description: Rastreia eventos do sistema como eventos de logon do Windows, rede e energia. Notifica assinantes do Sistema de evento COM+ destes eventos. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SharedAccess Display Name: Firewall do Windows/Compartilhamento de ConexÆo com a Internet (ICS) Description: Fornece servi‡os de conversÆo de endere‡os de rede, endere‡amento e resolu‡Æo de nomes e/ou preven‡Æo de invasÆo para uma rede dom‚stica ou de pequena empresa. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: ShellHWDetection Display Name: Detec‡Æo do hardware do shell Description: Fornece notifica‡äes de eventos de hardware 'Reprodu‡Æo autom tica'. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Spooler Display Name: Spooler de impressÆo Description: Carrega arquivos na mem¢ria para impressÆo posterior. Path Name: C:\WINDOWS\system32\spoolsv.exe Start Mode: Auto State: Running Name: srservice Display Name: Servi‡o de restaura‡Æo do sistema Description: Executa fun‡äes de restaura‡Æo do sistema. Para interromper o servi‡o, desative a 'Restaura‡Æo do sistema' na guia 'Restaura‡Æo do sistema' em 'Meu computador' -> 'Propriedades' Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SSDPSRV Display Name: Servi‡o de descoberta SSDP Description: Ativa a descoberta de dispositivos UPnP na rede dom‚stica. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Manual State: Running Name: stisvc Display Name: Assistente de aquisi‡Æo de imagens do Windows (WIA) Description: Fornece servi‡os de aquisi‡Æo de imagens para scanners e cƒmeras Path Name: C:\WINDOWS\system32\svchost.exe -k imgsvc Start Mode: Manual State: Stopped Name: SwPrv Display Name: MS Software Shadow Copy Provider Description: Gerencia c¢pias de sombra de volume baseadas em software obtidas pelo servi‡o de c¢pias de sombra de volume. Se o servi‡o for interrompido, as c¢pias de sombra baseadas em software nÆo poderÆo ser gerenciadas. Se o servi‡o for desativado, os servi‡os que dependerem dele diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{CC818B09-A739-4424-9B8F-27A052D7B1C4} Start Mode: Manual State: Stopped Name: SysmonLog Display Name: Logs e alertas de desempenho Description: Coleta dados de desempenho de computadores locais ou remotos com base em parƒmetros de agendamento pr‚-configurados; em seguida, grava os dados em um log ou dispara um alerta. Se este servi‡o for parado, as informa‡äes de desempenho nÆo serÆo coletadas. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\smlogsvc.exe Start Mode: Manual State: Stopped Name: TapiSrv Display Name: Telefonia Description: Fornece suporte … telefonia API (TAPI) para programas que controlam dispositivos de telefonia e conexäes de voz baseadas em IP no computador local e, atrav‚s da rede local, em servidores que tamb‚m estÆo executando o servi‡o. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: TermService Display Name: Servi‡os de terminal Description: Permite que v rios usu rios sejam conectados interativamente a um computador e que as reas de trabalho e os aplicativos sejam exibidos a computadores remotos. A base da rea de trabalho remota (inclusive a rea de trabalho remota para administradores), da op‡Æo de alternar-se rapidamente entre usu rios, da assistˆncia remota e do Terminal Server. Path Name: C:\WINDOWS\System32\svchost -k DComLaunch Start Mode: Manual State: Running Name: Themes Display Name: Temas Description: Fornece gerenciamento de temas para experiˆncia do usu rio. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: TlntSvr Display Name: Telnet Description: Permite que um usu rio remoto fa‡a logon neste computador e execute programas. Fornece suporte a v rios clientes Telnet TCP/IP, inclusive computadores baseados em UNIX e Windows. Se este servi‡o for parado, o acesso de usu rios remotos a programas poder nÆo estar dispon¡vel. Se este servi‡o for desativado, os servi‡os que dependem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\tlntsvr.exe Start Mode: Disabled State: Stopped Name: TrkWks Display Name: Cliente de rastreamento de link distribu¡do Description: Mant‚m v¡nculos entre arquivos NTFS em um computador ou entre computadores em um dom¡nio de rede. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: upnphost Display Name: Host de dispositivo Plug and Play universal Description: Oferece suporte para hospedar dispositivos Plug and Play universais. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Manual State: Running Name: UPS Display Name: Sistema de alimenta‡Æo ininterrupta Description: Gerencia o sistema de alimenta‡Æo ininterrupto (no-break) conectado ao computador. Path Name: C:\WINDOWS\System32\ups.exe Start Mode: Manual State: Stopped Name: VSS Display Name: C¢pia de volume em mem¢ria Description: Gerencia e implementa c¢pias de volume em mem¢ria usados para o backup e outros prop¢sitos. Se este servi‡o for interrompido, as c¢pias em mem¢ria nÆo estarÆo dispon¡veis para backup e o backup pode falhar. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\vssvc.exe Start Mode: Manual State: Stopped Name: W32Time Display Name: Hor rio do Windows Description: Mant‚m sincroniza‡Æo de data e hora em todos os clientes e servidores da rede. Se este servi‡o for interrompido, a sincroniza‡Æo nÆo ficar dispon¡vel. Se este servi‡o for desativado, os servi‡os que dele dependem explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WebClient Display Name: Cliente da Web Description: Permite que programas baseados em Windows criem, acessem e modifiquem arquivos baseados na Internet. Se este servi‡o for interrompido, essas fun‡äes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: winmgmt Display Name: Testador de instrumenta‡Æo de gerenciam. do Windows Description: Fornece uma interface comum e um modelo de objeto para o acesso a informa‡äes de gerenciamento sobre o sistema operacional, dispositivos, aplicativos e servi‡os. Se esse servi‡o for parado, a maioria dos itens de software baseados no Windows nÆo funcionar corretamente. Se este servi‡o for desativado, os servi‡os que dependerem explicitamente dele nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: winss Display Name: Windows Live OneCare Description: Helps manage PC security and overall health by providing virus and spyware monitoring, firewall, backup, and other services. If this service is stopped, this computer might be at risk from viruses and other threats. Path Name: C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe Start Mode: Auto State: Running Name: WmdmPmSN Display Name: Portable Media Serial Number Service Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: Wmi Display Name: Extensäes de driver de instrum. gerenc. do Windows Description: Fornece informa‡äes sobre gerenciamento de sistemas para drivers e de drivers. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: WmiApSrv Display Name: Adaptador de desempenho WMI Description: Fornece informa‡äes da biblioteca de desempenho dos provedores HiPerf WMI. Path Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe Start Mode: Manual State: Stopped Name: WMPNetworkSvc Display Name: Servi‡o de Compartilhamento de Rede do Windows Media Player Description: Compartilha bibliotecas do Windows Media Player com outros players e dispositivos de m¡dia da rede por meio de Universal Plug and Play Path Name: "C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe" Start Mode: Manual State: Stopped Name: wuauserv Display Name: Atualiza‡äes Autom ticas Description: Ativa o download e instala‡Æo das atualiza‡äes do Windows. Se este servi‡o for desabilitado, o computador nÆo ser capaz de usar o recurso de Atualiza‡äes Autom ticas nem o site do Windows Update na web. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WudfSvc Display Name: Windows Driver Foundation - User-mode Driver Framework Description: Manages user-mode driver host processes Path Name: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup Start Mode: Manual State: Stopped Name: WZCSVC Display Name: Configura‡Æo zero sem fio Description: Fornece configura‡Æo autom tica para os adaptadores 802.11 Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: xmlprov Display Name: Servi‡o de Configura‡Æo de Rede Description: Gerencia arquivos de configura‡Æo XML por dom¡nio para configura‡Æo autom tica de rede. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped ------------------------------------------------------------------------------------ Displaying LOG for Microsoft Windows Malicious Software Removal Tool: --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.14, September 2009 Started On Fri Oct 02 13:51:38 2009 Extended Scan Results ---------------- ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32)) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.14, September 2009 Started On Fri Oct 02 15:19:56 2009 Extended Scan Results ---------------- Found potential malware: TrojanDownloader:Win32/Renos in process://pid:184 ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32)) -> Sysclean ERROR: Internal error, code = 8050800C Results Summary: ---------------- Found TrojanDownloader:Win32/Renos (detected generically) Return code: 6 Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 02 16:43:36 2009 Removal Tool Finished On Fri Oct 02 16:32:45 2009 ---------------------------------------------------------------------------- Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys if Hidden = 0 then Hidden Files and Folders are not shown if SuperHidden = 1 is the desired default value. if ShowSuperHidden = 0 then System Files are not shown if HideFileExt = 1 then File Extension are not shown We want their values to be (from top to bottom) 1,1,1,0 ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced Hidden REG_DWORD 1 (0x1) SuperHidden REG_DWORD 1 (0x1) ShowSuperHidden REG_DWORD 1 (0x1) HideFileExt REG_DWORD 0 (0x0) ************************************************************************************ Examining Select Windows Registry Keys ------------------------------------------------------------------------------------ -------------------------------------------------------------------------- Items Found in ZoneMap\Domains: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com ---------------------------------------------------------------------------- Current User ZoneMap ProtocolDefaults ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults <NO NAME> REG_SZ http REG_DWORD 3 (0x3) https REG_DWORD 3 (0x3) ftp REG_DWORD 3 (0x3) file REG_DWORD 3 (0x3) @ivt REG_DWORD 1 (0x1) shell REG_DWORD 0 (0x0) ---------------------------------------------------------------------------- Default URL Prefix Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix <NO NAME> REG_SZ http:// HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes ftp REG_SZ ftp:// gopher REG_SZ gopher:// home REG_SZ http:// mosaic REG_SZ http:// www REG_SZ http:// -------------------------------------------------------------------------- Startup Items Disabled via MSCONFIG: -------------------------------------------------------------------------- -------------------------------------------------------------------------- Select AutoRun Registry Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe uTorrent REG_SZ "C:\Arquivos de programas\uTorrent\uTorrent.exe" Skype REG_SZ "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized DAEMON Tools Lite REG_SZ "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun NCsoft Launcher REG_SZ C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe /Minimized Advanced Virus Remover REG_SZ C:\Program Files\AdvancedVirusRemover\PAVRM.exe HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run nwiz REG_SZ nwiz.exe /install NvMediaCenter REG_SZ RunDLL32.exe NvMCTray.dll,NvTaskbarInit High Definition Audio Property Page Shortcut REG_SZ HDAShCut.exe SoundMAXPnP REG_SZ C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe SoundMAX REG_SZ "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray Adobe Reader Speed Launcher REG_SZ "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" mspaint REG_SZ "C:\WINDOWS\system32\paint.exe" -autocheck winupdate.exe REG_SZ C:\WINDOWS\system32\winupdate.exe OneCareUI REG_SZ "C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe" SunJavaUpdateSched REG_SZ "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex HKEY_USERS\.default\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce nltide_3 REG_EXPAND_SZ rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce nltide_3 REG_EXPAND_SZ rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\runonce nltide_3 REG_EXPAND_SZ rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\runonce nltide_3 REG_EXPAND_SZ rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N -------------------------------------------------------------------------- WinLogon Notify Registry Key: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) MaxWait REG_DWORD 258 (0x102) DllName REG_SZ C:\Arquivos de programas\GbPlugin\gbieh.dll Startup REG_SZ GbPluginEventStartup HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ crypt32.dll Logoff REG_SZ ChainWlxLogoffEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ cryptnet.dll Logoff REG_SZ CryptnetWlxLogoffEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll DLLName REG_SZ cscdll.dll Logon REG_SZ WinlogonLogonEvent Logoff REG_SZ WinlogonLogoffEvent ScreenSaver REG_SZ WinlogonScreenSaverEvent Startup REG_SZ WinlogonStartupEvent Shutdown REG_SZ WinlogonShutdownEvent StartShell REG_SZ WinlogonStartShellEvent Impersonate REG_DWORD 0 (0x0) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp DLLName REG_SZ wlnotify.dll Logon REG_SZ SCardStartCertProp Logoff REG_SZ SCardStopCertProp Lock REG_SZ SCardSuspendCertProp Unlock REG_SZ SCardResumeCertProp Enabled REG_DWORD 1 (0x1) Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule Asynchronous REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0 (0x0) StartShell REG_SZ SchedStartShell Logoff REG_SZ SchedEventLogOff HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy Logoff REG_SZ WLEventLogoff Impersonate REG_DWORD 0 (0x0) Asynchronous REG_DWORD 1 (0x1) DllName REG_EXPAND_SZ sclgntfy.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn DLLName REG_SZ WlNotify.dll Lock REG_SZ SensLockEvent Logon REG_SZ SensLogonEvent Logoff REG_SZ SensLogoffEvent Safe REG_DWORD 1 (0x1) MaxWait REG_DWORD 600 (0x258) StartScreenSaver REG_SZ SensStartScreenSaverEvent StopScreenSaver REG_SZ SensStopScreenSaverEvent Startup REG_SZ SensStartupEvent Shutdown REG_SZ SensShutdownEvent StartShell REG_SZ SensStartShellEvent PostShell REG_SZ SensPostShellEvent Disconnect REG_SZ SensDisconnectEvent Reconnect REG_SZ SensReconnectEvent Unlock REG_SZ SensUnlockEvent Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv Asynchronous REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0 (0x0) Logoff REG_SZ TSEventLogoff Logon REG_SZ TSEventLogon PostShell REG_SZ TSEventPostShell Shutdown REG_SZ TSEventShutdown StartShell REG_SZ TSEventStartShell Startup REG_SZ TSEventStartup MaxWait REG_DWORD 600 (0x258) Reconnect REG_SZ TSEventReconnect Disconnect REG_SZ TSEventDisconnect HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon DLLName REG_SZ wlnotify.dll Logon REG_SZ RegisterTicketExpiredNotificationEvent Logoff REG_SZ UnregisterTicketExpiredNotificationEvent Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) -------------------------------------------------------------------------- Shared Task Scheduler Registry Items: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Pré-carregador Browseui {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Daemon de cache de categorias de componente -------------------------------------------------------------------------- Scheduled Tasks: -------------------------------------------------------------------------- O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 50E8-DE77 Pasta de C:\WINDOWS\tasks 05/09/2009 08:48 <DIR> . 05/09/2009 08:48 <DIR> .. 28/10/2001 11:07 65 desktop.ini 03/10/2009 09:35 6 SA.DAT 2 arquivo(s) 71 bytes Total de arquivos na lista: 2 arquivo(s) 71 bytes 2 pasta(s) 114.403.422.208 bytes dispon¡veis HR C:\WINDOWS\tasks\desktop.ini A H C:\WINDOWS\tasks\SA.DAT ---------------------------------------------------------------------------- ShellExecuteHooks Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ {E37CB5F0-51F5-4395-A808-5FA49E399F83} REG_SZ GbPlugin ShlObj ---------------------------------------------------------------------------- ShellServiceObjectDelayLoad Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9} CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9} WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED} SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153} WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5} ---------------------------------------------------------------------------- ModuleUsage Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll .Owner REG_SZ {5ED80217-570B-4DA9-BF44-BE107C0EC166} {5ED80217-570B-4DA9-BF44-BE107C0EC166} REG_SZ ---------------------------------------------------------------------------- BHO Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <NO NAME> REG_SZ AcroIEHelperStub NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB} <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000} <NO NAME> REG_SZ G-Buster Browser Defense HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} <NO NAME> REG_SZ JQSIEStartDetectorImpl NoExplorer REG_DWORD 1 (0x1) -------------------------------------------------------------------------- Select Policy Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) ForceClassicControlPanel REG_DWORD 1 (0x1) NoStartBanner REG_DWORD 1 (0x1) NoLowDiskSpaceChecks REG_DWORD 1 (0x1) NoRecentDocsMenu REG_DWORD 1 (0x1) NoRecentDocsHistory REG_DWORD 1 (0x1) NoResolveTrack REG_DWORD 1 (0x1) LinkResolveIgnoreLinkInfo REG_DWORD 1 (0x1) NoResolveSearch REG_DWORD 1 (0x1) NoSetActiveDesktop REG_DWORD 1 (0x1) NoActiveDesktopChanges REG_DWORD 1 (0x1) HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableTaskMgr REG_DWORD 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer NoDesktopCleanupWizard REG_DWORD 1 (0x1) NoSetActiveDesktop REG_DWORD 1 (0x1) NoActiveDesktopChanges REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system dontdisplaylastusername REG_DWORD 0 (0x0) legalnoticecaption REG_SZ legalnoticetext REG_SZ shutdownwithoutlogon REG_DWORD 1 (0x1) undockwithoutlogon REG_DWORD 1 (0x1) HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) ForceClassicControlPanel REG_DWORD 1 (0x1) NoStartBanner REG_DWORD 1 (0x1) NoLowDiskSpaceChecks REG_DWORD 1 (0x1) NoRecentDocsMenu REG_DWORD 1 (0x1) NoRecentDocsHistory REG_DWORD 1 (0x1) NoResolveTrack REG_DWORD 1 (0x1) LinkResolveIgnoreLinkInfo REG_DWORD 1 (0x1) NoResolveSearch REG_DWORD 1 (0x1) HKEY_USERS\.default\software\microsoft\windows\currentversion\policies HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) ForceClassicControlPanel REG_DWORD 1 (0x1) NoStartBanner REG_DWORD 1 (0x1) NoLowDiskSpaceChecks REG_DWORD 1 (0x1) NoRecentDocsMenu REG_DWORD 1 (0x1) NoRecentDocsHistory REG_DWORD 1 (0x1) NoResolveTrack REG_DWORD 1 (0x1) LinkResolveIgnoreLinkInfo REG_DWORD 1 (0x1) NoResolveSearch REG_DWORD 1 (0x1) ************************************************************************************ Checking File System for suspicious Files -------------------------------------------------------------------------- Items in the Root Directory: -------------------------------------------------------------------------- Locating all files created in C:\ "C:\" ARQUIV~1 6 Jul 2009 "Arquivos de programas" autoexec.bat 6 Jul 2009 0 "AUTOEXEC.BAT" boot.ini 6 Jul 2009 211 "boot.ini" bootfont.bin 28 Oct 2001 4952 "Bootfont.bin" config.sys 6 Jul 2009 0 "CONFIG.SYS" DOCUME~1 6 Jul 2009 "Documents and Settings" FRAPS 30 Jul 2009 "Fraps" GOOGLE~1 21 Sep 2009 "GoogleAppEngine" io.sys 6 Jul 2009 0 "IO.SYS" ISEEYO~1 2 Oct 2009 "ISeeYouXP" msdos.sys 6 Jul 2009 0 "MSDOS.SYS" ntdetect.com 3 Aug 2004 47564 "NTDETECT.COM" ntldr 3 Aug 2004 251168 "ntldr" pagefile.sys 3 Oct 2009 1610612736 "pagefile.sys" PROGRA~1 14 Jul 2009 "Program Files" RECYCLER 6 Jul 2009 "RECYCLER" SYSTEM~1 6 Jul 2009 "System Volume Information" TMP 5 Sep 2009 "tmp" WINDOWS 6 Jul 2009 "WINDOWS" 19 items found: 9 files (7 H/S), 10 directories (2 H/S). Total of file sizes: 1.610.916.631 bytes 1,50 G -------------------------------------------------------------------------- Locating all Backup files on C: -------------------------------------------------------------------------- Locating all *.BAK* files "C:\Arquivos de programas\Analog Devices\SoundMAX\" smaxlo~1.bak 6 Jul 2009 3322 "SMax.log.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\" sfconf~1.bak 10 Sep 2008 408832 "sfconfigmgr.dll.bak" sfmark~1.bak 10 Sep 2008 1535232 "sfmarket2.dll.bak" sfs4rw~1.bak 10 Sep 2008 1188096 "sfs4rw.dll.bak" vegas8~1.bak 10 Sep 2008 11515136 "vegas80.exe.bak" "C:\WINDOWS\Debug\UserMode\" userenv.bak 18 Sep 2009 309204 "userenv.bak" "C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\" mchamm~1.bak 6 Aug 2008 1317888 "mchammer.dll.bak" sffrgp~1.bak 10 Sep 2008 1298688 "sffrgpnv.dll.bak" sfppac~1.bak 10 Sep 2008 1665280 "sfppack1.dll.bak" sfppac~2.bak 10 Sep 2008 1845504 "sfppack2.dll.bak" sfppac~3.bak 10 Sep 2008 1561856 "sfppack3.dll.bak" sfresf~1.bak 6 Aug 2008 1282048 "sfresfilter.dll.bak" sftrkf~1.bak 10 Sep 2008 1531648 "sftrkfx1.dll.bak" sfxpfx~1.bak 10 Sep 2008 1287936 "sfxpfx1.dll.bak" sfxpfx~2.bak 10 Sep 2008 1291520 "sfxpfx2.dll.bak" sfxpfx~3.bak 10 Sep 2008 1425664 "sfxpfx3.dll.bak" xpviny~1.bak 6 Aug 2008 1340928 "xpvinyl.dll.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\External Control Drivers\" spcons~1.bak 10 Sep 2008 1981952 "spconsoleopt.dll.bak" spgenc~1.bak 10 Sep 2008 1696256 "spgenctrlopt.dll.bak" spmack~1.bak 10 Sep 2008 1759744 "spmackiectrlopt.dll.bak" tranzp~1.bak 10 Sep 2008 855552 "tranzport.dll.bak" "C:\WINDOWS\Debug\Setup\Backup\" hdaudi~1.bak 3 Oct 2009 0 "HDAUDIO_Backup.bak" intppm~1.bak 3 Oct 2009 4 "INTPPM_Backup.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\" ac3plu~1.bak 10 Sep 2008 2015488 "ac3plug.dll.bak" ac3plu~2.bak 10 Sep 2008 1188096 "ac3plugrw.dll.bak" "C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\" brndlog.bak 6 Jul 2009 141 "brndlog.bak" "C:\Documents and Settings\Default User\Dados de aplicativos\Microsoft\Internet Explorer\" brndlog.bak 6 Jul 2009 113 "brndlog.bak" "C:\WINDOWS\pchealth\helpctr\Config\Cache\" profes~1.bak 31 Jul 2009 181272 "Professional_32_1046.dat.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\ac3market\" sfconf~1.bak 10 Sep 2008 408832 "sfconfigmgr.dll.bak" sfmark~1.bak 10 Sep 2008 1535232 "sfmarket2.dll.bak" "C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Office\Data\" data.bak 10 Feb 2001 1106 "DATA.BAK" "C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos\Microsoft\Internet Explorer\" brndlog.bak 6 Jul 2009 113 "brndlog.bak" 32 items found: 32 files, 0 directories. Total of file sizes: 42.432.683 bytes 40,46 M -------------------------------------------------------------------------- Locating all copies of Internet Explorer on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\Arquivos de programas\Internet Explorer\" iexplore.exe 8 Mar 2009 638816 "iexplore.exe" "C:\WINDOWS\ie8\" iexplore.exe 3 Aug 2004 93184 "iexplore.exe" "C:\WINDOWS\system32\dllcache\" iexplore.exe 8 Mar 2009 638816 "iexplore.exe" "C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\" iexplore.exe 13 Apr 2008 93184 "iexplore.exe" "C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\" iexplore.exe 3 Aug 2004 93184 "iexplore.exe" 5 items found: 5 files, 0 directories. Total of file sizes: 1.557.184 bytes 1,48 M -------------------------------------------------------------------------- Locating all copies of beep.sy_ on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer No matches found. -------------------------------------------------------------------------- Locating all copies of beep.sys on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\WINDOWS\system32\drivers\" beep.sys 28 Oct 2001 4224 "beep.sys" 1 item found: 1 file, 0 directories. Total of file sizes: 4.224 bytes 4,13 K -------------------------------------------------------------------------- Locating all copies of Windows Explorer on C: -------------------------------------------------------------------------- Locating all copies of Windows Explorer "C:\WINDOWS\" explorer.exe 3 Aug 2004 1034240 "explorer.exe" "C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\" explorer.exe 13 Apr 2008 1035776 "explorer.exe" "C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\" explorer.exe 3 Aug 2004 1034240 "explorer.exe" 3 items found: 3 files, 0 directories. Total of file sizes: 3.104.256 bytes 2,96 M -------------------------------------------------------------------------- Items in Document and Settings: -------------------------------------------------------------------------- Listing contents of C:\Documents and Settings "C:\Documents and Settings\" ADMINI~1 6 Jul 2009 "Administrador" ALLUSE~1 6 Jul 2009 "All Users" DEFAUL~1 6 Jul 2009 "Default User" LOCALS~1 6 Jul 2009 "LocalService" NETWOR~1 6 Jul 2009 "NetworkService" 5 items found: 0 files, 5 directories (3 H/S). -------------------------------------------------------------------------- Desktop Items: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Desktop within the last 90 days. "C:\Documents and Settings\Administrador\Desktop\" amplif~1.pdf 14 Sep 2009 118950 "Amplificador em Cascata.pdf" backup.reg 27 Sep 2009 11647698 "backup.reg" C__~1 22 Sep 2009 "C++" cnpq.doc 19 Sep 2009 41472 "CNPQ.doc" codigo~1.txt 23 Sep 2009 10 "codigo orquidea.txt" counte~1.lnk 24 Sep 2009 1683 "Counter Strike 1.6 Non Steam.lnk" c__exe~1.lnk 23 Sep 2009 762 "c++.exe.lnk" DATASH~1 30 Sep 2009 "datasheet" eletrn~1.rar 30 Aug 2009 101890014 "Eletr“nica - Dispositivos Eletr“nicos e Teoria de Circuitos - Robert L. Boylestad.rar" exercc~1.doc 18 Sep 2009 423936 "EXERCÖCIO SOBRE O FILME RASTROS DE àDIO.doc" garena.lnk 11 Sep 2009 710 "Garena.lnk" heroes~1.lnk 18 Jul 2009 1660 "Heroes of Newerth.lnk" LOGS 2 Oct 2009 "LOGS" MANOEL 3 Sep 2009 "manoel" mozill~1.lnk 6 Jul 2009 1692 "Mozilla Firefox.lnk" orquidea.mht 26 Aug 2009 1305854 "ORQUIDEA.mht" VIRUS 2 Oct 2009 "VIRUS" window~1.lnk 6 Jul 2009 1871 "Windows Live Messenger .lnk" 18 items found: 13 files, 5 directories. Total of file sizes: 115.436.312 bytes 110,09 M Locating all files created in C:\Documents and Settings\All Users\Desktop\ within the last 90 days. "C:\Documents and Settings\All Users\Desktop\" adober~1.lnk 6 Jul 2009 1769 "Adobe Reader 9.lnk" mozill~1.lnk 6 Jul 2009 1674 "Mozilla Firefox.lnk" pokers~1.lnk 14 Sep 2009 792 "PokerStars.lnk" steam.lnk 1 Oct 2009 2255 "Steam.lnk" trucol~1.lnk 10 Sep 2009 802 "Truco LigasOnline.lnk" 5 items found: 5 files, 0 directories. Total of file sizes: 7.292 bytes 7,12 K -------------------------------------------------------------------------- Start Menu Items: -------------------------------------------------------------------------- Locating all files created inC:\Documents and Settings\Administrador\Start Menu within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\Administrador\Start Menu\Programs\Startup within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days. No matches found. -------------------------------------------------------------------------- Application Data Items: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Application Data\ within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\Administrador\Local Settings\Application Data\ within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\Documents and Settings\Administrador\Local Settings\TEMP: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Local Settings\TEMP within the last 90 days. -------------------------------------------------------------------------- Items in Templates Folder: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Templates No matches found. -------------------------------------------------------------------------- Items in Program Files: -------------------------------------------------------------------------- Locating all files created in C:\Arquivos de programas\ within the last 90 days. "C:\Arquivos de programas\" A-SQUA~1 2 Oct 2009 "a-squared HiJackFree" A-SQUA~2 2 Oct 2009 "a-squared Free" ADOBE 6 Jul 2009 "Adobe" ANALOG~1 6 Jul 2009 "Analog Devices" ARQUIV~1 6 Jul 2009 "Arquivos comuns" CODEBL~1 22 Sep 2009 "CodeBlocks" CSPIRA~1 24 Sep 2009 "cspiratao" DAEMON~1 16 Sep 2009 "DAEMON Tools Lite" DVDVID~1 6 Aug 2009 "DVDVideoSoft" EXPLOR~1 2 Oct 2009 "ExplorerXP" FREEAU~1 10 Sep 2009 "Free Audio Pack" GABEST 4 Sep 2009 "Gabest" GARENA 11 Sep 2009 "Garena" GBPLUGIN 4 Aug 2009 "GbPlugin" HEROES~1 18 Jul 2009 "Heroes of Newerth" INSTAL~1 6 Jul 2009 "InstallShield Installation Information" INTERN~1 6 Jul 2009 "Internet Explorer" JAVA 4 Aug 2009 "Java" K-LITE~1 6 Jul 2009 "K-Lite Codec Pack" LIGASO~1 10 Sep 2009 "LigasOnline" MICROS~1 6 Jul 2009 "Microsoft" MICROS~2 6 Jul 2009 "Microsoft Office" MICROS~3 1 Oct 2009 "Microsoft Windows OneCare Live" MOZILL~1 6 Jul 2009 "Mozilla Firefox" MSBUILD 30 Jul 2009 "MSBuild" NCSOFT 25 Sep 2009 "NCSoft" NOTEPA~1 6 Jul 2009 "Notepad++" OUTLOO~1 6 Jul 2009 "Outlook Express" PANDON~1 20 Sep 2009 "Pando Networks" POKERS~1 14 Sep 2009 "PokerStars" REALAL~1 31 Aug 2009 "Real Alternative" REFERE~1 30 Jul 2009 "Reference Assemblies" REPLAY~1 30 Jul 2009 "ReplaySeeker" SKYPE 17 Aug 2009 "Skype" SONY 30 Jul 2009 "Sony" SONYSE~1 30 Jul 2009 "Sony Setup" STEAM 8 Aug 2009 "Steam" SYSTEM~1 16 Sep 2009 "SystemRequirementsLab" TEAMSP~1 28 Jul 2009 "Teamspeak2_RC2" UTORRENT 6 Jul 2009 "uTorrent" VDOWNL~1 2 Aug 2009 "VDOWNLOADER" VERYPD~1.0 5 Sep 2009 "VeryPDF PDF2Word v3.0" VIA 6 Jul 2009 "VIA" WARCRA~1 6 Jul 2009 "Warcraft III" WARKEYS 1 Aug 2009 "Warkeys" WI4DF6~1 6 Jul 2009 "Windows Media Connect 2" WINDOW~1 6 Jul 2009 "Windows Media Player" WINDOW~2 1 Oct 2009 "Windows Live Safety Center" WINDOW~3 6 Jul 2009 "Windows Live" WINDOW~4 6 Jul 2009 "Windows Live SkyDrive" WINRAR 6 Jul 2009 "WinRAR" 51 items found: 0 files, 51 directories (1 H/S). Locating all files created in C:\Arquivos de programas\Arquivos comuns\ within the last 90 days. "C:\Arquivos de programas\Arquivos comuns\" ADOBE 6 Jul 2009 "Adobe" DESIGNER 6 Jul 2009 "Designer" DVDVID~1 6 Aug 2009 "DVDVideoSoft" ESELLE~1 31 Jul 2009 "eSellerate" INSTAL~1 6 Jul 2009 "InstallShield" MICROS~1 6 Jul 2009 "Microsoft Shared" MSSOAP 6 Jul 2009 "MSSoap" SERVI€OS 6 Jul 2009 "Servi‡os" SKYPE 17 Aug 2009 "Skype" SYSTEM 6 Jul 2009 "System" WINDOW~1 6 Jul 2009 "Windows Live" 11 items found: 0 files, 11 directories. Locating all files created in C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders within the last 90 days. "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\" 1033 6 Jul 2009 "1033" 1046 6 Jul 2009 "1046" "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\" WEBVIEW 6 Jul 2009 "WebView" "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\WebView\" IMAGES 6 Jul 2009 "Images" 4 items found: 0 files, 4 directories. -------------------------------------------------------------------------- Items in the Windows Directory: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\ within the last 90 days. "C:\WINDOWS\" $HF_MIG$ 20 Aug 2009 "$hf_mig$" $N18DC~1 20 Aug 2009 "$NtUninstallKB932823-v3$" $N4AE6~1 2 Oct 2009 "$NtUninstallKB898461$" $N4CEE~1 1 Oct 2009 "$NtUninstallKB914882$" $N4EC9~1 30 Jul 2009 "$NtUninstallWIC$" $N68C8~1 1 Oct 2009 "$NtUninstallKB923845$" $N6CC0~1 6 Jul 2009 "$NtUninstallKB926239$" $N89D7~1 6 Jul 2009 "$NtUninstallMSCompPackV1$" $NTUNI~1 6 Jul 2009 "$NtUninstallKB888111WXPSP2$" $NTUNI~2 6 Jul 2009 "$NtUninstallWudf01000$" $NTUNI~3 6 Jul 2009 "$NtUninstallWMFDist11$" $NTUNI~4 6 Jul 2009 "$NtUninstallwmp11$" 0.log 3 Oct 2009 0 "0.log" ADDINS 6 Jul 2009 "addins" APPPATCH 6 Jul 2009 "AppPatch" ascd_tmp.ini 6 Jul 2009 13327 "Ascd_tmp.ini" ASSEMBLY 30 Jul 2009 "assembly" ASUSIN~1 6 Jul 2009 "ASUSInstAll" as_debug.txt 6 Jul 2009 0 "AS_Debug.txt" bitsse~1.log 6 Jul 2009 1880 "bitssetup.log" bootstat.dat 3 Oct 2009 2048 "bootstat.dat" cmsetacl.log 6 Jul 2009 200 "cmsetacl.log" comsetup.log 2 Oct 2009 40389 "comsetup.log" CONFIG 6 Jul 2009 "Config" CONNEC~1 6 Jul 2009 "Connection Wizard" control.ini 6 Jul 2009 0 "control.ini" CSC 6 Jul 2009 "CSC" CURSORS 6 Jul 2009 "Cursors" DEBUG 6 Jul 2009 "Debug" directx.log 6 Jul 2009 32896 "Directx.log" DOWNLO~1 6 Jul 2009 "Downloaded Program Files" DRIVER~1 6 Jul 2009 "Driver Cache" dtcins~1.log 6 Jul 2009 133 "DtcInstall.log" entpack.ini 17 Sep 2009 34 "entpack.ini" FONTS 6 Jul 2009 "Fonts" HELP 6 Jul 2009 "Help" IE8 20 Aug 2009 "ie8" ie8.log 20 Aug 2009 56162 "ie8.log" ie8_main.log 20 Aug 2009 95329 "ie8_main.log" IME 6 Jul 2009 "ime" INF 6 Jul 2009 "inf" INSTAL~1 6 Jul 2009 "Installer" JAVA 6 Jul 2009 "java" kb888111.log 6 Jul 2009 4936 "KB888111.log" kb898461.log 2 Oct 2009 7722 "KB898461.log" kb926239.log 6 Jul 2009 9921 "KB926239.log" kb9328~1.log 20 Aug 2009 8365 "KB932823-v3.log" kb950974.log 3 Oct 2009 9541 "KB950974.log" kb951748.log 3 Oct 2009 8731 "KB951748.log" kb952004.log 3 Oct 2009 9001 "KB952004.log" kb952954.log 3 Oct 2009 9995 "KB952954.log" kb956802.log 3 Oct 2009 8165 "KB956802.log" kb959426.log 3 Oct 2009 9917 "KB959426.log" kb960225.log 3 Oct 2009 9265 "KB960225.log" kb960803.log 3 Oct 2009 8624 "KB960803.log" kb960859.log 3 Oct 2009 9814 "KB960859.log" kb9613~1.log 3 Oct 2009 9764 "KB961371-v2.log" kb961501.log 3 Oct 2009 9178 "KB961501.log" kb961503.log 3 Oct 2009 9720 "KB961503.log" kb967715.log 3 Oct 2009 8822 "KB967715.log" kb968389.log 2 Oct 2009 3875 "KB968389.log" kb968537.log 3 Oct 2009 8600 "KB968537.log" kb970238.log 3 Oct 2009 11942 "KB970238.log" kb971032.log 3 Oct 2009 7777 "KB971032.log" kb971557.log 3 Oct 2009 9351 "KB971557.log" kb971633.log 3 Oct 2009 9088 "KB971633.log" kb971657.log 3 Oct 2009 9446 "KB971657.log" kb973507.log 3 Oct 2009 8891 "KB973507.log" kb973815.log 3 Oct 2009 8523 "KB973815.log" LASTGOOD 3 Oct 2009 "LastGood" LOGS 18 Jul 2009 "Logs" MEDIA 6 Jul 2009 "Media" MICROS~1.NET 30 Jul 2009 "Microsoft.NET" MSAGENT 6 Jul 2009 "Msagent" MSAPPS 6 Jul 2009 "msapps" mscomp~1.log 6 Jul 2009 7399 "MSCompPackV1.log" msmqinst.log 2 Oct 2009 33722 "msmqinst.log" MUI 6 Jul 2009 "mui" netfxocm.log 2 Oct 2009 15157 "netfxocm.log" nsreg.dat 6 Jul 2009 0 "nsreg.dat" ntdtcs~1.log 2 Oct 2009 22877 "ntdtcsetup.log" NVIEW 6 Jul 2009 "nview" ocgen.log 2 Oct 2009 27526 "ocgen.log" odbc.ini 6 Jul 2009 421 "ODBC.INI" odbcinst.ini 6 Jul 2009 4205 "ODBCINST.INI" oewablog.txt 6 Jul 2009 841 "OEWABLog.txt" OFFLIN~1 6 Jul 2009 "Offline Web Pages" PCHEALTH 6 Jul 2009 "pchealth" pdf2word.ini 5 Sep 2009 358 "pdf2word.INI" PEERNET 6 Jul 2009 "PeerNet" PIF 16 Sep 2009 "PIF" PREFETCH 6 Jul 2009 "Prefetch" PROVIS~1 6 Jul 2009 "Provisioning" REGIST~1 6 Jul 2009 "Registration" regopt.log 6 Jul 2009 1182 "regopt.log" REPAIR 6 Jul 2009 "repair" RESOUR~1 6 Jul 2009 "Resources" schedlgu.txt 2 Oct 2009 32514 "SchedLgU.Txt" SECURITY 6 Jul 2009 "security" sessmg~1.log 6 Jul 2009 1022 "sessmgr.setup.log" setupact.log 2 Oct 2009 96141 "setupact.log" setupapi.log 3 Oct 2009 499895 "setupapi.log" setuperr.log 6 Jul 2009 0 "setuperr.log" setuplog.txt 6 Jul 2009 542893 "setuplog.txt" SHELLNEW 6 Jul 2009 "ShellNew" sminst~1.log 6 Jul 2009 10436 "SMinstall.log" SOFTWA~1 6 Jul 2009 "SoftwareDistribution" spupdsvc.log 20 Aug 2009 8473 "spupdsvc.log" sti_tr~1.log 6 Jul 2009 0 "Sti_Trace.log" SUN 4 Aug 2009 "Sun" svcpack.log 3 Oct 2009 48448 "svcpack.log" SYSTEM 6 Jul 2009 "system" system.ini 6 Jul 2009 231 "system.ini" SYSTEM32 6 Jul 2009 "system32" TASKS 6 Jul 2009 "Tasks" TEMP 6 Jul 2009 "Temp" tsoc.log 2 Oct 2009 39386 "tsoc.log" TWAIN_32 6 Jul 2009 "twain_32" updspapi.log 1 Oct 2009 17986 "updspapi.log" vb.ini 6 Jul 2009 36 "vb.ini" vbaddin.ini 6 Jul 2009 37 "vbaddin.ini" war3unin.dat 6 Jul 2009 86157 "War3Unin.dat" war3unin.exe 6 Jul 2009 139264 "War3Unin.exe" war3unin.pif 6 Jul 2009 2829 "War3Unin.pif" WBEM 20 Aug 2009 "WBEM" WEB 6 Jul 2009 "Web" wiadebug.log 26 Sep 2009 216 "wiadebug.log" wiaservc.log 26 Sep 2009 49 "wiaservc.log" win.ini 6 Jul 2009 603 "win.ini" window~1.log 3 Oct 2009 1704556 "WindowsUpdate.log" window~1.man 6 Jul 2009 749 "WindowsShell.Manifest" WINSXS 6 Jul 2009 "WinSxS" wmfdis~1.log 6 Jul 2009 30201 "WMFDist11.log" wmp11.log 6 Jul 2009 22035 "wmp11.log" wmsetup.log 3 Oct 2009 55922 "wmsetup.log" wmsetu~1.log 6 Jul 2009 2096 "wmsetup10.log" wmsyspr9.prx 6 Jul 2009 316640 "WMSysPr9.prx" wudf01~1.log 6 Jul 2009 8381 "Wudf01000Inst.log" 138 items found: 79 files (2 H/S), 59 directories (21 H/S). Total of file sizes: 4.252.256 bytes 4,05 M -------------------------------------------------------------------------- C:\WINDOWS\Downloaded Program Files: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days. "C:\WINDOWS\Downloaded Program Files\" desktop.ini 6 Jul 2009 65 "desktop.ini" wlscbase.dll 9 Sep 2009 452488 "wlscBase.dll" wlscbase.inf 9 Sep 2009 321 "wlscBase.inf" 3 items found: 3 files (1 H/S), 0 directories. Total of file sizes: 452.874 bytes 442,26 K -------------------------------------------------------------------------- C:\WINDOWS\PCHealth\HelpCtr\Binaries: -------------------------------------------------------------------------- Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries "C:\WINDOWS\pchealth\helpctr\binaries\" brpinfo.dll 28 Oct 2001 21504 "brpinfo.dll" hcappres.dll 28 Oct 2001 7168 "HCAppRes.dll" helpctr.exe 3 Aug 2004 768512 "HelpCtr.exe" helphost.exe 28 Oct 2001 99840 "HelpHost.exe" helpsvc.exe 3 Aug 2004 743936 "HelpSvc.exe" hscsp_w3.cab 17 Jul 2004 324700 "hscsp_w3.cab" hscupd.exe 3 Aug 2004 18944 "HscUpd.exe" msconfig.exe 3 Aug 2004 159744 "msconfig.exe" msinfo.dll 3 Aug 2004 380928 "msinfo.dll" notiflag.exe 28 Oct 2001 35328 "notiflag.exe" pchdt_w3.cab 3 Aug 2004 2768982 "pchdt_w3.cab" pchshell.dll 3 Aug 2004 102400 "pchshell.dll" pchsvc.dll 3 Aug 2004 38912 "pchsvc.dll" 13 items found: 13 files, 0 directories. Total of file sizes: 5.470.898 bytes 5,21 M -------------------------------------------------------------------------- C:\WINDOWS\system: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system within the last 90 days. "C:\WINDOWS\system\" tapi.tlb 25 Sep 2009 1 "tapi.tlb" 1 item found: 1 file, 0 directories. Total of file sizes: 1 byte 0,00 K -------------------------------------------------------------------------- C:\WINDOWS\system32: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32 within the last 90 days. "C:\WINDOWS\system32\" $winnt$.inf 6 Jul 2009 987 "$winnt$.inf" 1025 6 Jul 2009 "1025" 1028 6 Jul 2009 "1028" 1031 6 Jul 2009 "1031" 1033 6 Jul 2009 "1033" 1037 6 Jul 2009 "1037" 1041 6 Jul 2009 "1041" 1042 6 Jul 2009 "1042" 1046 6 Jul 2009 "1046" 1054 6 Jul 2009 "1054" 18467.exe 2 Oct 2009 0 "18467.exe" 2052 6 Jul 2009 "2052" 3076 6 Jul 2009 "3076" 3COM_DMI 6 Jul 2009 "3com_dmi" 41.exe 3 Oct 2009 0 "41.exe" 6334.exe 1 Oct 2009 0 "6334.exe" ADOBE 10 Aug 2009 "Adobe" amcompat.tlb 6 Jul 2009 16832 "amcompat.tlb" APPMGMT 5 Sep 2009 "appmgmt" BIFROST 21 Sep 2009 "Bifrost" BITS 1 Oct 2009 "bits" CATROOT 6 Jul 2009 "CatRoot" CATROOT2 6 Jul 2009 "CatRoot2" CATROO~1 2 Oct 2009 "CatRoot_bak" cdplay~1.man 6 Jul 2009 749 "cdplayer.exe.manifest" COM 6 Jul 2009 "Com" CONFIG 6 Jul 2009 "config" config.nt 6 Jul 2009 2969 "CONFIG.NT" deploytk.dll 31 Jul 2009 411368 "deploytk.dll" detoured.dll 10 Sep 2009 4096 "detoured.dll" DHCP 6 Jul 2009 "dhcp" DIRECTX 6 Jul 2009 "DirectX" divx.dll 13 Jul 2009 685056 "divx.dll" DLLCACHE 6 Jul 2009 "dllcache" dpl100.dll 13 Jul 2009 90112 "dpl100.dll" DRIVERS 6 Jul 2009 "drivers" DRVSTORE 1 Oct 2009 "DRVSTORE" emptyr~1.dat 6 Jul 2009 21844 "emptyregdb.dat" EN-US 30 Jul 2009 "en-us" EXPORT 6 Jul 2009 "export" ezsidmv.dat 17 Aug 2009 56 "ezsidmv.dat" fntcache.dat 2 Oct 2009 112584 "FNTCACHE.DAT" gamemon.des 15 Sep 2009 3363184 "GameMon.des" GROUPP~1 1 Oct 2009 "GroupPolicy" h323log.txt 6 Jul 2009 0 "h323log.txt" IAS 6 Jul 2009 "ias" ICSXML 6 Jul 2009 "icsxml" java.exe 31 Jul 2009 145184 "java.exe" javacpl.cpl 31 Jul 2009 73728 "javacpl.cpl" javaw.exe 31 Jul 2009 145184 "javaw.exe" javaws.exe 31 Jul 2009 149280 "javaws.exe" jupdat~1.log 2 Oct 2009 3973 "jupdate-1.6.0_16-b01.log" lhacm.acm 28 Jul 2009 34064 "lhacm.acm" LOGFILES 6 Jul 2009 "LogFiles" logonu~1.man 6 Jul 2009 488 "logonui.exe.manifest" MACROMED 6 Jul 2009 "Macromed" MICROS~1 6 Jul 2009 "Microsoft" mrt.exe 28 Aug 2009 24689600 "MRT.exe" MSDTC 6 Jul 2009 "MsDtc" MUI 6 Jul 2009 "mui" ncpacp~1.man 6 Jul 2009 749 "ncpa.cpl.manifest" NPP 6 Jul 2009 "npp" nscompat.tlb 6 Jul 2009 23392 "nscompat.tlb" nvapps.xml 3 Oct 2009 63804 "nvapps.xml" nwccpl~1.man 6 Jul 2009 749 "nwc.cpl.manifest" paint.exe 12 Sep 2009 94209 "Paint.exe" perfc009.dat 30 Jul 2009 65106 "perfc009.dat" perfc016.dat 30 Jul 2009 73440 "perfc016.dat" perfh009.dat 30 Jul 2009 425082 "perfh009.dat" perfh016.dat 30 Jul 2009 457508 "perfh016.dat" perfst~1.ini 30 Jul 2009 1028686 "PerfStringBackup.INI" PREINS~1 2 Oct 2009 "PreInstall" PT-BR 20 Aug 2009 "pt-BR" RAS 6 Jul 2009 "ras" REINST~1 6 Jul 2009 "ReinstallBackups" RESTORE 6 Jul 2009 "Restore" sapicp~1.man 6 Jul 2009 749 "sapi.cpl.manifest" SETUP 6 Jul 2009 "Setup" SHELLEXT 6 Jul 2009 "ShellExt" SOFTWA~1 1 Oct 2009 "SoftwareDistribution" SPOOL 6 Jul 2009 "spool" USMT 6 Jul 2009 "usmt" WBEM 6 Jul 2009 "wbem" window~1.man 6 Jul 2009 488 "WindowsLogon.manifest" WINS 6 Jul 2009 "wins" winupd~1.exe 1 Oct 2009 45568 "winupdate.exe" wpa.dbl 30 Sep 2009 2206 "wpa.dbl" wuaucp~1.man 6 Jul 2009 749 "wuaucpl.cpl.manifest" x264vfw.dll 29 Jul 2009 2378752 "x264vfw.dll" XPSVIE~1 30 Jul 2009 "XPSViewer" 90 items found: 40 files (8 H/S), 50 directories (2 H/S). Total of file sizes: 34.612.575 bytes 33,01 M -------------------------------------------------------------------------- C:\WINDOWS\system32\com: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\com within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32\components: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\components within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32\drivers: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days. "C:\WINDOWS\system32\drivers\" DISDN 6 Jul 2009 "disdn" ETC 6 Jul 2009 "etc" gbpkm.sys 17 Sep 2009 30344 "gbpkm.sys" sptd.sys 16 Sep 2009 721904 "sptd.sys" UMDF 6 Jul 2009 "UMDF" 5 items found: 2 files, 3 directories. Total of file sizes: 752.248 bytes 734,62 K -------------------------------------------------------------------------- C:\WINDOWS\system32\drivers\etc: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\TEMP: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\TEMP within the last 90 days. "C:\WINDOWS\Temp\" gdql_o~1.log 3 Oct 2009 268 "gdql_oc_OcHealthMon.log" perfli~1.dat 3 Oct 2009 16384 "Perflib_Perfdata_5b8.dat" perfli~3.dat 3 Oct 2009 16384 "Perflib_Perfdata_524.dat" qdiago~1.log 3 Oct 2009 266 "qdiagoc_OcHealthMon.log" 4 items found: 4 files, 0 directories. Total of file sizes: 33.302 bytes 32,52 K ************************************************************************************ Checking for .COM files to Delete. They will only print if deleted! Locating .COM files in the C:\WINDOWS\System32 folder "C:\WINDOWS\system32\" chcp.com 28 Oct 2001 7680 "chcp.com" command.com 28 Oct 2001 52472 "command.com" diskcomp.com 28 Oct 2001 9216 "diskcomp.com" diskcopy.com 28 Oct 2001 7168 "diskcopy.com" edit.com 28 Oct 2001 70750 "edit.com" format.com 28 Oct 2001 25600 "format.com" graftabl.com 28 Oct 2001 26112 "graftabl.com" graphics.com 28 Oct 2001 19918 "graphics.com" kb16.com 28 Oct 2001 14950 "kb16.com" loadfix.com 28 Oct 2001 1153 "loadfix.com" locate.com 14 Jan 2005 11254 "locate.com" mode.com 28 Oct 2001 19456 "mode.com" more.com 28 Oct 2001 15872 "more.com" tree.com 28 Oct 2001 11264 "tree.com" win.com 28 Oct 2001 18432 "win.com" 15 items found: 15 files, 0 directories. Total of file sizes: 311.297 bytes 304,00 K ************************************************************************************ Miscellaneous Malware Detections: ------------------------------------------------------------------------------------ **** Delfin Media {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! **** **** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! **** **** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! **** **** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! **** **** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! **** **** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! **** **** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! **** **** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! **** **** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! **** **** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! **** **** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! **** **** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! **** **** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! **** **** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! **** **** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! **** **** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! **** **** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! **** **** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! **** **** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! **** **** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! **** **** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! **** **** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! **** **** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! **** **** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! **** **** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! **** **** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! **** **** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! **** **** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! **** **** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! **** **** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! **** **** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! **** **** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! **** **** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! **** **** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! **** **** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! **** **** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! **** **** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! **** **** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! **** **** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! **** **** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! **** **** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! **** **** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! **** **** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! **** **** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! **** **** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! **** **** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! **** **** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! **** **** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! **** **** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! **** **** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! **** **** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! **** **** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! **** **** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! **** **** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! **** **** Troj/Crafted-A {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! **** **** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! **** **** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! **** **** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! **** **** W32/Almanahe.a Worm NOT FOUND by this tool! **** **** msctl32.dll SpamBot NOT FOUND by this tool! **** **** KeyLogger NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR BOT-TYPE WORMS: -------------------------------------------------------------------------- **** W32/Sdbot Worm NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS: -------------------------------------------------------------------------- **** i386p.* Stealthing Agent NOT FOUND by this tool! **** **** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! **** **** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! **** **** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS: -------------------------------------------------------------------------- **** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! **** **** CmdService adware NOT FOUND by this tool! **** **** Network_Monitor adware NOT FOUND by this tool! **** **** Trojan.Peacomm NOT FOUND by this tool! **** **** Trojan.Peacomm windev NOT FOUND by this tool! **** **** AVPE Haxdoor NOT FOUND by this tool! **** **** MEMLOW Haxdoor NOT FOUND by this tool! **** **** VDMT Haxdoor NOT FOUND by this tool! **** **** YCSVGA Haxdoor NOT FOUND by this tool! **** **** PPTP Haxdoor FOUND by this tool! **** CAREFULL HERE THIS WILL ALSO FIND WinLanMiniport DisplayName REG_SZ Miniporta de rede remota (PPTP) Description REG_SZ Miniporta de rede remota (PPTP) DisplayName REG_SZ Miniporta de rede remota (PPTP) Description REG_SZ Miniporta de rede remota (PPTP) DisplayName REG_SZ Miniporta de rede remota (PPTP) Description REG_SZ Miniporta de rede remota (PPTP) **** DVB Haxdoor NOT FOUND by this tool! **** **** YVBB Haxdoor NOT FOUND by this tool! **** **** YVPP Haxdoor NOT FOUND by this tool! **** **** NKGFS Haxdoor NOT FOUND by this tool! **** **** XMSK Haxdoor NOT FOUND by this tool! **** **** AVPX Haxdoor NOT FOUND by this tool! **** **** MMXF Haxdoor NOT FOUND by this tool! **** **** DP1112 Vundo Rootkit NOT FOUND by this tool! **** **** SYSBUS32 Rootkit Driver NOT FOUND by this tool! **** **** I386P Rootkit Driver NOT FOUND by this tool! **** **** ERSSDD Rootkit NOT FOUND by this tool! **** **** GencTurK RootKit NOT FOUND by this tool! **** **** Troj/NTRootK-BP RootKit NOT FOUND by this tool! **** **** W32/Almanahe.sys NOT FOUND by this tool! **** ************************************************************************************ Dumping HKLM Uninstall Programs list DisplayName REG_SZ a-squared Free 4.5 DisplayName REG_SZ Adobe Flash Player 10 ActiveX DisplayName REG_SZ Adobe Flash Player 10 Plugin DisplayName REG_SZ Adobe Reader 9.1.2 - Português DisplayName REG_SZ Adobe Shockwave Player 11.5 DisplayName REG_SZ Arquivo do WinRAR DisplayName REG_SZ Assistente de Conexão do Windows Live DisplayName REG_SZ Atualização para Windows XP (KB898461) DisplayName REG_SZ Atualização para Windows XP (KB914882) DisplayName REG_SZ Atualização para Windows XP (KB923845) DisplayName REG_SZ Atualização para Windows XP (KB932823-v3) DisplayName REG_SZ Choice Guard DisplayName REG_SZ CircuitMaker 2000 (Professional Edition) DisplayName REG_SZ Counter-Strike DisplayName REG_SZ Counter-Strike CP DisplayName REG_SZ ExplorerXP (remove only) DisplayName REG_SZ Ferramenta de Carregamento do Windows Live DisplayName REG_SZ Fraps (remove only) DisplayName REG_SZ Free Mp3 Wma Converter V 1.81 DisplayName REG_SZ Free YouTube to Mp3 Converter version 3.1 DisplayName REG_SZ Garena DisplayName REG_SZ GTOneCare DisplayName REG_SZ Heroes of Newerth DisplayName REG_SZ High Definition Audio Driver Package - KB888111 DisplayName REG_SZ Hotfix for Windows XP (KB926239) DisplayName REG_SZ Java(TM) 6 Update 16 DisplayName REG_SZ K-Lite Mega Codec Pack 5.1.0 DisplayName REG_SZ Microsoft .NET Framework 2.0 DisplayName REG_SZ Microsoft .NET Framework 2.0 DisplayName REG_SZ Microsoft .NET Framework 3.0 DisplayName REG_SZ Microsoft .NET Framework 3.0 DisplayName REG_SZ Microsoft Application Error Reporting DisplayName REG_SZ Microsoft Compression Client Pack 1.0 for Windows XP DisplayName REG_SZ Microsoft Office XP Professional com FrontPage DisplayName REG_SZ Microsoft Protection Service DisplayName REG_SZ Microsoft User-Mode Driver Framework Feature Pack 1.0 DisplayName REG_SZ Microsoft Visual C++ 2005 Redistributable DisplayName REG_SZ Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 DisplayName REG_SZ Microsoft Windows Live OneCare Resources v2.5.2900.28 DisplayName REG_SZ Microsoft Windows OneCare Live AntiSpyware and AntiVirus DisplayName REG_SZ Microsoft Windows OneCare Live v2.5.2900.28 DisplayName REG_SZ Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install DisplayName REG_SZ mIRC DisplayName REG_SZ Mozilla Firefox (3.5.3) DisplayName REG_SZ MSVCRT DisplayName REG_SZ MSXML 6.0 Parser (KB925673) DisplayName REG_SZ NCsoft Launcher DisplayName REG_SZ NotePad++ 3.6 DisplayName REG_SZ NVIDIA Drivers DisplayName REG_SZ Pando Media Booster DisplayName REG_SZ PokerStars DisplayName REG_SZ PX Engine DisplayName REG_SZ Real Alternative 1.9.0 DisplayName REG_SZ Segoe UI DisplayName REG_SZ Skype web features DisplayName REG_SZ Skype™ 4.1 DisplayName REG_SZ Sony Vegas Pro 8.0 DisplayName REG_SZ SoundMAX DisplayName REG_SZ Steam DisplayName REG_SZ sXe Injected DisplayName REG_SZ System Requirements Lab DisplayName REG_SZ TeamSpeak 2 RC2 DisplayName REG_SZ Truco LigasOnline 1.1 DisplayName REG_SZ Uninstall 1.0.0.1 DisplayName REG_SZ VDownloader 0.83 DisplayName REG_SZ VeryPDF PDF2Word v3.0 DisplayName REG_SZ VobSub v2.23 (Remove Only) DisplayName REG_SZ Warkeys 1.14.1.0b DisplayName REG_SZ WebFldrs XP DisplayName REG_SZ Windows Communication Foundation DisplayName REG_SZ Windows Imaging Component DisplayName REG_SZ Windows Internet Explorer 8 DisplayName REG_SZ Windows Live Call DisplayName REG_SZ Windows Live Communications Platform DisplayName REG_SZ Windows Live Essentials DisplayName REG_SZ Windows Live Essentials DisplayName REG_SZ Windows Live Messenger DisplayName REG_SZ Windows Live OneCare DisplayName REG_SZ Windows Live OneCare safety scanner DisplayName REG_SZ Windows Media Format 11 runtime DisplayName REG_SZ Windows Media Format 11 runtime DisplayName REG_SZ Windows Media Player 11 DisplayName REG_SZ Windows Media Player 11 DisplayName REG_SZ Windows Presentation Foundation DisplayName REG_SZ Windows Workflow Foundation DisplayName REG_SZ XML Paper Specification Shared Components Pack 1.0 ParentDisplayName REG_SZ ParentDisplayName REG_SZ ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Software Updates ##################################################################################################### -- All DONE! ~ ShadowPuterDude ~ Logfile of HiJackFree v3.0 Scan saved at 11:39:24, on 3/10/2009 Platform: Windows XP Service Pack 2 (Windows NT 5.1.2600) MSIE: Internet Explorer v 8.0 Service Pack 2 (8.0.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\a-squared Free\a2service.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\a-squared HiJackFree\a2hijackfree.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: - {5C255C8A-E604-49b4-9D64-90988571CECB} - O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mspaint] "C:\WINDOWS\system32\paint.exe" -autocheck O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe O4 - HKLM\..\Run: [OneCareUI] "C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe" O4 - HKLM\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKLM\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKLM\..\Run: [NCsoft Launcher] C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe /Minimized O4 - HKLM\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe O7 - Regedit - Enabled O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\main.ico O14 - IERESET.INF: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" O14 - IERESET.INF: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp" O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" O15 - Trusted Zone: https://www2.bancobrasil.com.br O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab O20 - Winlogon Notify: GbPluginBb - C:\WINDOWS\ O21 - ShellServiceObjectDelayLoad: PostBootReminder - O21 - ShellServiceObjectDelayLoad: CDBurn - O21 - ShellServiceObjectDelayLoad: WebCheck - O21 - ShellServiceObjectDelayLoad: SysTray - O21 - ShellServiceObjectDelayLoad: WPDShServiceObj - O22 - SharedTaskScheduler: Pré-carregador Browseui - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service - C:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: Serviço 'Gateway de camada de aplicativo' - C:\WINDOWS\System32\alg.exe O23 - Service: Gerenciamento de aplicativo - C:\WINDOWS\system32\svchost.exe O23 - Service: ASP.NET State Service - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe O23 - Service: Áudio do Windows - C:\WINDOWS\System32\svchost.exe O23 - Service: Serviço de transferência inteligente de plano de fundo - C:\WINDOWS\system32\svchost.exe O23 - Service: Localizador de computadores - C:\WINDOWS\system32\svchost.exe O23 - Service: Área de armazenamento - C:\WINDOWS\system32\clipsrv.exe O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe O23 - Service: Aplicativo de sistema COM+ - C:\WINDOWS\system32\dllhost.exe O23 - Service: Serviços de criptografia - C:\WINDOWS\system32\svchost.exe O23 - Service: Inicializador de Processo de Servidor DCOM - C:\WINDOWS\system32\svchost O23 - Service: Cliente DHCP - C:\WINDOWS\system32\svchost.exe O23 - Service: Serviço administrativo do gerenciador de disco lógico - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Gerenciador de discos lógicos - C:\WINDOWS\System32\svchost.exe O23 - Service: Cliente DNS - C:\WINDOWS\system32\svchost.exe O23 - Service: Erro ao informar o serviço - C:\WINDOWS\System32\svchost.exe O23 - Service: Log de eventos - C:\WINDOWS\system32\services.exe O23 - Service: Sistema de eventos COM+ - C:\WINDOWS\system32\svchost.exe O23 - Service: Compatibilidade com 'Troca rápida de usuário' - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 - c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe O23 - Service: GarenaPEngine - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\APED.tmp O23 - Service: Ajuda e suporte - C:\WINDOWS\System32\svchost.exe O23 - Service: HID Input Service - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows CardSpace - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe O23 - Service: Java Quick Starter - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Servidor - C:\WINDOWS\system32\svchost.exe O23 - Service: Estação de trabalho - C:\WINDOWS\system32\svchost.exe O23 - Service: Auxiliar NetBIOS TCP/IP - C:\WINDOWS\system32\svchost.exe O23 - Service: Coordenador de transações distribuídas - C:\WINDOWS\system32\msdtc.exe O23 - Service: OneCare Firewall - C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe O23 - Service: DDE de rede - C:\WINDOWS\system32\netdde.exe O23 - Service: DSDM de DDE de rede - C:\WINDOWS\system32\netdde.exe O23 - Service: Logon de rede - C:\WINDOWS\system32\lsass.exe O23 - Service: Conexões de rede - C:\WINDOWS\System32\svchost.exe O23 - Service: Net.Tcp Port Sharing Service - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe O23 - Service: Reconhecimento de local da rede (NLA) - C:\WINDOWS\system32\svchost.exe O23 - Service: nProtect GameGuard Service - C:\WINDOWS\system32\GameMon.des O23 - Service: Fornecedor de suporte de segurança NT LM - C:\WINDOWS\system32\lsass.exe O23 - Service: Armazenamento removível - C:\WINDOWS\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Windows Live OneCare Health Monitor - C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe O23 - Service: OneCare AntiSpyware and AntiVirus - C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe O23 - Service: Serviços IPSEC - C:\WINDOWS\system32\lsass.exe O23 - Service: Armazenamento protegido - C:\WINDOWS\system32\lsass.exe O23 - Service: Gerenciador de conexão de acesso remoto automático - C:\WINDOWS\system32\svchost.exe O23 - Service: Gerenciador de conexão de acesso remoto - C:\WINDOWS\system32\svchost.exe O23 - Service: Gerenciador de sessão de ajuda de área de trabalho remota - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Roteamento e acesso remoto - C:\WINDOWS\system32\svchost.exe O23 - Service: Registro remoto - C:\WINDOWS\system32\svchost.exe O23 - Service: Alocador Remote Procedure Call (RPC) - C:\WINDOWS\system32\locator.exe O23 - Service: Chamada de procedimento remoto (RPC) - C:\WINDOWS\system32\svchost O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe O23 - Service: Gerenciador de contas de segurança - C:\WINDOWS\system32\lsass.exe O23 - Service: Cartão inteligente - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Agendador de tarefas - C:\WINDOWS\System32\svchost.exe O23 - Service: Logon secundário - C:\WINDOWS\System32\svchost.exe O23 - Service: Notificação de eventos de sistema - C:\WINDOWS\system32\svchost.exe O23 - Service: Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS) - C:\WINDOWS\system32\svchost.exe O23 - Service: Detecção do hardware do shell - C:\WINDOWS\System32\svchost.exe O23 - Service: Spooler de impressão - C:\WINDOWS\system32\spoolsv.exe O23 - Service: Serviço de restauração do sistema - C:\WINDOWS\system32\svchost.exe O23 - Service: Serviço de descoberta SSDP - C:\WINDOWS\system32\svchost.exe O23 - Service: Assistente de aquisição de imagens do Windows (WIA) - C:\WINDOWS\system32\svchost.exe O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe O23 - Service: Logs e alertas de desempenho - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telefonia - C:\WINDOWS\System32\svchost.exe O23 - Service: Serviços de terminal - C:\WINDOWS\System32\svchost O23 - Service: Temas - C:\WINDOWS\System32\svchost.exe O23 - Service: Telnet - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: Cliente de rastreamento de link distribuído - C:\WINDOWS\system32\svchost.exe O23 - Service: Host de dispositivo Plug and Play universal - C:\WINDOWS\system32\svchost.exe O23 - Service: Sistema de alimentação ininterrupta - C:\WINDOWS\System32\ups.exe O23 - Service: Cópia de volume em memória - C:\WINDOWS\System32\vssvc.exe O23 - Service: Horário do Windows - C:\WINDOWS\System32\svchost.exe O23 - Service: Cliente da Web - C:\WINDOWS\system32\svchost.exe O23 - Service: Testador de instrumentação de gerenciam. do Windows - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Live OneCare - C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe O23 - Service: Extensões de driver de instrum. gerenc. do Windows - C:\WINDOWS\System32\svchost.exe O23 - Service: Adaptador de desempenho WMI - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe O23 - Service: Atualizações Automáticas - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework - C:\WINDOWS\system32\svchost.exe O23 - Service: Configuração zero sem fio - C:\WINDOWS\System32\svchost.exe O23 - Service: Serviço de Configuração de Rede - C:\WINDOWS\System32\svchost.exe
  3. Here are the logs. a-squared Free - Versão 4.5 Última atualização 2/10/2009 18:08:35 Configurações da análise: Scan type: deep Objetos: Memória, Rastros, Cookies, C:\ Análise de arquivos: Ligado Heurística: Desligado Análise de ADS: Ligado Início da análise: 2/10/2009 18:11:17 Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\Bifrost --> klg detectado: Trace.Registry.Bifrost!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost --> nck detectado: Trace.Registry.Bifrost!A2 c:\documents and settings\administrador\dados de aplicativos\microsoft\internet explorer\quick launch\advanced virus remover.lnk detectado: Trace.File.Advanced Virus Remover 2009!A2 c:\documents and settings\administrador\menu iniciar\advanced virus remover.lnk detectado: Trace.File.Advanced Virus Remover 2009!A2 Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastD detectado: Trace.Registry.Advanced Virus Remover 2009!A2 Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastScan detectado: Trace.Registry.Advanced Virus Remover 2009!A2 Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastVFC detectado: Trace.Registry.Advanced Virus Remover 2009!A2 Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> VirList detectado: Trace.Registry.Advanced Virus Remover 2009!A2 c:\windows\system32\bifrost detectado: Trace.Directory.maxx.d.free.fr!A2 c:\windows\system32\bifrost\klog.dat detectado: Trace.File.maxx.d.free.fr!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> winupdate.exe detectado: Trace.Registry.trucount3001.com!A2 c:\windows\system32\winupdate.exe detectado: Trace.File.AdvancedVirusRemover!A2 c:\documents and settings\administrador\desktop\advanced virus remover.lnk detectado: Trace.File.AdvancedVirusRemover!A2 Key: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\software\AVR detectado: Trace.Registry.AdvancedVirusRemover!A2 C:\Arquivos de programas\CyberScript32\CyberScript.exe detectado: Riskware.Client-IRC.Win32.mIRC!IK C:\Arquivos de programas\NewBlue\3D Explosions for Vegas\Uninstal.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\Arquivos de programas\NewBlue\3D Transformations for Vegas\Uninstal.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\Arquivos de programas\NewBlue\Art Effects for Vegas\Uninstal.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\Arquivos de programas\NewBlue\Motion Effects for Vegas\Uninstal.exe detectado: Trojan-Dropper.Win32.Renos!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack_by_Dota-Utilities.rar/dotahelper.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack_SPECIAL_EDITION__by_DotA-Utilities.rar/BluSmash v1.0(1.22).exe detectado: BehavesLike!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack_SPECIAL_EDITION__by_DotA-Utilities.rar/dotahelper.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack_SPECIAL_EDITION__by_DotA-Utilities.rar/GarenaExtreme.exe detectado: MonitoringTool!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack_SPECIAL_EDITION__by_DotA-Utilities.rar/GarenaHack.exe.bak detectado: MonitoringTool!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack__Updated__by_DotA-Utilities.rar/BluSmash v1.0(1.22).exe detectado: BehavesLike!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack__Updated__by_DotA-Utilities.rar/dotahelper.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack__Updated__by_DotA-Utilities.rar/Garena Mega Exp Hack.exe detectado: Trojan-Downloader.Win32.Banload!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack__Updated__by_DotA-Utilities.rar/GarenaExtreme.exe detectado: MonitoringTool!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack__Updated__by_DotA-Utilities.rar/GarenaHack.exe.bak detectado: MonitoringTool!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\NewBlue_FX_pack.rar/NewBlueMotionBlendsVegasSetup20.exe detectado: Riskware.AdWare.Win32.EShoper!IK C:\Documents and Settings\Administrador\Meus documentos\Downloads\Sony Vegas Pro 8.0c Build 260+Keygen[H33T]-MasterUploader\Keygen\Keygen.exe detectado: Riskware.MultiKeygenPatch!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001849.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001912.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001945.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0002948.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002960.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002967.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002995.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0004073.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004097.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004109.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004146.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004159.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004202.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP19\A0004302.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004310.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004314.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004343.exe detectado: MonitoringTool!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004418.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004427.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004464.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004474.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004503.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004525.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004726.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004775.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004778.exe detectado: MonitoringTool!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004866.exe detectado: BehavesLike!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004898.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004926.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004928.exe detectado: Trojan-Downloader.Win32.Banload!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004930.exe detectado: MonitoringTool!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0005018.exe detectado: BehavesLike!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP33\A0005225.exe detectado: Trojan-Downloader.Win32.Delf!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP57\A0008649.exe detectado: Trojan-Spy.Win32.PcGhost!IK C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP76\A0010957.exe detectado: Gen.Trojan!IK C:\WINDOWS\system32\winupdate.exe detectado: Trojan-Downloader.Win32.FraudLoad!IK Analisado Arquivos: 99250 Objetos: 610667 Cookies: 6 Processos: 31 Encontrado Arquivos: 53 Objetos: 14 Cookies: 0 Processos: 0 Chaves do registro: 0 Fim da análise: 2/10/2009 19:13:07 Duração da análise: 1:01:50 ************************************************************************************ ISeeYouXP v2.0 Beta 14 ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan ------------------------------------------------------------------------------------ **** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! **** **** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. **** ************************************************************************************ Windows/Browser/Java Versions: Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Microsoft Windows XP Professional Version: 5.1.2600 Service Pack: 2.0 Windows Directory: C:\WINDOWS Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Internet Explorer Version: 8.0.6001.18702 Build: 86001 Language: Inglˆs (Estados Unidos) Path: C:\Arquivos de programas\Internet Explorer Sun Microsystems Java Runtime Version: 1.6.0_16 Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Boot State: Normal boot Scan done at 19:16:34,73, sex 02/10/2009 ------------------------------------------------------------------------------------ ISeeYouXP installation folder and files "C:\ISeeYouXP\" bootst~1.vbs 28 May 2007 359 "bootstate.vbs" change.log 8 Jun 2008 5012 "change.log" chodefix.bat 18 Apr 2007 5387 "chodefix.bat" fixchode.reg 18 Apr 2007 528 "fixChode.reg" fixexp~1.bat 24 Feb 2007 487 "FixExplorerPolicies.bat" getunk~1.bat 12 Aug 2006 1478 "GetUnKeys.bat" grep.exe 24 Dec 2004 160768 "grep.exe" hideit.bat 17 Oct 2007 1072 "HideIT.bat" ieinfo.vbs 28 May 2007 514 "ieinfo.vbs" iesecu~1.bat 28 Oct 2007 72 "IESecurityZones.bat" iesecu~1.vbs 8 Nov 2007 2399 "IESecurityZones.vbs" iseeyo~1.bat 8 Jun 2008 211377 "ISeeYouXP.bat" libico~1.dll 16 Mar 2004 898048 "libiconv2.dll" libintl3.dll 9 Oct 2004 101888 "libintl3.dll" locate.com 14 Jan 2005 11254 "locate.com" md5sum.exe 5 Aug 2007 49152 "md5sum.exe" msconf~1.bat 24 Feb 2007 578 "MSConfigFix.bat" osinfo.vbs 28 May 2007 598 "osinfo.vbs" pcbutts.txt 25 Mar 2007 5167 "PCBUTTS.TXT" pcre.dll 14 Nov 2004 183313 "pcre.dll" pv.exe 3 Mar 2006 73728 "pv.exe" regedi~1.bat 30 Mar 2007 650 "RegEditFix.bat" regfix.bat 18 Apr 2007 145 "Regfix.bat" servic~1.vbs 28 May 2007 672 "servicesinfo.vbs" showit.bat 17 Oct 2007 1013 "ShowIT.bat" swreg.exe 5 Apr 2007 139776 "swreg.exe" system~1.bat 28 Feb 2007 369 "SystemRestoreFix.bat" taskmg~1.bat 24 Feb 2007 288 "TaskMgrFix.bat" 28 items found: 28 files, 0 directories. Total of file sizes: 1.856.092 bytes 1,77 M ------------------------------------------------------------------------------------ System Environment Variables ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrador\Dados de aplicativos CLIENTNAME=Console CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns COMPUTERNAME=LITE ComSpec=C:\WINDOWS\system32\cmd.exe errcode=0 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrador LOGONSERVER=\\LITE NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0409 ProgramFiles=C:\Arquivos de programas PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp TMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp USERDOMAIN=LITE USERNAME=Administrador USERPROFILE=C:\Documents and Settings\Administrador windir=C:\WINDOWS ------------------------------------------------------------------------------------ Showing any Pocket Killbox backup files No matches found. ------------------------------------------------------------------------------------ Displaying BOOT.INI: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect ------------------------------------------------------------------------------------ Displaying SYSTEM.INI: ; for 16-bit app support [drivers] wave=mmdrv.dll timer=timer.drv [mci] [driver32] [386enh] woafont=app850.FON EGA80WOA.FON=EGA80850.FON EGA40WOA.FON=EGA40850.FON CGA80WOA.FON=CGA80850.FON CGA40WOA.FON=CGA40850.FON ------------------------------------------------------------------------------------ Displaying WIN.INI: ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMC=1 CMCDLLNAME=mapi.dll CMCDLLNAME32=mapi32.dll MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 [MCI Extensions.BAK] aif=MPEGVideo aifc=MPEGVideo aiff=MPEGVideo asf=MPEGVideo asx=MPEGVideo au=MPEGVideo m1v=MPEGVideo m3u=MPEGVideo mp2=MPEGVideo mp2v=MPEGVideo mp3=MPEGVideo mpa=MPEGVideo mpe=MPEGVideo mpeg=MPEGVideo mpg=MPEGVideo mpv2=MPEGVideo snd=MPEGVideo wax=MPEGVideo wm=MPEGVideo wma=MPEGVideo wmv=MPEGVideo wmx=MPEGVideo wvx=MPEGVideo m2v=MPEGVideo mod=MPEGVideo wpl=MPEGVideo ------------------------------------------------------------------------------------ Displaying AUTOEXEC.BAT: ------------------------------------------------------------------------------------ Displaying CONFIG.SYS: ------------------------------------------------------------------------------------ Displaying Running Processes: PROCESS PID PRIO PATH smss.exe 580 Normal C:\WINDOWS\System32\smss.exe csrss.exe 628 Normal C:\WINDOWS\system32\csrss.exe winlogon.exe 668 High C:\WINDOWS\system32\winlogon.exe services.exe 712 Normal C:\WINDOWS\system32\services.exe lsass.exe 724 Normal C:\WINDOWS\system32\lsass.exe GbpSv.exe 884 Normal C:\ARQUIV~1\GbPlugin\GbpSv.exe svchost.exe 916 Normal C:\WINDOWS\system32\svchost.exe svchost.exe 984 Normal C:\WINDOWS\system32\svchost.exe MsMpEng.exe 1080 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe svchost.exe 1120 Normal C:\WINDOWS\System32\svchost.exe svchost.exe 1276 Normal C:\WINDOWS\system32\svchost.exe svchost.exe 1344 Normal C:\WINDOWS\system32\svchost.exe Explorer.EXE 1496 Normal C:\WINDOWS\Explorer.EXE spoolsv.exe 1596 Normal C:\WINDOWS\system32\spoolsv.exe smax4pnp.exe 1832 Normal C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe Smax4.exe 1952 Normal C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe jusched.exe 428 Normal C:\Arquivos de programas\Java\jre6\bin\jusched.exe ctfmon.exe 1384 Normal C:\WINDOWS\system32\ctfmon.exe jqs.exe 912 Idle C:\Arquivos de programas\Java\jre6\bin\jqs.exe nvsvc32.exe 284 Normal C:\WINDOWS\system32\nvsvc32.exe OcHealthMon.exe 1828 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe msfwsvc.exe 1932 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe winss.exe 240 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe alg.exe 2344 Normal C:\WINDOWS\System32\alg.exe winssnotify.exe 5308 Normal C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe a2service.exe 4532 Normal C:\Arquivos de programas\a-squared Free\a2service.exe a2free.exe 6088 Normal C:\Arquivos de programas\a-squared Free\a2free.exe msnmsgr.exe 2272 Normal C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe wlcomm.exe 3456 Normal C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe firefox.exe 3852 Normal C:\Arquivos de programas\Mozilla Firefox\firefox.exe cmd.exe 972 Normal C:\WINDOWS\system32\cmd.exe ntvdm.exe 3000 Normal C:\WINDOWS\system32\ntvdm.exe wmiprvse.exe 2424 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe SkypeNames.exe 5220 Normal C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames.exe pv.exe 4936 Normal C:\ISEEYO~1\pv.exe ------------------------------------------------------------------------------------ Displaying Windows Services: Microsoft (R) Windows Script Host VersÆo 5.6 Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados. Name: ALG Display Name: Servi‡o 'Gateway de camada de aplicativo' Description: Fornece suporte a plug-ins de protocolos de terceiros para o Compartilhamento de ConexÆo com a Internet e o Firewall do Windows. Path Name: C:\WINDOWS\System32\alg.exe Start Mode: Manual State: Running Name: AppMgmt Display Name: Gerenciamento de aplicativo Description: Fornece servi‡os de instala‡Æo de software como 'Atribuir', 'Publicar' e 'Remover'. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: aspnet_state Display Name: ASP.NET State Service Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Start Mode: Manual State: Stopped Name: AudioSrv Display Name: µudio do Windows Description: Gerencia dispositivos de udio para programas baseados em Windows. Se este servi‡o for interrompido, os dispositivos de udio e efeitos nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: BITS Display Name: Servi‡o de transferˆncia inteligente de plano de fundo Description: Transfere dados entre clientes e servidores em segundo plano. Se o BITS estiver desabilitado, recursos como o Windows Update nÆo funcionarÆo corretamente. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Browser Display Name: Localizador de computadores Description: Mant‚m uma lista atualizada de computadores na rede e fornece a computadores designados navegadores. Se este servi‡o for interrompido, esta lista nÆo ser atualizada ou mantida. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: ClipSrv Display Name: µrea de armazenamento Description: Permite que o 'Visualizador da rea de armazenamento' armazene informa‡äes e compartilhe-as com computadores remotos. Se o servi‡o for parado, o 'Visualizador da rea de armazenamento' nÆo poder compartilhar informa‡äes com computadores remotos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\clipsrv.exe Start Mode: Disabled State: Stopped Name: clr_optimization_v2.0.50727_32 Display Name: .NET Runtime Optimization Service v2.0.50727_X86 Description: Microsoft .NET Framework NGEN Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Start Mode: Manual State: Stopped Name: COMSysApp Display Name: Aplicativo de sistema COM+ Description: Gerencia a configura‡Æo e o controle dos componentes baseados no modelo de objeto componente (COM)+. Se o servi‡o parar, a maioria dos componentes baseados no COM+ nÆo funcionar adequadamente. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele falhar ao ser iniciado. Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Start Mode: Manual State: Stopped Name: CryptSvc Display Name: Servi‡os de criptografia Description: Fornece trˆs servi‡os de gerenciamento: servi‡o de banco de dados de cat logo, que confirma as assinaturas dos arquivos do Windows; servi‡o de raiz protegida, que adiciona e remove certificados de autoridades de certifica‡Æo raiz deste computador, e o servi‡o de chave, que ajuda a registrar este computador para certificados. Se este servi‡o for interrompido, esses servi‡os de gerenciamento nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente deixarÆo de ser iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: DcomLaunch Display Name: Inicializador de Processo de Servidor DCOM Description: Fornece funcionalidade de inicializa‡Æo para servi‡os DCOM. Path Name: C:\WINDOWS\system32\svchost -k DcomLaunch Start Mode: Auto State: Running Name: Dhcp Display Name: Cliente DHCP Description: Gerencia a configura‡Æo de rede registrando e atualizando endere‡os IP e nomes DNS. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: dmadmin Display Name: Servi‡o administrativo do gerenciador de disco l¢gico Description: Configura volumes e unidades de disco r¡gido. O servi‡o ‚ executado apenas para processos de configura‡Æo e depois p ra. Path Name: C:\WINDOWS\System32\dmadmin.exe /com Start Mode: Manual State: Stopped Name: dmserver Display Name: Gerenciador de discos l¢gicos Description: Detecta e monitora novas unidades de disco r¡gido e envia as informa‡äes de volume de disco para o servi‡o administrativo de gerenciador de discos l¢gicos para configura‡Æo. Se este servi‡o for parado, o status de disco dinƒmico e as informa‡äes de configura‡Æo podem se tornar obsoletos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicittamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Dnscache Display Name: Cliente DNS Description: Resolve e armazena em cache nomes Domain Name System (DNS) para este computador. Se este servi‡o for parado, o computador nÆo poder resolver nomes DNS nem localizador controladores de dom¡nio do Active Directory. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k NetworkService Start Mode: Auto State: Running Name: ERSvc Display Name: Erro ao informar o servi‡o Description: Permite informar erros de servi‡os e aplicativos executados em ambientes nÆo padrÆo. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Eventlog Display Name: Log de eventos Description: Registra mensagens de eventos emitidas por Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Path Name: C:\WINDOWS\system32\services.exe Start Mode: Auto State: Running Name: EventSystem Display Name: Sistema de eventos COM+ Description: D suporte para o servi‡o de notifica‡Æo de eventos do sistema (SENS), o qual fornece distribui‡Æo autom tica dos eventos para inscrever componentes do modelo de objeto componente (COM). Se o servi‡o for interrompido, o SENS ser fechado e nÆo poder fornecer notifica‡äes de logon e logoff. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele ir falhar ao ser iniciado. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: FastUserSwitchingCompatibility Display Name: Compatibilidade com 'Troca r pida de usu rio' Description: Fornece gerenciamento de aplicativos que exigem assistˆncia em um ambiente de v rios usu rios. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: FontCache3.0.0.0 Display Name: Windows Presentation Foundation Font Cache 3.0.0.0 Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications. Path Name: c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe Start Mode: Manual State: Stopped Name: GbpSv Display Name: Gbp Service Description: Service for G-Buster Browser Defense Path Name: C:\ARQUIV~1\GbPlugin\GbpSv.exe Start Mode: Auto State: Running Name: helpsvc Display Name: Ajuda e suporte Description: Permite que o 'Centro de ajuda e suporte' seja executado neste computador. Se esse servi‡o for interrompido, o 'Centro de ajuda e suporte' nÆo estar dispon¡vel. Se esse servi‡o for desativado, haver falha na inicializa‡Æo de todos os servi‡os que dependem dele de forma expl¡cita. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: HidServ Display Name: HID Input Service Description: Permite acesso de entrada gen‚rica a dispositivos de interface humana (Human Interface Devices, HID), que ativam e mantˆm o uso de botäes ativados predefinidos em teclados, controles remotos e outros dispositivos de multim¡dia. Se este servi‡o for parado, os botäes ativados controlados pelo servi‡o deixarÆo de funcionar. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: HTTPFilter Display Name: HTTP SSL Description: Este servi‡o implementa o protocolo de transferˆncia segura de hipertexto (HTTPS) para o servi‡o HTTP, usando a camada de soquete seguro (SSL). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k HTTPFilter Start Mode: Manual State: Stopped Name: idsvc Display Name: Windows CardSpace Description: Securely enables the creation, management, and disclosure of digital identities. Path Name: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" Start Mode: Manual State: Stopped Name: JavaQuickStarterService Display Name: Java Quick Starter Description: Prefetches JRE files for faster startup of Java applets and applications Path Name: "C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf" Start Mode: Auto State: Running Name: lanmanserver Display Name: Servidor Description: Oferece suporte a compartilhamento na rede de arquivo, impressÆo e pipes nomeados para este computador. Se este servi‡o for interrompido, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: lanmanworkstation Display Name: Esta‡Æo de trabalho Description: Cria e mant‚m conexäes de rede de cliente com servidores remotos. Se este servi‡o for interrompido, essas conexäes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam nÆo serÆo inicializados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: LmHosts Display Name: Auxiliar NetBIOS TCP/IP Description: Ativa o suporte a NetBIOS atrav‚s do servi‡o TCP/IP (NetBT) e da resolu‡Æo de nomes NetBIOS. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: MSDTC Display Name: Coordenador de transa‡äes distribu¡das Description: Coordena transa‡äes que abrangem m£ltiplos gerenciadores de recursos, tais como bancos de dados, filas de mensagens e sistemas de arquivos. Se este servi‡o for interrompido, essas transa‡äes nÆo ocorrerÆo. Se este servi‡o for desativado, os servi‡os que dependem explicitamente dele falharÆo ao serem iniciados. Path Name: C:\WINDOWS\system32\msdtc.exe Start Mode: Manual State: Stopped Name: msfwsvc Display Name: OneCare Firewall Description: OneCare Firewall Path Name: "C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe" Start Mode: Auto State: Running Name: MSIServer Display Name: Windows Installer Description: Adiciona, modifica e remove aplicativos fornecidos como um pacote do Windows Installer (*.msi). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\msiexec.exe /V Start Mode: Manual State: Stopped Name: NetDDE Display Name: DDE de rede Description: Fornece transporte e seguran‡a de rede para Dynamic Data Exchange (DDE) para programas executados no mesmo computador ou em computadores diferentes. Se este servi‡o for parado, o transporte e seguran‡a DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\netdde.exe Start Mode: Disabled State: Stopped Name: NetDDEdsdm Display Name: DSDM de DDE de rede Description: Gerencia compartilhamentos de rede do tipo DDE (Dynamic Data Exchange). Se este servi‡o for parado, os compartilhamentos de rede DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\netdde.exe Start Mode: Disabled State: Stopped Name: Netlogon Display Name: Logon de rede Description: D suporte … autentica‡Æo de passagem de eventos de logon de contas para os computadores de um dom¡nio. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Manual State: Stopped Name: Netman Display Name: Conexäes de rede Description: Gerencia objetos da pasta de conexäes de rede e Dial-Up, na qual vocˆ pode exibir conexäes remotas e de rede local. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: NetTcpPortSharing Display Name: Net.Tcp Port Sharing Service Description: Provides ability to share TCP ports over the net.tcp protocol. Path Name: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" Start Mode: Disabled State: Stopped Name: Nla Display Name: Reconhecimento de local da rede (NLA) Description: Re£ne e armazena informa‡äes sobre configura‡äes e locais da rede, bem como notifica os aplicativos quando essas informa‡äes sÆo alteradas. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: npggsvc Display Name: nProtect GameGuard Service Description: nProtect GameGuard Service Path Name: C:\WINDOWS\system32\GameMon.des -service Start Mode: Manual State: Stopped Name: NtLmSsp Display Name: Fornecedor de suporte de seguran‡a NT LM Description: Fornece seguran‡a a programas de chamada de procedimento remoto (remote procedure call, RPC) que usam transportes que nÆo pipes nomeados. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Manual State: Stopped Name: NtmsSvc Display Name: Armazenamento remov¡vel Description: Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: NVSvc Display Name: NVIDIA Display Driver Service Description: Provides system and desktop level support to the NVIDIA display driver Path Name: C:\WINDOWS\system32\nvsvc32.exe Start Mode: Auto State: Running Name: OcHealthMon Display Name: Windows Live OneCare Health Monitor Description: Helps recover the Windows Live OneCare service and improve service health. This services provides a backup mechanism to the Windows Live OneCare service and will attempt to recover it, if it is detected to be stopped. Path Name: "C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe" Start Mode: Auto State: Running Name: OneCareMP Display Name: OneCare AntiSpyware and AntiVirus Description: Helps protect users from spyware and other potentially unwanted software Path Name: "C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe" Start Mode: Auto State: Running Name: PlugPlay Display Name: Plug and Play Description: Permite que um computador reconhe‡a e se adapte a altera‡äes de hardware com pouca ou nenhuma interven‡Æo do usu rio. Se este servi‡o for parado ou desativado, o sistema se tornar inst vel. Path Name: C:\WINDOWS\system32\services.exe Start Mode: Auto State: Running Name: PolicyAgent Display Name: Servi‡os IPSEC Description: Gerencia a diretiva de seguran‡a IP e inicia o ISAKMP/Oakley (IKE) e o driver de seguran‡a IP. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: ProtectedStorage Display Name: Armazenamento protegido Description: Fornece o armazenamento protegido para dados sens¡veis, como chaves privadas, para evitar o acesso de servi‡os, processos ou usu rios sem autoriza‡Æo. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: RasAuto Display Name: Gerenciador de conexÆo de acesso remoto autom tico Description: Cria uma conexÆo a uma rede remota sempre que um programa faz referˆncia a um nome ou endere‡o remoto DNS ou NetBios. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: RasMan Display Name: Gerenciador de conexÆo de acesso remoto Description: Cria uma conexÆo de rede. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: RDSessMgr Display Name: Gerenciador de sessÆo de ajuda de rea de trabalho remota Description: Gerencia e controla a 'Assistˆncia remota'. Se esse servi‡o for interrompido, a 'Assistˆncia remota' ficar indispon¡vel. Antes de interromper esse servi‡o, consulte a guia 'Dependˆncias' da caixa de di logo 'Propriedades'. Path Name: C:\WINDOWS\system32\sessmgr.exe Start Mode: Manual State: Stopped Name: RemoteAccess Display Name: Roteamento e acesso remoto Description: Oferece servi‡os de roteamento a empresas em ambientes de rede local e de longa distƒncia. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Disabled State: Stopped Name: RemoteRegistry Display Name: Registro remoto Description: Permite que usu rios remotos modifiquem configura‡äes do Registro neste computador. Se este servi‡o for parado, o Registro s¢ poder ser modificado por usu rios deste computador. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: RpcLocator Display Name: Alocador Remote Procedure Call (RPC) Description: Gerencia o banco de dados do servi‡o de nomes RPC. Path Name: C:\WINDOWS\system32\locator.exe Start Mode: Manual State: Stopped Name: RpcSs Display Name: Chamada de procedimento remoto (RPC) Description: Fornece o mapeador de ponto de extremidade e outros servi‡os RPC variados. Path Name: C:\WINDOWS\system32\svchost -k rpcss Start Mode: Auto State: Running Name: RSVP Display Name: QoS RSVP Description: Fornece a funcionalidade de sinaliza‡Æo de rede e configura‡Æo do controle do tr fego local para programas compat¡veis com QoS e miniaplicativos de controle. Path Name: C:\WINDOWS\system32\rsvp.exe Start Mode: Manual State: Stopped Name: SamSs Display Name: Gerenciador de contas de seguran‡a Description: Armazena informa‡äes sobre seguran‡a para contas de usu rio local. Path Name: C:\WINDOWS\system32\lsass.exe Start Mode: Auto State: Running Name: SCardSvr Display Name: CartÆo inteligente Description: Gerencia o acesso a leitores de cartÆo inteligente por este computador. Se este servi‡o for parado, o computador nÆo poder ler cartäes inteligentes. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\SCardSvr.exe Start Mode: Manual State: Stopped Name: Schedule Display Name: Agendador de tarefas Description: Permite que um usu rio configure e agende tarefas automatizadas no computador. Se este servi‡o for interrompido, essas tarefas nÆo serÆo executadas nos hor rios agendados. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: seclogon Display Name: Logon secund rio Description: Ativa a inicializa‡Æo de processos sob credenciais alternadas. Se este servi‡o for interrompido, este tipo de acesso por logon nÆo estar dispon¡vel. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SENS Display Name: Notifica‡Æo de eventos de sistema Description: Rastreia eventos do sistema como eventos de logon do Windows, rede e energia. Notifica assinantes do Sistema de evento COM+ destes eventos. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SharedAccess Display Name: Firewall do Windows/Compartilhamento de ConexÆo com a Internet (ICS) Description: Fornece servi‡os de conversÆo de endere‡os de rede, endere‡amento e resolu‡Æo de nomes e/ou preven‡Æo de invasÆo para uma rede dom‚stica ou de pequena empresa. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: ShellHWDetection Display Name: Detec‡Æo do hardware do shell Description: Fornece notifica‡äes de eventos de hardware 'Reprodu‡Æo autom tica'. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: Spooler Display Name: Spooler de impressÆo Description: Carrega arquivos na mem¢ria para impressÆo posterior. Path Name: C:\WINDOWS\system32\spoolsv.exe Start Mode: Auto State: Running Name: srservice Display Name: Servi‡o de restaura‡Æo do sistema Description: Executa fun‡äes de restaura‡Æo do sistema. Para interromper o servi‡o, desative a 'Restaura‡Æo do sistema' na guia 'Restaura‡Æo do sistema' em 'Meu computador' -> 'Propriedades' Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: SSDPSRV Display Name: Servi‡o de descoberta SSDP Description: Ativa a descoberta de dispositivos UPnP na rede dom‚stica. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Manual State: Running Name: stisvc Display Name: Assistente de aquisi‡Æo de imagens do Windows (WIA) Description: Fornece servi‡os de aquisi‡Æo de imagens para scanners e cƒmeras Path Name: C:\WINDOWS\system32\svchost.exe -k imgsvc Start Mode: Manual State: Stopped Name: SwPrv Display Name: MS Software Shadow Copy Provider Description: Gerencia c¢pias de sombra de volume baseadas em software obtidas pelo servi‡o de c¢pias de sombra de volume. Se o servi‡o for interrompido, as c¢pias de sombra baseadas em software nÆo poderÆo ser gerenciadas. Se o servi‡o for desativado, os servi‡os que dependerem dele diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{CC818B09-A739-4424-9B8F-27A052D7B1C4} Start Mode: Manual State: Stopped Name: SysmonLog Display Name: Logs e alertas de desempenho Description: Coleta dados de desempenho de computadores locais ou remotos com base em parƒmetros de agendamento pr‚-configurados; em seguida, grava os dados em um log ou dispara um alerta. Se este servi‡o for parado, as informa‡äes de desempenho nÆo serÆo coletadas. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\smlogsvc.exe Start Mode: Manual State: Stopped Name: TapiSrv Display Name: Telefonia Description: Fornece suporte … telefonia API (TAPI) para programas que controlam dispositivos de telefonia e conexäes de voz baseadas em IP no computador local e, atrav‚s da rede local, em servidores que tamb‚m estÆo executando o servi‡o. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Running Name: TermService Display Name: Servi‡os de terminal Description: Permite que v rios usu rios sejam conectados interativamente a um computador e que as reas de trabalho e os aplicativos sejam exibidos a computadores remotos. A base da rea de trabalho remota (inclusive a rea de trabalho remota para administradores), da op‡Æo de alternar-se rapidamente entre usu rios, da assistˆncia remota e do Terminal Server. Path Name: C:\WINDOWS\System32\svchost -k DComLaunch Start Mode: Manual State: Running Name: Themes Display Name: Temas Description: Fornece gerenciamento de temas para experiˆncia do usu rio. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: TlntSvr Display Name: Telnet Description: Permite que um usu rio remoto fa‡a logon neste computador e execute programas. Fornece suporte a v rios clientes Telnet TCP/IP, inclusive computadores baseados em UNIX e Windows. Se este servi‡o for parado, o acesso de usu rios remotos a programas poder nÆo estar dispon¡vel. Se este servi‡o for desativado, os servi‡os que dependem dele explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\tlntsvr.exe Start Mode: Disabled State: Stopped Name: TrkWks Display Name: Cliente de rastreamento de link distribu¡do Description: Mant‚m v¡nculos entre arquivos NTFS em um computador ou entre computadores em um dom¡nio de rede. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: upnphost Display Name: Host de dispositivo Plug and Play universal Description: Oferece suporte para hospedar dispositivos Plug and Play universais. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Manual State: Stopped Name: UPS Display Name: Sistema de alimenta‡Æo ininterrupta Description: Gerencia o sistema de alimenta‡Æo ininterrupto (no-break) conectado ao computador. Path Name: C:\WINDOWS\System32\ups.exe Start Mode: Manual State: Stopped Name: VSS Display Name: C¢pia de volume em mem¢ria Description: Gerencia e implementa c¢pias de volume em mem¢ria usados para o backup e outros prop¢sitos. Se este servi‡o for interrompido, as c¢pias em mem¢ria nÆo estarÆo dispon¡veis para backup e o backup pode falhar. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\vssvc.exe Start Mode: Manual State: Stopped Name: W32Time Display Name: Hor rio do Windows Description: Mant‚m sincroniza‡Æo de data e hora em todos os clientes e servidores da rede. Se este servi‡o for interrompido, a sincroniza‡Æo nÆo ficar dispon¡vel. Se este servi‡o for desativado, os servi‡os que dele dependem explicitamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WebClient Display Name: Cliente da Web Description: Permite que programas baseados em Windows criem, acessem e modifiquem arquivos baseados na Internet. Se este servi‡o for interrompido, essas fun‡äes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService Start Mode: Auto State: Running Name: winmgmt Display Name: Testador de instrumenta‡Æo de gerenciam. do Windows Description: Fornece uma interface comum e um modelo de objeto para o acesso a informa‡äes de gerenciamento sobre o sistema operacional, dispositivos, aplicativos e servi‡os. Se esse servi‡o for parado, a maioria dos itens de software baseados no Windows nÆo funcionar corretamente. Se este servi‡o for desativado, os servi‡os que dependerem explicitamente dele nÆo serÆo iniciados. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: winss Display Name: Windows Live OneCare Description: Helps manage PC security and overall health by providing virus and spyware monitoring, firewall, backup, and other services. If this service is stopped, this computer might be at risk from viruses and other threats. Path Name: C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe Start Mode: Auto State: Running Name: WmdmPmSN Display Name: Portable Media Serial Number Service Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: Wmi Display Name: Extensäes de driver de instrum. gerenc. do Windows Description: Fornece informa‡äes sobre gerenciamento de sistemas para drivers e de drivers. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: WmiApSrv Display Name: Adaptador de desempenho WMI Description: Fornece informa‡äes da biblioteca de desempenho dos provedores HiPerf WMI. Path Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe Start Mode: Manual State: Stopped Name: WMPNetworkSvc Display Name: Servi‡o de Compartilhamento de Rede do Windows Media Player Description: Compartilha bibliotecas do Windows Media Player com outros players e dispositivos de m¡dia da rede por meio de Universal Plug and Play Path Name: "C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe" Start Mode: Manual State: Stopped Name: wuauserv Display Name: Atualiza‡äes Autom ticas Description: Ativa o download e instala‡Æo das atualiza‡äes do Windows. Se este servi‡o for desabilitado, o computador nÆo ser capaz de usar o recurso de Atualiza‡äes Autom ticas nem o site do Windows Update na web. Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: WudfSvc Display Name: Windows Driver Foundation - User-mode Driver Framework Description: Manages user-mode driver host processes Path Name: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup Start Mode: Manual State: Stopped Name: WZCSVC Display Name: Configura‡Æo zero sem fio Description: Fornece configura‡Æo autom tica para os adaptadores 802.11 Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Auto State: Running Name: xmlprov Display Name: Servi‡o de Configura‡Æo de Rede Description: Gerencia arquivos de configura‡Æo XML por dom¡nio para configura‡Æo autom tica de rede. Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs Start Mode: Manual State: Stopped Name: a2free Display Name: a-squared Free Service Description: Scans the PC for unwanted software and provides protection from malicious code Path Name: "C:\Arquivos de programas\a-squared Free\a2service.exe" Start Mode: Auto State: Running ------------------------------------------------------------------------------------ Displaying LOG for Microsoft Windows Malicious Software Removal Tool: --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.14, September 2009 Started On Fri Oct 02 13:51:38 2009 Extended Scan Results ---------------- ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32)) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v2.14, September 2009 Started On Fri Oct 02 15:19:56 2009 Extended Scan Results ---------------- Found potential malware: TrojanDownloader:Win32/Renos in process://pid:184 ->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32)) -> Sysclean ERROR: Internal error, code = 8050800C Results Summary: ---------------- Found TrojanDownloader:Win32/Renos (detected generically) Return code: 6 Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 02 16:43:36 2009 Removal Tool Finished On Fri Oct 02 16:32:45 2009 ---------------------------------------------------------------------------- Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys if Hidden = 0 then Hidden Files and Folders are not shown if SuperHidden = 1 is the desired default value. if ShowSuperHidden = 0 then System Files are not shown if HideFileExt = 1 then File Extension are not shown We want their values to be (from top to bottom) 1,1,1,0 ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced Hidden REG_DWORD 1 (0x1) SuperHidden REG_DWORD 1 (0x1) ShowSuperHidden REG_DWORD 1 (0x1) HideFileExt REG_DWORD 0 (0x0) ************************************************************************************ Examining Select Windows Registry Keys ------------------------------------------------------------------------------------ -------------------------------------------------------------------------- Items Found in ZoneMap\Domains: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com ---------------------------------------------------------------------------- Current User ZoneMap ProtocolDefaults ---------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults <NO NAME> REG_SZ http REG_DWORD 3 (0x3) https REG_DWORD 3 (0x3) ftp REG_DWORD 3 (0x3) file REG_DWORD 3 (0x3) @ivt REG_DWORD 1 (0x1) shell REG_DWORD 0 (0x0) ---------------------------------------------------------------------------- Default URL Prefix Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix <NO NAME> REG_SZ http:// HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes ftp REG_SZ ftp:// gopher REG_SZ gopher:// home REG_SZ http:// mosaic REG_SZ http:// www REG_SZ http:// -------------------------------------------------------------------------- Startup Items Disabled via MSCONFIG: -------------------------------------------------------------------------- -------------------------------------------------------------------------- Select AutoRun Registry Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe uTorrent REG_SZ "C:\Arquivos de programas\uTorrent\uTorrent.exe" Skype REG_SZ "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized DAEMON Tools Lite REG_SZ "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun NCsoft Launcher REG_SZ C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe /Minimized HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run nwiz REG_SZ nwiz.exe /install NvMediaCenter REG_SZ RunDLL32.exe NvMCTray.dll,NvTaskbarInit High Definition Audio Property Page Shortcut REG_SZ HDAShCut.exe SoundMAXPnP REG_SZ C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe SoundMAX REG_SZ "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray Adobe Reader Speed Launcher REG_SZ "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" mspaint REG_SZ "C:\WINDOWS\system32\paint.exe" -autocheck winupdate.exe REG_SZ C:\WINDOWS\system32\winupdate.exe OneCareUI REG_SZ "C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe" SunJavaUpdateSched REG_SZ "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex HKEY_USERS\.default\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce nltide_3 REG_EXPAND_SZ rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce nltide_3 REG_EXPAND_SZ rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\runonce nltide_3 REG_EXPAND_SZ rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\runonce nltide_3 REG_EXPAND_SZ rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N -------------------------------------------------------------------------- WinLogon Notify Registry Key: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) MaxWait REG_DWORD 258 (0x102) DllName REG_SZ C:\Arquivos de programas\GbPlugin\gbieh.dll Startup REG_SZ GbPluginEventStartup HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ crypt32.dll Logoff REG_SZ ChainWlxLogoffEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet Asynchronous REG_DWORD 0 (0x0) Impersonate REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ cryptnet.dll Logoff REG_SZ CryptnetWlxLogoffEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll DLLName REG_SZ cscdll.dll Logon REG_SZ WinlogonLogonEvent Logoff REG_SZ WinlogonLogoffEvent ScreenSaver REG_SZ WinlogonScreenSaverEvent Startup REG_SZ WinlogonStartupEvent Shutdown REG_SZ WinlogonShutdownEvent StartShell REG_SZ WinlogonStartShellEvent Impersonate REG_DWORD 0 (0x0) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp DLLName REG_SZ wlnotify.dll Logon REG_SZ SCardStartCertProp Logoff REG_SZ SCardStopCertProp Lock REG_SZ SCardSuspendCertProp Unlock REG_SZ SCardResumeCertProp Enabled REG_DWORD 1 (0x1) Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule Asynchronous REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0 (0x0) StartShell REG_SZ SchedStartShell Logoff REG_SZ SchedEventLogOff HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy Logoff REG_SZ WLEventLogoff Impersonate REG_DWORD 0 (0x0) Asynchronous REG_DWORD 1 (0x1) DllName REG_EXPAND_SZ sclgntfy.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn DLLName REG_SZ WlNotify.dll Lock REG_SZ SensLockEvent Logon REG_SZ SensLogonEvent Logoff REG_SZ SensLogoffEvent Safe REG_DWORD 1 (0x1) MaxWait REG_DWORD 600 (0x258) StartScreenSaver REG_SZ SensStartScreenSaverEvent StopScreenSaver REG_SZ SensStopScreenSaverEvent Startup REG_SZ SensStartupEvent Shutdown REG_SZ SensShutdownEvent StartShell REG_SZ SensStartShellEvent PostShell REG_SZ SensPostShellEvent Disconnect REG_SZ SensDisconnectEvent Reconnect REG_SZ SensReconnectEvent Unlock REG_SZ SensUnlockEvent Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv Asynchronous REG_DWORD 0 (0x0) DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0 (0x0) Logoff REG_SZ TSEventLogoff Logon REG_SZ TSEventLogon PostShell REG_SZ TSEventPostShell Shutdown REG_SZ TSEventShutdown StartShell REG_SZ TSEventStartShell Startup REG_SZ TSEventStartup MaxWait REG_DWORD 600 (0x258) Reconnect REG_SZ TSEventReconnect Disconnect REG_SZ TSEventDisconnect HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon DLLName REG_SZ wlnotify.dll Logon REG_SZ RegisterTicketExpiredNotificationEvent Logoff REG_SZ UnregisterTicketExpiredNotificationEvent Impersonate REG_DWORD 1 (0x1) Asynchronous REG_DWORD 1 (0x1) -------------------------------------------------------------------------- Shared Task Scheduler Registry Items: -------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Pré-carregador Browseui {8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Daemon de cache de categorias de componente -------------------------------------------------------------------------- Scheduled Tasks: -------------------------------------------------------------------------- O volume na unidade C nÆo tem nome. O n£mero de s‚rie do volume ‚ 50E8-DE77 Pasta de C:\WINDOWS\tasks 05/09/2009 08:48 <DIR> . 05/09/2009 08:48 <DIR> .. 28/10/2001 11:07 65 desktop.ini 02/10/2009 17:16 6 SA.DAT 2 arquivo(s) 71 bytes Total de arquivos na lista: 2 arquivo(s) 71 bytes 2 pasta(s) 114.748.612.608 bytes dispon¡veis HR C:\WINDOWS\tasks\desktop.ini A H C:\WINDOWS\tasks\SA.DAT ---------------------------------------------------------------------------- ShellExecuteHooks Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ {E37CB5F0-51F5-4395-A808-5FA49E399F83} REG_SZ GbPlugin ShlObj ---------------------------------------------------------------------------- ShellServiceObjectDelayLoad Registry Keys ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9} CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9} WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED} SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153} WPDShServiceObj REG_SZ {AAA288BA-9A4C-45B0-95D7-94D524869DB5} ---------------------------------------------------------------------------- ModuleUsage Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll .Owner REG_SZ {5ED80217-570B-4DA9-BF44-BE107C0EC166} {5ED80217-570B-4DA9-BF44-BE107C0EC166} REG_SZ ---------------------------------------------------------------------------- BHO Registry Keys: ---------------------------------------------------------------------------- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <NO NAME> REG_SZ AcroIEHelperStub NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB} <NO NAME> REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000} <NO NAME> REG_SZ G-Buster Browser Defense HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} NoExplorer REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} <NO NAME> REG_SZ JQSIEStartDetectorImpl NoExplorer REG_DWORD 1 (0x1) -------------------------------------------------------------------------- Select Policy Keys: -------------------------------------------------------------------------- HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) ForceClassicControlPanel REG_DWORD 1 (0x1) NoStartBanner REG_DWORD 1 (0x1) NoLowDiskSpaceChecks REG_DWORD 1 (0x1) NoRecentDocsMenu REG_DWORD 1 (0x1) NoRecentDocsHistory REG_DWORD 1 (0x1) NoResolveTrack REG_DWORD 1 (0x1) LinkResolveIgnoreLinkInfo REG_DWORD 1 (0x1) NoResolveSearch REG_DWORD 1 (0x1) NoSetActiveDesktop REG_DWORD 1 (0x1) NoActiveDesktopChanges REG_DWORD 1 (0x1) HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableTaskMgr REG_DWORD 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer NoDesktopCleanupWizard REG_DWORD 1 (0x1) NoSetActiveDesktop REG_DWORD 1 (0x1) NoActiveDesktopChanges REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system dontdisplaylastusername REG_DWORD 0 (0x0) legalnoticecaption REG_SZ legalnoticetext REG_SZ shutdownwithoutlogon REG_DWORD 1 (0x1) undockwithoutlogon REG_DWORD 1 (0x1) HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) ForceClassicControlPanel REG_DWORD 1 (0x1) NoStartBanner REG_DWORD 1 (0x1) NoLowDiskSpaceChecks REG_DWORD 1 (0x1) NoRecentDocsMenu REG_DWORD 1 (0x1) NoRecentDocsHistory REG_DWORD 1 (0x1) NoResolveTrack REG_DWORD 1 (0x1) LinkResolveIgnoreLinkInfo REG_DWORD 1 (0x1) NoResolveSearch REG_DWORD 1 (0x1) HKEY_USERS\.default\software\microsoft\windows\currentversion\policies HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer NoDriveTypeAutoRun REG_DWORD 145 (0x91) ForceClassicControlPanel REG_DWORD 1 (0x1) NoStartBanner REG_DWORD 1 (0x1) NoLowDiskSpaceChecks REG_DWORD 1 (0x1) NoRecentDocsMenu REG_DWORD 1 (0x1) NoRecentDocsHistory REG_DWORD 1 (0x1) NoResolveTrack REG_DWORD 1 (0x1) LinkResolveIgnoreLinkInfo REG_DWORD 1 (0x1) NoResolveSearch REG_DWORD 1 (0x1) ************************************************************************************ Checking File System for suspicious Files -------------------------------------------------------------------------- Items in the Root Directory: -------------------------------------------------------------------------- Locating all files created in C:\ "C:\" ARQUIV~1 6 Jul 2009 "Arquivos de programas" autoexec.bat 6 Jul 2009 0 "AUTOEXEC.BAT" boot.ini 6 Jul 2009 211 "boot.ini" bootfont.bin 28 Oct 2001 4952 "Bootfont.bin" config.sys 6 Jul 2009 0 "CONFIG.SYS" DOCUME~1 6 Jul 2009 "Documents and Settings" FRAPS 30 Jul 2009 "Fraps" GOOGLE~1 21 Sep 2009 "GoogleAppEngine" io.sys 6 Jul 2009 0 "IO.SYS" ISEEYO~1 2 Oct 2009 "ISeeYouXP" msdos.sys 6 Jul 2009 0 "MSDOS.SYS" ntdetect.com 3 Aug 2004 47564 "NTDETECT.COM" ntldr 3 Aug 2004 251168 "ntldr" pagefile.sys 2 Oct 2009 1610612736 "pagefile.sys" PROGRA~1 14 Jul 2009 "Program Files" RECYCLER 6 Jul 2009 "RECYCLER" SYSTEM~1 6 Jul 2009 "System Volume Information" TMP 5 Sep 2009 "tmp" WINDOWS 6 Jul 2009 "WINDOWS" 19 items found: 9 files (7 H/S), 10 directories (2 H/S). Total of file sizes: 1.610.916.631 bytes 1,50 G -------------------------------------------------------------------------- Locating all Backup files on C: -------------------------------------------------------------------------- Locating all *.BAK* files "C:\Arquivos de programas\Analog Devices\SoundMAX\" smaxlo~1.bak 6 Jul 2009 3322 "SMax.log.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\" sfconf~1.bak 10 Sep 2008 408832 "sfconfigmgr.dll.bak" sfmark~1.bak 10 Sep 2008 1535232 "sfmarket2.dll.bak" sfs4rw~1.bak 10 Sep 2008 1188096 "sfs4rw.dll.bak" vegas8~1.bak 10 Sep 2008 11515136 "vegas80.exe.bak" "C:\WINDOWS\Debug\UserMode\" userenv.bak 18 Sep 2009 309204 "userenv.bak" "C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\" mchamm~1.bak 6 Aug 2008 1317888 "mchammer.dll.bak" sffrgp~1.bak 10 Sep 2008 1298688 "sffrgpnv.dll.bak" sfppac~1.bak 10 Sep 2008 1665280 "sfppack1.dll.bak" sfppac~2.bak 10 Sep 2008 1845504 "sfppack2.dll.bak" sfppac~3.bak 10 Sep 2008 1561856 "sfppack3.dll.bak" sfresf~1.bak 6 Aug 2008 1282048 "sfresfilter.dll.bak" sftrkf~1.bak 10 Sep 2008 1531648 "sftrkfx1.dll.bak" sfxpfx~1.bak 10 Sep 2008 1287936 "sfxpfx1.dll.bak" sfxpfx~2.bak 10 Sep 2008 1291520 "sfxpfx2.dll.bak" sfxpfx~3.bak 10 Sep 2008 1425664 "sfxpfx3.dll.bak" xpviny~1.bak 6 Aug 2008 1340928 "xpvinyl.dll.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\External Control Drivers\" spcons~1.bak 10 Sep 2008 1981952 "spconsoleopt.dll.bak" spgenc~1.bak 10 Sep 2008 1696256 "spgenctrlopt.dll.bak" spmack~1.bak 10 Sep 2008 1759744 "spmackiectrlopt.dll.bak" tranzp~1.bak 10 Sep 2008 855552 "tranzport.dll.bak" "C:\WINDOWS\Debug\Setup\Backup\" hdaudi~1.bak 2 Oct 2009 0 "HDAUDIO_Backup.bak" intppm~1.bak 2 Oct 2009 4 "INTPPM_Backup.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\" ac3plu~1.bak 10 Sep 2008 2015488 "ac3plug.dll.bak" ac3plu~2.bak 10 Sep 2008 1188096 "ac3plugrw.dll.bak" "C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\" brndlog.bak 6 Jul 2009 141 "brndlog.bak" "C:\Documents and Settings\Default User\Dados de aplicativos\Microsoft\Internet Explorer\" brndlog.bak 6 Jul 2009 113 "brndlog.bak" "C:\WINDOWS\pchealth\helpctr\Config\Cache\" profes~1.bak 31 Jul 2009 181272 "Professional_32_1046.dat.bak" "C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\ac3market\" sfconf~1.bak 10 Sep 2008 408832 "sfconfigmgr.dll.bak" sfmark~1.bak 10 Sep 2008 1535232 "sfmarket2.dll.bak" "C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Office\Data\" data.bak 10 Feb 2001 1106 "DATA.BAK" "C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos\Microsoft\Internet Explorer\" brndlog.bak 6 Jul 2009 113 "brndlog.bak" 32 items found: 32 files, 0 directories. Total of file sizes: 42.432.683 bytes 40,46 M -------------------------------------------------------------------------- Locating all copies of Internet Explorer on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\Arquivos de programas\Internet Explorer\" iexplore.exe 8 Mar 2009 638816 "iexplore.exe" "C:\WINDOWS\ie8\" iexplore.exe 3 Aug 2004 93184 "iexplore.exe" "C:\WINDOWS\system32\dllcache\" iexplore.exe 8 Mar 2009 638816 "iexplore.exe" "C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\" iexplore.exe 3 Aug 2004 93184 "iexplore.exe" 4 items found: 4 files, 0 directories. Total of file sizes: 1.464.000 bytes 1,39 M -------------------------------------------------------------------------- Locating all copies of beep.sy_ on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer No matches found. -------------------------------------------------------------------------- Locating all copies of beep.sys on C: -------------------------------------------------------------------------- Locating all copies of Internet Explorer "C:\WINDOWS\system32\drivers\" beep.sys 28 Oct 2001 4224 "beep.sys" 1 item found: 1 file, 0 directories. Total of file sizes: 4.224 bytes 4,13 K -------------------------------------------------------------------------- Locating all copies of Windows Explorer on C: -------------------------------------------------------------------------- Locating all copies of Windows Explorer "C:\WINDOWS\" explorer.exe 3 Aug 2004 1034240 "explorer.exe" "C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\" explorer.exe 3 Aug 2004 1034240 "explorer.exe" 2 items found: 2 files, 0 directories. Total of file sizes: 2.068.480 bytes 1,97 M -------------------------------------------------------------------------- Items in Document and Settings: -------------------------------------------------------------------------- Listing contents of C:\Documents and Settings "C:\Documents and Settings\" ADMINI~1 6 Jul 2009 "Administrador" ALLUSE~1 6 Jul 2009 "All Users" DEFAUL~1 6 Jul 2009 "Default User" LOCALS~1 6 Jul 2009 "LocalService" NETWOR~1 6 Jul 2009 "NetworkService" 5 items found: 0 files, 5 directories (3 H/S). -------------------------------------------------------------------------- Desktop Items: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Desktop within the last 90 days. "C:\Documents and Settings\Administrador\Desktop\" amplif~1.pdf 14 Sep 2009 118950 "Amplificador em Cascata.pdf" backup.reg 27 Sep 2009 11647698 "backup.reg" C__~1 22 Sep 2009 "C++" cnpq.doc 19 Sep 2009 41472 "CNPQ.doc" codigo~1.txt 23 Sep 2009 10 "codigo orquidea.txt" counte~1.lnk 24 Sep 2009 1683 "Counter Strike 1.6 Non Steam.lnk" c__exe~1.lnk 23 Sep 2009 762 "c++.exe.lnk" DATASH~1 30 Sep 2009 "datasheet" eletrn~1.rar 30 Aug 2009 101890014 "Eletr“nica - Dispositivos Eletr“nicos e Teoria de Circuitos - Robert L. Boylestad.rar" exercc~1.doc 18 Sep 2009 423936 "EXERCÖCIO SOBRE O FILME RASTROS DE àDIO.doc" garena.lnk 11 Sep 2009 710 "Garena.lnk" heroes~1.lnk 18 Jul 2009 1660 "Heroes of Newerth.lnk" LOGS 2 Oct 2009 "LOGS" MANOEL 3 Sep 2009 "manoel" mozill~1.lnk 6 Jul 2009 1692 "Mozilla Firefox.lnk" orquidea.mht 26 Aug 2009 1305854 "ORQUIDEA.mht" VIRUS 2 Oct 2009 "VIRUS" window~1.lnk 6 Jul 2009 1871 "Windows Live Messenger .lnk" 18 items found: 13 files, 5 directories. Total of file sizes: 115.436.312 bytes 110,09 M Locating all files created in C:\Documents and Settings\All Users\Desktop\ within the last 90 days. "C:\Documents and Settings\All Users\Desktop\" adober~1.lnk 6 Jul 2009 1769 "Adobe Reader 9.lnk" mozill~1.lnk 6 Jul 2009 1674 "Mozilla Firefox.lnk" pokers~1.lnk 14 Sep 2009 792 "PokerStars.lnk" steam.lnk 1 Oct 2009 2255 "Steam.lnk" trucol~1.lnk 10 Sep 2009 802 "Truco LigasOnline.lnk" 5 items found: 5 files, 0 directories. Total of file sizes: 7.292 bytes 7,12 K -------------------------------------------------------------------------- Start Menu Items: -------------------------------------------------------------------------- Locating all files created inC:\Documents and Settings\Administrador\Start Menu within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\Administrador\Start Menu\Programs\Startup within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days. No matches found. -------------------------------------------------------------------------- Application Data Items: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Application Data\ within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\Administrador\Local Settings\Application Data\ within the last 90 days. No matches found. Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\Documents and Settings\Administrador\Local Settings\TEMP: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Local Settings\TEMP within the last 90 days. -------------------------------------------------------------------------- Items in Templates Folder: -------------------------------------------------------------------------- Locating all files created in C:\Documents and Settings\Administrador\Templates No matches found. -------------------------------------------------------------------------- Items in Program Files: -------------------------------------------------------------------------- Locating all files created in C:\Arquivos de programas\ within the last 90 days. "C:\Arquivos de programas\" A-SQUA~1 2 Oct 2009 "a-squared HiJackFree" A-SQUA~2 2 Oct 2009 "a-squared Free" ADOBE 6 Jul 2009 "Adobe" ANALOG~1 6 Jul 2009 "Analog Devices" ARQUIV~1 6 Jul 2009 "Arquivos comuns" CODEBL~1 22 Sep 2009 "CodeBlocks" CSPIRA~1 24 Sep 2009 "cspiratao" CYBERS~1 28 Jul 2009 "CyberScript32" DAEMON~1 16 Sep 2009 "DAEMON Tools Lite" DVDVID~1 6 Aug 2009 "DVDVideoSoft" EXPLOR~1 2 Oct 2009 "ExplorerXP" FREEAU~1 10 Sep 2009 "Free Audio Pack" GABEST 4 Sep 2009 "Gabest" GARENA 11 Sep 2009 "Garena" GBPLUGIN 4 Aug 2009 "GbPlugin" HEROES~1 18 Jul 2009 "Heroes of Newerth" INSTAL~1 6 Jul 2009 "InstallShield Installation Information" INTERN~1 6 Jul 2009 "Internet Explorer" JAVA 4 Aug 2009 "Java" K-LITE~1 6 Jul 2009 "K-Lite Codec Pack" LIGASO~1 10 Sep 2009 "LigasOnline" MICROS~1 6 Jul 2009 "Microsoft" MICROS~2 6 Jul 2009 "Microsoft Office" MICROS~3 1 Oct 2009 "Microsoft Windows OneCare Live" MOZILL~1 6 Jul 2009 "Mozilla Firefox" MSBUILD 30 Jul 2009 "MSBuild" NCSOFT 25 Sep 2009 "NCSoft" NEWBLUE 31 Jul 2009 "NewBlue" NOTEPA~1 6 Jul 2009 "Notepad++" OUTLOO~1 6 Jul 2009 "Outlook Express" PANDON~1 20 Sep 2009 "Pando Networks" POKERS~1 14 Sep 2009 "PokerStars" REALAL~1 31 Aug 2009 "Real Alternative" REFERE~1 30 Jul 2009 "Reference Assemblies" REPLAY~1 30 Jul 2009 "ReplaySeeker" SKYPE 17 Aug 2009 "Skype" SONY 30 Jul 2009 "Sony" SONYSE~1 30 Jul 2009 "Sony Setup" STEAM 8 Aug 2009 "Steam" SYSTEM~1 16 Sep 2009 "SystemRequirementsLab" TEAMSP~1 28 Jul 2009 "Teamspeak2_RC2" UTORRENT 6 Jul 2009 "uTorrent" VDOWNL~1 2 Aug 2009 "VDOWNLOADER" VERYPD~1.0 5 Sep 2009 "VeryPDF PDF2Word v3.0" VIA 6 Jul 2009 "VIA" WARCRA~1 6 Jul 2009 "Warcraft III" WARKEYS 1 Aug 2009 "Warkeys" WI4DF6~1 6 Jul 2009 "Windows Media Connect 2" WINDOW~1 6 Jul 2009 "Windows Media Player" WINDOW~2 1 Oct 2009 "Windows Live Safety Center" WINDOW~3 6 Jul 2009 "Windows Live" WINDOW~4 6 Jul 2009 "Windows Live SkyDrive" WINRAR 6 Jul 2009 "WinRAR" 53 items found: 0 files, 53 directories (1 H/S). Locating all files created in C:\Arquivos de programas\Arquivos comuns\ within the last 90 days. "C:\Arquivos de programas\Arquivos comuns\" ADOBE 6 Jul 2009 "Adobe" DESIGNER 6 Jul 2009 "Designer" DVDVID~1 6 Aug 2009 "DVDVideoSoft" ESELLE~1 31 Jul 2009 "eSellerate" INSTAL~1 6 Jul 2009 "InstallShield" MICROS~1 6 Jul 2009 "Microsoft Shared" MSSOAP 6 Jul 2009 "MSSoap" SERVI€OS 6 Jul 2009 "Servi‡os" SKYPE 17 Aug 2009 "Skype" SYSTEM 6 Jul 2009 "System" WINDOW~1 6 Jul 2009 "Windows Live" 11 items found: 0 files, 11 directories. Locating all files created in C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders within the last 90 days. "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\" 1033 6 Jul 2009 "1033" 1046 6 Jul 2009 "1046" "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\" WEBVIEW 6 Jul 2009 "WebView" "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\WebView\" IMAGES 6 Jul 2009 "Images" 4 items found: 0 files, 4 directories. -------------------------------------------------------------------------- Items in the Windows Directory: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\ within the last 90 days. "C:\WINDOWS\" $HF_MIG$ 20 Aug 2009 "$hf_mig$" $N18DC~1 20 Aug 2009 "$NtUninstallKB932823-v3$" $N4AE6~1 2 Oct 2009 "$NtUninstallKB898461$" $N4CEE~1 1 Oct 2009 "$NtUninstallKB914882$" $N4EC9~1 30 Jul 2009 "$NtUninstallWIC$" $N68C8~1 1 Oct 2009 "$NtUninstallKB923845$" $N6CC0~1 6 Jul 2009 "$NtUninstallKB926239$" $N89D7~1 6 Jul 2009 "$NtUninstallMSCompPackV1$" $NTUNI~1 6 Jul 2009 "$NtUninstallKB888111WXPSP2$" $NTUNI~2 6 Jul 2009 "$NtUninstallWudf01000$" $NTUNI~3 6 Jul 2009 "$NtUninstallWMFDist11$" $NTUNI~4 6 Jul 2009 "$NtUninstallwmp11$" 0.log 2 Oct 2009 0 "0.log" ADDINS 6 Jul 2009 "addins" APPPATCH 6 Jul 2009 "AppPatch" ascd_tmp.ini 6 Jul 2009 13327 "Ascd_tmp.ini" ASSEMBLY 30 Jul 2009 "assembly" ASUSIN~1 6 Jul 2009 "ASUSInstAll" as_debug.txt 6 Jul 2009 0 "AS_Debug.txt" bitsse~1.log 6 Jul 2009 1880 "bitssetup.log" bootstat.dat 2 Oct 2009 2048 "bootstat.dat" cmsetacl.log 6 Jul 2009 200 "cmsetacl.log" comsetup.log 2 Oct 2009 40389 "comsetup.log" CONFIG 6 Jul 2009 "Config" CONNEC~1 6 Jul 2009 "Connection Wizard" control.ini 6 Jul 2009 0 "control.ini" CSC 6 Jul 2009 "CSC" CURSORS 6 Jul 2009 "Cursors" DEBUG 6 Jul 2009 "Debug" directx.log 6 Jul 2009 32896 "Directx.log" DOWNLO~1 6 Jul 2009 "Downloaded Program Files" DRIVER~1 6 Jul 2009 "Driver Cache" dtcins~1.log 6 Jul 2009 133 "DtcInstall.log" entpack.ini 17 Sep 2009 34 "entpack.ini" FONTS 6 Jul 2009 "Fonts" HELP 6 Jul 2009 "Help" IE8 20 Aug 2009 "ie8" ie8.log 20 Aug 2009 56162 "ie8.log" ie8_main.log 20 Aug 2009 95329 "ie8_main.log" IME 6 Jul 2009 "ime" INF 6 Jul 2009 "inf" INSTAL~1 6 Jul 2009 "Installer" JAVA 6 Jul 2009 "java" kb888111.log 6 Jul 2009 4936 "KB888111.log" kb898461.log 2 Oct 2009 7722 "KB898461.log" kb926239.log 6 Jul 2009 9921 "KB926239.log" kb9328~1.log 20 Aug 2009 8365 "KB932823-v3.log" kb950974.log 2 Oct 2009 4976 "KB950974.log" kb951748.log 2 Oct 2009 4161 "KB951748.log" kb952004.log 2 Oct 2009 4429 "KB952004.log" kb952954.log 2 Oct 2009 5431 "KB952954.log" kb956802.log 2 Oct 2009 3595 "KB956802.log" kb959426.log 2 Oct 2009 5346 "KB959426.log" kb960225.log 2 Oct 2009 4696 "KB960225.log" kb960803.log 2 Oct 2009 4055 "KB960803.log" kb960859.log 2 Oct 2009 5246 "KB960859.log" kb9613~1.log 2 Oct 2009 5129 "KB961371-v2.log" kb961501.log 2 Oct 2009 4609 "KB961501.log" kb961503.log 2 Oct 2009 5156 "KB961503.log" kb967715.log 2 Oct 2009 4251 "KB967715.log" kb968389.log 2 Oct 2009 3875 "KB968389.log" kb968537.log 2 Oct 2009 3947 "KB968537.log" kb971032.log 2 Oct 2009 3370 "KB971032.log" kb971557.log 2 Oct 2009 4784 "KB971557.log" kb971633.log 2 Oct 2009 4518 "KB971633.log" kb971657.log 2 Oct 2009 4881 "KB971657.log" kb973507.log 2 Oct 2009 4326 "KB973507.log" kb973815.log 2 Oct 2009 3958 "KB973815.log" LOGS 18 Jul 2009 "Logs" MEDIA 6 Jul 2009 "Media" MICROS~1.NET 30 Jul 2009 "Microsoft.NET" MSAGENT 6 Jul 2009 "Msagent" MSAPPS 6 Jul 2009 "msapps" mscomp~1.log 6 Jul 2009 7399 "MSCompPackV1.log" msmqinst.log 2 Oct 2009 33722 "msmqinst.log" MUI 6 Jul 2009 "mui" netfxocm.log 2 Oct 2009 15157 "netfxocm.log" nsreg.dat 6 Jul 2009 0 "nsreg.dat" ntdtcs~1.log 2 Oct 2009 22877 "ntdtcsetup.log" NVIEW 6 Jul 2009 "nview" ocgen.log 2 Oct 2009 27526 "ocgen.log" odbc.ini 6 Jul 2009 421 "ODBC.INI" odbcinst.ini 6 Jul 2009 4205 "ODBCINST.INI" oewablog.txt 6 Jul 2009 841 "OEWABLog.txt" OFFLIN~1 6 Jul 2009 "Offline Web Pages" PCHEALTH 6 Jul 2009 "pchealth" pdf2word.ini 5 Sep 2009 358 "pdf2word.INI" PEERNET 6 Jul 2009 "PeerNet" PIF 16 Sep 2009 "PIF" PREFETCH 6 Jul 2009 "Prefetch" PROVIS~1 6 Jul 2009 "Provisioning" REGIST~1 6 Jul 2009 "Registration" regopt.log 6 Jul 2009 1182 "regopt.log" REPAIR 6 Jul 2009 "repair" RESOUR~1 6 Jul 2009 "Resources" schedlgu.txt 1 Oct 2009 32514 "SchedLgU.Txt" SECURITY 6 Jul 2009 "security" sessmg~1.log 6 Jul 2009 1022 "sessmgr.setup.log" setupact.log 2 Oct 2009 96141 "setupact.log" setupapi.log 2 Oct 2009 497716 "setupapi.log" setuperr.log 6 Jul 2009 0 "setuperr.log" setuplog.txt 6 Jul 2009 542893 "setuplog.txt" SHELLNEW 6 Jul 2009 "ShellNew" sminst~1.log 6 Jul 2009 10436 "SMinstall.log" SOFTWA~1 6 Jul 2009 "SoftwareDistribution" spupdsvc.log 20 Aug 2009 8473 "spupdsvc.log" sti_tr~1.log 6 Jul 2009 0 "Sti_Trace.log" SUN 4 Aug 2009 "Sun" svcpack.log 2 Oct 2009 19572 "svcpack.log" SYSTEM 6 Jul 2009 "system" system.ini 6 Jul 2009 231 "system.ini" SYSTEM32 6 Jul 2009 "system32" TASKS 6 Jul 2009 "Tasks" TEMP 6 Jul 2009 "Temp" tsoc.log 2 Oct 2009 39386 "tsoc.log" TWAIN_32 6 Jul 2009 "twain_32" updspapi.log 1 Oct 2009 17986 "updspapi.log" vb.ini 6 Jul 2009 36 "vb.ini" vbaddin.ini 6 Jul 2009 37 "vbaddin.ini" war3unin.dat 6 Jul 2009 86157 "War3Unin.dat" war3unin.exe 6 Jul 2009 139264 "War3Unin.exe" war3unin.pif 6 Jul 2009 2829 "War3Unin.pif" WBEM 20 Aug 2009 "WBEM" WEB 6 Jul 2009 "Web" wiadebug.log 26 Sep 2009 216 "wiadebug.log" wiaservc.log 26 Sep 2009 49 "wiaservc.log" win.ini 6 Jul 2009 603 "win.ini" window~1.log 2 Oct 2009 1236355 "WindowsUpdate.log" window~1.man 6 Jul 2009 749 "WindowsShell.Manifest" WINSXS 6 Jul 2009 "WinSxS" wmfdis~1.log 6 Jul 2009 30201 "WMFDist11.log" wmp11.log 6 Jul 2009 22035 "wmp11.log" wmsetup.log 2 Oct 2009 55511 "wmsetup.log" wmsetu~1.log 6 Jul 2009 2096 "wmsetup10.log" wmsyspr9.prx 6 Jul 2009 316640 "WMSysPr9.prx" wudf01~1.log 6 Jul 2009 8381 "Wudf01000Inst.log" 136 items found: 78 files (2 H/S), 58 directories (21 H/S). Total of file sizes: 3.649.298 bytes 3,48 M -------------------------------------------------------------------------- C:\WINDOWS\Downloaded Program Files: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days. "C:\WINDOWS\Downloaded Program Files\" desktop.ini 6 Jul 2009 65 "desktop.ini" wlscbase.dll 9 Sep 2009 452488 "wlscBase.dll" wlscbase.inf 9 Sep 2009 321 "wlscBase.inf" 3 items found: 3 files (1 H/S), 0 directories. Total of file sizes: 452.874 bytes 442,26 K -------------------------------------------------------------------------- C:\WINDOWS\PCHealth\HelpCtr\Binaries: -------------------------------------------------------------------------- Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries "C:\WINDOWS\pchealth\helpctr\binaries\" brpinfo.dll 28 Oct 2001 21504 "brpinfo.dll" hcappres.dll 28 Oct 2001 7168 "HCAppRes.dll" helpctr.exe 3 Aug 2004 768512 "HelpCtr.exe" helphost.exe 28 Oct 2001 99840 "HelpHost.exe" helpsvc.exe 3 Aug 2004 743936 "HelpSvc.exe" hscsp_w3.cab 17 Jul 2004 324700 "hscsp_w3.cab" hscupd.exe 3 Aug 2004 18944 "HscUpd.exe" msconfig.exe 3 Aug 2004 159744 "msconfig.exe" msinfo.dll 3 Aug 2004 380928 "msinfo.dll" notiflag.exe 28 Oct 2001 35328 "notiflag.exe" pchdt_w3.cab 3 Aug 2004 2768982 "pchdt_w3.cab" pchshell.dll 3 Aug 2004 102400 "pchshell.dll" pchsvc.dll 3 Aug 2004 38912 "pchsvc.dll" 13 items found: 13 files, 0 directories. Total of file sizes: 5.470.898 bytes 5,21 M -------------------------------------------------------------------------- C:\WINDOWS\system: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system within the last 90 days. "C:\WINDOWS\system\" tapi.tlb 25 Sep 2009 1 "tapi.tlb" 1 item found: 1 file, 0 directories. Total of file sizes: 1 byte 0,00 K -------------------------------------------------------------------------- C:\WINDOWS\system32: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32 within the last 90 days. "C:\WINDOWS\system32\" $winnt$.inf 6 Jul 2009 987 "$winnt$.inf" 1025 6 Jul 2009 "1025" 1028 6 Jul 2009 "1028" 1031 6 Jul 2009 "1031" 1033 6 Jul 2009 "1033" 1037 6 Jul 2009 "1037" 1041 6 Jul 2009 "1041" 1042 6 Jul 2009 "1042" 1046 6 Jul 2009 "1046" 1054 6 Jul 2009 "1054" 18467.exe 2 Oct 2009 0 "18467.exe" 2052 6 Jul 2009 "2052" 3076 6 Jul 2009 "3076" 3COM_DMI 6 Jul 2009 "3com_dmi" 41.exe 2 Oct 2009 0 "41.exe" 6334.exe 1 Oct 2009 0 "6334.exe" ADOBE 10 Aug 2009 "Adobe" amcompat.tlb 6 Jul 2009 16832 "amcompat.tlb" APPMGMT 5 Sep 2009 "appmgmt" BIFROST 21 Sep 2009 "Bifrost" BITS 1 Oct 2009 "bits" CATROOT 6 Jul 2009 "CatRoot" CATROOT2 6 Jul 2009 "CatRoot2" CATROO~1 2 Oct 2009 "CatRoot_bak" cdplay~1.man 6 Jul 2009 749 "cdplayer.exe.manifest" COM 6 Jul 2009 "Com" CONFIG 6 Jul 2009 "config" config.nt 6 Jul 2009 2969 "CONFIG.NT" deploytk.dll 31 Jul 2009 411368 "deploytk.dll" detoured.dll 10 Sep 2009 4096 "detoured.dll" DHCP 6 Jul 2009 "dhcp" DIRECTX 6 Jul 2009 "DirectX" divx.dll 13 Jul 2009 685056 "divx.dll" DLLCACHE 6 Jul 2009 "dllcache" dpl100.dll 13 Jul 2009 90112 "dpl100.dll" DRIVERS 6 Jul 2009 "drivers" DRVSTORE 1 Oct 2009 "DRVSTORE" emptyr~1.dat 6 Jul 2009 21844 "emptyregdb.dat" EN-US 30 Jul 2009 "en-us" EXPORT 6 Jul 2009 "export" ezsidmv.dat 17 Aug 2009 56 "ezsidmv.dat" fntcache.dat 2 Oct 2009 112584 "FNTCACHE.DAT" gamemon.des 15 Sep 2009 3363184 "GameMon.des" GROUPP~1 1 Oct 2009 "GroupPolicy" h323log.txt 6 Jul 2009 0 "h323log.txt" IAS 6 Jul 2009 "ias" ICSXML 6 Jul 2009 "icsxml" java.exe 31 Jul 2009 145184 "java.exe" javacpl.cpl 31 Jul 2009 73728 "javacpl.cpl" javaw.exe 31 Jul 2009 145184 "javaw.exe" javaws.exe 31 Jul 2009 149280 "javaws.exe" jupdat~1.log 2 Oct 2009 3973 "jupdate-1.6.0_16-b01.log" lhacm.acm 28 Jul 2009 34064 "lhacm.acm" LOGFILES 6 Jul 2009 "LogFiles" logonu~1.man 6 Jul 2009 488 "logonui.exe.manifest" MACROMED 6 Jul 2009 "Macromed" MICROS~1 6 Jul 2009 "Microsoft" mrt.exe 28 Aug 2009 24689600 "MRT.exe" MSDTC 6 Jul 2009 "MsDtc" MUI 6 Jul 2009 "mui" ncpacp~1.man 6 Jul 2009 749 "ncpa.cpl.manifest" NPP 6 Jul 2009 "npp" nscompat.tlb 6 Jul 2009 23392 "nscompat.tlb" nvapps.xml 2 Oct 2009 63804 "nvapps.xml" nwccpl~1.man 6 Jul 2009 749 "nwc.cpl.manifest" paint.exe 12 Sep 2009 94209 "Paint.exe" perfc009.dat 30 Jul 2009 65106 "perfc009.dat" perfc016.dat 30 Jul 2009 73440 "perfc016.dat" perfh009.dat 30 Jul 2009 425082 "perfh009.dat" perfh016.dat 30 Jul 2009 457508 "perfh016.dat" perfst~1.ini 30 Jul 2009 1028686 "PerfStringBackup.INI" PREINS~1 2 Oct 2009 "PreInstall" PT-BR 20 Aug 2009 "pt-BR" RAS 6 Jul 2009 "ras" REINST~1 6 Jul 2009 "ReinstallBackups" RESTORE 6 Jul 2009 "Restore" sapicp~1.man 6 Jul 2009 749 "sapi.cpl.manifest" SETUP 6 Jul 2009 "Setup" SHELLEXT 6 Jul 2009 "ShellExt" SOFTWA~1 1 Oct 2009 "SoftwareDistribution" SPOOL 6 Jul 2009 "spool" USMT 6 Jul 2009 "usmt" WBEM 6 Jul 2009 "wbem" window~1.man 6 Jul 2009 488 "WindowsLogon.manifest" WINS 6 Jul 2009 "wins" winupd~1.exe 1 Oct 2009 45568 "winupdate.exe" wpa.dbl 30 Sep 2009 2206 "wpa.dbl" wuaucp~1.man 6 Jul 2009 749 "wuaucpl.cpl.manifest" x264vfw.dll 29 Jul 2009 2378752 "x264vfw.dll" XPSVIE~1 30 Jul 2009 "XPSViewer" 90 items found: 40 files (8 H/S), 50 directories (2 H/S). Total of file sizes: 34.612.575 bytes 33,01 M -------------------------------------------------------------------------- C:\WINDOWS\system32\com: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\com within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32\components: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\components within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\system32\drivers: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days. "C:\WINDOWS\system32\drivers\" DISDN 6 Jul 2009 "disdn" ETC 6 Jul 2009 "etc" gbpkm.sys 17 Sep 2009 30344 "gbpkm.sys" sptd.sys 16 Sep 2009 721904 "sptd.sys" UMDF 6 Jul 2009 "UMDF" 5 items found: 2 files, 3 directories. Total of file sizes: 752.248 bytes 734,62 K -------------------------------------------------------------------------- C:\WINDOWS\system32\drivers\etc: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days. No matches found. -------------------------------------------------------------------------- C:\WINDOWS\TEMP: -------------------------------------------------------------------------- Locating all files created in C:\WINDOWS\TEMP within the last 90 days. "C:\WINDOWS\Temp\" gdql_o~1.log 2 Oct 2009 270 "gdql_oc_OcHealthMon.log" peb1a9~1.dat 2 Oct 2009 16384 "Perflib_Perfdata_f0.dat" pebce8~1.dat 2 Oct 2009 16384 "Perflib_Perfdata_390.dat" qdiago~1.log 2 Oct 2009 270 "qdiagoc_OcHealthMon.log" 4 items found: 4 files, 0 directories. Total of file sizes: 33.308 bytes 32,53 K ************************************************************************************ Checking for .COM files to Delete. They will only print if deleted! Locating .COM files in the C:\WINDOWS\System32 folder "C:\WINDOWS\system32\" chcp.com 28 Oct 2001 7680 "chcp.com" command.com 28 Oct 2001 52472 "command.com" diskcomp.com 28 Oct 2001 9216 "diskcomp.com" diskcopy.com 28 Oct 2001 7168 "diskcopy.com" edit.com 28 Oct 2001 70750 "edit.com" format.com 28 Oct 2001 25600 "format.com" graftabl.com 28 Oct 2001 26112 "graftabl.com" graphics.com 28 Oct 2001 19918 "graphics.com" kb16.com 28 Oct 2001 14950 "kb16.com" loadfix.com 28 Oct 2001 1153 "loadfix.com" locate.com 14 Jan 2005 11254 "locate.com" mode.com 28 Oct 2001 19456 "mode.com" more.com 28 Oct 2001 15872 "more.com" tree.com 28 Oct 2001 11264 "tree.com" win.com 28 Oct 2001 18432 "win.com" 15 items found: 15 files, 0 directories. Total of file sizes: 311.297 bytes 304,00 K ************************************************************************************ Miscellaneous Malware Detections: ------------------------------------------------------------------------------------ **** Delfin Media {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! **** **** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! **** **** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! **** **** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! **** **** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! **** **** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! **** **** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! **** **** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! **** **** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! **** **** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! **** **** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! **** **** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! **** **** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! **** **** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! **** **** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! **** **** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! **** **** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! **** **** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! **** **** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! **** **** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! **** **** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! **** **** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! **** **** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! **** **** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! **** **** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! **** **** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! **** **** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! **** **** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! **** **** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! **** **** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! **** **** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! **** **** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! **** **** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! **** **** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! **** **** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! **** **** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! **** **** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! **** **** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! **** **** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! **** **** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! **** **** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! **** **** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! **** **** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! **** **** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! **** **** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! **** **** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! **** **** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! **** **** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! **** **** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! **** **** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! **** **** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! **** **** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! **** **** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! **** **** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! **** **** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! **** **** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! **** **** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! **** **** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! **** **** Troj/Crafted-A {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! **** **** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! **** **** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! **** **** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! **** **** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! **** **** W32/Almanahe.a Worm NOT FOUND by this tool! **** **** msctl32.dll SpamBot NOT FOUND by this tool! **** **** KeyLogger NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR BOT-TYPE WORMS: -------------------------------------------------------------------------- **** W32/Sdbot Worm NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS: -------------------------------------------------------------------------- **** i386p.* Stealthing Agent NOT FOUND by this tool! **** **** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! **** **** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! **** **** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! **** **** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! **** -------------------------------------------------------------------------- CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS: -------------------------------------------------------------------------- **** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! **** **** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! **** **** CmdService adware NOT FOUND by this tool! **** **** Network_Monitor adware NOT FOUND by this tool! **** **** Trojan.Peacomm NOT FOUND by this tool! **** **** Trojan.Peacomm windev NOT FOUND by this tool! **** **** AVPE Haxdoor NOT FOUND by this tool! **** **** MEMLOW Haxdoor NOT FOUND by this tool! **** **** VDMT Haxdoor NOT FOUND by this tool! **** **** YCSVGA Haxdoor NOT FOUND by this tool! **** **** PPTP Haxdoor FOUND by this tool! **** CAREFULL HERE THIS WILL ALSO FIND WinLanMiniport DisplayName REG_SZ Miniporta de rede remota (PPTP) Description REG_SZ Miniporta de rede remota (PPTP) DisplayName REG_SZ Miniporta de rede remota (PPTP) Description REG_SZ Miniporta de rede remota (PPTP) DisplayName REG_SZ Miniporta de rede remota (PPTP) Description REG_SZ Miniporta de rede remota (PPTP) **** DVB Haxdoor NOT FOUND by this tool! **** **** YVBB Haxdoor NOT FOUND by this tool! **** **** YVPP Haxdoor NOT FOUND by this tool! **** **** NKGFS Haxdoor NOT FOUND by this tool! **** **** XMSK Haxdoor NOT FOUND by this tool! **** **** AVPX Haxdoor NOT FOUND by this tool! **** **** MMXF Haxdoor NOT FOUND by this tool! **** **** DP1112 Vundo Rootkit NOT FOUND by this tool! **** **** SYSBUS32 Rootkit Driver NOT FOUND by this tool! **** **** I386P Rootkit Driver NOT FOUND by this tool! **** **** ERSSDD Rootkit NOT FOUND by this tool! **** **** GencTurK RootKit NOT FOUND by this tool! **** **** Troj/NTRootK-BP RootKit NOT FOUND by this tool! **** **** W32/Almanahe.sys NOT FOUND by this tool! **** ************************************************************************************ Dumping HKLM Uninstall Programs list DisplayName REG_SZ a-squared Free 4.5 DisplayName REG_SZ Adobe Flash Player 10 ActiveX DisplayName REG_SZ Adobe Flash Player 10 Plugin DisplayName REG_SZ Adobe Reader 9.1.2 - Português DisplayName REG_SZ Adobe Shockwave Player 11.5 DisplayName REG_SZ Arquivo do WinRAR DisplayName REG_SZ Assistente de Conexão do Windows Live DisplayName REG_SZ Atualização para Windows XP (KB898461) DisplayName REG_SZ Atualização para Windows XP (KB914882) DisplayName REG_SZ Atualização para Windows XP (KB923845) DisplayName REG_SZ Atualização para Windows XP (KB932823-v3) DisplayName REG_SZ Choice Guard DisplayName REG_SZ CircuitMaker 2000 (Professional Edition) DisplayName REG_SZ Counter-Strike DisplayName REG_SZ Counter-Strike CP DisplayName REG_SZ CyberScript v3.2 DisplayName REG_SZ ExplorerXP (remove only) DisplayName REG_SZ Ferramenta de Carregamento do Windows Live DisplayName REG_SZ Fraps (remove only) DisplayName REG_SZ Free Mp3 Wma Converter V 1.81 DisplayName REG_SZ Free YouTube to Mp3 Converter version 3.1 DisplayName REG_SZ Garena DisplayName REG_SZ GTOneCare DisplayName REG_SZ Heroes of Newerth DisplayName REG_SZ High Definition Audio Driver Package - KB888111 DisplayName REG_SZ Hotfix for Windows XP (KB926239) DisplayName REG_SZ Java(TM) 6 Update 16 DisplayName REG_SZ K-Lite Mega Codec Pack 5.1.0 DisplayName REG_SZ Microsoft .NET Framework 2.0 DisplayName REG_SZ Microsoft .NET Framework 2.0 DisplayName REG_SZ Microsoft .NET Framework 3.0 DisplayName REG_SZ Microsoft .NET Framework 3.0 DisplayName REG_SZ Microsoft Application Error Reporting DisplayName REG_SZ Microsoft Compression Client Pack 1.0 for Windows XP DisplayName REG_SZ Microsoft Office XP Professional com FrontPage DisplayName REG_SZ Microsoft Protection Service DisplayName REG_SZ Microsoft User-Mode Driver Framework Feature Pack 1.0 DisplayName REG_SZ Microsoft Visual C++ 2005 Redistributable DisplayName REG_SZ Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 DisplayName REG_SZ Microsoft Windows Live OneCare Resources v2.5.2900.28 DisplayName REG_SZ Microsoft Windows OneCare Live AntiSpyware and AntiVirus DisplayName REG_SZ Microsoft Windows OneCare Live v2.5.2900.28 DisplayName REG_SZ Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install DisplayName REG_SZ mIRC DisplayName REG_SZ Mozilla Firefox (3.5.3) DisplayName REG_SZ MSVCRT DisplayName REG_SZ MSXML 6.0 Parser (KB925673) DisplayName REG_SZ NCsoft Launcher DisplayName REG_SZ NewBlue 3D Explosions for Vegas DisplayName REG_SZ NewBlue 3D Transformations for Vegas DisplayName REG_SZ NewBlue Art Blends 2.0 for Vegas DisplayName REG_SZ NewBlue Art Effects 2.0 for Vegas DisplayName REG_SZ NewBlue Cartoonr for Vegas DisplayName REG_SZ NewBlue Film Effects for Vegas DisplayName REG_SZ NewBlue Motion Blends 2.0 for Vegas DisplayName REG_SZ NewBlue Motion Effects 2.0 for Vegas DisplayName REG_SZ NotePad++ 3.6 DisplayName REG_SZ NVIDIA Drivers DisplayName REG_SZ Pando Media Booster DisplayName REG_SZ PokerStars DisplayName REG_SZ PX Engine DisplayName REG_SZ Real Alternative 1.9.0 DisplayName REG_SZ Segoe UI DisplayName REG_SZ Skype web features DisplayName REG_SZ Skype™ 4.1 DisplayName REG_SZ Sony Vegas Pro 8.0 DisplayName REG_SZ SoundMAX DisplayName REG_SZ Steam DisplayName REG_SZ sXe Injected DisplayName REG_SZ System Requirements Lab DisplayName REG_SZ TeamSpeak 2 RC2 DisplayName REG_SZ Truco LigasOnline 1.1 DisplayName REG_SZ Uninstall 1.0.0.1 DisplayName REG_SZ VDownloader 0.83 DisplayName REG_SZ VeryPDF PDF2Word v3.0 DisplayName REG_SZ VobSub v2.23 (Remove Only) DisplayName REG_SZ Warkeys 1.14.1.0b DisplayName REG_SZ WebFldrs XP DisplayName REG_SZ Windows Communication Foundation DisplayName REG_SZ Windows Imaging Component DisplayName REG_SZ Windows Internet Explorer 8 DisplayName REG_SZ Windows Live Call DisplayName REG_SZ Windows Live Communications Platform DisplayName REG_SZ Windows Live Essentials DisplayName REG_SZ Windows Live Essentials DisplayName REG_SZ Windows Live Messenger DisplayName REG_SZ Windows Live OneCare DisplayName REG_SZ Windows Live OneCare safety scanner DisplayName REG_SZ Windows Media Format 11 runtime DisplayName REG_SZ Windows Media Format 11 runtime DisplayName REG_SZ Windows Media Player 11 DisplayName REG_SZ Windows Media Player 11 DisplayName REG_SZ Windows Presentation Foundation DisplayName REG_SZ Windows Workflow Foundation DisplayName REG_SZ XML Paper Specification Shared Components Pack 1.0 ParentDisplayName REG_SZ ParentDisplayName REG_SZ ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Atualizações de Software ParentDisplayName REG_SZ Windows XP - Software Updates ##################################################################################################### -- All DONE! ~ ShadowPuterDude ~ Logfile of HiJackFree v3.0 Scan saved at 19:21:51, on 2/10/2009 Platform: Windows XP Service Pack 2 (Windows NT 5.1.2600) MSIE: Internet Explorer v 8.0 Service Pack 2 (8.0.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\a-squared Free\a2service.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\a-squared HiJackFree\a2hijackfree.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: - {5C255C8A-E604-49b4-9D64-90988571CECB} - O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mspaint] "C:\WINDOWS\system32\paint.exe" -autocheck O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe O4 - HKLM\..\Run: [OneCareUI] "C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe" O4 - HKLM\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKLM\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKLM\..\Run: [NCsoft Launcher] C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe /Minimized O7 - Regedit - Enabled O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\main.ico O14 - IERESET.INF: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" O14 - IERESET.INF: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp" O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" O15 - Trusted Zone: https://www2.bancobrasil.com.br O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab O20 - Winlogon Notify: GbPluginBb - C:\WINDOWS\ O21 - ShellServiceObjectDelayLoad: PostBootReminder - O21 - ShellServiceObjectDelayLoad: CDBurn - O21 - ShellServiceObjectDelayLoad: WebCheck - O21 - ShellServiceObjectDelayLoad: SysTray - O21 - ShellServiceObjectDelayLoad: WPDShServiceObj - O22 - SharedTaskScheduler: Pré-carregador Browseui - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service - C:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: Serviço 'Gateway de camada de aplicativo' - C:\WINDOWS\System32\alg.exe O23 - Service: Gerenciamento de aplicativo - C:\WINDOWS\system32\svchost.exe O23 - Service: ASP.NET State Service - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe O23 - Service: Áudio do Windows - C:\WINDOWS\System32\svchost.exe O23 - Service: Serviço de transferência inteligente de plano de fundo - C:\WINDOWS\system32\svchost.exe O23 - Service: Localizador de computadores - C:\WINDOWS\system32\svchost.exe O23 - Service: Área de armazenamento - C:\WINDOWS\system32\clipsrv.exe O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe O23 - Service: Aplicativo de sistema COM+ - C:\WINDOWS\system32\dllhost.exe O23 - Service: Serviços de criptografia - C:\WINDOWS\system32\svchost.exe O23 - Service: Inicializador de Processo de Servidor DCOM - C:\WINDOWS\system32\svchost O23 - Service: Cliente DHCP - C:\WINDOWS\system32\svchost.exe O23 - Service: Serviço administrativo do gerenciador de disco lógico - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Gerenciador de discos lógicos - C:\WINDOWS\System32\svchost.exe O23 - Service: Cliente DNS - C:\WINDOWS\system32\svchost.exe O23 - Service: Erro ao informar o serviço - C:\WINDOWS\System32\svchost.exe O23 - Service: Log de eventos - C:\WINDOWS\system32\services.exe O23 - Service: Sistema de eventos COM+ - C:\WINDOWS\system32\svchost.exe O23 - Service: Compatibilidade com 'Troca rápida de usuário' - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 - c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe O23 - Service: GarenaPEngine - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\APED.tmp O23 - Service: Ajuda e suporte - C:\WINDOWS\System32\svchost.exe O23 - Service: HID Input Service - C:\WINDOWS\System32\svchost.exe O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe O23 - Service: Windows CardSpace - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe O23 - Service: Java Quick Starter - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Servidor - C:\WINDOWS\system32\svchost.exe O23 - Service: Estação de trabalho - C:\WINDOWS\system32\svchost.exe O23 - Service: Auxiliar NetBIOS TCP/IP - C:\WINDOWS\system32\svchost.exe O23 - Service: Coordenador de transações distribuídas - C:\WINDOWS\system32\msdtc.exe O23 - Service: OneCare Firewall - C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe O23 - Service: DDE de rede - C:\WINDOWS\system32\netdde.exe O23 - Service: DSDM de DDE de rede - C:\WINDOWS\system32\netdde.exe O23 - Service: Logon de rede - C:\WINDOWS\system32\lsass.exe O23 - Service: Conexões de rede - C:\WINDOWS\System32\svchost.exe O23 - Service: Net.Tcp Port Sharing Service - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe O23 - Service: Reconhecimento de local da rede (NLA) - C:\WINDOWS\system32\svchost.exe O23 - Service: nProtect GameGuard Service - C:\WINDOWS\system32\GameMon.des O23 - Service: Fornecedor de suporte de segurança NT LM - C:\WINDOWS\system32\lsass.exe O23 - Service: Armazenamento removível - C:\WINDOWS\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Windows Live OneCare Health Monitor - C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe O23 - Service: OneCare AntiSpyware and AntiVirus - C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe O23 - Service: Serviços IPSEC - C:\WINDOWS\system32\lsass.exe O23 - Service: Armazenamento protegido - C:\WINDOWS\system32\lsass.exe O23 - Service: Gerenciador de conexão de acesso remoto automático - C:\WINDOWS\system32\svchost.exe O23 - Service: Gerenciador de conexão de acesso remoto - C:\WINDOWS\system32\svchost.exe O23 - Service: Gerenciador de sessão de ajuda de área de trabalho remota - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Roteamento e acesso remoto - C:\WINDOWS\system32\svchost.exe O23 - Service: Registro remoto - C:\WINDOWS\system32\svchost.exe O23 - Service: Alocador Remote Procedure Call (RPC) - C:\WINDOWS\system32\locator.exe O23 - Service: Chamada de procedimento remoto (RPC) - C:\WINDOWS\system32\svchost O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe O23 - Service: Gerenciador de contas de segurança - C:\WINDOWS\system32\lsass.exe O23 - Service: Cartão inteligente - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Agendador de tarefas - C:\WINDOWS\System32\svchost.exe O23 - Service: Logon secundário - C:\WINDOWS\System32\svchost.exe O23 - Service: Notificação de eventos de sistema - C:\WINDOWS\system32\svchost.exe O23 - Service: Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS) - C:\WINDOWS\system32\svchost.exe O23 - Service: Detecção do hardware do shell - C:\WINDOWS\System32\svchost.exe O23 - Service: Spooler de impressão - C:\WINDOWS\system32\spoolsv.exe O23 - Service: Serviço de restauração do sistema - C:\WINDOWS\system32\svchost.exe O23 - Service: Serviço de descoberta SSDP - C:\WINDOWS\system32\svchost.exe O23 - Service: Assistente de aquisição de imagens do Windows (WIA) - C:\WINDOWS\system32\svchost.exe O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe O23 - Service: Logs e alertas de desempenho - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telefonia - C:\WINDOWS\System32\svchost.exe O23 - Service: Serviços de terminal - C:\WINDOWS\System32\svchost O23 - Service: Temas - C:\WINDOWS\System32\svchost.exe O23 - Service: Telnet - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: Cliente de rastreamento de link distribuído - C:\WINDOWS\system32\svchost.exe O23 - Service: Host de dispositivo Plug and Play universal - C:\WINDOWS\system32\svchost.exe O23 - Service: Sistema de alimentação ininterrupta - C:\WINDOWS\System32\ups.exe O23 - Service: Cópia de volume em memória - C:\WINDOWS\System32\vssvc.exe O23 - Service: Horário do Windows - C:\WINDOWS\System32\svchost.exe O23 - Service: Cliente da Web - C:\WINDOWS\system32\svchost.exe O23 - Service: Testador de instrumentação de gerenciam. do Windows - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Live OneCare - C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe O23 - Service: Extensões de driver de instrum. gerenc. do Windows - C:\WINDOWS\System32\svchost.exe O23 - Service: Adaptador de desempenho WMI - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe O23 - Service: Atualizações Automáticas - C:\WINDOWS\system32\svchost.exe O23 - Service: Windows Driver Foundation - User-mode Driver Framework - C:\WINDOWS\system32\svchost.exe O23 - Service: Configuração zero sem fio - C:\WINDOWS\System32\svchost.exe O23 - Service: Serviço de Configuração de Rede - C:\WINDOWS\System32\svchost.exe